The supply chain industry is experiencing a 43% increase in the number of application-layer attacks and a 30% increase in volumetric attacks, especially in Europe and the Middle East, according to research from NETSCOUT Systems Inc.
Attack duration varied with 70% lasting less than 15 minutes. The escalation of attacks involves a range of threat actors, including hacktivists targeting critical infrastructure in the banking and financial services, government, and utilities sectors. These attacks pose significant threats by disrupting vital civilian services in countries that oppose hacktivists’ ideologies. Key industries, already facing frequent and intense multi-vector attacks, experienced a 55% increase over the past four years.
“Hacktivist activities continue to plague global organizations with more sophisticated and coordinated DDoS attacks against multiple targets simultaneously,” says Richard Hummel, director, threat intelligence, NETSCOUT. “As adversaries use more resilient, take-down-resistant networks, detection and mitigation are more challenging. This report gives network operations teams insights to fine-tune their strategies to stay ahead of these evolving threats.”
Key takeaways:
- Distributed denial of service (DDoS) attacks continue to evolve, using innovative technologies and approaches to disrupt networks. During the 1H2024, NETSCOUT observed several significant trends, including NoName057(16), a pro-Russia hacktivist group, increased its focus on application-layer attacks, particularly HTTP/S GET and POST floods, leading to a 43% rise compared to 1H2023; bot-infected devices increased by 50% with the emergence of the Zergeca botnet -- and the continued evolution of the DDoSia botnet used by NoNam057(16), which uses advanced technologies like DNS over HTTPS (DoH) for command-and-control (C2); and distributed botnet C2 infrastructure leveraging bots as control nodes enabling more decentralized and resilient DDoS attack coordination.
- NETSCOUT also found that the emergence of new networks and autonomous system numbers (ASNs) play a pivotal role in increased DDoS activity. Over 75% of newly established networks are involved with DDoS activities, both as targets or abused participants in furthering attacks on others, within the first 42 days of coming online, as adversaries launch attacks using resilient nuisance networks and bulletproof hosting providers.