Politically motivated DDoS attacks surge

Kirsten Doyle
By Kirsten Doyle, ITWeb contributor.
Johannesburg, 22 Nov 2022

Distributed denial of service (DDoS) attacks, which are designed to prevent a website from functioning normally or take it down entirely, rose by almost 50% during the third quarter of this year.

According to a quarterly DDoS report issued by Kaspersky, this rise was noted particularly in attacks carried out by professionals, with the number of smart attacks doubling compared to the same time frame last year.

The proportion of sophisticated DDoS attempts is significant, the security giant says. While the number of attacks carried out by hacktivists was notable in the first two quarters of this year, their activity practically disappeared in the third quarter.

Hacktivists change tactics

This rise in the number of all types of DDoS attacks in relation to the previous reporting period is nothing unusual – a surge in DDoS activity can be expected after a relatively calm European summer.

Kaspersky says what makes the third quarter stand out, is the ongoing drop in non-professional attacks.

“Although hacktivists were quite passionate and prolific in their DDoS attempts during the first half of 2022, in Q3 they switched to other malicious activity. By Q3, the number of hacktivist DDoS attacks was tending towards zero.”

However, the number of high-quality professional attacks, after a significant increase in Q1, remained at a high level, and their targets remained the same  mostly the financial and government sectors.

Political motivations

The report also revealed that during this time period most DDoS attacks were politically motivated, focusing on Russia’s war against Ukraine.

The pro-Russian group Killnet claimed responsibility for several cyber attacks, with hacktivists revealing that over 200 websites in Estonia suffered DDoS attacks, including the ESTO AS payment system.

In Lithuania, websites and e-services from the energy company Ignitis Group were hit too. Both organisations described these attacks as the largest they’ve faced in the last 10 to15 years.

Killnet also fessed up to to an attack against the website and services of the US Electronic Federal Tax Payment System, stating on Telegram that they were “testing a new DDoS method.” Killnet also disrupted the US Congress website for a couple of hours.

A less infamous pro-Russian group Noname057(16) claimed credit for attacks on the Finland parliament webite, as well as the publication archive of its government, which they managed to take offline temporarily.

The group’s Telegram channel claimed the reason for the attacks was due to Finnish officials eagerness to join NATO.

Quid pro quo

Anti-Russian countries weren’t the only sufferers. Russian resources endured DDoS attacks by pro-Ukrainian hacktivists too.

Victims included the Unistream, Korona Pay, and Mir payment systems, as well as the Russian National Payment Card System, which ensures the operation of Mir and the Faster Payments System.

In addition, activists brought down the website, call centre, and SMS provider of Gazprombank, a privately-owned Russian bank, and the third-largest bank in the country by assets.

Also, Otkritie Bank experienced disruptions to its internet banking service and mobile app, and SberBank claimed they repelled a whopping 450 DDoS attacks in the first two months of the quarter  the same number of attacks as all those experienced in the last five years put together.

In terms of DDoS attack duration, while Q2 boasted the longest attack ever observed, Q3 was calmer, and no new records were set. according to the Kaspersky report.

On average, attacks lasted approximately eight hours, with the longest being just under four days.

Compared to the previous quarter, this figure seems rather modest, but the numbers are still immense.

Better safe than sorry

To protect against DDoS attacks, Kaspersky’s experts recommend maintaining Web resource operations by assigning specialists who understand how to respond to DDoS attacks.

Also, validating third-party agreements and contact information, including those made with ISPs to help teams quickly access agreements in case of an attack.

In terms of solutions, the use of network and application monitoring tools to identify traffic trends and tendencies is recommended.

“By understanding your company's typical traffic patterns and characteristics, you can establish a baseline to more easily identify unusual activity that is symptomatic of a DDoS attack,” the company says.

Finally, Kaspersky advises to have a restrictive “plan b” defensive posture ready to go. “Be in a position to rapidly restore business-critical services in the face of a DDoS attack.”