DDoS: from hacktivism to professional skilled attacks

DDoS attacks by hacktivists were very notable in the first two quarters of the year, but in the third quarter they have all but disappeared, giving way to skilled professional attacks.

Distributed denial-of-service (DDoS) attacks grew by 47.9% in the third quarter of 2022, compared to the same period last year, according to data collected by Kaspersky.

Thus, the evolution of this type of threat continues the upward trend that had already been noted in previous quarters, but with a significant difference. The cybersecurity company points out that the most striking feature of the results for the last quarter is the decline in unprofessional attacks.

While hacktivists were quite active in their DDoS attempts during the first half of 2022, in the third quarter they seem to have focused on other activity, as the number of hacktivist DDoS attacks trended towards zero.

In contrast, the number of high-quality professional attacks, after a significant increase in the first quarter, remained at a high level in the third quarter of the year. Kaspersky thus emphasises the upturn in intelligent or sophisticated attacks by professionals, which doubled (+103.7%) compared to those recorded in Q3 2021.

The targets of DDoS attacks remain the same as in previous months, mainly targeting the financial sector and government agencies.

In terms of the duration of attacks, Kaspersky reports some stability. After a second quarter marked by the longest attack ever observed (41,441 minutes, almost 29 days), the third quarter was quieter. Attacks lasted around eight hours on average. And the longest detected in this period was just under four days.

The company points out that while this figure is insignificant compared to the previous quarter, it is still considerable, as the duration of DDoS attacks just a year ago was measured in minutes, not hours.

Kaspersky’s experts therefore stress the need to take a number of steps to better protect against DDoS attacks. The first is to maintain web resource operations by assigning specialists who know how to respond to DDoS attacks.

They also advise validating third-party agreements and contact information, including those with Internet service providers, as this helps teams to quickly access agreements in the event of an attack.

In addition, they recommend using network and application monitoring tools to identify traffic trends, which will make it easier to recognise unusual activity, which may indicate a possible DDoS attack.

They also stress the importance of having a restrictive defence ‘plan B’ in place to quickly restore business-critical services in the event of a DDoS attack. Finally, they advise incorporating professional solutions to safeguard the organisation against this type of attack.