- Disputes over politics, religion, and ideology are frequently accompanied by attack campaigns to disrupt the online operations and communications capabilities of governments, organisations, communities of interest, and individuals.
- Militarily capable nation-states are increasingly openly embracing online aggression, with the realisation that their actions may result in kinetic responses that introduce deadly new dimensions of unpredictability into already volatile situations.
Distributed Denial of Services (DDoS) attacks are an increasingly popular attack vector used by cybercriminals. They aim to disrupt the regular traffic of a targeted server, service, or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.
DDoS attacks also target mission-critical business applications that organisations rely on to manage daily operations.
NETSCOUT’s latest threat intelligence report found that countries across the Middle East and Africa, such as Egypt, Saudi Arabia, and Turkey, have experienced DDoS attacks on critical industries such as telecom, aviation, and data processing services.
One of the ways DDoS has been used globally is as a weapon in geopolitical conflicts. Since the early 2000s, DDoS attacks with socio-political motivations have been a regular feature of the internet.
Disputes over politics, religion, and ideology are frequently accompanied by attack campaigns to disrupt the online operations and communications capabilities of governments, organisations, communities of interest, and individuals.
This phenomenon has never been more visible than during the first half of 2022.
DDoS attacks driven by conflict, which were previously deemed local or regional in nature, have global implications and collateral damage. This is especially true when the socioeconomic model continues to globalize and integrate.
Similarly, militarily capable nation-states are increasingly openly embracing online aggression, with the realisation that their actions may result in kinetic responses that introduce deadly new dimensions of unpredictability into already volatile situations.
2022: A record-setting year
NETSCOUT reported more than six million cyberattacks in the first half of 2022. Of these attacks, a majority corresponded with national or regional conflicts.
DDoS attacks, in comparison to other sorts of cyber threats, can be launched rather swiftly. Furthermore, while DDoS attacks can create significant damage on their own, they can also obscure or divert attention away from more serious concerns.
The majority of the high-profile DDoS attack campaigns seen in the first half of 2022 have coincided with national or regional conflicts that elicited global responses.
Indeed, the majority of DDoS attacks are essentially transnational in scope and scale, with skilled bad actors increasingly conducting significant pre-attack reconnaissance to identify critical elements in their targets’ service delivery chains to ensure the success of adaptive DDoS attacks.
As a result, businesses and individuals who have no visible interest in a particular geopolitical event are adversely affected by related DDoS attacks.
Since the start of the Russia-Ukraine conflict in early 2022, cyberattacks have become an increasingly important component of the offensive playbook, with more than 80 per cent of security professionals now believing that geopolitics and cybersecurity are inextricably linked.
Similarly,66 per cent of firms have adjusted their cybersecurity tactics in response to the conflict, and 64% believe they have been the target of a nation-state cyberattack.
Attackers think locally, attack globally
DDoS trends from the first half of 2022 show that many nation-states are abandoning strategic ambiguity in favor of open hybrid warfare, and as unpleasant as that is, it is important to use caution and restraint when attributing those attacks, because many challenges remain when it comes to positively identifying online perpetrators.
DDoS is an effective method for disrupting networks and lowering morale in countries experiencing social instability. But opponents don’t need a specific motive to launch an attack; they can do it under the pretext of activism, religion, nihilism, military conquest, and other guises.
In this situation, the best way to avoid collateral damage is to constantly review DDoS risk factors, particularly those connected to direct service delivery elements, supply chain partners, and other dependencies.
Organisations must ensure that important public-facing servers, services, applications, content, and supporting infrastructure are suitably protected.
They should also ensure that DDoS defense plans reflect ideal current setups and operational situations, and that the plans are tested on a regular basis to ensure that they can be applied successfully as needed.
Overall, events over the last year have demonstrated that DDoS attacks, whether undertaken by nation-states, ideological groups, or rogue individuals, are not going away anytime soon.
DDoS is a powerful technique for disrupting networks and undermining morale in countries experiencing geopolitical turmoil, with fresh attacks occurring on a daily basis. In this time of war and global turmoil, organisations must be vigilant in their defense.
- Emad Fahmy is a Systems Engineering Manager for Middle East at NETSCOUT.