According to one cybersecurity firm’s 2023 user base data, multi-vector attacks and smoke-screen tactics, techniques and procedures (TTPs) marked the year.

In the era of automated scalable distributed denial-of-service (DDoS) attacks, one cybersecurity firm has noted that threat actors in 2023 were using more advanced techniques.

In particular, multi-vector attacks (targeting multiple infrastructure layers simultaneously) detected in its user base had increased by 108% compared to 2022, presumable due to hactivists’ campaigns adding to the fray of profit-oriented attackers.

Another rising vector was DNS attacks, which chalked up a 28% increase in the 2023 incidents encountered by the firm. Those in the Asia Pacific region (APAC) were twice as common as elsewhere — particularly among telco firms.

Other 2023 trends noted include:

    • the use of smoke-screening had grown by 54%
    • VM-based botnets (capable of launching large-scale attacks) comprised 43% of attacks in the firm’s user base
    • Attacks in APAC were reaching 1.4Tbits — a big leap beyond the scale of DDoS attacks in 2022
    • Attack frequency was highest in the firm’s United States clients (12.3%) followed by those in China (10.6%) and India (9.2%). The Middle East and North Africa region, including Israel saw an attack frequency of 4.2% — with geopolitics a factor in attacks at the USA, China, India and EU countries. Many attacks also targeted organizations in Russia and the UAE
    • the financial industry (23%) and government sectors (21%) were the most targeted in the firm’s user base in 2033, followed by retail (14%) and critical infrastructure firms including transportation and energy grids, except in APAC where telcos saw the highest attack frequency of 31%. Overall, the firm’s government sector users experienced a 108% increase in attacks — deemed “highly unusual”
    • an overall increase in DDoS attacks of 63% in the firm’s 2023 data compared to the number of incidents recorded in its international user base in 2022.

As threat actors are targeting everything — governments, businesses, public institutions, the firm — StormWall Networks — has noted that it is crucial to raise widespread awareness about the DDoS landscape and improve understanding of the risks and attack vectors.