Posted on January 24, 2023 at 5:35 PM
Rostelecom stands as the largest internet service provider in Russia. Recently, the ISP has made an interesting announcement: 2022 was a record-breaking year when it comes to the sheer volume of DDoS attacks targeting Russia’s organizations.
DDoS Attacks for Everyone
Distributed Denial of Service (DDoS) attacks are attacks made with the idea of disabling various online functionalities of a service. This is usually done by overwhelming the service in question through a massive bulk of requests, which clogs up its processing power. This removes the ability of the servers to process new connections to legitimate clients, making them unresponsive until the attack stops.
This, of course, could easily be attributed to the Ukrain-Russian war. Threat actors aligned with both sides of the conflict have made widespread use of DDoS attacks. It’s relatively easy to pull off with the right technical skill and has been liberally used to cripple critical services of both sides. A typical trigger for such an attack from either side is some announcement regarding the ongoing war, which sparks newfound zeal to attack and disrupt.
DDoS Attack of 760GB/Sec
Rostelecom had published a report about the matter, wherein the company revealed its experts had recorded an excess of 21.5 million attacks against critical web services. These attacks targeted around 600 organizations within Russia, targeting retail, telecom, public and financial sectors of the country.
Rostelecom made some interesting observations, as well. The most potent DDoS attack the ISP had recorded this year was a staggering 760 GB/sec. This stands as close to twice the strength of last year’s most powerful DDoS attack. The longest DDoS attack recorded this year had lasted a staggering three months, as well.
Further details revealed that Moscow was the most frequent target of these DDoS attacks. This is a logical conclusion once you consider that the majority of Russia’s top companies are based within the nation’s capital. In total, Rostelecom recorded more than 500,000 DDoS attacks targeting Russia’s capital.
Financial Sector Hit Hard
The attacks began in full force back in March of 2022. According to Rostelecom, this all came to a head in May of that year. According to the IPs tracked via the attacks, Rostelecom states that these May attacks primarily originated from the US, with the targets in question being the banking sector. With VPNs being so prolific these days, that’s not saying all that much.
It should be noted, however, that this information coincides with similar reports given by Sberbank. Russia’s largest bank was reported to have suffered spectacular levels of DDoS attacks, more than it had ever seen. The biggest attack against the bank was recorded at 450GB/sec.
Disruption Is The Goal
Another important event that occurred in May of 2022 came from Ukraine’s IT Army. The group had announced that they had managed to disrupt the alcoholic beverage distribution channels for Russia’s armies. They had managed to do that after successfully targeting an essential online portal for the entire operation.
According to Rostelecom, these relentless attacks had a period of stable intensity between July and December of 2022. Even so, this intensity was considered lower than recorded during Q2 2022. Rostelecom explained that after December, the attacks started to increase in its sophistication and refined in their targeting.
A good example would be the DDoS attack done to VTB Bank. VTB is Russia’s second-biggest financial firm. The DDoS attacks at that time were so bad that the main website and mobile apps of the bank were forced offline for several days.
Rostelecom gave some statistics about cyberattacks occurring in Russia in general. These numbers show that approximately 80% of all cyberattacks done against them have been DDoS attacks. The rest of these, according to Rostelecom, was the exploitation of various website vulnerabilities.
Another critical detail is the fact that the majority of these cyber-attacks targeted the public sector. Of all the recorded cyber attacks, 30% of them were aimed at this space, and were twelve times more than 2021’s numbers. Second place goes to the Financial sector, which held 25% of the share of cyber attacks.
As for why this is happening, Rostelecom’s statement claims that these attacks were made with the aim of disrupting the economic sector of Russia. As an added bonus, these threat actors took the chances they could find in stealing from various databases holding personal and financial data of the finance sector’s customers.
Time will tell if 2023 will be a record-breaker in terms of cyber attacks. The Russo-Ukrainian war is still ongoing, and tensions are high in many groups because of it.