DDoS trends in 2023: What should organisations be aware of and prepare for this coming year?

By Richard Hummel, threat intelligence lead for NETSCOUT.

  • 9 months ago Posted in

The distributed-denial-of-service (DDoS) threat landscape evolves on a continuous basis, with cybercriminals innovating new ways of bypassing the cybersecurity measures organisations have in place. Indeed, findings from NETSCOUT’s latest Threat Intelligence Report highlight how attackers have conducted more pre-attack reconnaissance, exercised new attack vectors, and rapidly expanded high-powered botnets to plague network-connected resources.

These attacks are capable of inflicting serious damage onto organisations – even hindering their business continuity. Therefore, it is essential for businesses to keep abreast of key DDoS trends, shifts in attack methodologies, and effective DDoS defence tools to mitigate these attacks.

Geopolitical conflicts

Our research firmly establishes that DDoS attacks, which have steadily increased in volume over the last two decades, are intrinsically linked with geopolitical unrest. Nation-state actors regularly target internet infrastructure, which takes out services reliant upon internet connectivity, including critical communications. In the EMEA region, there was a significant increase in DDoS attacks targeting internet service providers (ISPs) in the days leading up to the start of the Russo-Ukrainian war.

What’s more, after the war began, Ukrainian internet properties began to relocate to other nations to ensure connectivity remained intact. Cybercriminals followed and launched DDoS attacks against countries offering to assist the besieged nation. For example, Ireland saw a 200 per cent increase in DDoS attack activity after Ukrainian resources decided to relocate their cloud-based systems to the nation. Even if these attacks are successfully blocked by defence systems, valuable resources are consumed on any targeted network.

Types of DDoS attacks on the rise

With DDoS defence systems becoming increasingly effective, threat actors are having to develop new DDoS attack vectors and methodologies which can bypass these solutions.

As anti-spoofing efforts increase around the world, both direct flooding and application-layer DDoS attacks are being used with great regularity. For example, the most popular attack vectors are TCP-based flood attacks, which make up approximately 46 per cent of all DDoS attacks. What makes these attacks so effective is that they can come from powerful sources, such as cloud-based infrastructure, which have sizeable computing and bandwidth resources. Additionally, threat actors are attacking hosts much closer to the target than ever before, therefore avoiding many layers of transit, possible discovery, and potential mitigation.

Speaking of adversaries attacking organisations from a much shorter distance, DDoS attack traffic is accelerating where it originates from within the same network that is being targeted. This bypasses any possible ingress and transit points. Traditionally, DDoS mitigation systems have prioritised protecting internet properties and networks by installing detection and defence technologies at convergence points for inbound network traffic. While this approach worked well when it came to protecting targeted networks from inbound DDoS attacks, it did little to stop intranet and cross-bound DDoS attacks – which can be equally as destructive as inbound attacks.

This adaption and innovation displayed by threat actors necessitates organisations updating their DDoS protection systems and adapting to the ever-evolving threat landscape.

Intelligent DDoS mitigation

The best approach organisations can take to protect their networks is implementing adaptive DDoS defences at all network edges. This allows network operators to suppress DDoS attacks as they enter at multiple points to cover the entire network edge or before the point at which they converge into a large-scale attack. Through the implementation of edge-based attack detection, effective DDoS mitigation and network infrastructure-based mitigation techniques at every network access point, operations can implement adaptive DDoS suppression systems. This provides a solution that is capable of countering DDoS attack volume and cybercriminal innovation.

One method of DDoS suppression organisations can use to secure their network is a solution that is able to predefine what IP addresses an adversary may use to launch an attack. When an attack using the identified infrastructure starts, these systems’ countermeasures can swiftly block attacks before any further routing decisions or manual analysis is necessary. As a result, the attack is nullified before reaching critical mass.

The ever-evolving nature of the threat landscape means organisations must stay aware of the major trends. By doing so, organisations can prepare accordingly for any potential threats which may come their way this year.

By Jon Fielding, Managing Director, EMEA at Apricorn.
By Patrick Beckman Lapré, Digital Trust Specialist, DigiCert.
By David Trossell, CEO and CTO of Bridgeworks.
By Patrick Wragg, Head of Incident Response at Integrity360.
By Chris Steiner, VP EMEA, Zimperium.
By John Linford, Security & OTTF Forum Director at The Open Group.
As a global leader providing hyperscale and large enterprise data centre solutions, a robust, scalable and efficient cybersecurity solution is of critical importance to Colt Data Centre Services (Colt DCS).
Q&A with Abhilash Verma, General Manager, NetScaler.