New research says the number of distributed denial of service (DDoS) attacks continues to grow, doubling year over year (YoY).
According to StormWall’s DDoS Attacks Report, attacks globally rose by 102% in the first half of this year compared to 2023.
The government sector was the most brutal hit, with a 116% YoY increase. StormWall says that attacks on the government sector amounted to 29% of DDoS incidents.
The researchers attribute this, in part, to the large number of countries holding elections this year. Government websites were the most common targets, with DDoS traffic spiking during elections. France, for example, faced an intensive and unprecedented attack during its elections in March.
The next most targeted vertical industries were entertainment and financial services, which made up 16% and 14% of DDoS attacks, respectively.
StormWall saw significant increases in attacks during the Euro 2024 football (soccer) championships. StormWall said one sports streaming service faced a 650 Gbp/s attack on June 16.
The researchers reported that botnets are becoming more powerful and believe the average size of a botnet increased from 5000 devices in the first half of 2023 to 20,000 in the first half of 2024.
So-called “carpet bombing attacks,” in which attackers target multiple IP addresses to bring down networks, also increased. Multi-vector attacks were also used, which simultaneously target multiple OSI model layers. Attackers could, for example, hit both servers and routers simultaneously.
The firm expects attacks to increase further in the second half of 2024 as more countries hold elections.
Significant DDoS Attacks in 2024
Several significant DDoS attacks have already been seen this year, including those against Microsoft’s online platforms and cloud systems. Security firm Radware says that geopolitical issues saw a 265% increase in web DDoS attacks in the first half of 2024 compared to last year.
“With the increasing number of vulnerable connected devices, many constituent devices of botnets are unknown to their owners,” James Bore, MD of security consultants Bores Group, told Infosecurity.
“Add to this an increasingly hostile political environment, and the rise in DDoS attacks as a whole, and those against governments in particular, is predictable. Some efforts have been made to improve device security. Banning insecure default passwords, for example, is still a long way to go.”
“We continue to connect more potential weapons for criminals to our networks, strengthening their botnets and empowering their DDoS attacks. Anti-DDoS measures can provide some protection,” Bore explained.
“But attacks of ever-growing volumes will always be an increasing threat until we begin addressing the problem at the source, with security by design applied well to all connected devices and companies holding up their end of the bargain by providing proactive security updates and testing.”
Source: https://www.infosecurity-magazine.com/news/ddos-attacks-double-govt-targeted
Latest News:
- #CyberMonth: Software Updates, A Double-Edged Sword for Cybersecurity Professionals
Software updates are critical in protecting systems from cyber threats and providing new and improved functionality to software products. They are necessary to patch vulnerabilities that can be exploited by malicious actors, ensuring that systems remain secure. Software updates are one of the four pillars of the 2024 International Cybersecurity Awareness Month campaign. As part … - Universal Music Group Admits Data Breach
Universal Music Group (UMG), one of the world’s largest music corporations, disclosed a data breach in mid-July 2024. According to a filing with the Maine Attorney General’s Office, the breach may have exposed the personal information of 680 US residents. In the filing, UMG said it detected unauthorized activity in one of its internal applications on July 15, … - Sellafield Fined for Cybersecurity Failures at Nuclear Site
Sellafield Ltd. has been fined £332,500 ($437,440) for cybersecurity failures at the Sellafield nuclear facility in Cumbria, North-West England. Westminster Magistrates Court issued the fine following a prosecution brought by the Office for Nuclear Regulation (ONR), the UK’s independent nuclear regulator. Sellafield Ltd has also been ordered to pay prosecution costs of £53,253.20 ($70,060). The offences …
