Wartime Sparks Unpredictable Shifts in DDoS Targeting
In Q3 2022, the number of attacks targeting European customers on the Prolexic platform — Akamai’s network distributed denial-of-service (DDoS) solution — continued to surpass the number of American attacks (Figure 1), a stark reflection of the widespread upheaval unleashed by Russia’s ongoing invasion of Ukraine.
Fig. 1: DDoS attacks on Prolexic customers by region
The repercussions of wartime have had an even greater impact on cyber risk within Eastern Europe, where the number of attacks have increased by 1,126% over pre-war baselines.
Put differently, attacks on Prolexic customers based in Eastern Europe, which previously represented only 1%–2% of total attacks on our platform, have exploded and now account for nearly 25% of all observed attacks, signaling an unprecedented shift in DDoS targeting (Figure 2).
Fig. 2: Attacks on Eastern Europe as a percent of total attacks
Geopolitical tensions increase the risk of DDoS attacks
As we’ve previously reported, the surge in European attacks can most likely be attributed to highly-motivated hacktivists working to create as much disruption as possible in countries that have actively supported Ukrainian independence.
This type of cybercrime poses a considerable risk to organizations, especially ones without fine-tuned defenses, as demonstrated by two very aggressive, high-profile attack campaigns against a single European customer in July 2022 and then in September.
Thankfully, the victim was shielded by Prolexic, which used its industry-leading combination of people (more than 225 security responders), platform (now 20 Tbps of dedicated DDoS defense capacity thanks to new scrubbing centers), and battle-tested mitigation procedures to thwart the assault with zero collateral damage.
Early signs of new targeting
Soaring political tensions caused unmistakable changes in the threat landscape throughout 2022, transforming the risks and dangers of DDoS across all industries. And although adversaries have set their sights on Europe over the past several months, organizations elsewhere should not misinterpret or disregard the imminent threat posed by DDoS.
In the last few weeks, security practitioners have observed groups, including Russian sympathetic activists, begin to redirect their cyber capabilities back toward notable Western targets, including U.S. infrastructure and state organizations.
Although initial attacks didn’t achieve widespread disruption, it’s reasonable to assume that they’re a precursor for further intrusions to come. In fact, the U.S. Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, and the Multi-State Information Sharing and Analysis Center just issued a joint statement outlining steps for mitigating DDoS risk — timely guidance that underscores the growing severity of this threat.
DDoS weaponry is advancing
Alongside shifts in DDoS targeting, we’ve also detected signs of breakthrough weaponry, most notably new records in the number of horizontal attacks and the number of high packets-per-second (PPS) attacks (Figures 3 and 4).
In combination, these advancements in attack sophistication and adversarial motivation are raising the stakes and creating additional challenges for global security teams.
Fig. 3: Percent of DDoS attacks with multiple targets (i.e., horizontal attacks)
Multi-destination attacks can escalate rapidly and drown underprepared security teams in alerts, making it difficult to assess the severity and scope of an attack, let alone fight it. To defend against these threats, the Prolexic platform is equipped with purpose-built tooling for rapid threat mitigation, even in the fog of war.
Fig. 4: Number of high PPS DDoS attacks
Five years ago, attacks that exceeded 20 million PPS were relatively rare, but they’ve become more commonplace today thanks to advancements in attacker toolkits. The Akamai Prolexic platform is purposefully designed to distribute load across its infrastructure to ensure we are prepared to mitigate these very large attacks without an issue.
Best practices to defend a growing attack surface
Most organizations that go down from DDoS attacks don't have adequate DDoS resiliency in place. As threats evolve and the barrier to entry for launching attacks continues to fall, having a battle-tested DDoS mitigation partner and platform in place is crucial for preventing business downtime and disruption.
To mitigate risk and alleviate the pressure on security practitioners tasked with defending a growing attack surface, organizations should do the following:
Review critical subnets and IP spaces, and ensure that they have mitigation controls in place.
Deploy DDoS security controls in an “always-on” mitigation posture as a first layer of defense to avoid an emergency integration scenario and to reduce the burden on incident responders. If you don’t have a trusted and proven cloud-based provider, get one now.
Proactively pull together a crisis response team and ensure runbooks and incident response plans are up-to-date:
Do you have a runbook to deal with catastrophic events?
Are the contacts within the playbooks updated? An up-to-date runbook could be the difference between maintaining business continuity or suffering a potentially disastrous service disruption.
Mitigating risk with Prolexic’s new DDoS platform
In response to evolving DDoS threats across the globe, Akamai Prolexic just unveiled its new, sixth-generation DDoS platform, which includes added defense capacity and additional scrubbing centers across strategic local markets.
Learn more
Read our blog for more information on the advancements we’ve made to bolster our cyber defenses and keep our customers secure.
If you are under attack or need urgent assistance, get 24/7 emergency DDoS protection.
