Geopolitics, vulnerabilities and virtual botnets – what affects the rapid growth of DDoS attacks

According to companies cloudflaredealing with protection from DDoS-attacks that literally flood victims’ websites with unwanted traffic and make them inaccessible, in the second quarter of 2023 the number of DDoS requests worldwide reached 5.4 trillion, which is 15% more than in the first quarter. However, compared to the same period in 2022, there have been fewer attacks, but even here it is not so simple, because they have become more sophisticated and effective.

quarterly withCloudflare statistics for this and last year

Cryptocurrency companies, as well as various gambling establishments, were particularly hard hit. Thus, the volume of DDoS attacks only on the crypto business has grown by as much as 600% in recent months.

Among the factors contributing to the growth of DDoS attacks, Cloudflare primarily highlights the activities of hackers related to the geopolitical situation in the world,
botnets based on virtual machines, as well as exploiting vulnerabilities in telephone systems Mitel.

So, in early June, scandalous cybercriminal groups kill net , REvil And Anonymous Sudan promised to conduct massive DDoS attacks on financial institutions in the US and Europe. The attackers kept their promise and in recent weeks have carried out at least 10,000 attacks on sites protected by Cloudflare.

Another threat has emerged from the rise of botnets made up of virtual machines, which experts say can attack up to 5,000 times more powerful than networks made up of infected physical devices. A virtual machine (VM) is a software simulation of a physical computer—it allows users to run multiple operating systems or software applications on a single device. As a result, hackers can carry out large-scale DDoS attacks using a relatively small number of computers.

According to Cloudflare, the most powerful DDoS attack this year was carried out using a virtual machine-based botnet in February. It reached 71 million requests per second and caused a lot of trouble for its victims.

The last factor that Cloudflare drew attention to in its report was a vulnerability discovered in March that affects the system MiCollab Business Phone from Mitel. Vulnerability CVE-2022-26143 occurs when unprotected UDP-port is accessible from the Internet. This allows attackers to send the “startblast” command without authentication, essentially flooding the system with mock calls to compromise its stability.

According to Cloudflare, most DDoS attacks come from the United States, China and Germany. However, taking into account the scale of countries, Mozambique, Egypt and Finland account for the largest share of attacks in relation to total traffic.

DDoS attacks in the modern world are an extremely nasty and costly threat, especially if your infrastructure needs to function 24/7 to make a profit. To protect against this type of attack, companies should use specialized services that block malicious traffic, conduct regular security audits, and install software updates on all devices in a timely manner.