Distributed Denial-of-Service (DDoS) attacks on critical infrastructure have surged by 55% in the last four years, according to a new 2024 report by NETSCOUT, with politically motivated cyber actors leading the escalation.
NETSCOUT’s latest DDoS Threat Intelligence Report details that the frequency, complexity, and scale of DDoS attacks have risen dramatically in recent years, posing an increasing threat to critical infrastructure and essential services across Europe and the Middle East.
The report shows that the number of DDoS attacks targeting sectors like banking, financial services, government entities, and public utilities has increased.
These attacks are increasingly sophisticated and leverage advanced techniques to bypass traditional defences.
Critical infrastructure organisations, relied upon to maintain uninterrupted service, now face an onslaught of politically charged cyber-attacks that aim to destabilise national economies and essential services.
Advanced ‘Botnets’ are escalating the threat
One of the key findings of the NETSCOUT report is the rise of advanced botnets such as Zergeca and DDoSia.
These botnets utilise sophisticated methods like DNS-over-HTTPS (DoH) to mask command-and-control (C2) operations, making them significantly harder to detect and neutralise.
The report further highlights that more than 75% of newly established networks engage in DDoS activities within 42 days of going live.
This quick mobilisation allows malicious actors to incorporate new networks into their arsenal swiftly.
What is a botnet?
According to Palo Alto Networks, a ‘botnet’ is “a network of computers infected by malware that are under the control of a single attacking party, known as the bot-herder.”
Each machine is called a bot, and the bot-herder can command all of the computers to carry out coordinated criminal actions. The bot-herder can even rent access to segments of the botnet on the black market for financial gain.
Botnets can comprise millions of bots, enabling large-scale actions previously impossible with malware.
Application-layer attacks lead the way
Application-layer attacks target specific applications and services rather than just overwhelming systems with traffic. They have surged by 43% in the first half of the year.
Hacktivist groups increasingly favour these more targeted attacks with geopolitical motivations.
These kinds of attacks place immense strain on critical networks, seen especially with those within Europe and the Middle East.
NETSCOUT says this further indicates the importance of investing in advanced DDoS mitigation systems.
Politically motivated hacktivism on the rise
Hacktivist groups, motivated by political and ideological agendas, are driving this cyber-attack surge.
The geopolitical climate has turned these actors into key players in the DDoS landscape, using these attacks as tools to disrupt governments, utilities, and financial institutions.
These groups often employ resilient, takedown-resistant networks provided by “nuisance networks” and bulletproof hosting providers.
This trend makes tracking and mitigating DDoS threats even more difficult as their infrastructures are designed to resist takedown efforts.
FCA reports soar in DDoS attacks following Russia-Ukraine war
With this dramatic rise in politically motivated DDoS activity, organisations in critical infrastructure sectors must adopt more advanced and resilient defence strategies, says NETSCOUT.
It concludes that the shift towards highly targeted application-layer attacks and the increasing use of advanced botnet technologies demand a re-evaluation of traditional DDoS mitigation efforts.
NETSCOUT suggests that enhanced monitoring, early detection, and multi-layered defence systems are crucial to safeguarding essential services from this evolving threat landscape.