DDoS attacks were at all-time high in Q1 2022 due to war in Ukraine

Kaspersky found that January and February were a hotbed of cyberattacks for a number of different targeted countries.

Image: iStockphoto/stevanovicigor

Kaspersky recently released findings that the number of DDoS attacks are the most frequent they have ever been and dwarf the rate of DDoS attacks from just a year prior. According to the cybersecurity company, the total number of attacks from Q1 of 2022 were four-and-a-half times higher than that of Q1 of 2021. This has been chalked up to the ongoing war in Ukraine and the subsequent attacks on businesses in the government and financial sectors, specifically.

“In Q1 2022 we witnessed an all-time high number of DDoS attacks,” said Alexander Gutnikov, a security expert at Kaspersky. The upward trend was largely affected by the geopolitical situation. What is quite unusual is the long duration of the DDoS attacks, which are usually executed for immediate profit.”

DDoS attacks peaked in January and February

Kaspersky found that as the war in Ukraine continues, cybercrime groups have seized the opportunity to sow chaos, with some originating from countries not directly connected to the conflict, with examples being the U.S., China and North Korea.

In the first quarter of 2022 alone, the security company compiled the following data:

  • Kaspersky DDoS Intelligence system detected 91,052 DDoS attacks.
  • 44.34% of attacks were directed at targets located in the USA, which comprised 45.02% of all targets.
  • The largest number of DDoS-attacks (16.35%) come on Sundays.
  • Most attacks (94.95%) lasted less than 4 hours, but the longest attack continued for 549 hours (nearly 23 days).
  • 53.64% of attacks were UDP flood.
  • 55.53% of command and control servers were located in the USA.
  • China accounted for 20.41% of bots attacking our SSH honeypots and 41.21% of those attacking Telnet traps.

The ramped up number of attacks first became noticeable in January and February of this year. In this two month period, Kaspersky says they noticed an average of 1,406 attacks per day. The busiest day for DDoS attacks and cyber criminals by the numbers was January 19th, when Kaspersky recorded 2,250 DDoS attacks on that day alone. The average number of attacks has shrunk since the end of February, for an average of 697 per day over the month of March.

These attacks came from a number of different sources both from Russian-backed cyber forces, and even a large contingent stemming from hacktivist activity attempting to aid Ukraine in their cyberwar. Examples include a site mimicking the popular 2048 puzzle game to gamify DDoS attacks on Russian websites, and a call to build a volunteer IT army in order to facilitate cyberattacks.

In addition, some attacks lasted for longer durations overall as well. According to Kaspersky, an attack carried out starting on March 29 lasted 177 hours in total–or just over a week. This lengthened span of attacks points to the majority of targets of attacks lasting more than a day were aimed at government agencies and banks, according to the cybersecurity firm.

“Some of the attacks we observed lasted for days and even weeks, suggesting that they might have been conducted by ideologically motivated cyberactivists,” Gutnikov said. “We’ve also seen that many organizations were not prepared to combat such threats. All these factors have caused us to be more aware of how extensive and dangerous DDoS attacks can be. They also remind us that organizations need to be prepared against such attacks.”

SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)

Protecting against DDoS attacks

In order to be ready in case of cyber attack against an organization, Kaspersky offers the following five tips:

  1. Maintain web resource operations by assigning specialists to respond to DDoS attacks
  2. Validate third-party agreements and contact information
  3. Implement professional solutions to safeguard your organization against DDoS attacks
  4. Know your traffic and use network and application monitoring tools to identify traffic trends and tendencies
  5. Have a restrictive Plan B defensive posture ready to go

With the ongoing war between Russia and Ukraine, the cybersecurity company says it is too early to estimate if these types of attacks will spike once more. However, Kaspersky says in its blog that they do not believe that the number of DDoS raids will sharply decline until the geopolitical conflict is resolved.

It is recommended that cyber defense systems be on standby in case of attack to either help defend against an impending assault and also to aid in data recovery should an organization fall victim to a DDoS attack. Getting out ahead of a potential disaster could mean a large amount of time, revenue and work saved for enterprises, so employing a zero-trust approach could be the difference between fending off an attack and having to engage disaster recovery on the fly.