The number of DDoS attacks we are seeing around the globe is on the rise, and that trend is very likely to continue throughout 2023. Corero Network Security outlines key DDoS trends to prepare for.
To begin, Corero predicts that packet-per-second DDoS attacks will continue to rise, surpassing the record-breaking sizes its Threat Intelligence Team has tracked throughout this year.
In 2023, Corero expects to see attackers deploy ever higher rate request-based or packets-per-second attacks.
Corero CTO, Ashley Stephenson explained, “DDoS attacks have historically focused around sending packets of large sizes with the aim to paralyse and disrupt the Internet pipeline by exceeding the available bandwidth. Recent request-based attacks, however, are sending smaller size packets, to target higher transaction processing to overwhelm a target. Those with responsibility for network health and Internet service uptime should be taking note of this trend.”
Corero also predicts that 2023 will see more breaches being reported, because of the increasing trend for transparency in data protection regulations. Regulations such as the UK Government’s Telecoms Security Bill will compel organizations to publicly disclose more cyber-incidents. We are also likely to see the legal responsibility for bad corporate behaviour when dealing with breaches being linked to individual executives. Examples such as Joe Sullivan, the former head of security at Uber, who was recently found guilty of hiding a 2016 breach, could set a precedent for linking data protection decisions to the personal legal accountability of senior executives.
Attackers will continue to make their mark in 2023 by trying to develop new ways to evade legacy DDoS defences. Corero saw Carpet Bomb attacks rearing their head in 2022 by leveraging the aggregate power of multiple small attacks, designed specifically to circumvent legacy detect-and-redirect DDoS protections or neutralize ‘black hole’ sacrifice-the-victim mitigation tactics. This kind of cunning will be on display as DDoS attackers look for new ways of wreaking havoc across the Internet and attempt to outsmart existing thinking around DDoS protection.
In 2023, the cyber warfare that we have witnessed with the conflict in Ukraine will undoubtably continue. DDoS will continue to be a key weapon in the Ukrainian and other conflicts both to paralyse key services and to drive political propaganda objectives. DDoS attack numbers rose significantly after the Russian invasion in February and DDoS continues to be used as an asymmetric weapon in the ongoing struggle. Earlier this year, in other incidents related to the conflict, DDoS attackers tried to disrupt the Eurovision song contest in an attempt to frustrate the victory of the Ukrainian contestants. Similarly, when Elon Musk showed support for Ukraine by providing Starlink satellite broadband services, DDoS attackers tried to take the satellite systems offline and deny Ukraine much needed Internet services.
Lionel Chmilewsky, Chief Executive Officer at Corero Network Security commented, “Throughout 2022 we observed DDoS attacks becoming increasingly sophisticated while at the same time the DDoS attack surface is expanding. With the number of recorded attacks on the rise and significant shifts in attackers’ motives and goals, 2023 will require organisations to ensure they have robust DDoS defences in place.”