They are now quicker to abandon unsuccessful attacks while beefing up campaigns on non-traditional targets, according to one protection ecosystem’s data

According to Q1 2023 data from a DDoS mitigation solutions provider’s own protection ecosystem, DDoS attack durations had decreased to 1/6th year-on-year, but their total number had grown by 22% compared to Q4 2022 on the same ecosystem.

Also, the size of the largest botnet observed in Q1 2023 was more than double that of the largest from Q4 2022.

Other findings pertaining to Q1 2023 DDoS activity monitored by the firm include:

    • Among the most attacked segments were classifieds sites (26.7%), digital education (13.3%), payment systems (11.5%), banks (9.3%), and game servers (5.2%).
    • An increase in attacks was noted on infrastructure services that support real-world systems — in particular, software services (4.1%), hosting platforms (2.9%), as well as oil and gas (1.6%), logistics (1.4%), and production sector (1.4%).
    • Q1 2023 maximum duration of DDoS attacks decreased from over 10 days in Q1 2022 to less than 2 days a year later. The most prolonged attacks were recorded against banks (almost 42 hours); fiscal data operators (over 22 hours); online education systems (20 hours); media (20 hours); software services (11 hours); oil and gas sector (5 hours); and game servers (4 hours). The postulate is that cybercriminals were getting better at monitoring success rates and becoming quicker to abandon ineffective attacks.
    • The most significant spikes in bot traffic were recorded in March, where activity increased 66% in banking services and 57% in pharmaceutics. In particular, loyalty programs and online pharmacies were often targeted. At the same time, January was leading in terms of bot-activity events in total with over 1,035m bot requests blocked that month.

According to Alexander Lyamin, founder, Qrator Labs, the source of the DDoS ecosystem metrics: “By attacking less secure services for ransomware, cybercriminals can potentially make more money than on financial organizations, as the latter are already sufficiently protected and require attackers to look thoroughly for ‘holes’ in the security systems. For this reason, cybercriminals are increasingly choosing non-traditional targets in hopes of succeeding more easily.”