Posted on September 19, 2022 at 2:21 PM
The Eastern European org was recently hit by the second largest-ever publicly known distributed denial of service (DDoS) attack. Akamai noted that the DDoS attack went beyond 700 million packets per second (Mpps).
According to the report, the threat actors responsible for the record-breaking DDoS attack earlier in July are also responsible for the latest one. Although Akamai said the attack targeted the same customer, it didn’t name the affected customer in its report.
The attack in July reached a peak of 659.6 Mpps while the targeted organization was attacked 75 times at its main data center. It peaked at 704.8 Mpps, hitting global locations 201 times. The report also revealed that the recent attack targeted 1,813 IP addresses while the July attack went after 512 IP addresses.
The command and control (C2) servers of the attackers did not waste any time activating the multi-destination attack, which rose by 60 seconds, according to Akamai’s Craig Sparling.
He added that for safety reasons, they cannot provide further details about the attack as well as the identity of the Eastern European customer targeted during the exploit.
Akamai said its Prolexic platform went into action immediately to minimize the impact of the DDoS attack on the organization. According to the platform, its 20 high-capacity scrubbing centers around the world prevented a massive impact of the DDoS attacks. It also claimed that its Tokyo, London, and Hong Kong locations shut down the bulk of the bot-driven traffic on both occasions.
The Russian Actors Have Been Linked To High-Profile Attacks
While there was little information provided about the threat actors responsible for the attack, an “additional information” section directs users to two blog posts by CISA relating to the attacks. Both posts were alerts earlier addressed to users regarding attacks by Russian-state threat actors. One of the alerts provides general information on Russia’s cybercriminal activities while the other alert provides mitigation techniques for Russian state-sponsored threats.
In the report, CISA stated that the Russian government engages in malicious cyber activities to pursue a wide range of cyber espionage. It engages in these activities to harm regional and international adversaries, steal intellectual property, and suppress certain social and political activities.
The Russian-sponsored hackers are also targeting specific organizations in the U.S. and other Western nations. These organizations include election organizations, commercial facilities, video gaming, energy, defense, healthcare and pharmaceuticals, critical manufacturing, and the aviation sector.
It also reported that the Russian threat actors have been linked to several high-profile malicious cyberattacks, including the breach of the SolarWinds software supply chain in 2020. Other high-profile attacks include the 2017 NotPetya ransomware attacks on organizations, the 2018 attacks on U.S. industrial control system infrastructure, and the targeting of U.S. research firms developing COVID-19 vaccines.
As the war in Ukraine continues, the Russian teams are also launching regular cyber-attacks against their political rivals. There have been countless attacks on corporations and organizations of rival countries, especially from Western nations.
The Record-Breaking Attacks Are Happening Frequently
The record-breaking attacks seem to be occurring with increasing frequency. Security firm Radware said there is a 203% surge in the number of DDoS attacks mitigated per customer from January to June this year compared to the same period last year. It also noted that compared to the last six months of 2021, the figure represents a 239% increase.
In September, Google revealed that it blocked the largest-ever HTTPS-based DDoS attack in June. According to the tech giant, the DDoS attack peaked at 46 million requests per second.
This volume was 76% higher than the previous record DDoS attack thwarted by Cloudflare in the same month. It also came two months before another record-breaking attack was thwarted by Cloudflare. This shows that the attackers are not relenting in their efforts to cause network clogging and hit on unsuspecting organizations.
That the same organization has been the subject of another record-breaking attack shows that the DDoS arms race is growing at an alarming pace. It indicates that as the political crisis continues in Ukraine, Russian state-sponsored actors will continue launching cyberattacks on rival institutions.
As a result, organizations have been advised to beef up their security networks to ensure they are well protected against these threat actors. They should spend more on their security apparatus and use strong threat detection tools to offer better protection against all forms of DDoS attacks.