Skip to main content

Malicious DDoS Attacks Jump By 203% in First Half of 2022

Pixabay
(Image credit: Pixabay)

MAHWAH, N.J.—A new cyber security study from Radware is reporting a dramatic increase in attacks during the first half of 2022, with DDoS or distributed denial of service attacks jumping 203% in the first half of 2022 compared to a year earlier. 

“First Half 2022 Global Threat Analysis Report” from Radware relies on intelligence provided by network and application attack activity sourced from Radware’s Cloud and Managed Services, Global Deception Network, and threat research team.

“The threat landscape saw a marked shift in the first half of 2022,” said Pascal Geenens, director of threat intelligence for Radware. “As Russia invaded Ukraine, the cyber focus changed. It shifted from the consequences of the pandemic, including an increase in attack surfaces driven by work from home and the rise of underground crime syndicates, to a ground swell of DDoS activity launched by patriotic hacktivists and new legions of threat actors.”

The first six months of 2022 were marked by a significant increase in DDoS activity across the globe, the company reported. Attacks ranged from cases of hacktivism to terabit attacks in Asia and the United States.

The number of malicious DDoS attacks climbed 203% compared to the first six months of 2021.

That means there were 60% more malicious DDoS events during the first six months of 2022 than during the entire year of 2021.

The company also reported that in May 2022, Radware mitigated a volumetric carpet-bombing attack, which represented a total volume of 2.9 PB. The attack lasted 36 hours, peaking at 1.5 Tbps with a sustained attack rate of more than 700 Gbps for more than eight hours. The combination of duration, volume, and average/sustained attack rates makes this one of the most significant DDoS attacks on record.

During the first half of 2022, patriotic hacktivism increased dramatically, Radware said. Both established and newly formed pro-Ukrainian and pro-Russian cyber legions aimed to disrupt and create chaos by stealing and leaking information, defacements, and denial-of-service attacks. 

In addition, DragonForce Malaysia, a hacktivist operation targeting Middle Eastern organizations in 2021 made a return in 2022. Its recent campaigns were political responses to national events. OpsBedil Reloaded occurred following events in Israel, and OpsPatuk was launched in reaction to public comments made by a high-profile political figure in India.

Major information and communication networks in the Philippines, including CNN, news network ABS-CBN, Rappler, and VERA Files, were the target of DDoS attacks in connection with the country’s 2022 general elections.

“No organization in the world is safe from cyber retaliation at this time,” Geenens warns. “Online vigilantes and hacktivists could disrupt wider security efforts driven by nations and authorities. New legions of actors could introduce extreme unpredictability for intelligence services, creating a potential for spillover and wrongful attribution that could eventually lead to an escalation of the cyber conflict.”

Outside of the war realm, other cybercrime groups re-emerged and went on with business, the report said. 

During the first half of 2022, a renewed campaign of RDoS or Ransom Denial of Service attacks by a group claiming to be REvil emerged. This time the group was not only sending warning notes for ransom before the attack started, but also embedded the ransom note and demands within the payload.

In May 2022, Radware discovered several ransom demand letters from a group posing as Phantom Squad.

During the first six months of 2022, Radware also observed an increase in malicious transactions targeting online applications, dominated by predictable resource location and injection attacks.

The number of malicious web application transactions grew by 38%, compared to the first six months of 2021, surpassing the total number of malicious transactions recorded in 2020.

Predictable resource location attacks accounted for almost half (48%) of all attacks followed by code injection (17%) and SQL injection (10%).

The most attacked industries were retail and wholesale trade (27%) and high tech (26%). Carriers and SaaS providers ranked third and fourth, shouldering 14% and 7% of the attacks respectively.

Radware’s complete First Half 2022 Global Threat Analysis Report can be downloaded here (opens in new tab).  

George Winslow is the senior content producer for TV Tech. He has written about the television, media and technology industries for nearly 30 years for such publications as Broadcasting & Cable, Multichannel News and TV Tech. Over the years, he has edited a number of magazines, including Multichannel News International and World Screen, and moderated panels at such major industry events as NAB and MIP TV. He has published two books and dozens of encyclopedia articles on such subjects as the media, New York City history and economics.