Total DDoS attacks are up 38% as adversaries change tactics, according to StormWall’s H1 2023 DDoS report.

DDoS attacks are up 38% year-on-year, as attackers employ sophisticated tactics, says StormWall in its latest DDoS report.

In the first half of 2023, multi-vector attacks – which hit several parts of an organization’s systems at once – saw a sharp 117% increase compared to the same period last year.

Multi-vector attacks can hit the network layer, the application layer, and the data layer at the same time, putting additional strain on DDoS protection.

There was a significant increase in government, transportation, and healthcare attacks, by 132%, 118%, and 107%, respectively. Adversaries began targeting critical infrastructure to inflict as much economic damage as possible.

However, despite dramatic growth in some sectors, it is the finance, telecom, and entertainment industries which are still the main targets, making up 23%, 19%, and 15% of the attacks respectively, the StormWall report reveals.

This is partially the result of increased activity of organized hacking groups such as REvil, Killa, and IT Army of Ukraine, who all have entered the DDoS arena. These gangs have access to funds and technical know-how that average attackers lack. As they develop tools to help them carry out politically motivated actions, these tools are slowly becoming widely accessible.

Multi-vector tactics

In addition to the increase of multi-vector attacks, adversaries deployed smokescreening tactics more commonly, using DDoS as a means to hide data exfiltration – such incidents increased by 26%.

We’re used to seeing IoT (Internet of Things) botnets that are made up of hijacked smart gadgets, but VPS botnets on the other hand use virtual computers. Because they have access to the resources of a real server, they are dramatically more powerful.

Over 63% of attacks were carried out over HTTP/HTTPS protocols, StormWall report shows, while TCP/UDP (35%) and DNS (2%) layers were targeted significantly less. This correlates with the increased botnet usage, as botnet-driven attacks typically target the application layer of the OSI model.

In terms of geography, the top 5 most hit countries were USA (16.8%), India (13.6%), China (11.2%), France (8.7%) and the UK (8.2%). This means that the US, India and China accounted for roughly 40% of global DDoS activity combined.