Confronting the Escalating Menace of Web DDoS Tsunami Attacks in 2023
The first half of 2023 has seen a massive surge in Distributed Denial of Service (DDoS) attacks, unveiling a new level of sophistication, frequency, and size that organisations must confront. This rising threat is particularly exemplified by the popularity in web DDoS attacks, which have emerged as a formidable danger across industries and geographies. A Web DDoS Tsunami attack is an evolved type of HTTP DDoS Flood cyberattack that is sophisticated, aggressive, and very difficult to detect and mitigate without blocking legitimate traffic.
The Evolving Threat Landscape
As you might have discovered through recent news highlights, DDoS attacks have reached astonishing heights in 2022 and the first half of 2023. Data from our partner’s (Radware) Threat Hub highlights a remarkable 152% YoY increase in blocked DDoS events in 2022 compared to 2021, coupled with a 32% YoY rise in total blocked attack volume. The largest DDoS attack in 2022 reached a staggering 1.46 Tbps – a 2.8x surge from the previous year’s record.
Furthermore, these attackers have expanded beyond financial motivations, with political motives now fueling a good chunk of DDoS attack motives. The shift began in tandem with Russia’s invasion of Ukraine, showcasing an unprecedented synchronisation between cyberattacks and real-world events. This trend has led to a surge in state-sponsored hacktivist groups targeting organisations across various sectors, resulting in a far-reaching impact.
Three Key Trends Shaping DDoS Attacks
- Factor #1: Rise of State Actors
The shift from financially driven hackers to state-backed hacktivist groups has significantly altered the overall landscape. State-sponsored groups possess far more resources and organisation, widening their capabilities to create sophisticated attack tools, target a broader range of victims, and operate with relative impunity.
- Factor #2: Attacks Growing in Scale and Complexity
Attackers are employing new tools that enable larger and more intricate attacks. They mix attack vectors within single attacks, creating difficulties for traditional mitigation technologies and practices.
- Factor #3: Shift to Application Layer Attacks
DDoS attacks are increasingly targeting the application layer, complicating detection and mitigation. The deployment of advanced web DDoS attack tools has rendered traditional defences less effective against these sophisticated tactics.
What Exactly Are Web DDoS Attacks & Why Are They Harder to Mitigate?
The amalgamation of these trends, mentioned above, has birthed web DDoS attacks as the premier vector for modern DDoS threats. These attacks exploit the application-layer HTTP or HTTPS protocols, directing a barrage of requests toward web applications to overwhelm servers. Since most web traffic is encrypted, detecting malicious intent becomes complex, making these attacks especially challenging to mitigate.
Web DDoS Challenges
- Asymmetric Processing: SSL/TLS protocols demand more server resources, enabling attackers to generate massive attacks with relatively few requests.
- Encrypted Payloads: The majority of web traffic is encrypted, rendering inspection by traditional defences ineffective.
- Attack on Application Logic: Application-layer attacks mimic legitimate requests, requiring deep understanding to detect abnormalities indicative of an attack.
- Advanced Attack Tools: Attackers use new tools with randomised attack vectors and techniques that evade traditional defences.
The past 18 months have seen unprecedented growth in DDoS attack activity, which has increased in size, frequency, and sophistication. This growth has been driven by a combination of factors. While each of these factors stands on its own, they coalesced into a fundamental shift in the threat landscape, which is more dangerous than ever before. Of these changes, web DDoS tsunami attacks have emerged as a uniquely devastating threat to organisations, threatening the availability of mission-critical applications and services. Traditional DDoS protection methods, however, are incapable of providing adequate protection against these attacks, calling for a new approach to DDoS protection.