Intelligence Report: Political Unrests Generates Onslaughts of DDoS hacktivism

NETSCOUT SYSTEMS has published its 2H2023 DDoS Threat Intelligence Report, which examines the trends and attack methods used by adversaries against service providers, enterprises, and end-users. The report is based on data collected from NETSCOUT’s extensive internet visibility on a global scale, analyzing and prioritizing DDoS attack data from 214 countries and territories, 456 vertical industries, and over 13,000 Autonomous System Numbers (ASNs). In the second half of 2023, NETSCOUT observed over 7 million DDoS attacks, a 15% increase from the first half, driven by tech-savvy and politically motivated hacktivist groups, as well as an uptick in DNS water torture attacks.

Hacktivism on the Rise

DDoS hacktivism has seen a significant increase, transcending geographical boundaries and indicating a shift in the global security landscape. Groups like NoName057(016) and Anonymous Sudan, along with individual hackers and small groups, are increasingly using DDoS attacks to target those with opposing ideologies. For instance:

• Peru saw a 30% rise in attacks related to protests against the release of former President Fujimori from prison on December 6.
• Poland experienced a surge in attacks towards the end of 2023 linked to a change in regime and statements reaffirming support for Ukraine in the Russia-Ukraine conflict.
• Anonymous Sudan targeted X (formerly Twitter) to influence Elon Musk regarding Starlink service in Sudan and attacked Telegram for suspending its main channel.

NoName057(016), Anonymous Sudan, and Killnet have claimed responsibility for DDoS attacks in Ukraine, Russia, Israel, and Palestine, targeting communication infrastructure, hospitals, and banks. The frequency of daily attacks by hacktivists increased more than tenfold between the first and second halves of 2023, with NoName057(016) ranking as the top DDoS adversary, targeting 780 websites across 35 countries.

Water Torture Attacks Surge

The frequency of water torture attacks on critical systems within the Internet’s control plane, specifically targeting the Domain Name System (DNS), has been steadily increasing since late 2019. These attacks involve overwhelming authoritative DNS servers with floods of DNS queries. From the first half of 2020 to the second half of 2023, there has been a staggering 553% surge in these attacks. Unlike traditional attacks that focus on individual websites or servers, these adversaries aim to disrupt entire systems, resulting in even greater harm.

Focus on Gaming and Gambling

According to findings by NETSCOUT, the primary targets for Distributed Denial of Service (DDoS) attacks are the gaming industry and the gambling associated with it. Threat actors are attracted to the significant financial value of these sectors and seek to disrupt competitors, particularly during online esports tournaments. Historically, gaming and gambling account for 80-90% of all DDoS attacks. NETSCOUT’s assessment reveals that in 2023 alone, more than 100,000 DDoS attacks were launched against gaming enterprises, while over 20,500 targeted gambling-related entities.

Furthermore, based on NETSCOUT’s observations of the DDoS threat landscape, it is estimated that approximately 1% of these attacks are successfully suppressed from originating networks.

Richard Hummel, senior threat intelligence lead at NETSCOUT, emphasized the increasing sophistication of global adversaries in the past year. Their tactics involve attacking websites and overwhelming servers to disrupt customer access and create digital chaos, often with the intention of influencing geopolitical issues. The relentless onslaught of DDoS threats not only drives up costs but also creates security fatigue for network operators. To effectively protect their digital assets, these operators require advanced DDoS protection that leverages predictive, real-time threat intelligence.

NETSCOUT has accumulated extensive experience over many decades collaborating with major service providers and enterprises worldwide, granting us unparalleled insight into the global internet landscape. Our ability to detect and counter DDoS attacks is made possible by our cutting-edge ATLAS platform, allowing us to analyze a remarkable 500 terabits per second (Tbps) of network traffic. For further details on NETSCOUT’s DDoS Threat Intelligence Report, please explore our interactive website. To access real-time statistics, maps, and insights on DDoS attacks, visit NETSCOUT Cyber Threat Horizon.