According to telemetry by a DDoS protection firm, attack were less frequent but larger in scale, among other strategy shifts

Based on its own 2023 telemetry data on distributed denial-of-service attacks (DDoS) threats worldwide gathered via attack data, research, publicly available information, Honeypots, ISPs, and logs recording traffic between attackers and their targets, a cybersecurity firm has released some findings.

First, DDoS tactics analyzed seem to have been shifting. Attackers had targeted 25% more computers and servers compared to 2022 data, and the attacks were becoming shorter, less frequent but more powerful. The overall count in attack frequency had dropped 55% in 2023, accompanied by a 233% increase in attack size.

Second, attacks lasting 90 minutes had increased by 22% over those in previous years, and this attack duration comprise 81% of all DDoS attacks analyzed. The longest attacks, which spanned over 1,200 minutes, had seen a 95% reduction.

The data for 2023 showed that application attacks had shifted towards Windows OS devices, comprising 87% of all DDoS targets analyzed in 2023, compared to 15% the prior year. Cybercriminals continued to leverage techniques to launch massive attacks with limited resources. The most prominent attack vector to achieve this remained NTP Amplification Attacks, representing 26% of the all incidents analyzed. This was a drop of 17%. Also:

    • Two other attack vectors were being used:
        • HTTPS Flooding, notable for its subtlety in mimicking legitimate traffic, made up 21% of 2023 attacks analyzed, up from 12% in 2022.
        • DNS Amplification comprised 14% of 2023 attacks analyzed, up from 2% in 2022.
    • Attack categories were shifting:
        • The fastest growing threat category in 2023 data was application attacks (for example, HTTP/HTTPS attacks from groups like Killnet), which had risen 79% in 2023 data and comprised 25% of DDoS attacks analyzed.
        • Volumetric (direct flood) attacks accounted for 24% of all attacks analyzed: a 30% decline YoY.
        • Single-vector attacks dominated 93% of DDoS attacks analyzed, suggesting that bad actors were prioritizing simpler-to-execute techniques that require fewer resources and less expertise.

According to Donny Chong, Product Director, Nexusguard, the firm offering its 2023 telemetry findings: “New vulnerabilities discovered in Windows OS, or more sophisticated malware, may have made it easier to compromise these systems. Botnets are also evolving, so attackers might be looking to exploit more powerful computing resources provided by computers and servers for more effective attacks. Real-world examples of DDoS attacks in 2023, like the exploitation of Microsoft Exchange server vulnerabilities and the rise of ransom DDoS attacks, serve as stark reminders of these attacks’ tangible impact.”

Chong also attributed hacktivism as an increasingly common motivator for the many DDoS attacks analyzed.