A new report from content delivery network provider Cloudflare Inc. today details the disturbing rise in distributed denial-of-service attacks in the second quarter against critical sectors.

The report describes targeted attacks by Russian-linked hacking groups, such as REvil, Killnet and Anonymous Sudan, against Western websites. A popular target in the second quarter was financial systems, with attempts to disrupt the SWIFT network responsible for global financial transactions. Many Russian banks were banned from the SWIFT network last year.

Cloudflare’s report also highlighted a surge in domain name system-based DDoS attacks and the exploitation of the Mitel vulnerability, designated CVE-2022-26143. Cryptocurrency companies were also a popular target in the second quarter, with a sharp increase in attacks as part of a broader rise in HTTP DDoS attacks.

The DNS-based DDoS attacks involved threat actors exploiting vulnerabilities in DNS servers, attempting to disrupt the translation of human-friendly website addresses to machine-friendly IP addresses. The methodology involves overwhelming DNS servers with malicious queries, with attackers effectively rendering targeted websites inaccessible to legitimate users. The report notes that the tactic poses challenges for organizations that manage their own authoritative DNS servers and the need to adopt robust defense strategies to mitigate attacks.

The exploitation of the Mitel vulnerability also stood out in the second quarter, with malicious actors using the vulnerability to execute user datagram protocol or UDP amplification DDoS attacks. The report claims that the potential impact of these attacks is amplified by the fact that the vulnerability allows for traffic reflection and amplification, delivering large-scale attacks.

The report also sheds light on the increased targeting of cryptocurrency companies by DDoS attacks. The sector experienced a notable surge in the second quarter as attackers sought to disrupt digital asset exchanges and related services.

Finally, the report detailed the emergence of virtual machine-based botnets as marking a significant shift in the DDoS threat landscape. The botnets, which are composed of VMs, are said to exhibit unprecedented power and scalability, posing formidable challenges for mitigation and defense. These botnets generate hyper-volumetric attacks with remarkable efficiency by leveraging computational and bandwidth resources.

“In recent months, there’s been an alarming escalation in the sophistication of DDoS attacks and even the largest and most sophisticated attacks that we’ve seen may only last a few minutes or even seconds — which doesn’t give a human sufficient time to respond,” the report concludes. “Before the PagerDuty alert is even sent, the attack may be over and the damage is done.”

Image: Bing Image Creator