Distributed denial-of-service (DDoS) attacks have become a lot more commonplace since the start of the war in Ukraine and by all accounts, things may get worse before they get better.
Pro-Russian hackers known as Killnet knocked several U.S. airports offline using DDoS attacks to block access to 14 airport websites including Los Angeles International Airport (LAX), Hartsfield-Jackson Atlanta International Airport, and Chicago O’Hare International Airport.
That attack is part of an ongoing series of attacks that hactivists supporting both Russia and Ukraine have been launching since the beginning of the conflict. Ukraine went even so far as to democratize DDoS attacks by recruiting volunteers and making IT infrastructure available to launch them.
Not surprisingly, other entities are employing similar tactics to advance various causes. There have been major DDoS attacks in Taiwan and India and rival political campaigns in Columbia have employed these attacks to knock Web sites offline. New research reveals that there were 6,019,888 global DDoS attacks in 1st half of 2022.
Based on statistics collected from internet service providers (ISPs) from around the world, the report also notes that TCP-based flood attacks that first appeared in early 2021 are now the most common attack vector, with approximately 46% of all attacks continuing a trend that started in early 2021.
DNS water-torture attacks accelerated into 2022 with a 46% increase primarily using UDP query floods, while carpet-bombing attacks experienced a big comeback toward the end of the second quarter, the report also finds. Conversely, DNS amplification attacks decreased by 31% year over year in the first half of the year.
However, the report also noted malware botnet proliferation grew at an alarming rate, with 488.381 nodes in the first half being identified compared to 21,226 nodes a year ago. Most of the nodes are being used to launch attacks at the application layer, the report concludes.
Finally, a TP240 PhoneHome reflection/amplifications DDoS vector discovered in early 2022 is now exhibiting a record-breaking amplification ratio of 4,293,967,296:1, according to the report.
More troubling still, DDoS attacks are now also being incorporated into ransomware attacks. Organizations that refuse to give in to ransomware demands are now being bombarded with DDoS attacks as part of an effort to coerce them into capitulation.
Regardless of the purpose of a DDoS attack, it’s apparent the Internet itself has become an attack vector. ISPs around the world are going to have to band together to thwart these attacks before organizations conclude that conducting business over the Web is just too problematic. It may be a long time yet before DDoS attacks and other malicious activities result in business leaders concluding that the Web in its current form is more trouble than its worth but it’s clear the Internet is under assault. Everything from e-commerce Web sites to digital business transformation initiatives to varying degrees is already being impacted.
The simple truth of the matter is that it’s relatively trivial now for hactivists to band together to launch a DDoS campaign. Until that changes DDoS attacks in support of any number of causes will become more commonplace. The trouble is these days it seems like a new crusade that now has the potential to launch a DDoS attack to express outrage is emerging every week.
Mike Vizard has covered IT for more than 25 years and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb, and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.