More than a third of all DDoS attacks take place in Europe or the Middle East. Attackers are using more and more attack paths while regulators are forcing organizations to arm themselves better than ever, Akamai research shows.
In essence, a DDoS attack is one of the simplest cyber disruptions in the arsenal of malicious actors. Hosted services and websites can be brought down by an avalanche of traffic, mostly generated by a giant botnet. Akamai points out that DDoS attackers have become increasingly sophisticated. Where a DDoS was once the sign of disgruntled users or exploitative gamers, it is now professional criminals that are targeting critical infrastructure or hospitals in this way.
Akamai describes these details and more in its report “Fighting the Heat: EMEA’s Rising DDoS Threats” for the year 2024.
Frontline
In early 2022, Akamai began protecting 20 key Web resources of Ukraine, including the URL president.gov.ua. Akamai detected up to 1 million rogue requests per second targeting this address. Several DDoS-for-hire groups attack targets in Ukraine and in countries labeled as allied to that country. Also in the conflict between Israel and Hamas, DDoS attacks are proving to be a tool against the Mossad security service and other Israeli sites.
It drives some legitimate parties to fight off DDoS attacks with DDoS attacks. This has proven successful several times, including against LockBit in 2022.
EMEA spike, DNS attacks
Unlike North America and the Asia Pacific-Japan region, DDoS attacks have gradually increased over the past year. Since 2019 (Akamai’s first year of measurement in this study), there has been a spike in activity in the middle of each year, with multiple sectors suffering. So-called Layer 7 attacks, which reside at the application layer, are most prevalent in the retail sector and media companies. The reason for these sectors being targeted in particular, according to Akamai, is because a DDoS attack on these types of organizations has a direct impact on commercial success. After all, a video service that is down, isn’t earning ad revenue.
The study also shows that the Domain Name System (DNS) is a favorite target. “A successful DNS attack has the potential to literally erase a company’s presence on the internet,” Akamai said. Requests to domains that do not exist mostly come from so-called Pseudo-Random Subdomain (PRSD) or DNS Water Torture attacks. The scale of these cannot be understated: these requests represented 60 percent of all internet traffic in March 2024.
Regulatory
Given the very limited response time against DDoS attacks, new cyber regulations are much needed. The upcoming NIS2, despite delays, will be important in this. It forces parties to be cyber resilient and take appropriate measures before things go wrong with their own IT systems.
Read more about it: Don’t wait for NIS2 legislation, organizations can do a lot now