Attacks lasting 90 minutes increased by 22%. This attack duration now makes up 81% of all DDoS attacks, while the most prolonged attacks spanning over 1200+ minutes saw a steep 95% reduction.
“The modus operandi of cyber criminals is to cause maximum disruption with minimal effort,” says Donny Chong, the Product Director of Nexusguard. “Modern cybersecurity tools have become so advanced, it’s compelling bad actors to look for attack opportunities where the shortest disruption wreaks the most havoc. This is likely why we’re seeing more high-profile DDoS attacks on governments and the public sector, where even brief interruptions can have big consequences.”
“Politically charged hacktivism is increasingly becoming a common motivator for many of today’s DDoS attacks,” adds Chong. “We expect this will make vital services in areas like public sector, government, and finance even more vulnerable, elevating the importance of national security and global diplomacy.”
Application attacks have shifted starkly towards Windows OS devices, comprising 87% of all DDoS targets in 2023 compared to just 15% the prior year. Computers and servers represented 92% of DDoS targets compared to 8% for mobile devices – a massive shift from the year before, when the split for computer/servers and mobile devices sat at 32% vs. 68%, respectively.
“Several reasons could explain this extreme shift in device targets,” Chong adds. “New vulnerabilities discovered in Windows OS, or more sophisticated malware, may have made it easier to compromise these systems. Botnets are also evolving, so attackers might be looking to exploit more powerful computing resources provided by computers and servers for more effective attacks. Regardless, no system is infallible. Real-world examples of DDoS attacks in 2023, like the exploitation of Microsoft Exchange server vulnerabilities and the rise of ransom DDoS attacks, serve as stark reminders of these attacks’ tangible impact.”
Attackers continue to leverage techniques to launch massive attacks with limited resources. The most prominent attack vector to achieve this remains NTP Amplification Attacks – representing over a quarter (26%) of attacks. However, these attacks decreased by 17% in 2023, suggesting that improved network configurations and heightened security awareness mitigate the impact.
In a sign of adaptation from bad actors, two other attack vectors are rapidly gaining on NTP Amplification:
- HTTPS Flood, notable for its subtlety in mimicking legitimate traffic, made up 21% of 2023 attacks, up from 12% in 2022.
- DNS Amplification saw the most significant rise, representing 14% of 2023 attacks, up from just 2% in 2022. This sharp spike and its potential to create large-scale disruption highlight a significant vulnerability in global internet infrastructure.
More broadly, attack categories are shifting:
- The fastest growing threat category in 2023 was Application attacks (e.g. HTTP/HTTPS attacks from groups like Killnet), which rose 79% YoY in 2023 and comprised 25% of DDoS attacks, underscoring hackers’ tenacity for adapting against today’s advanced cybersecurity tools.
- Volumetric (direct flood) attacks accounted for 24% – a 30% decline YoY, suggesting network infrastructure is becoming better equipped to absorb large volumes of traffic – or that attackers are simply shifting strategies towards more sophisticated methods.
Finally, single-vector attacks dominate 93% of DDoS attacks, again highlighting bad actors’ prioritisation of simpler-to-execute techniques that require fewer resources and less expertise. These attacks disrupt operations and services effectively, blend more easily with legitimate traffic, and can quickly be distributed against broad targets.
To learn more, read the full report.
https://www.linkedin.com/company/nexusguard/
https://twitter.com/Nexusguard
https://www.facebook.com/nxg.pr/