26 november 2021
DDoS-attack Operators Increase Their Influence in Europe
Europe, along with the United States, Canada, and leading Asian economies, has long been a major supplier of digital technology. E-commerce, the gaming industry, and various financial transactions in the virtual world are gaining momentum every year. This factor, along with the ill-fated virus, quarantine methods, and the widespread conversion of employees of various companies to online modes of work, creates a fundamentally new ground for cyber threats. These changes are quite easy to trace through competent statistics.
A Brief Overview of DDoS Attacks in Europe
Distributed Denial of Service (DDoS) attacks prevent system users or services from accessing relevant information, services, or other resources. This step is performed by overloading a service or components of the network infrastructure. Attackers can increase the number of attacks by targeting more sectors with different motives.
- In 2007, the power of DDoS attacks was felt at the nation-state level. These were the limits of pranks and recklessness. Hackers waged a real war against Europe's new governments. Estonia was the first target for cyber confrontation. The DDoS attack hit the country's government websites hard. Among the targets of the attack were the sites of the prime minister's office and the presidential palace.
- In the spring of 2013, a DDoS attack with a speed of 300 gigabits per second was felt by the main providers and the largest traffic exchange points of European capitals. As it turned out, the attack was caused by a conflict between Spamhaus, a spam distributor, and the Dutch provider Cyberbunker. Cyberbunker was listed as a spammer and this was the cause of the dispute. Cyberbunker, located in a five-story building of a former NATO military bunker, was considered one of the most radical Internet service providers at the time and was the main cyber threat. Its DDOS attack severely damaged the networks of Europe's largest ISPs. On March 23, 2013, it caused serious problems at a traffic exchange point in London.
- At the end of September 2020, Hungary experienced a powerful DDoS attack on financial and telecommunications organizations. At the same time, it became known about a series of DDoS attacks on the Swedish resource Flightradar24 and the British Plane Finder, which allow real-time tracking of aircraft movements. These services are in high demand, allowing people meeting a flight to assess the likelihood of a missed flight, and the media to publish information about incidents with aircraft. As a result of the attacks, the services operated intermittently, and their Twitter accounts reported the attack.
By and large, these are just a few examples of what cyber threats related to DDOS attacks represent. This is a huge potential that requires special attention at various levels of cyber defense management.
DDoS attacks in Europe have become a serious headache for many companies. Over the past 10 years, the average DDoS traffic has grown by more than 1000%. This is confirmed by several credible sources. Many people remember 2010 when the first DDoS attack was recorded at up to 100 Gbps, and now, over the past 2-3 years, there has been an increase in attacks over 100 Gbps. Attacks are doubling every year, and the maximum number of DDoS attacks last less than 1 hour. For the most part, these are large DDoS attacks with speeds greater than 5 Gbps, which regularly exceed the monthly average. The best time for hackers is considered the Tuesday to Friday part of the week.
The increase in large-scale DDoS attacks is due to the increasing capabilities of the equipment that gives users access to high-speed data transmission. Attackers are becoming more sophisticated and are using tools to conduct large-scale attacks. The largest share of attacks, more than 40 percent, is in the entertainment sector. Hackers can cause a lot of damage in a very short period and make a quick buck through blackmail. In second place is the telecommunications sector, with various hosting providers and data centers. Compared to the end of 2020, the number of attacks in the first quarter of 2021 has increased by more than 50%. Finally, in third place in the e-commerce sector, where the number of DDoS attacks increased by 20% due to the growing popularity of online shopping, which is associated with quarantine methods. In addition, the top five most attractive areas for hackers included the construction and financial sectors.
The parameters of DDoS attacks can be judged by the volume of traffic or data rate, as well as the number of packets or packet transmission rate. DDoS attacks with high data rates overload network links, while high packet rate attacks aim to reduce the packet performance of routers, servers, or other equipment. Right now, most attacks are in the 1-5 Gbps and 1-10 million packets per second (Mpps) range. More than 80% of the traffic is TCP/UDP flood attacks. The rest of the total traffic belongs to HTTP/HTTPS flood attacks, which were conducted at the application level. Many of the attacks were carried out by amateurs using simple tools that can be purchased online for a few dollars. Such DDoS attacks could very well be a ruse. During an attack, security engineers can let their guard down, distracted by minor DDoS attacks, and it's easy for hackers to test a website's existing security mechanisms.
This year, botnet operators are increasingly using infected IoT devices to carry out their DDoS attacks, and are finding many new tools to amplify assaults. One example is the Plex media server to set up a media server on Windows, macOS, or Linux computers and network-attached storage (NAS) devices. As a result, nearly 37,000 devices with Plex installed were vulnerable to cybercriminals. Earlier this year, DDoS ransomware brought down 800 GB of garbage traffic to a European gaming company. Then the Maltese Internet service provider Melita, Austria's A1 Telekom, and the British exchange EXMO were attacked. These are all links in the same chain. Ransomware activity is likely to spur the growth of cryptocurrencies. If the cryptocurrency market suddenly begins to fall sharply, we can expect an increase in DDoS activity, primarily due to simple short-term attacks.
At the same time, game industry leader Blizzard reported a January DDoS attack. World of Warcraft and League of Legends players will likely continue to face delays. This affects all players trying to participate in Clash tournaments. They regularly encounter problems logging into servers and losing contact with them. It's a full-blown virtual network frenzy. Many schools are moving to online learning. In health care, attacks affect decisions related to COVID-19. All this is accompanied by disruptions to related resources. Attackers are using IoT-based DDoS attacks even more actively in 2021. Their targets range from financial or economic gain to trivial revenge and intellectual challenge.