Netscout : DDOS attacks mirroring increased global geopolitical tensions
January 2023 by NETSCOUT
As distributed-denial-of-service (DDoS*) attack volumes have gradually increased over the course of the last 20 years, recent data has firmly established the link between geopolitical conflicts and these types of cyberattacks.
The most apparent example of this trend is the ongoing war between Russia and Ukraine. The war has resulted in 66 per cent** of businesses changing their cybersecurity strategies, and 82 per cent*** of security professionals today believe that geopolitics and cybersecurity are intrinsically linked. What’s more, according to NETSCOUT’s 1H2022 Threat Intelligence Report, since Russia invaded Ukraine nearly a year ago, cyberattacks have become increasingly featured as part of threat actors’ attack methodology.
In the Europe, Middle East and Africa (EMEA) region, research from NETSCOUT shows there to be a substantial increase in DDoS attacks targeting government resource, internet service providers (ISPs), and financial firms in the days leading up to the start of the conflict between Russia and Ukraine. As Ukrainian internet properties started to relocate to other countries to ensure connectivity, threat actors followed them, launching DDoS attacks against the nations offering support to the besieged nation. For instance, after Ireland welcomed numerous Ukrainian organisations, there was a 200 per cent increase in attacks against organisations in the nation.
Likewise, as tensions rose between Taiwan, China, and Hong Kong in 1H2022, DDoS attacks against Taiwan took place with increasing frequency, in concert with related public events. What’s more, India experienced the second-highest number of DDoS attacks in APAC during 1H2022; attack activity increased substantially after the country decided to abstain from both United Nations Security Council and General Assembly votes condemning the Russian invasion of Ukraine.
Richard Hummel, threat intelligence lead for NETSCOUT, has made the following comments about DDoS attacks mirroring rising global geopolitical tensions, as well as how organisations in nations experiencing geopolitical conflicts can defend themselves from DDoS attacks:
“DDoS attacks often represent forms of geopolitical protest, being deployed in an attempt to disrupt governments and vital organisations. In all scenarios, DDoS attacks must move across multiple ISPs in order to reach their intended victim. Even an attack which is successfully prevented will use up valuable resources on any ISP network it is able to reach. As the majority of these attacks don’t just target a single victim, many organisations will be impacted when they take place – not least ISPs. Therefore, it is imperative for organisations in regions experiencing geopolitical unrest to be well prepared in the event they’re targeted by a DDoS attack.
“As geopolitical conflicts continue to rage on, organisations in countries experiencing these events should strongly consider installing a robust DDoS protection system, in order to stop DDoS attacks from crippling their online infrastructure. For example, in a scenario where businesses with a sturdy DDoS mitigation system are on the receiving end of a DDoS attack, there is no need for them to be concerned about potential damage to their online infrastructure as the solution will be able to thwart attackers.
“It is also crucial for businesses in affected nations to periodically test their online infrastructure. By doing this, organisations ensure that alterations made to applications and services are protected by the DDoS defence strategy. This is a must for enterprises during periods of sociopolitical unrest as regular testing ensures enterprises are aware of new DDoS attack methodologies and trends being developed by threat actors – which takes place with increased regularity amidst periods of geopolitical tensions.
“As the ongoing geopolitical conflicts demonstrate, DDoS attacks and socio-political events are intrinsically linked to one another, being utilised by cybercriminals as part of their weaponry. Organisations in affected countries must do their utmost when it comes to sufficiently protecting themselves in the event they’re targeted by threat actors.”