Products
Edge AI
AI Training
GPU Cloud
GPU CloudBoost AI/ML training with servers powered by NVIDIA
AI Inference
Inference at the Edge
Inference at the EdgeAccelerate your ML model inference for fast global performance
AI Applications
Image Generator
Image GeneratorCreate realistic and stunning images with ease
Speech-to-Text Translator
Speech-to-Text TranslatorTranslate from English to Luxembourgish seamlessly
Edge Cloud
Compute
Basic VMs
Basic VMsManage workloads on affordable shared virtual servers
Virtual Machines
Virtual MachinesRun apps on customizable dedicated virtual servers
Bare Metal
Bare MetalDeploy apps on powerful dedicated physical servers
Containers
Managed Kubernetes
Managed KubernetesDeploy, manage, and scale Kubernetes clusters easily
Container as a Service
Container as a ServiceRun containerized apps without server provisioning
Container Registry
Container RegistrySecurely store, manage, and deploy container images.
Function as a Service
Function as a ServiceExecute serverless code functions efficiently
Networking
Load Balancer
Load BalancerRoute traffic optimally to improve app performance
5G Network
5G NetworkDeploy apps and securely connect mobile devices via 5G
Virtual Private Cloud
Virtual Private CloudManage resources in a secure isolated private cloud
Hosting
Virtual Servers
Virtual ServersHost on virtual servers with no traffic restrictions
Dedicated Servers
Dedicated ServersHost on physical servers with worldwide availability
Storage
Object Storage
Object StorageStore data in fast and scalable S3-compatible storage
File Shares
File SharesShare files across servers easily using NFS protocol
Databases
Managed PostgreSQL
Managed PostgreSQLProvision fully managed PostgreSQL databases with ease
Monitoring
Managed Logging
Managed LoggingCollect, store, and analyze application logs
About Edge Cloud
Edge Network
Application Performance
CDN
CDNAccelerate dynamic and static content delivery
FastEdge
FastEdgeDeploy serverless apps with low-latency edge computing
Media Delivery
Video Streaming
Video StreamingDeliver high-quality live and on-demand video at scale
DNS
Managed DNS
Managed DNSEnsure application availability with authoritative DNS
Public DNS
Public DNSProtect online privacy with a free DNS resolver
About Edge Network
Edge Security
Network Security
DDoS Protection
DDoS ProtectionProtect your infrastructure from evolving DDoS attacks
Application Security
WAAP
WAAPSecure apps and APIs from DDoS, bots and OWASP attacks
Solutions
By Industry
Gaming
CDN for Gaming
Game Server Protection
Game Development
Retail
CDN for E-commerce
Media & Entertainment
CDN for Video
Metaverse Streaming
TV & Online Broadcasters
Sport Broadcasting
Online Events
Financial Services
Cloud for Financial Services
Technology
Image Optimization
Web Acceleration
Wordpress CDN
Education
Online Education
By Need
Web Acceleration
Web Acceleration
Image Optimization
Wordpress CDN
Security
Game Server Protection
Video Streaming
CDN for Video
Video Hosting
Live Streaming
Availability
Multi-CDN
Cloud
Web Service
Game Development
Online Store
Migration to the Cloud
ERP in the Cloud
Pricing
Resources
Resources
Blog
Case Studies
Ebooks
Reports
White Papers
Events
Documentation
Docs
API
Product Roadmap
Help Center
Gcore Status
Tools
Looking Glass
Speed Test
Developer Tools
Partners
Partners
Intel
Intel | New CPU Generation
Intel | Ice Lakes
Hesp
Equinix
InData Labs
Ampere
Unum
Programs
White Label Solutions
Referral Program
Why Gcore
Company
About Gcore
Press
Awards
Careers
Legal Information
Platform
Network
Infrastructure
Internet Peering Points
Compliance
Under attack?Under attack?
en
Contact usContact us
Contact us

Select the Gcore Platform

Recommended
Gcore Edge Solutions Go to Gcore Platform → Go to Gcore Platform →

Products:

  • Edge Delivery (CDN)
  • DNS with failover
  • Virtual Machines
  • Bare Metal
  • Cloud Load Balancers
  • Managed Kubernetes
  • AI Infrastructure
  • Edge Security (DDOS+WAF)
  • FaaS
  • Streaming
  • Object Storage
  • ImageStack (Optimize and Resize)
  • Edge Compute (Coming soon)
Show full list
Gcore Hosting Go to Gcore Hosting →
  1. Home
  2. Insights
  3. DDoS attack trends of 2022

DDoS attack trends of 2022

July 19, 2022 5 min read
DDoS attack trends of 2022

The political situation in Europe has escalated. This has affected the nature, intensity, and geography of DDoS attacks: They have become actively used for political purposes.

The situation in Eastern Europe has affected the entire DDoS attacks and protection industry. Now, states are becoming active participants in this market while the attacks themselves are becoming more sophisticated and powerful.

Geopolitical situation changing the objectives, nature, and intensity of attacks

During the first and second quarters of 2022, a number of countries reported attacks on government and financial institutions:

  • “This cyberattack aimed at disabling banks and government websites was the worst in the history of Ukraine. It started on Tuesday, February 15, and lasted until Wednesday, with the goal of causing widespread confusion,” according to the government of Ukraine. “This attack was prepared in advance to destabilize and sow panic and chaos in our country.” The attack targeted the website of the Ministry of Defense and the Ukrainian state services digital portal, Diia, as well as the ATM networks and mobile applications of Oschadbank and PrivatBank.
  • On March 11, the Chinese state agency Xinhua announced that cyberattacks were tracked to the United States, Germany, and the Netherlands. These attacks were carried out via computers in China and targeted Ukrainian, Belarusian, and Russian resources. Despite the state agency naming the sources of detected cyberattacks, it did not attribute them to any particular country. The attacks could be orchestrated by hackers who have acquired IP addresses in these countries.
  • On April 8, the Finnish Ministry of Defense and Foreign Affairs websites were subject to cyberattacks. “We are investigating the matter and will provide information when we know more about the incident,” said the ministry. The suspects behind the attack haven’t been revealed.

States becoming official participants in the DDoS mitigation market

The DDoS market is often called spontaneous. Attacks that are powerful and costly for customers are not uncommon, but governments used to be more restrained when protecting against them. Now, rumors about the actions of state structures in this segment are more often confirmed by the officials. For example, at the end of February 2022, the U.S. Attorney General publicly confirmed that the FBI conducted a secret operation to eliminate Russian malware and prevent a large-scale DDoS attack.

It is also known about the emergence of cyber troops in Ukraine—their creation last year was confirmed by the country’s government. In February 2022, they started the recruitment process. The tasks of the recruits will include ensuring information security and protecting critical infrastructure.

Active government intervention in the industry can fundamentally change the market.

How have the DDoS attack complexity, power, and duration changed?

The power, geography, and duration of DDoS attacks have been affected. According to Andrey Slastenov, Head of Web Security at Gcore, the list of the main DDoS attack victims—countries and industries—has undergone significant changes in recent months. The company shared its data.

Attacks are becoming more complex and multivectored

There are several distinctive types of DDoS attacks:

  • Ransom DDoS attacks are carried out for extortion: The attackers promise to stop their actions upon receiving the ransom.
  • Application-layer DDoS attacks interfere with or even completely paralyze the operation of business applications, which causes material and reputational losses for the targets.
  • Network-layer DDoS attacks sap networks’ bandwidth and disrupt the target’s interactions with partners and clients.

Each type of attack exploits different vulnerabilities in the victim’s infrastructure. Previously, attacks were based on a particular vector, but now the share of more sophisticated malicious campaigns is growing. Rather than directly attacking the victim’s server, attackers paralyze one of its key functions and conduct combined attacks along different vectors.

According to Gcore, the number of such complex multivector attacks tripled in 2022 compared to the previous year. Bots and botnets have become the most common vectors for DDoS attacks, while HTTP flood attacks are also widely used. The company shared an example of a powerful attack that was averted by Gcore Web Application DDoS Protection:

Example of a powerful HTTP Flood attack detected by Gcore Web Application DDoS Protection
Example of a powerful HTTP Flood attack detected by Gcore Web Application DDoS Protection

The number of ultrashort attacks and average attack power are increasing

In recent years, the number of ultrashort DDoS attacks has been growing. In 2022, according to Gcore, their average duration is 5–10 seconds.

The longest attack was recorded by the company’s specialists on April 14–15. It lasted 24 hours with a capacity of 5 Gbps.

The average power of recorded attacks in Q1–Q2 of 2022 more than doubled: last year, it was 300 Gbps, and this year it is already 700 Gbps. Previously, the main targets of such attacks were small and medium-sized companies, but this year more and more attacks are aimed at government agencies.

Government agencies are becoming frequent targets of DDoS attacks

The beginning of 2022 was marked by some of the most powerful attacks of recent years. Most of them targeted government agencies:

  1. January 15—the attack on the North Korean infrastructure. It led to a complete blackout in the country for 6 hours. As a result of the attack, all transportation in the country was paralyzed.
  2. January 16—the attack on Ukrainian government websites. The websites of the Ministry of Education, Ministry of Foreign Affairs, State Emergency Service, Cabinet of Ministers, Ministry of Energy, and Diia were paralyzed.
  3. February 15—attacks on the Ukrainian Ministry of Defense and Armed Forces, PrivatBank, and Oschadbank. As a result of the simultaneous attacks, many Ukrainian banking systems were down, as well as several government websites.
  4. February 23—the attack on the Ukrainian Ministry of Foreign Affairs and National Parliament. As a result of large-scale attacks, several government websites were down.
  5. March 10—the attack on Ukrtelecom. For 40 minutes, the work of the national telecom operator of Ukraine and the operation of networks and essential communication channels throughout the country was disrupted.
  6. March 14—the attack on Israeli government websites. The websites of the Ministries of Interior, Defense, Health, Justice, and Social Services, as well as the Prime Minister’s Office, were under attack. The campaign was labeled the strongest cyberattack ever launched against Israel.
  7. March 16—the attack on the Ukrainian internet service provider Triolan. Severe internet outages for Ukrainian users of the provider.
  8. March 29—the attack on the Bradley Airport website. Unknown hackers launched an attack on the website of the Bradley International Airport, U.S.A.
  9. April 8—the attack on the Finnish Ministries of Defense and Foreign Affairs. The departments’ websites were unavailable and malfunctioned during the day.

Businesses are undergoing heavy flood attacks

According to Gcore, the most attacked business sectors in Q1–Q2 of 2022 were e-commerce, fintech, and game development. The company shared information about powerful TCP and UDP flood attacks.

Traffic structure of TCP Flood attack on fintech company that lasted more than one day, April 14–15
Traffic structure of TCP Flood attack on fintech company that lasted more than one day, April 14–15
Information about UDP Flood attack on Game Developer, March 11
Information about UDP Flood attack on Game Developer, March 11

Increasing DDoS protection requirements

To defend against powerful and sophisticated attacks, businesses and government agencies require advanced security systems. This is not the first time that Gcore has experienced a sharp increase in the number of DDoS attacks and their complexity.

“In 2020–2021, along with increased content consumption in online games and entertainment industry, DDoS attacks also became more frequent and sophisticated. The attacks became more devious: Instead of targeting specific servers, attackers focused on web applications (L7 of the OSI network model) and tried to legitimize the traffic. One of the main targets of cybercriminals was our client, Wargaming. On February 18, 2021, the security system of Gcore detected a UDP Flood—an attack aimed at the servers of the game development company. Its volume reached 253 Gbps, and it lasted 15 minutes. We deflected it successfully. It was possible thanks to the huge bandwidth of our network and our filtering system, which detects and neutralizes attacks at a speed of hundreds of gigabits per second. Our comprehensive protection algorithms ensure that our security systems are not bypassed, even in cases where attackers try to use traffic similar to legitimate ones.”

Head of Web Security at Gcore

Andrey Slastenov

Gcore offers comprehensive protection against complex attacks: it works at the network (L3), transport (L4), and application (L7) layers, effectively protecting clients from all types of cyberthreats. The solution does not require pausing business processes for the duration of the attack since its intelligent real-time traffic filtering technology only cuts out specific malicious sessions.

More about DDoS Protection

Table of contents

Try Gcore WAAP

DDoS attack trends of 2022

Related articles

Securing web applications and APIs at the edge: the power of edge WAAP
Securing web applications and APIs at the edge: the power of edge WAAP
As application architectures become more distributed, securing web applications and APIs requires a proactive, adaptable approach that goes beyond traditional web application firewalls (WAFs). When deployed at the edge, web application and API protection (WAAP) solutions improve security by placing protections closer to end users and possible threats. This strategic […]
November 14, 2024 3 min read
Cyber Monday is coming. So are the hackers
Cyber Monday is coming. So are the hackers
Black Friday and Cyber Monday (BFCM) are two of the biggest online shopping days of the year. In 2023, holiday season e-commerce sales revenue in the US alone reached more than $12 billion, with a further increase expected this year. As online shopping has increased in popularity over the last decade […]
November 13, 2024 4 min read
Trends and Directions in the CDN Industry: Expert Insights from Gcore’s Tucker Preston
Trends and Directions in the CDN Industry: Expert Insights from Gcore’s Tucker Preston
Content delivery networks (CDNs) have been around since the 1990s, and have undergone major changes to meet user expectations and the uptake of the internet in years since. The pace of change hasn’t slowed, and the CDN provider market today is characterized by innovation and competition. To explore these changes, […]
October 10, 2024 5 min read
The Business Economics of Sovereign Cloud Adoption
The Business Economics of Sovereign Cloud Adoption
Countries worldwide are tightening their data protection regulations, pushing organizations to rethink their data storage strategies. In July 2021, the Luxembourg National Commission for Data Protection (CNPD) fined Amazon a record €746 million for violating the European Union’s General Data Protection Regulation (GDPR). The fine stemmed from issues related to how Amazon […]
October 9, 2024 4 min read
How WAAP Stops Common Web Application Threats
How WAAP Stops Common Web Application Threats
When you hear the phrase “common web application threats,” you might assume they’re easy to stop. After all, if they’re so well-known, shouldn’t they be straightforward to defend against? Unfortunately, that’s not the case. The reality is that even the most widespread threats—like SQL injection, cross-site scripting (XSS), and credential […]
October 7, 2024 4 min read
AI Regulations are Changing; Sovereign Cloud Helps Businesses Comply
AI Regulations are Changing; Sovereign Cloud Helps Businesses Comply
AI has taken the world by storm, moving so fast in recent years that regulators simply couldn’t keep up. Concerns about how training data was being sourced and whether inference data was being stored raised major ethical concerns, with critics sounding concerns about AI becoming the technological Wild West. Fortunately, […]
October 3, 2024 4 min read
Cybersecurity Without WAAP: The Devastating Reality of Web Attacks
Cybersecurity Without WAAP: The Devastating Reality of Web Attacks
The consequences of not implementing digital security are clear: data theft, downtime, lost revenue, and reputational damage. But what may be less clear at first glance is that the consequences of inadequate security are just as severe. Although organizations may be reluctant to embrace the latest innovations of an already […]
September 23, 2024 3 min read
How to Make Sure You Choose the Right CDN Provider in a Turbulent Marketplace
How to Make Sure You Choose the Right CDN Provider in a Turbulent Marketplace
$300,000+. That’s what it costs 93% of enterprises if their website goes down for just an hour. It could be worse: 48% of enterprises lose over $1 million per hour, and 23% suffer a staggering $5 million+ per hour in downtime costs. And if you work for one of the world’s top […]
September 20, 2024 3 min read

Subscribe
to our newsletter

Get the latest industry trends, exclusive insights, and Gcore
updates delivered straight to your inbox.
Subscribe