StormWall, a cybersecurity provider that protects websites, networks and online services against Distributed Denial of Service attacks, has released an annual DDoS Year-in-Review report.
The report examines the DDoS threat landscape in 2022. It is based on an analysis of attacks against StormWall’s clients that took place throughout the year. The study concluded that there’s been a 74% year-over-year increase in DDoS activity.
But incidents also grew in complexity. Threat actors developed sophisticated botnets which allowed them to obtain some serious firepower. StormWall has recorded several attacks exceeding 2 terabits per second (Tbps). And the duration of these incidents has increased from last year’s maximum of 3 days to 7 days.
In terms of attack numbers, the year opened up with a sharp upward trend. DDoS attacks surged in the first two quarters. The trend then began to reverse in the third quarter. By the end of October, the growth rate slowed down, as hacktivist activity dwindled. And in December, the number of attacks plummeted by as much as 53% compared to the previous month.
The heaviest blow fell on the financial industry this year. It suffered 34% of all incidents. The next most targeted vertical was telecommunications, where 26% of attacks took place. This is followed by retail (17%) entertainment (12%), insurance (6%), education (2%) and logistics also with 2% of DDoS attacks.
Unlike last year, the majority of the incidents (78%), were HTTP floods directed at the application layer of the OSI model. About 17% of attacks targeted the network and transport layers, and 3% the DNS.
Because there were so many packet floods last year, most businesses improved their resistance to these attacks, which made them less effective. At the same time, application layer attacks became cheaper, and bad actors rearmed, focusing more on HTTP floods.
Geographically, The US suffered the highest share of attacks (18%). China was the second most attacked country (10,7%), followed by India (9,2%), Russia (8,4%), and England (7,2%).
Overall, hacktivism is to blame as bad actors traded blows throughout the year. This was, of course, greatly exacerbated by the Russia-Ukraine conflict, which has strained geopolitical tensions almost to the breaking point.