The number of Distributed Denial of Service (DDoS) attacks has shot up since the first half of last year, according to new research, with DDoS-for-hire services becoming increasingly sophisticated.
Figures from Netscout show there were almost nine million DDoS attacks in the second half of 2024, up 12.75% on the first half.
The rise is driven by the increasing use of DDoS attacks as a tool of choice in cyber warfare linked to socio-political events such as elections, civil protests, and policy disputes.
In the last year, for example, Israel experienced a 2,844% increase in attacks linked to hostage rescues and political conflicts, while Georgia saw the rate rise by 1,489% during the lead-up to the passage of the Russia Bill.
Similarly, Mexico saw a 218% increase during its national elections and the UK experienced a 152% rise on the day the Labour Party resumed session in Parliament.
Other major attacks were connected with political events in India, Turkey and Kenya.
Richard Hummel, director of threat intelligence at Netscout, said DDoS attacks have emerged as the “go-to tool for cyber warfare” and warned the trend shows no sign of slowing down.
One of the biggest players in politically motivated DDoS campaigns is the NoName057(16) group, which uses the DDoSia botnet.
“NoName057(16) continues to be the leading actor for politically motivated DDoS campaigns targeting governments, infrastructure and organisations,” said Hummel.
“In 2024, they repeatedly targeted government services in the United Kingdom, Belgium and Spain.”
DDos-for-hire services are mixing up techniques
DDoS-for-hire services are now using AI to bypass CAPTCHAs, the study warned, with nine-in-ten platforms now offering this capability.
NetScout added that many use automation to enable multi-target DDoS campaigns that require minimal supervision, thereby significantly increasing the efficiency of attacks.
Other infrastructure exploitation techniques include carpet bombing, geo-spoofing, and IPv6 to expand attack surfaces and bypass defenses.
Carpet bombing attacks hit entire subnets instead of single hosts, while attackers are also increasingly leveraging proxy infrastructure to amplify and disguise their impact.
By late 2024, NetScout said proxy-driven HTTPS attacks accounted for more than one-in-five of all attacks.
“Even the most novice operators can launch significant DDoS attack campaigns causing substantial harm,” the company said.
Botnet activity continues to increase, said NetScout – and these days it’s not just a question of low-power Internet of Things (IoT) botnets, with enterprise servers and routers now being exploited to make attacks more severe and remediation harder.
Law enforcement takedown efforts, such as Operation PowerOFF, continue to target DDoS-for-hire services, but have only a temporary effect as new platforms take their place. There has, indeed, been no significant decline in global attack volume as a result of takedown operations.
“While takedowns momentarily disrupt attack platforms and reduce botnet availability, their long-term impact remains uncertain as attackers adapt and reconstitute their networks,” NetScout said.
MORE FROM ITPRO
Source link
-
-
-
-
-
-
-
-
