Cyberterrorists Target Record Number of Victims with DDoS Attacks in Q2
2022 started off as a year of change: shifts in government across multiple countries, the first major land war on European soil since World War II, the Great Resignation, a potential stock market recession, and 40-year inflationary highs. With change comes opportunity, sometimes for the wrong people.
We recently highlighted newsworthy upticks in distributed denial-of-service (DDoS) complexity over the past decade and a record-setting attack in Eastern Europe, but the global events above have had an equally remarkable impact on the threat landscape. While the technology and type of attacks don’t change as rapidly, the targeting of attacks can shift abruptly with the geopolitical winds, as we are about to see.
A dangerous increase in attack targets
In Q2, cyberterrorists targeted a record number of customer locations (groupings of assets based on cloud presence or physical data center) with DDoS attacks, the most in Akamai Prolexic’s history (Figure 1).
Fig. 1: Record number of customer locations targeted with DDoS attacks in Q2 2022
We also observed a five-year high in unique IPs attacked in a quarter, and near-record highs in the number of customers attacked (Figure 2).
Fig. 2: Five-year high in unique IPs targeted with DDoS attacks
The importance of a fully managed service
There are generally two categories of customers on the Prolexic platform as judged by frequency of attack: ultra high-risk customers and irregularly targeted customers (with few in between):
Ultra high-risk customers are under constant assault and threat of attack. For most, it's a rare day that they don’t see any attack action. For context, Prolexic’s top attacked customer last year averaged 3.1 attacks per day.
Conversely, irregularly targeted customers typically experience a large-scale DDoS attack on a quarterly or semi-annual basis. In fact, for the irregularly targeted customer locations attacked in Q2 2022, the average number of days since their last major DDoS attack was 106. Only 10% of the irregularly targeted customer locations attacked in Q2 2022 had not seen any DDoS activity in the prior year.
Attack irregularity is one of the many reasons that organizations should consider a fully managed solution. DDoS attacks are a low-frequency, high-impact event that pose extreme consequences — including irrecoverable reputational damage — for underprepared businesses.
Relying on in-house teams to mitigate and stay abreast of the latest threats is virtually impossible when those teams aren’t routinely fighting attacks and perfecting their incident-response process.
Prolexic solves for this with a fully managed service of more than 225 highly trained, frontline security experts across six global locations available around the clock for pre-, during-, and post-mitigation attack review and analysis to optimize DDoS mitigation and defend customer infrastructure.
Emerging attack trends
As attack targets continue to broaden across our customer base, we set out to see if the trend was measurable. For this exercise, we defined the top 10% of most attacked customer locations as ultra high-risk and the rest as irregularly targeted.
What we discovered was intriguing: In 2017, irregularly targeted customer locations composed just 10% of all attacks, but that number has more than doubled — to 26.1% — in 2022 (Figure 3). This indicates that adversaries are casting a wider net, probing for weak points and vulnerable victims without adequate protection — targeting not only the most obvious externally facing assets, but also often infrastructure that is relied on, but may only be revealed by deeper reconnaissance.
Fig. 3: Percent of attacks on irregularly targeted locations
Recommendations
In the midst of rising DDoS attacks, is your organization prepared to protect itself and fight back or be left scrambling to assemble defenses at the last minute? It’s clear that having a proven DDoS mitigation strategy is imperative for online businesses to thrive. To stay ahead of the latest threats, employ the following recommendations:
Immediately review and implement Cybersecurity and Infrastructure Security Agency (CISA) recommendations.
Review critical subnets and IP spaces, and ensure that they have mitigation controls in place.
Deploy DDoS security controls in an always-on mitigation posture as a first layer of defense to avoid an emergency integration scenario and to reduce the burden on incident responders. If you don’t have a trusted and proven cloud-based provider, get one now.
Proactively pull together a crisis response team and ensure that runbooks and incident response plans are up-to-date. For example, do you have a runbook to deal with catastrophic events? Are the contacts within the playbooks updated? A playbook that references outdated tech assets or people who have long left the company isn’t going to help.
Under attack?
If you are currently under DDoS attack or threat of extortion, please reach out for 24/7 emergency threat mitigation and protection.
Further DDoS-related resources
You can learn more about Akamai’s DDoS solutions on our website. For more technical details and additional DDoS-related resources, please see the following blog posts and materials:
