COMMENT
Today it is rare for a month to go by without any news distributed denial of service (DDoS) attacks driven by geopolitical instability. Now, a single attack can include numerous countries and networks. While the war between Russia and Ukraine and elections in similar NATO countries Poland drive geopolitically focused DDoS attacks, it is important to understand that these threats were present long before these conflicts and will be present long after. But why are these attacks on government institutions so important, and why do they impact all of us in the first place?
This is partly because changes in political leadership often correlate directly with a spike in DDoS attacks. In Poland, for example, the volume of DDoS attacks quadrupled within a few days of the new government taking office. These spikes often stem from hacktivist groups (e.g. KillNetNoname057, Anonymous Sudan) in opposition to the positions of newly elected officials. They impact all of us because DDoS attacks must traverse multiple Internet Service Providers (ISPs) to reach the intended victim.
Unfortunately, even an effectively mitigated attack will consume valuable resources on any ISP network it reaches. We call it the “DDoS tax,” which increases the cost of operating the network, making it more expensive for everyone. In fact, global ISPs have reported a 500% global increase in HTTP/S application layer attacks since 2019 and a 17% growth in DNS reflection/amplification volumes in the first half of 2023. Furthermore, it is alarming that Carpet bombing attacks, a technique that targets entire ranges of IP addresses at once, increased 110% from the first to second half of 2022, with the majority of attacks occurring against ISP networks.
The bottom line is that there is no escape from DDoS attacks against government institutions and threat intelligence needs to be taken more seriously due to how universal the threat can be when it comes to compromising global ISP networks and further IT infrastructure. Therefore, it is critical that government bodies do so suppress DDoS attacks before they can start.
Comprehensive, adaptive defenses for evolving DDoS attacks
In the case of nation-states, bad actors often directly target Internet infrastructure to eliminate critical communications, e-commerce, and other vital infrastructure dependent on Internet connectivity. This means that attackers target ISP networks to intentionally degrade Internet connectivity. Furthermore, these attackers typically have many more resources at their disposal than other attackers. They are constantly innovating and exploring new and more powerful DDoS attack vectors, as evidenced by the creation of new ones every year, such as DNS Water torture and carpet bombing. Meanwhile, as DDoS defenses become more effective, bad actors continue to evade them with new defenses DDoS attack vectors and methodologies. These advanced techniques invariably end up in the hands of criminal gangs and even individual hackers, who turn them against any entity from which they can profit.
As cybercriminals become increasingly persistent and the complexity of DDoS attacks grows, the basis for a comprehensive DDoS protection solution should identify and stop all types of DDoS attacks before they impact the availability of business-critical services. With the increasing frequency and complexity of DDoS attacks, a multi-layered defense strategy is no longer a convenience, but a requirement. New techniques such as adaptive DDoS strategies, which change vectors based on the defense presented, reinforce the need for greater agility and efficiency when it comes to managing these increasingly complex attacks.
Ultimately, threat actors will continue to use DDoS attacks as a way to disrupt and further inflame sociopolitical tensions around the world. Security professionals must consider both local and international conflicts when evaluating DDoS risk factors associated with country-level attacks. The sad reality is that bad actors continue to find new ways to orchestrate attacks through evolving methodologies. Therefore, global organizations and geopolitical entities must now adopt new strategies, such as defense and advanced DDoS suppression, to combat this growing sophistication of attacks that go hand in hand with the complexities of our new geopolitical reality.