The numbers in one cybersecurity firm’s data point to the global shifts to the UDP protocol being a likely risk factor.
According to the metrics of one cybersecurity firm specialized in DDoS attack mitigation, the second quarter of this year saw the majority of attacks directed at banks, increasing by almost 30% and accounting for 37.6% of all attacks monitored.
The other most attacked segments in the firm’s monitoring processes were e-commerce (13.68%) and educational services (11.32%). Other figures for DDoS attacks included the gaming industry (9.61%), and media platforms (7.11%).
According to company data, there was a marked increase in the use of UDP flood attacks by cybercriminals — network attacks utilizing the connectionless-mode of the User Datagram Protocol (UDP). The figures show an almost twofold rise, from 37.44% to 60.1%. This growth in UDP flood metrics is attributed to changes in the infrastructure of most businesses, significantly influencing the nature of DDoS attacks: post-pandemic, many firms have shifted to a remote-working format involving a transition to UDP due to various application performance, scalability, and cost factors.
The firm’s data for Q2 showed that the number of DDoS attacks was rising in absolute terms, but their durations were shrinking. Specifically, the average duration had dropped by 29.15%, down to 47 minutes, compared to over an hour in the firm’s Q1 data. Also:
- The maximum duration of attacks was also on the decline, moving from 42 hours in Q1 to 20.7 hours in Q2. In Q1, the banking sector experienced the longest attack, but in Q2 the longest attacks were on the online gaming industry.
- Bot activity increased by more than 13m requests per day on average. The total number of bot requests in Q2 had increased by 1bn, relative to Q1 indicators. As in Q1, the sectors most affected by bot activity were betting (42.8%) and online retail (22.2%), accounting for 65% of all attacks. Pharmaceuticals and financial organizations took the third and fourth positions, pushing aside real estate and online education. In May 2023, a record-breaking bot attack happened in the betting sector where 33m bot requests were recorded. The fastest attack took place in June in the e-commerce segment, with a peak of more than 12 000 bot requests.
According to Alexander Laymin, Founder, Qrator Labs, which released its internal findings, the increases in DDoS activity in Q2 could be
primarily associated with the fact that summer is an active business season for many, including banks, which begin to actively attract deposits and issue loans for travel, construction, and repair.
The firm believes the expansion of remote office systems, and consequently, the broadening of communication channels such as telephony, video conferencing, etc., could have led to an increase in the packet intensity of attacks, because “the wider the channels, the more traffic can be funneled through them.”