Posted on February 10, 2022 at 9:26 PM
Last year, organizations suffered an unprecedented number of distributed denial of service (DDoS) attacks, leading to the disruption of critical services. These types of attacks have proven to have a massive impact on their performance and reputation. It can cripple an entire network completely, including applications, communications, and other services.
These attacks are expected to continue in 2022 as botnets and DDoS-as-a-service platforms expand.
The Cost Of DDoS Attacks Keeps Rising
Observations by cybersecurity researchers also showed that threat actors have started demanding ransom payments for stopping the attacks. It’s a new medium of extorting money from the affected organization, which would want to prevent network distortion as much as possible.
And as organizations improve in their defense of crypto-based ransomware, security researchers expect threats through DDoS attacks to grow. That’s because the security teams of most organizations don’t take DDoS protection as a priority. They concentrate on ransomware and malware attacks, forgetting that DDoS attacks can cause a huge amount of damage to the organization.
Kayne McGladrey, a cybersecurity specialist at Ascent Solutions, stated that organizations often see cyber threats via DDoS as nuisance threats. Enough resources are not devoted to stopping them. This has given threat actors more opportunity to launch DDoS attacks on the organizations. In most cases when a DDoS attack occurs, the affected firm can hire a mitigation vendor to block the attack traffic.
Unlike malware and ransomware attacks, DDoS doesn’t have a critical compliance implication. For example, in data breaches, the issue needs to be reported and patched, both of which can be costly to the organization. But DDoS is increasingly getting a lot of attention. There have been several major losses suffered by organizations due to DDoS attacks.
In October last year, global cloud communications provider Bandwidth suffered a loss of nearly $12 million due to a DDoS attack. There have been other similar attacks against communications firms over the past few months, some of which gulped millions of dollars in damages.
Partner at digital transformation practice at Kearney, Vidisha Suman, noted that security-sensitive military entities, gaming companies, and financial services firms are typical targets of DDoS threat actors. Others include government bodies, utilities, heavy industrial firms, Telco companies, and global chemical companies.
These organizations provide critical services to a wide populace, which makes any disruption in their services very costly. DDoS threat actors are always looking for an opportunity to launch attacks on these organizations where they can easily demand and receive ransom to stop the attack.
Protection Against DDoS Attacks
Suman stated that having plans in place for business continuity and recovery is the right way to go if organizations are to minimize the impact of a DDoS attack. Although there are preventive security systems that can detect a DDoS activity, attacks are sometimes inevitable. She said the right way is to provide an effective mitigation method that can be deployed even when the DDoS attack is in progress.
“In 2022, cybersecurity will become a competitive differentiator.” She stated, adding that “If it’s not on your board agenda now, it really ought to be.”
Apart from extorting money, the threat actors are also using DDoS attacks to launch other forms of attacks. She stated that the prevention and mitigation of cyber assaults should be a priority for data center managers in 2022.
The continued growth in the DDoS-as-a-service industry, the switch to high-speed 5G networks, and the switch to high-speed 5G networks have fueled some of the major cyberattacks in history this year.
DDoS Attacks Could Increase In 2022
Microsoft reported the largest DDoS attack it has ever recorded, following an attack that delivered 3.47 terabytes of data at the rate of 340 million packets per second.
Before that, Cloudflare reported an unprecedented attack that reached 17 million requests per second. The company said the attack tripled any other attacks it has recorded in its history.
And in November, Cloudflare recorded a multi-vector attack that peaked at 2 terabytes per second. The attack used a combination of a UDP flood attack and a DNS amplification strategy, which overwhelms ransom ports with UDP requests. Last year, there were record attacks after record attacks, which suggest that the threat actors behind these issues could double their efforts in 2022. And with the cost of launching a DDoS attack from dark web toolkits dropping from $10 to $5, according to Akamai, new threat actors could join the trade.