The war in Ukraine was a major catalyst for Distributed Denial of Service (DDoS) attacks. Cybersecurity researchers from Kaspersky have said that between Q4 2021, and Q1 2022, the number of DDoS attacks grew 4.5 times, while the number of “smart” (or advanced and targeted) attacks rose by 81% between the quarters.
To put things into perspective, Q4 2021 was said to have had the all-time highest number of DDoS attacks detected by the cybersecurity company.
Most of the growth had been attributed to “hacktivists” who were looking to play their role in the Russia - Ukraine conflict.
Long DDoS attacks
In many cases, the attackers targeted Russian endpoints, be it from the government, or the financial sector. These attacks, the researchers said, have a “knock-on effect” as they affect the wider population.
It was also said that the attacks were both performed at scale, and were innovative. One example included a copy of the popular 2048 puzzle game that was used to DDoS Russian websites.
The average session lasted 80 times longer than the ones spotted just a quarter earlier. The longest attack, Kaspersky says, was detected on March 29, which lasted for 177 hours.
The average DDoS attack usually lasts around four hours.
“The upward trend was largely affected by the geopolitical situation. What is quite unusual is the long duration of the DDoS attacks, which are usually executed for immediate profit,” commented Alexander Gutnikov, security expert at Kaspersky.
“Some of the attacks we observed lasted for days and even weeks, suggesting that they might have been conducted by ideologically motivated cyberactivists. We’ve also seen that many organizations were not prepared to combat such threats. All these factors have caused us to be more aware of how extensive and dangerous DDoS attacks can be. They also remind us that organizations need to be prepared against such attacks.”
The Russia - Ukraine conflict has spilled into the cyber-realm from day one of the invasion. Among other things, a Ukrainian hacker leaked internal chats, and multiple source codes, of Conti, one of the most popular ransomware operators today, allegedly based in Sankt Petersburg, Russia.
At the start of the invasion, Conti warned the cybercrime community that whoever attacks Russian infrastructure will have to face the group, as well. This did not sit well with many of its peers (particularly those from Ukraine, who appeared to have been in large numbers), forcing the group to withdraw the statement.
After the leak, a number of copycats emerged, using Conti’s own source code to develop ransomware that was used against Russian organizations and entities.