The Indusface AppSec Q3, 2023 Report reveals a staggering 67% surge in DDoS attacks compared to the previous quarter, highlighting a concerning trend with profound impacts on various industries.
Over 41% of websites have shown signs of DDoS attacks in the last quarter.
The increased reliance on digital platforms, services, and remote work has provided more opportunities for attackers and led to a surge in DDoS attacks worldwide.
Surge in DDoS Attacks: Observing Attack Origins
The impact of DDoS attacks extends beyond geographical boundaries. A significant number of these attacks originate from India. Subsequently, the United States, Germany, the UK, and Singapore experienced heightened activity, becoming key battlegrounds for these disruptive attacks.
Here’s a compilation of the Top 10 countries from which DDoS attacks were observed:
Impact of DDoS Attacks on Organization
DDoS attacks can cause severe and lasting problems for businesses. First, these attacks can make a company’s website and services stop working for a long time. This downtime not only means the company loses money but also makes customers lose trust and damages its reputation.
DDoS attacks also make it harder for the IT team to do their regular job. They have to stop what they’re doing to deal with the attack, which slows down the company’s work and makes it less efficient.
Stopping and preventing DDoS attacks costs a lot of money. Companies must spend more on cybersecurity to ensure it doesn’t happen again. These problems can hurt a company’s reputation and how well it works.
Finally, DDoS attacks are often used as cloaking attacks to run more complex attacks and exfiltrate data or install malware as the IT team tries to mitigate the DDoS threats.
The Biggest DDoS Attacks of 2023
The surge in new techniques, the rise of DDoS as a service, the expansion of attack vectors, and access to more potent botnets have resulted in unprecedented DDoS attacks.
Microsoft’s Service Outage
A recent attack on Microsoft is a stark reminder of the threat DDoS poses to organizations, irrespective of their size and resources. Microsoft confirmed widespread disruptions to services like Microsoft 365 and Azure resulted from DDoS attacks orchestrated by a threat actor known as “Storm-1359” or Anonymous Sudan. This group employed advanced techniques to overcome previous mitigation strategies, including Slowloris and cache bypass attacks.
Anonymous Sudan
Anonymous Sudan, a hacktivist group from Sudan, has been conducting politically and religiously motivated denial-of-service attacks since January 2023. The group, which claims responsibility for DDoS attacks against Asian and European targets, is associated with the tags #OpSweden and #OpDenmark.
Anonymous Sudan is involved in data theft and sales, claiming unauthorized access to the Air France website on March 19, 2023. The group’s attacks are characterized by Web DDoS attacks, combining alternating waves of UDP and SYN floods.
Leveraging tens of thousands of unique source IP addresses, they generate UDP traffic of up to 600Gbps and HTTPS request floods of several million RPS. Anonymous Sudan employs public cloud server infrastructure for attack generation and accessible, open proxy infrastructures to conceal and randomize their source.
DDoS Attack Exploits HTTP Rapid Rest Flaw
A DDoS attack utilizing the HTTP/2 Rapid Reset flaw reached 100 million RPS, exploiting vulnerability CVE-2023-44487. Primary cloud services, including AWS, Cloudflare, Google Cloud, and Fastly, faced an attack peaking at 250 million RPS for three minutes.
Cloud-based botnets leveraging this flaw could amplify attacks 5,000 times per node, significantly impacting gaming, IT, cryptocurrency, software, and telecom industries.
Open AI’s Service Disruption
OpenAI experienced intermittent disruptions in its API and ChatGPT services due to DDoS attacks, leading to user errors. The outages, including a significant ChatGPT outage and increased errors in DALL-E, were unofficially attributed to Anonymous Sudan.
Recommendations To Prevent DDoS Attack Mitigation
To mitigate the potential downtime linked to DDoS incidents and stay one step ahead of malicious actors, consider implementing the following DDoS mitigation best practices:
Enroll in a Behavioral-Based DDoS Mitigation Service
Implement a robust cloud-based DDoS protection service for real-time, automated, and accurate defense against web DDoS attacks.
Opt for a DDoS protection solution that employs behavioral analysis instead of relying solely on predefined rules or signatures.
The solution should be able to detect and mitigate attacks without causing disruptions, maintaining a secure online environment for users.
Always on DDoS Protection
Avoiding false positives is a primary challenge in DDoS mitigation, as mistakenly blocking legitimate user traffic can adversely affect user experience. To counter this, numerous businesses operate their DDoS protection in detection mode (log only), preventing inadvertent blocks of legitimate traffic.
AppTrana’s DDoS protection stands out by basing decisions on behavioral analysis, moving beyond reliance on predefined rules or signatures. This approach significantly ensures zero false positives.
Reduce Attack Surface Exposure
Minimize the surface area exposed to potential attackers by implementing security measures such as network segmentation, firewall rules, and access controls. Reducing the attack surface limits the options for attackers to orchestrate DDoS attacks.
Implement Traffic Rate Limiting
Set thresholds for the maximum allowable traffic rates to mitigate the impact of volumetric DDoS attacks. This strategy can help prevent network congestion and service degradation during an attack by capping the incoming traffic to a manageable level.
Deploy Anycast DNS
Utilize Anycast DNS to distribute incoming traffic across multiple servers in different locations. This helps distribute the load, making it difficult for attackers to overwhelm a single point and enhancing your online services’ resilience.
Regularly Update and Patch Systems
Keep all software, including DDoS protection solutions, updated with the latest patches and updates. Regularly updating systems ensures that vulnerabilities are addressed, reducing the likelihood of exploitation by attackers.