According to telemetry by a DDoS protection firm, attack were less frequent but larger in scale, among other strategy shifts

The data for 2023 showed that application attacks had shifted towards Windows OS devices, comprising 87% of all DDoS targets analyzed in 2023, compared to 15% the prior year. Cybercriminals continued to leverage techniques to launch massive attacks with limited resources. The most prominent attack vector to achieve this remained NTP Amplification Attacks, representing 26% of the all incidents analyzed. This was a drop of 17%. Also:

    • Two other attack vectors were being used:
        • HTTPS Flooding, notable for its subtlety in mimicking legitimate traffic, made up 21% of 2023 attacks analyzed, up from 12% in 2022.
        • DNS Amplification comprised 14% of 2023 attacks analyzed, up from 2% in 2022.
    • Attack categories were shifting:
        • The fastest growing threat category in 2023 data was application attacks (for example, HTTP/HTTPS attacks from groups like Killnet), which had risen 79% in 2023 data and comprised 25% of DDoS attacks analyzed.
        • Volumetric (direct flood) attacks accounted for 24% of all attacks analyzed: a 30% decline YoY.
        • Single-vector attacks dominated 93% of DDoS attacks analyzed, suggesting that bad actors were prioritizing simpler-to-execute techniques that require fewer resources and less expertise.

According to Donny Chong, Product Director, Nexusguard, the firm offering its 2023 telemetry findings: “New vulnerabilities discovered in Windows OS, or more sophisticated malware, may have made it easier to compromise these systems. Botnets are also evolving, so attackers might be looking to exploit more powerful computing resources provided by computers and servers for more effective attacks. Real-world examples of DDoS attacks in 2023, like the exploitation of Microsoft Exchange server vulnerabilities and the rise of ransom DDoS attacks, serve as stark reminders of these attacks’ tangible impact.”

Chong also attributed hacktivism as an increasingly common motivator for the many DDoS attacks analyzed.