Rise in Q2 DDoS Attacks Underline the Growing Cyber Threat Landscape
Cloudflare Report Gives Insights
Overt Operator
July 20, 2023
The second quarter of 2023 witnessed an uptick in well-orchestrated distributed denial-of-service (DDoS) attacks against companies, primarily driven by hacking groups based in Russia, according to recent research.
Content delivery network provider, Cloudflare, released a report on Tuesday indicating that DDoS requests from April to June hit a staggering 5.4 trillion, marking a 15% increase from the first quarter of the year. However, this year's figures represent a decrease compared to the second quarter of 2022, during which Cloudflare recorded 8.3 trillion requests.
The industries targeted most by DDoS attacks were cryptocurrency, gaming, and gambling. Cryptocurrency companies alone reported a 600% surge in DDoS attacks, Cloudflare noted. These attacks are characterized by an overload of junk traffic flooding a site and rendering its services unreachable.
Although the most sophisticated DDoS attacks can be fleeting, lasting just a few minutes or even seconds, recovery from such attacks can be a protracted process, said Cloudflare.
Several factors have contributed to the global increase in DDoS attacks. Notably, pro-Russia hacktivist groups such as Killnet, REvil, and Anonymous Sudan have been targeting Western nations in the context of the ongoing Ukraine conflict. Additionally, the emergence of powerful virtual machine (VM) botnets and exploitation of a zero-day vulnerability in the Mitel business phone system have contributed to the intensification of DDoS attacks.
In June, these hacktivist groups declared their intent to unleash coordinated DDoS attacks on U.S. and European financial organizations. Subsequently, over the past few weeks, they've orchestrated a minimum of 10,000 DDoS attacks against websites secured by Cloudflare.
The rise in virtual machine botnets, which can be up to 5,000 times stronger than those made of infected smart devices, has also been a significant factor. VMs are software-based imitations of physical computers, which enable the running of multiple operating systems or software applications on a single machine. This capability allows hackers to conduct large-scale DDoS attacks using a limited number of computers.
Cloudflare's report highlights an instance from February when a VM-based botnet executed a record 71 million request-per-second DDoS attack. Several organizations, including an unidentified gaming platform provider, have already fallen victim to these next-gen botnets.
In addition, the discovery of a vulnerability in the Mitel MiCollab business phone system in March has created opportunities for DDoS attacks. The vulnerability, dubbed CVE-2022-26143, allows an attacker to flood the system with simulated calls to test its resilience by sending a "startblast" command without authentication.
Although the U.S., China, and Germany were identified as the primary sources of DDoS attacks, Cloudflare pointed out that the data could be skewed due to market size. When accounting for all traffic within a country, Mozambique, Egypt, and Finland lead in DDoS attacks relative to their traffic footprint.