DDoS Attacks in 2022: Trends and Obstacles Amid Worldwide Political Crisis

Ramil Khantimirov, CEO and co-founder, StormWall
Ramil Khantimirov, CEO and co-founder, StormWall

As 2022 draws to a close, Ramil Khantimirov, CEO and co-founder StormWall, shared his views on the global trends affecting DDoS attacks, the motivations of hackers today and the main threats relating to DDoS attacks.

This year’s global political landscape is complicated. Does the present situation affect the activity of hackers? Is DDoS attacks frequency increasing? 

RK: We are seeing a sharp increase in hacker activity worldwide. In Q3 2022, the number of attacks increased by 90% worldwide, compared to the same period last year. They are a lot more powerful, too. Botnets are more common now in a lot of countries, and such attacks are very difficult to counter on your own.

And politics have a profound effect on DDoS activity, as well. Groups of politically motivated hacktivists emerged in the end of February, who are organizing DDoS attacks on Russian companies, aiming to sabotage the country's economy. The so-called “IT army of Ukraine” in particular has targeted hundreds of Russian private and state-owned companies and is responsible for the most politically motivated incidents. They have developed DDoS tools, which threat actors around the world are now adopting and using to launch some of the most powerful attacks we’ve seen to date. Businesses in many countries are in the crosshairs. All this has led to a significant increase in attacks worldwide.

What are the goals of hackers in this turbulent time?

RK: Hackers are continuing to pursue their usual goals: competition, blackmail, extortion, and more uncommonly, personal malevolence. But politically motivated actions have come forward. This is one way people are expressing their opposition towards one regime or another.

Then, undoubtedly, goals change from industry to industry. For example, there was a huge number of attacks on telecom in 2022, most driven by extortion or blackmail. The same goes for the entertainment industry — this sector is not that interesting to hacktivists. In contrast, fintech bore the brunt of both extortion attempts by regular criminals, and politically motivated hackers. In e-commerce many attacks were a shady competition tool.

What are the current main threats? 

RK: There are a couple of DDoS threats that are emerging. First of all, botnets have become commonplace. Crooks can use them to launch 1 Tbit/s attacks. Recently, we’ve observed their activity in Telecom and fintech industries. Then, there are the hacktivists. Politically motivated actors are targeting fintech, manufacturing and online retail industries in several countries. They’ve developed an arsenal of new, powerful DDoS tools which hackers around the world are now beginning to adapt.

What are this year’s main trends that you would indicate?

RK: I’d point out the significant increase in DDoS attacks, as well as the increase in attack power. At the beginning of 2022, we started seeing many 1.2 Tbps attacks launched by powerful botnets. Previously, attacks of this scale were a rarity. Now over 1 Tbit/s floods are commonplace.

By the end of Q3, the growth rate of DDoS attacks slowed down noticeably, but the situation is still concerning overall. New DDoS tools developed by hacktivists allow for the most powerful and long-lasting attacks we’ve ever had to deal with. In the first half of 2022 they were primarily used by politically motivated groups. But from the 3rd quarter, these tools began to get adopted for other purposes, like carrying out massive attacks for extortion and blackmail. And this is happening all around the world.

You research attacks on various industries. Which industries are taking the brunt of it and why?

RK: We did a study recently which considered worldwide attacks by industry in the 3rd quarter of 2022. Most attacks in the 3rd quarter of this year were in the telecommunications sector (43.2%), the entertainment industry (21.3%), the financial sector (16.3%) and online retail (14.8%). Hackers also targeted the educational and logistics industries. In telecom, the main aim was extortion and blackmail. During the pandemic, many companies around the world shifted to remote work. This increased the load on telecom companies and the importance of their uninterrupted service.

Hackers used this opportunity for blackmail and began to extort money from businesses in this sphere, to stop overloading their servers with junk traffic. Many attacks on the entertainment sector also focused on extortion, and the same is true for fintech. An exception to this is Russian banks and payment systems, which have been attacked by politically motivated hacktivists. In online retail, the high number of attacks is explained by shady competition between market players.

How do you go about protecting your online infrastructure? What is the best way to approach this?

RK: Firstly, you need a professional anti-DDoS solution. It’s the only bulletproof and financially viable way to cope with attack strength and volume we’ve been seeing last quarter. Secondly, you need to take care of the security of your resources (cyber sustainability) and prepare your online infrastructure to integrate with DDoS protection. Different types of resources have different levels of resistance to DDoS attacks. The degree of resistance varies based on the technical characteristics and also on how responsible parties interact with DDoS protection providers.

We define security as the ability of online resources to be protected from DDoS attacks with minimal cost, time, and effort. To ensure security, it is paramount to solve 2 key issues: give out as little information about the resource as possible to the attacker and provide sufficient information to the DDoS protection provider. Ideally, online infrastructure should be created with security in mind during the design stage. This way it is possible to create systems that are highly resistant to DDoS and ensure an advantageous efficiency-to-cost ratio in repelling attacks.

Which StormWall solutions would you recommend to somebody looking to increase DDoS resistance of their business?

RK: We have a number of key products for different resources. StormWall provides DDoS protection for websites, DDoS protection for TCP/UDP services and DDoS protection for networks. All our solutions are effective against DDoS attacks, which has been confirmed by our clients around the world. Our products will protect companies in the financial sector, online retail, telecommunications, logistics, education, manufacturing, and healthcare, among others.

What is your forecast for the near future? Is there going to be a further increase in the number of attacks, or should we expect the trend to reverse and why? Will the power of attacks keep increasing?

RK: I think that we’ve already passed the peak surge in attack numbers. It is possible that the growth will slow down in the near future or stop altogether, but attack frequency is unlikely to decrease. The fact is that the number of attacks has gone up so much that, in our opinion, there is nowhere for it to go further. Yet, we should not expect a decrease. Hundreds of thousands of people have learned how to launch powerful and effective attacks for free. There’s nothing to suggest that they will stop applying this knowledge in the future. DDoS tools aren’t only for advanced users anymore. Anyone, and I mean anyone, can pick them up in half an hour and figure out how to DDoS. The Internet is a dangerous place now, for websites without protection, because it is super easy to render any unprotected resource unavailable. And it can even be done for free. 

Can you highlight this year’s achievements that make you proud?

RK: We are very proud that we weathered this year’s tsunami of DDoS attacks. At the same time, we did not stop developing and implementing improvements. We were able to introduce a lot of new functionality that helps our clients fine-tune their protection. Another crucial achievement is that we, together with our partner IDCloudHost, have launched a point of presence in Singapore. We are now ready to provide quality services to our customers in the Asia-Pacific region.

What’s next for StormWall in the near future?

RK: We have a lot of plans. We keep developing and improving our network and technology. 

We’re always working on improving the Client’s Portal and adding new features. We’re planning a major release for this year, which will bring many new functions.

Another large project is in the works right now which will be released very soon — the White Label portal. Companies will be able to offer DDoS protection under their own brand: upload logos, work with their users, and leverage StormWall’s capabilities on top of what they already offer.

We’re also releasing a new version of our DDoS sensor. It detects attacks and switches the network to StormWall’s protection. The new version will come with enhanced monitoring: you will be able to see on clear graphs, if an attack is happening, how strong it is and what type it is.

In addition, we want to increase the capacity of our network. Today, the combined capacity of StormWall’s channels is 2.5 Tbp/s at any of our points of presence. Increasing it further will allow us to resist DDoS attacks even during peak load. We are also going to keep improving our filtration mechanisms that leverage AI. All this will help us to provide better services to our customers.

Visit: http://stormwall.network 

Brought to you by

What’s hot on Infosecurity Magazine?