DDoS attacks surge to record numbers in 2022 as a result of Russia-Ukraine war

Mockup depicting crumbled relationship between Ukraine and Russia
(Image credit: Getty Images)

A surge in hacktivist activity related to the Russia-Ukraine war has been blamed for a significant rise in distributed denial of service (DDoS) attacks in Q1 2022.

Compared with the same period in 2021, Kaspersky researchers said the number of DDoS attacks was 4.5 times greater in 2022 than last year, with “an unprecedented duration of DDoS sessions” also observed.

The figures from 2021 were considered, at the time, to be the all-time highest number of detections by researchers but the figures have now been dwarfed thanks to hacktivists as well as efforts to mimic popular websites to gamify DDoS attacks on Russian websites, Kaspersky said.

These types of targeted attacks have been labelled as ‘smart attacks’ by Kaspersky, a form which has also risen considerably to the tune of 81%. These “were not only performed at scale but were also innovative,” the researchers said.

“In Q1 2022 we witnessed an all-time high number of DDoS attacks,” said Alexander Gutnikov, security expert at Kaspersky to IT Pro. “The upward trend was largely affected by the geopolitical situation. What is quite unusual is the long duration of the DDoS attacks, which are usually executed for immediate profit. Some of the attacks we observed lasted for days and even weeks, suggesting that they might have been conducted by ideologically motivated cyberactivists.

“We’ve also seen that many organisations were not prepared to combat such threats. All these factors have caused us to be more aware of how extensive and dangerous DDoS attacks can be. They also remind us that organisations need to be prepared against such attacks.”

The duration of some of the attacks is noteworthy and far longer than what is normally reported. DDoS attacks are typically categorised by the ‘size’ of them - the amount of traffic involved in the attack, represented in terms of the amount of data. DDoS attacks are rarely measured by their duration but Kaspersky said the longest in this analysis was 549 hours - longer than three weeks.

Not only are lengthy attacks expensive, but they can expose the botnet used to launch the DDoS attack. Usually, DDoS attackers take care not to launch costly, ineffective attacks - most of the attacks Kaspersky analysed (94.95%) lasted less than 4 hours - but this has not been the case so far this year.


The truth about cyber security training

Stop ticking boxes. Start delivering real change.


In the case of the hacktivists, Kaspersky said the sustained attacks (longer than one day) were mainly targeting government agencies and banks - further signalling that the attacks were not financially motivated.

In a country-by-country breakdown, Kaspersky did not list the data of attacks against Russia, showing that the US received the most attack attempts with 44.34% of all attacks directed at the country.

Although it did not provide the data on Russia, Kaspersky said many Russian organisations were unprepared for the targeting they received and the company was inundated with requests for help from companies already under attack.

Connor Jones

Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.