The year 2022 was a record-breaking year for Distributed Denial of Service (DDoS) attacks in Russia. According to a report released by Russia’s largest internet service provider (ISP), Rostelecom. The company recorded 21.5 million critical web attacks against 600 Russian businesses, including those in the public, financial, retail, and telecom sectors. This highlights the increasing threat DDoS attacks pose to organizations and the need for robust cybersecurity measures to combat them.
According to Rostelecom, the most potent DDoS attack ever observed in 2022 measured 760 GB/sec, nearly twice as much as the strongest attack ever observed the year before. The most prolonged DDoS attack recorded by the ISP lasted nearly three months. These statistics show the devastating impact DDoS attacks can have on organizations. They are designed to overwhelm the targeted website or service, making it unavailable by depleting the server’s ability to accept new connections.
Most Powerful And Highest DDoS Attack Region
Moscow was the most attacked region in 2022, where the largest numbers of Russia’s top companies are located. Rostelecom detected over 500,000 DDoS attempts targeting the city’s entities. This spike in attacks coincides with when Sberbank, one of Russia’s largest banks, reported that It experienced the largest DDoS attack it had ever seen, measuring 450 GB/sec. This emphasizes how crucial it is for businesses in Moscow and the rest of Russia to exercise caution and take preventative measures to safeguard themselves from DDoS assaults.
Origins And Targets of DDoS Attacks
Rostelecom reported that the origin of the attacks, based on IP addresses, was the United States. The targets of the attacks were primarily in the banking sector. In May 2022, Ukraine’s IT Army announced that It had attacked a crucial web platform before interfering with the distribution of alcoholic beverages in Russia. This highlights the use of DDoS attacks as a tool in political and ideological conflicts and the need for organizations to be aware of the potential motivations behind such attacks.
The number of DDoS attacks throughout the latter half of 2022 remained consistent but marked a decrease compared to the second quarter of the same year. Despite this, Rostelecom noted that the attacks had become more precise in nature. It was evident in December 2022 when a DDoS attack targeted VTB Bank, Russia’s second-largest financial institution, making the bank’s mobile applications and main website inaccessible for several days. This serves as a reminder that DDoS attacks are constantly evolving, and organizations must remain vigilant in regularly updating and enhancing their cyber security measures to protect against them.
Types Of Cyberattacks Targeting Russia
Rostelecom reported that 80% of all cyberattacks targeting Russian entities were DDoS attacks. However, the company also recorded the targeting of website vulnerabilities such as arbitrary command execution, path traversal, local file inclusion, SQL injection, and cross-site scripting. It highlights the need for organizations to focus on protecting themselves from DDoS attacks and ensure that their websites and networks are secure against other cyberattacks.
The public sector was the most targeted industry for cyberattacks in 2022, with 30% of all recorded incidents, significantly increasing from 12 times the previous year. Additionally, 25% of recorded incidents targeted financial institutions and services. According to Rostelecom, the primary motivation behind these attacks is disrupting the highly critical economic sector and accessing sensitive financial and personal information stored in databases.
The targeting of financial institutions and the public sector highlights the far-reaching impact of DDoS attacks, which can result in financial losses and compromise of sensitive information, and damage to an organization’s reputation. These attacks not only affect the targeted organization but also have the potential to cause ripple effects throughout the entire economy. As a result, it is crucial for organizations in these industries to take proactive measures to protect themselves and to implement a robust cybersecurity plan to safeguard against DDoS attacks and other cyber threats.
In third place, accounting for 16% of all cyberattacks, were education institutes. Rostelecom believes these institutions may have been targeted due to their links to Russian companies. This highlights the potential for DDoS attacks to target organizations that may not be directly involved in a conflict or dispute but are associated with it somehow.
In March of 2022, the Moscow-based meat producer Miratorg Agribusiness Holding fell victim to a devastating cyberattack that not only resulted in the encryption of their data but also caused a significant disruption in the distribution of food to the market. The cyberattack severely impacted the company’s supply chain, which is crucial in getting food to consumers. This disruption not only affected the company’s bottom line but also caused inconvenience to consumers who relied on the company’s products. This attack serves as a stark reminder of the far-reaching consequences of DDoS attacks on an organization, not just in terms of financial losses but also in terms of the ripple effect it can have in the broader community and economy. The incident further emphasizes the importance of organizations having robust cybersecurity measures in place and being prepared for a DDoS attack’s potential consequences.
Additionally, the incident also highlights the need for companies to have a Business Continuity Plan (BCP) in place. A BCP is a plan that outlines the steps a company will take to continue business operations in the event of an unexpected interruption. This could include measures such as data backups, disaster recovery plans, and communication protocols. A BCP ensures that the organization can respond quickly and effectively to an incident, minimizing the impact on its operations and customers.
The attack on Miratorg Agribusiness Holding reminds organizations of all industries to take DDoS attacks seriously and implement robust cybersecurity measures to protect themselves and their customers. The potential consequences of a DDoS attack can be severe, and organizations need to be prepared to mitigate the damage and continue business operations.
Conclusion
Rostelecom’s report highlights the increasing trend of DDoS attacks targeting Russian organizations. The attacks were aimed at overwhelming the targeted website or service, making it unavailable by depleting the server’s ability to accept new connections. The attacks originated in the United States, and the targets were primarily in the banking sector. The volume of DDoS attacks remained relatively stable from July until December 2022, but it was notably lower compared to Q2 2022.
However, the Russian ISP reported that the attacks became more sophisticated. To combat these attacks, organizations must be vigilant, take proactive measures and continuously update and improve their cybersecurity measures. They also need to be aware of the potential motivations and consequences of DDoS attacks to be better prepared for them. Additionally, it’s important for organizations to have a DDoS mitigation plan in place and to train their employees on how to detect and respond to DDoS attacks. Organizations can also consider DDoS protection services offered by service providers to safeguard their networks and websites from DDoS attacks.
