DDoS attacks declined quantitatively in the first half of 2022, but the attacks were shorter, more intense and more sophisticated than ever before. The critical payload was reached in 2022 after an average of 55 seconds (2021: 184 seconds). […]

The corona pandemic has been impacting social life and the economy for more than two years. This has accelerated digital transformation in many areas of life. The cyber threats associated with advancing digitization are among the most serious impacts on business, industry and the public sector. Even if, according to a Bitkom survey published in June, digitization has slowed down since the start of the war in Ukraine, the threat situation in cyberspace is increasing.

Despite this threat situation, the Link11 Security Operations Center (LSOC) recorded a temporary decrease in DDoS attacks in the Link11 network for the first time. In the first half of 2022, the total number of attacks fell by more than three quarters (-80%) compared to the record DDoS year 2021. “Over the past two years, several major DDoS extortion waves have been one of the strongest drivers of criminal DDoS activities,” Marc Wilczek, Managing Director at Link11, said of the decline. “While the number of attacks increased significantly again in July, we have seen fewer ransom DDoS attacks so far. In addition, the world’s largest Darknet marketplace was closed in the spring, emptying one of its criminal energy collection points.” , Wilczek adds.

Targeted Attacks

There are fewer attacks, but at the same time they are more dangerous. As the LSOC has been able to observe in recent years, it is not just the DNA of the attacks that is constantly changing. Instead of attacking companies indiscriminately in the hope of success, companies are now being targeted by sophisticated DDoS attacks. In addition, the attacks registered in the reporting period are significantly shorter, more intensive and more demanding.

For the first time, the DDoS attacks registered in the Link11 network were analyzed to determine how many seconds had to elapse after the first bytes were sent before the traffic reached its maximum value. In the first half of 2022, a critical payload was reached on average 55 seconds after the start of the DDoS attack. By comparison, attacks in 2021 only peaked after an average of 184 seconds. “These turbo attacks are extremely dangerous. They peak very quickly instead of increasing steadily. Such DDoS attacks can cripple network systems before defenses can take full effect,” explains Wilczek.

The trend towards high-bandwidth DDoS attacks also continues unabated. Average maximum attack bandwidths continued to increase year over year from 266 Gbps in H1 2021 to 325 Gbps in H1 2022. The largest recorded DDoS attack on the Link11 network was stopped at 574 Gbps. The correlation between the duration and the intensity of the DDoS attacks also shows that the attacks are shorter and more intense at the same time. The more concentrated, targeted and advanced attacks are performed, the greater the need for precision and speed in detecting and defending against attacks. This means that when dealing with DDoS attacks, time is becoming an increasingly important factor.