2023 Trends relevant to Distributed Denial of Service: from DDoS attacks as a weapon in cyber warfare, to DDoS turbo attacks, more multi-vector attacks and tightened security standards.
We have analysed industry-specific events in the global Link11 security network. DDoS attacks are continuously changing, as is the entire cyber landscape. In the past year, it has become particularly clear how great the influence of geopolitical conflicts is on the threat scenario in the digital realm.
One of these exacerbating factors was the Russian invasion of The Ukraine in February 2022. With the resulting war, there were increased DDoS attacks on media, state institutions and critical infrastructure in countries supporting The Ukraine. According to the appreciations of Lisa Fröhlich, PR manager of Link11, we share the fundamental concepts of DDOS attack prevention.
DDoS attacks as a weapon in cyber warfare
As a result of continuing DDoS attacks to conduct cyber warfare, cyber attacks on global critical infrastructure will continue to increase in the coming year. Already in 2022, attacks on sectors such as banking and finance, energy, and healthcare have increased. Cyber attacks on critical infrastructures (CRITIS) are expected to increase unremittingly as they become more digitised while geopolitical conflicts become more prevalent.
In addition to politically motivated cyber threats, there are some obvious recurring patterns that have already been observed in recent years and will undoubtedly continue in 2023.
DDoS attacks become more intense and peak faster
In the DDoS attacks registered in the Link11 network, it could be observed in 2022 that the lead time until the peak of an attack has become significantly compressed. Instead of growing continuously and exponentially, the traffic reaches its maximum value within a very short time. By reaching its critical payload very quickly, this attack variant can cripple network systems before conventional protection and defence measures can take effect. A large number of the DDoS attacks automatically repelled by the Link11 Security Operations Center (LSOC) were such “turbo attacks”. We therefore assume that this trend will continue to intensify in the coming year and that we will see an increase in these fast-onset DDoS attacks.
At the same time, DDoS attacks will continue to have a larger volume (bits per second as well as packets per second) and a longer duration. This is particularly due to the proliferation of IoT devices and cybercriminals accessing more unsecured computing power and capacity in hosting and public clouds.
Intensified multi-vector attacks in which attack vectors change within a very short period of time
Multivector attacks will increase. More and more attackers are trying to overwhelm their victims’ defence strategies with a variety of simultaneous assault methods. In itself, the use of different attack vectors in so-called multi-vector attacks is not new. However, more and more DDoS attacks are adopting this strategy within a short period of time.
In the Link11 network, significantly more so-called “carpet bombing attacks” were registered. This is a dense bombardment of a targeted area with small pinpricks, in which the respective data packets are so inconspicuously small that they infiltrate the radar of many protection systems. In one example of these attacks, multiple vectors were used within one assault with ports and protocols repeatedly changing during a single offensive. As a result, conventional protection solutions quickly reach their limits. For 2023, we expect invaders to increasingly adopt highly variable attacks, making the assaults more difficult to repel.
Increased TCP-based flood attacks and application level attacks
As the recent news about a JSON-based SQL injection attack shows, more TCP-based flood attacks as well as increased application-level attacks are to be expected. These types of offensives are much more difficult to mitigate than typical amplification attacks, which have declined this year. As a result, defence tactics will require advanced mitigation techniques such as machine learning, instead of the simple port and protocol blocks, that have hitherto been commonly used for amplification attacks.
The race against hackers intensifies
Although volumetric DDoS attacks are one of the most widespread DDoS attack variants, they have become less effective, especially in the infrastructure sector. This has to do with the fact that the attacks, which flood a network with a lot of bandwidth, can be well detected and repelled by conventional DDoS protection measures.
At the same time the network infrastructure, for example, is a particularly vulnerable and sensitive area for critical infrastructure operators. The threat level from politically motivated DDoS attacks will remain very high, especially in view of the ongoing Ukraine war and the associated asymmetric cyber warfare.
In addition, in the first half of the year the world’s largest darknet hub “Hydra-Market” was shut down. Furthermore, in mid-December the US Department of Justice and Europol jointly struck a blow against so-called “booter services” offering DDoS-as-a-service, and nearly 50 internet domains were seized. An interesting twist to this is that some well-known cloud service providers, who themselves also offer simple DDoS protection, actually hosted these domains and workloads. Thus, some core points of criminal energies have been put out of action. Nevertheless, it can be assumed that criminal attackers will establish new hubs in 2023 and reorganise themselves so that the clout of their “hydra” can grow again.
With the help of artificial intelligence, their methods and attack variants are constantly evolving to cause the greatest possible damage. This means that the race between attackers and defenders will intensify and, above all, intelligent and robust DDoS protection solutions will be needed. Automated, AI-powered and cloud-based DDoS protection like Link11’s can ensure that defenders stay ahead in this race.
Higher security standards lead to more reportable cyber incidents
All over the world, legislators are tightening cyber security standards and issuing corresponding regulations. At the core of the new laws is the implementation of higher security standards and the full disclosure of security incidents under threat of severe penalties.
At the end of November, the EU Council adopted the draft NIS2 directive, meaning that the new regulations will come into force before the end of 2022 and must be transposed into national law by EU member states within 21 months.
For example, the draft NIS2, which will be enforced for companies operating in the EU, details reporting requirements that carry multi-million Euro penalties. Legislation modelled on the European General Data Protection Regulation (GDPR) is also being proposed in Canada, with similar penalties.