In the eye of the storm – the number of DDoS attacks is decreasing; at the same time, they are becoming more dangerous.
Marc Wilczek (Managing Director, Link11):
“These turbo attacks are red hot. They peak very quickly instead of rising continuously. Such DDoS attacks can cripple network systems even before defences can take full effect.”
For more than two years, the Corona pandemic has influenced social life and the economy. In many areas of life, it has accelerated the digital transformation.
The cyber threats associated with advancing digitalization are among the most serious consequences for business, industry and the public sector. Even though, according to a German Bitkom survey published in June, digitization has lost pace since the start of the war in Ukraine, the threat in cyberspace continues to intensify.
Despite this threat, the Link11 Security Operations Center recorded a temporary decrease in DDoS attacks on the Link11 network for the first time. In the first half of 2022, the total decreased by more than three quarters (80%) compared to the same period last year in the record DDoS year of 2021.
“In the past two years, several major DDoS extortion waves have been one of the strongest drivers of criminal DDoS activity,” commented Marc Wilczek, Managing Director at Link11, on the decrease. “Even though attack numbers increased significantly again in July, we have observed significantly fewer ransomware DDoS attacks so far. In addition, the world’s largest darknet marketplace was shut down in the spring, draining one of the gathering points of criminal energy,” Wilczek adds.
While there are fewer attacks, they are more dangerous. That’s because, as LSOC has observed in recent years, it’s not just the DNA of attacks that is continually changing. Instead of attacking companies indiscriminately in the hope of success, companies are being explicitly targeted with sophisticated DDoS attacks.
In addition, the attacks recorded during the period under review are significantly shorter, more intense, and more sophisticated.
For the first time, DDoS attacks recorded on the Link11 network were analysed regarding how many seconds must pass after the first bytes are transmitted before traffic reaches its maximum value. In the first half of 2022, a critical payload was reached, on average, just 55 seconds after the DDoS attack began.
In comparison, attacks in 2021 peaked only after an average of 184 seconds. “These turbo attacks are red hot. They peak very quickly instead of rising continuously. Such DDoS attacks can cripple network systems even before defences can take full effect,” Wilczek explains.
The trend toward high-bandwidth DDoS attacks also continues unabated. Average maximum attack bandwidths have continued to increase year on year from 266 Gbps in the first half of 2021 to 325 Gbps in the first half of 2022. The largest DDoS attack recorded on the Link11 network was stopped at 574 Gbps.
The correlation between duration and intensity of DDoS attacks also shows: Attacks are shorter and, at the same time, more intense. The more concentrated, targeted, and sophisticated attacks are the more precision and speed are required to detect and stop them.
Thus, time is becoming an increasingly essential factor in dealing with DDoS attacks.
The full report is available for download on Link11’s website.