Europe: The DDoS battlefield
DDoS attacks appear to reflect major geo-political challenges and social tensions and have become an increasingly significant part in the hybrid warfare arsenal, according to Arelion.
As the Ukrainian authorities sought a safe harbour for digital state registries and databases, Arelion saw the distribution of attacks move away from active conflict areas into global cloud centres – both as a result of damage to local network infrastructure, but also as local databases and applications were strategically migrated into the cloud.
Conversely, in the rest of the world, researchers observed lower Asia-US DDoS activity and fewer DDoS attacks to and from South America in 2022.
In 2022, peak attack traffic in Mega Packets Per Second (Mpps) was up 19% from 2021. This trend reflects overall internet traffic growth but is also due to a continuing shift towards fewer, but more spectacular attacks.
While there has been an increase in the number of significant attacks (both in terms of bits and packets), the report reveals the vast majority of attacks are still small and driven mainly by free tier stress test or DDoS-as-a-Service attacks instigated by amateur cybercriminals.
Researchers saw the most significant increase in the 5-20 & 20-50 Gbps attack ranges – mainly through DNS and NTP attacks, but also memcache due to the method’s high amplification factor.
Thanks to the industry-wide anti-spoofing initiative, the DDoS Traceback Working Group, the number of DDoS attacks on Arelion’s global backbone decreased by over 30% in 2022 – with 50% fewer attacks directed toward customers.
“These findings reinforce the need for a basic level of customer protection to mitigate the abundant smaller attacks, together with a solid insurance policy for the larger ones. Thankfully we are seeing a power-shift in the DDoS arms race: there is now a more decisive response by network and IT infrastructure owners to cyber threats, and they are gradually starting to fight back with better cooperation and by closing the inherent weak spots in the network that cybercriminals have exploited for so long,” said Mattias Fridström, Chief Evangelist at Arelion.