We recently contextualized two “ransomware hotspots” – with geopolitical strategic implications in the U.S. and in the Pacific Islands – as battlefields in the Global Cyber War.  Ransomware extortions are also at a record high in 2023, with  “Big Game Hunting” and geopolitics as drivers. According to a recent report by Cloudfare, add a surge in newly sophisticated DDoS attacks to your organization’s risk awareness and cybersecurity mitigation efforts for the latter part of this year and beyond.     

Surging DDos Attacks are also More Sophisticated in 2023

Cybersecurity Dive provides a summary of the Cloudflare report released on July 18th – DDoS Attack Trends for 2023 Q2: 

• Distributed denial of service attacks surged during the second quarter as criminal and state-linked hacking organizations unleashed a number of sophisticated attacks against critical infrastructure providers and other organizations across the globe, Cloudflare said in a report released Tuesday.  
• Experts linked pro-Russia hacktivist groups, including Killnet and Anonymous Sudan, to recent major DDoS attacks against Microsoft and threats against financial centers in the U.S. and Europe. 
• Cloudflare research shows a sharp increase in deliberately engineered and targeted DNS attacks. (1) 

Graph Source:  Cloudflare

From the Report

“The second quarter of 2023 was characterized by thought-out, tailored and persistent waves of DDoS attack campaigns on various fronts, including:

• An increase in deliberately engineered and targeted DNS attacks alongside a 532% surge in DDoS attacks exploiting the Mitel vulnerability (CVE-2022-26143). Cloudflare contributed to disclosing this zero-day vulnerability last year.
• Attacks targeting Cryptocurrency companies increased by 600%, as a broader 15% increase in HTTP DDoS attacks was observed. Of these, we’ve noticed an alarming escalation in attack sophistication which we will cover more in depth.
• Additionally, one of the largest attacks we’ve seen this quarter was an ACK flood DDoS attack which originated from a Mirai-variant botnet comprising approximately 11K IP addresses. The attack targeted an American Internet Service Provider. It peaked at 1.4 terabit per seconds (Tbps) and was automatically detected and mitigated by Cloudflare’s systems.
• Despite general figures indicating an increase in overall attack durations, most of the attacks are short-lived and so was this one. This attack lasted only two minutes. However, more broadly, we’ve seen that attacks exceeding 3 hours have increased by 103% QoQ.” (2)

Graph Source:  Cloudflare

Hacktivist alliance dubbed “Darknet Parliament” aims at Western banks and SWIFT network

On June 14, Pro-Russian hacktivist groups Killnet, a resurgence of REvil and Anonymous Sudan announced that they have joined forces to execute “massive” cyber attacks on the Western financial system including European and US banks, and the US Federal Reserve System. The collective, dubbed “Darknet Parliament”, declared its first objective was to paralyze SWIFT (Society for Worldwide Interbank Financial Telecommunication). A successful DDoS attack on SWIFT could have dire consequences because it’s the main service used by financial institutions to conduct global financial transactions. (2)

DDoS attacks were up compared to the first quarter of 2023,
but are down compared to last year. Image: Cloudflare (2)

Graph Source:  Cloudflare

The Cloudflare report can be found at this link.  

What Next?

It is conventional wisdom amongst cybersecurity professionals, based on years of painful experience, that DDoS attacks can we swift and very impactful  – and recovery from a DDoS attack can be remarkably difficult – which should act as an incentive for bolstering your defensive posture now.