Microsoft has released a report detailing Distributed Denial of Service attacks and it makes it quite plain that although this type of attack is quite old, it still has some impact on targeted victims.
The report is titled 2022 in review – DDoS attack trends and insights and examines the types of attacks being used and the effects they have of their victims.
Targeted victims
Ukraine war and the knock-on effects
In the report, Microsoft identify that the first half of 2022 saw most DDoS attacks being targeted against Ukraine targets and those of allied countries supporting the Ukraine effort, with a large number of attacks being focussed on UK financial institutions.
China / Taiwan politics
Other attacks were seen hitting Taiwanese targets ahead of the visit to Taiwan by US House of Representitives member Nancy Pelosi.
These attacks could have originated from the PRC, or individuals who are aligned with the PRC objectives.
Gamers hit
Two big online games were hit with DDoS attacks in 2022. In March, the popular game “Among us” was targeted, taking servers offline for an entire weekend, and in August, “Grand Theft Auto:San Andreas” was disrupted with a new variant of a DDoS bot called Rapperbot.
Thousands of attacks
Microsoft has a priveleged position to observe huge amounts of Internet traffic – having a huge cloud service as well as a global install-base of operating systems – and through these systems can observe all manner of traffic.
Their report details that in 2022, the agerage number of separate DDoS attacks per day was 1,435. The fewest number observed was 680 and the highest number of attacks was 2,215.
Types of attacks
The types of DDoS attacks seen were predominantly those involving the Transmission Control Protocol (TCP), with 63% of attacks involving some form of TCP flooding.
22% of attacks were using the User Datagram Protocol, which is a rise over previous years – this is due to the high proportion of online games using this protocol, but also the fact that many collaboration tools such as Teams and Zoon, etc. use UDP primarily.
The remaining attacks involved a mix of malformed TCP and UDP packets designed to cause errors on the recieving end of the communication.
Attack durations
Of the attacks observered, the biggest proportion of attacks were sustained for less than 1 hour – 89% of attacks lasted for less than 60 minutes, and 26% were only active for approx. 2 minutes.
11% of the attacks observered had durations greater than 1 hour.
Short attacks require fewer resources from the attacker, and are more challenging to mitigate for legacy DDoS defenses.
Short attack bursts conducted over a lengthy time span will often have a similar effect to a sustained attack, as the target network will be just about recover from the st attack as the 2nd, 3rd, 4th, attacks hit. These attacks can also cause knock-on effects are affected customers all try to re-connect at the same time, thus exaggerating the effect of the DDoS.