The Rise of DDoS Attacks: A Growing Threat to Cyber Security

Category: News
Published: 17th September 2024

< Back to Media
Image representing cyber AI

Distributed Denial of Service (DDoS) attacks have emerged as one of the most significant and disruptive cyber threats facing organisations worldwide this year. According to Radware, the number of DDoS attacks per customer grew by 94% in 2023 compared to 2022, building on the previous year’s growth of 99%.

A DDoS attack aims to overwhelm a company’s devices, services, and network with fake internet traffic, rendering them inaccessible to or useless for legitimate users. The goal of a DDoS attack is not to steal data or breach security systems directly but to disrupt service availability, resulting in significant financial and reputational damage to businesses. The main aim of a DDoS attack is to extract money from businesses by holding them to ransom over the operation or function of their site. However, as DDoS attacks overwhelm the network they also impact security devices like firewalls, and so can be an opportunity to spread ransomware whilst the system is being disrupted by the DDoS attack.

The Surge in DDoS Attacks in 2024

Several factors have contributed to the increase in DDoS attacks in 2024, and as more critical infrastructure moves online, and the use of Internet of Things (IoT) and Operational Technology (OT) devices grows, the potential targets for cybercriminals have multiplied. The rise of the Internet of Things (IoT) has introduced billions of new devices into the digital ecosystem. Many of these devices lack robust security measures, making them easy targets for hackers to compromise and integrate into botnets.

In 2024, the size of botnets has grown significantly, enabling attackers to launch more powerful DDoS campaigns. A botnet is a network of computers that are infected with malware and are under the control of one attacker. So, the attacker can have every computer in their network perform one action at once, making the ability to perform DDoS attacks far easier.

The motivations behind DDoS attacks have expanded beyond financial gain to include political activism, competitive sabotage, and even personal vendettas. The ongoing geopolitical conflicts have also played a role in the rise of DDoS attacks in 2024. State-sponsored attacks have become more prevalent, with nations using DDoS attacks as a tool for cyber warfare, targeting critical infrastructure, financial systems, and government services. Additionally, the rise of DDoS-for-hire services has lowered the barrier to entry for potential attackers, making these attacks more accessible to a wider range of perpetrators and more profitable for the criminal actors.

Notable DDoS Attacks

The year 2024 has already witnessed several high-profile DDoS attacks that highlight the growing sophistication and impact of this threat:

Microsoft’s Azure Outage: Microsoft fell victim to a DDoS attack that followed closely on the heels of a major outage involving cyber security firm CrowdStrike. The attack led to an eight-hour outage affecting Microsoft’s Azure portal and some Microsoft 365 services. Microsoft’s swift response, involving changes to its network configuration, prevented even greater disruption, but the incident highlights the vulnerability of even the largest tech companies to DDoS attacks.

Ukrainian Bank Attack: In August 2024, a Ukrainian bank that operates entirely through a mobile app became the target of a massive DDoS attack. At its peak, the bank’s systems were bombarded with 7.5 billion requests per second. The attackers exploited the bank’s reliance on its mobile platform, aiming to cripple its operations and erode customer trust. The attack serves as a stark reminder of the vulnerabilities inherent in digital-only financial institutions.

As we progress through 2024, DDoS attacks represent an ever-growing threat to global cyber security. The increasing reliance on digital services, the expansion of IoT devices, and the evolving tactics of cybercriminals have all contributed to the rise in DDoS incidents. For organisations, the stakes have never been higher.