Russian state-sponsored threat actor groups are known for innovative attack techniques and malware campaigns, ruling the underground darknet markets with various cybercriminal activities. Russian attackers have extended their targets from small organizations to critical infrastructures across the globe. Surprisingly, the country that made the world concerned about cyberattacks is now facing constant security threats. The number of DDoS attacks on Russian organizations surged 2.5 times in 2021 compared to last year, a report from Rostelecom revealed.
In a DDoS attack, cybercriminals make a targeted network or service unavailable to its users by flooding it with unwanted incoming traffic from different sources.
DDoS Attacks in Russia
The report revealed that DDoS attackers mainly targeted finance, online trading, and public sector organizations. The most significant DDoS attacks were focused on organizations located in Moscow, accounting for 60% of the total number of incidents, with the highest power of DDoS attacks – more than 70 Gbps. The attackers continue to leverage already known techniques for organizing DDoS attacks and large-scale botnets to increase the power of attacks. The most common DDoS attacks reported were UDP flood, SYN flood, and fragmented packet attacks (FRAG), which are usually organized using botnets.
“The power and complexity of DDoS attacks are increasing every year. This is due to the active use of larger botnets by hackers. They consist of a multitude of devices, which are exploited with new vulnerabilities. In particular, in September, cybercriminals organized the largest DDoS attack using the Meris botnet, which is estimated to scale 200,000 devices. Such sophisticated attacks are already directed at well-protected organizations and companies, whose resources can only be disabled by a very powerful DDoS. For example, it can be banks, large industrial or energy enterprises, etc.,” said Timur Ibragimov, Head of Anti-DDoS and WAF Cybersecurity Services Platform Solar MSS of Rostelecom-Solar.
DDoS Attack Trends in Russia
The Russian internet service provider Yandex recently sustained the largest DDoS attack in the history of the Russian Internet (RuNet). Security experts claim that the attack was implemented via a new botnet tracked as Meris. It was found that the DDoS attack power was more than 20 million requests per second (RPS), affecting over 30,000 host devices.
In terms of attacking trends, DDoS actors appear to be changing their game plans and are turning to ransom distributed denial of service (RDDoS) as a new ransom vector. In an RDDoS attack, cybercriminals either launch a DDoS attack and then demand ransom to stop, or they may ask for the ransom first by threatening with a DDoS attack if not paid.
To mitigate the risk of DDoS attacks, experts from Rostelecom recommended organizations and users detach web applications from the critical resources by deploying them in separate databases. Adding a Web Application Firewall (WAF) with the existing anti-DDoS solution also helps prevent data thefts or unauthorized intrusions.