Year of the rising DDoS: how digital zombie attacks have evolved since the 1970s


The first distributed denial of service (DDoS) attack was discovered at the University of Illinois way back in 1973 and since then cybercriminals have come a long way, with around 13 million DDos incidents recorded in 2022, according to cybersecurity firm NetScout.

Take a shorter jump backwards in time, to 2005, and that number was being measured in the mere hundreds, it adds. By 2013, the annual DDoS figure had increased at least tenfold – fast forward to the first quarter of last year, and it stood just shy of three million in as many months.

Describing the total number of DDoS attacks for 2022 as “a new high watermark for attack frequency” NetScout added: “Much of the increase comes from the pro-Russian group Killnet and others that explicitly target websites.”

“Attacks of this nature preceded the Ukraine invasion, knocking out critical financial, government, and media sites,” it said.

Presumably, this meteoric rise in DDoS attacks cannot be solely attributed to the Russians and their allies. And with an estimated billion websites globally, according to NetScout, digital crooks of all allegiances and none wishing to try their hand at ‘zombie’ computer attacks are not short of targets.

DDoS attacks – in which an attacker remotely accesses as many machines as possible, and then marshals them against a target system in the hope of temporarily knocking it offline with an overwhelming barrage of service requests – are seen by many in the industry as a blunt instrument, often a nuisance but rarely causing lasting damage.

This may be the reason behind the partisan-driven surge suspected by NetScout, as ‘script kiddies’ or those with subpar hacking skills seek ways to support the Kremlin’s widely condemned invasion of Ukraine without leaving the comfort of their bedrooms.

Carpet-bombing bots

Of course, politically motivated DDoS attacks are nothing new: another early example documented by NetScout dating back to 1990 targeted the US Department of Defense.

What has changed is the scale, and this is partly due to the evolved and ever-evolving range of tactics, techniques, and procedures (TTPs) deployed by the more organized criminal gangs who use DDoS as an attack vector.

These newer TTPs include so-called “carpet-bombing” attacks, named after the aerial kinetic tactic that rose to prominence during World War II, in which internet protocol (IP) addresses are selected en masse for zombie computer attacks.

NetScout says the rate of use of the carpet-bombing TTP more than doubled during 2022, increasing by 110% from the first half of the year to the second, with most being leveled against internet service providers across Europe, the Middle East, and North Africa (EMEA).

"DDos attacks on wireless telecommunications have grown 79% since 2020, primarily due to the increase in 5G wireless to the home."

NetScout

“A barrage of DDoS attacks hammered EMEA’s optical instrument and lens manufacturing sector, resulting in a 14,137% increase, mainly against one major distributor with over 6,000 attacks over four months,” added NetScout.

The wireless telecoms sector was also singled out for attacks by digital armies of hijacked computers, or “bots”, collectively known as “botnets.”

“DDoS attacks on the wireless telecommunications industry have grown 79% since 2020, primarily due to the increase in 5G wireless to the home,” said NetScout, adding that this accounted for a fifth of all botnet attacks on that industry.

Canvassing large companies and organizations on its client roster, NetScout found that on average they were suffering “more than 3,500 events per day or 145 an hour” – although it added that not all of these incidents could be classed as DDoS attacks.

Mafia malware and digital guardians

And just as conventional crime in the 20th century could be traced back to recurring suspects such as the Five Families of New York gangster legend, in the online world of cybercrime many bots and botnets can be linked to certain families of malicious software.

NetScout says its analysts “tracked over 1.35 million bots from malware families like Mirai, Meris, and Dvinis in 2022, with enterprises receiving over 350,000 security-related alerts with botnet involvement.”

Commenting on the report’s findings, NetScout’s threat intelligence chief Richard Hummel warned that cybercriminals would continue to get better at their jobs – in other words, like their fictional horror equivalents on the Silver Screen, the digital zombies of today have left their shambling predecessors of the 1970s far behind.

"DDos attacks threaten organizations worldwide and challenge their ability to deliver critical services."

Richard Hummel, threat intelligence at NetScout

“DDoS attacks threaten organizations worldwide and challenge their ability to deliver critical services,” said Hummel. “With multi-terabit-per-second attacks now commonplace, and bad actors’ arsenals continuing to grow in sophistication and complexity, organisations need a strategy that can quickly adapt to the dynamic nature of the DDoS threat landscape.”

Anil Singhal, CEO of NetScout, called on the “guardians of the digital world” to join the global mission to face down the growing threat posed by DDoS attackers.

“These attacks evolved from simple denial-of-service to dynamic distributed denial-of-service where attacks adapt to counter network defenders,” he said. “This is unfolding while adversaries continue to launch new botnets to devastating effect, creating a shifting paradigm.”

Singhal added: “Complex multi-vector attacks and more sophisticated adversary methodologies have become commonplace, highlighting the need for intensive scrutiny of the threat landscape to weather the onslaught.”