Critical Infrastructures in the crosshairs – How do energy operators, banks and airports protect themselves against DDoS attacks? 

  • Fabian Sinner
  • July 24, 2023

Table of content

    Critical Infrastructures in the crosshairs – How do energy operators, banks and airports protect themselves against DDoS attacks? 
    • Research by European IT security provider Link11 and UK law firm Penningtons Manches Cooper highlights current digital threats due to DDoS 
    • Number of politically motivated DDoS attacks has significantly increased since the war in Ukraine  
    • Modernized, sophisticated DDoS attacks unleash their damage at record time (2022: 55 seconds / 2021: 184 seconds) and threaten the cornerstones of public life   
    • Decision-makers within the Critical Infrastructure suffer still too often from lack of awarness and digital resilience – decentralized, state-sponsored and pro-Russian groups (NoName057, Killnet and Anonymous Sudan) will probably increase DDoS-attacks  

    Cybercrime experts worldwide agree that the evolving nature of DDoS (Distributed Denial of Service) attacks continues to pose an ever-more significant challenge for government bodies and various organizations. These are virtual assaults attempting to overwhelm online services by supplying them with more traffic than they can handle – a method of disruption that renders them unavailable to users.  

    According to statistics provided by the UK government, cyber-attacks, as a whole, have cost Britain’s economy around £27 billion annually, with DDoS standing at the forefront of digital criminal practices. Data shows that, during the COVID-19 pandemic, these online strikes increased globally as cybercriminals more vigorously tried to exploit the vulnerability of the remote working population. 

    Fast average time-to- mitigate (TTM) crucial for successful DDoS defense 

    In light of the alarming jump in politically motivated DDoS attacks, Link11, a Frankfurt-based cyber security service company, has taken the lead in developing adaptive measures that safeguard web infrastructure and mitigate against the devastating effects of these nefarious activities. Link11 mitigates 6 times faster than other vendors according to Frost & Sullivan benchmark study results. The systems are fully automated, feature a patented AI approach to detection, and provide an easily scalable cloud-based service that requires no hardware investment. 

    In 2022, the company noted that the DDoS landscape had significantly changed, with the critical attack volume hitting 55 seconds, compared to the old average of 184, which was the standard in 2021. Hence, the speed of these so-called turbo-strikes, designed to paralyze networks, was too swift for counteract measures to get timely activated.  

    The packet rate had also swelled, with an average of 3.3 million per second, compared to the 2021 average of 990,000, as had the bandwidth of attacks, which doubled from 2021 to 2022, going up to 2.6 Gbit/s from 1.4 Gbit/s. 

    According to Link11’s company spokesperson, Lisa Fröhlich“The metamorphosis of DDoS attacks is in full swing…they are becoming ever more diverse, complex, and sophisticated.”

    Thus, everyone must understand their prevalence and leverage advanced technologies such as machine learning, artificial intelligence, and automation to successfully combat them.  

    DDoS attacks growing focus on CRITIS 

    CRITIS is short for Critical Infrastructure and Information Systems. These are indispensable centers of operation vital for a country’s economy and society to function decently. They encompass critical sectors such as food, energy, finance, health, communication, transport, waste management, administration, traffic, and water.  

    Their importance and reliance on IT make them susceptible to DDoS, and it does not help that most of these branches use outdated technology established decades ago, making them super vulnerable to exploits. On top of this, human error, unintentional mistakes, or negligence also poses a dramatic risk factor to CRITIS security by giving attackers extra openings to infiltrate these systems. 

    According to Tom Perkins, an associate at Penningtons Manches Cooper LLP, a top-ranked UK and international law firm“The reality of human error should not be overlooked. Critical infrastructure operators must be proactive in taking steps to mitigate human mistakes in cyber security through effective training and comprehensive policies and guidance.”   

    Charlotte Hill, a partner at Penningtons Manches Cooper, adds“The critical infrastructure sector is at particular risk because of the devasting effects a cyber-attack could have on society at large. For this reason, critical infrastructure organisations need to go above and beyond to ensure systems and processes are secure and protected.”  

    You can download the CRITIS-Whitepaper here. 


    About Penningtons Manches Cooper
    Penningtons Manches Cooper is a leading UK and international law firm.Its legal services cover a range of specialist areas including corporate and commercial, corporate tax, banking and finance, dispute resolution, professional regulation, real estate, residential property, wills, trusts and probate, UK and offshore tax planning, family, intellectual property and technology, employment, immigration, clinical negligence and personal injury matters. It is a member of Multilaw, an association of 73 firms in 60 countries worldwide.  

    At Penningtons Manches Cooper, our lawyers are leaders in the field and at the vanguard of cyber security and cybercrime. We recognised cyber law as a distinct and emerging legal specialism at a time when its parameters were first being defined and our practice consistently offers clients both technical excellence and a practical understanding of the key issues.  

    Link11 Recognized on the Cybersecurity 500 List
    Cybersecurity in the spotlight: Black Friday and the challenges of a smooth shopping experience