The war in Ukraine has been a major catalyst for Distributed Denial of Service (DDoS) attacks. Kaspersky cybersecurity researchers said that between the fourth quarter of 2021 and the first quarter of 2022, the number of DDoS attacks increased 4.5 times, while the number of “smart” (or advanced and targeted) attacks ) increased 81% between quarters.
To put things into perspective, the fourth quarter of 2021 would have seen the highest number of DDoS attacks detected by the cybersecurity company.
Most of the growth had been attributed to “hacktivists” seeking to play their part in the Russian-Ukrainian conflict.
Long DDoS attacks
In many cases, attackers have targeted Russian endpoints, whether government-owned or financial sector-owned. These attacks, the researchers said, have a “ripple effect” as they affect the entire population.
The attacks were also said to be both large-scale and innovative. One example included a copy of the popular puzzle game 2048 which was used for Russian DDoS websites.
The average session lasted 80 times longer than those spotted a quarter earlier. The longest attack, according to Kaspersky, was detected on March 29 and lasted 177 hours.
The average DDoS attack typically lasts around four hours.
“The upward trend was largely affected by the geopolitical situation. What is quite unusual is the long duration of DDoS attacks, which are usually executed for immediate profit,” commented Kaspersky security expert Alexander Gutnikov.
“Some of the attacks we observed lasted for days or even weeks, suggesting that they may have been carried out by ideologically motivated cyberactivists. We also found that many organizations were unprepared to combat All of these factors have made us more aware of the scope and dangerousness of DDoS attacks, and remind us that organizations must be prepared against such attacks.
The Russian-Ukrainian conflict spilled over into cyberspace from day one of the invasion. Among other things, a Ukrainian hacker leaked internal chats and several source codes from Conti, one of the most popular ransomware operators today, allegedly based in St. Petersburg, Russia.
At the start of the invasion, Conti warned the cybercrime community that anyone attacking Russian infrastructure will also have to deal with the group. This did not sit well with many of its peers (particularly those from Ukraine, who seemed to have been in large numbers), causing the group to retract its statement.
After the leak, a number of copycats emerged, using Conti’s own source code to develop ransomware that was used against Russian organizations and entities.