Russia’s largest internet service provider, Rostelecom, says 2022 was a record year for distributed denial-of-service (DDoS) attacks targeting organizations in the country.
DDoS attacks are cyberattacks that aim to render a website or Internet-connected service unavailable by overwhelming it with numerous requests that exhaust the server’s ability to accept new connections, causing the service to become unresponsive.
Hacktivists have used DDoS attacks on both sides of the Ukrainian-Russian conflict to disrupt critical services, usually in retaliation for actions or announcements regarding the ongoing war.
In a report released today, Rostelecom says its experts recorded 21.5 million critical web attacks targeting around 600 Russian organizations from various sectors, including telecommunications, retail, finance and the public sector.
The most powerful DDoS attack recorded by Rostelecom was 760 GB/sec, almost twice as large as the most powerful attack of the previous year, while the longest DDoS lasted almost three months.
The most attacked region in 2022 was Moscow, where the highest number of The main Russian companies are located. Rostelecom says it has detected more than 500,000 DDoS attempts targeting city entities.
March marked the start of attacks, while May 2022 was the peak of DDoS activity. Rostelecom claims that the origin of these IP address-based attacks was the United States, while the targets were in the banking sector.
The peak of the attacks coincides with when Sberbank, one of Russia’s largest banks, reported it suffered the largest DDoS attack ever, measured at 450 GB/sec.
In addition, in May 2022, the Ukrainian Informatics Army announced that it had disturbed the distribution of alcoholic beverages in Russia after targeting a key online portal.
The volume of attacks remained relatively stable from July to December 2022, but was significantly lower compared to the second quarter of 2022. After that, however, the Russian ISP says attacks became more sophisticated and targeted.
In December 2022, a attack on VTB bankRussia’s second-largest financial institution, forced the bank’s mobile apps and main website to go offline for several days.
Cyber attacks targeting the state
About 80% of all cyberattacks targeting Russian entities were DDoS, but Rostelecom also recorded targeting website vulnerabilities.
These vulnerabilities included executing arbitrary commands after successfully exploiting a vulnerability (10%), path traversal (4%), local file inclusion (3%), SQL injection (3%), and cross-site scripting (1%).
The highest number of cyberattacks in 2022 targeted the public sector, accounting for 30% of all recorded incidents, 12 times more than in 2021.
A notable 25% targeted financial institutes and services. Rostelecom believes the motivation for these attacks was to create disruption in the highly critical economic sector, as well as to gain access to databases containing financial information and personal customer data.
Third, accounting for 16% of all cyberattacks, are educational institutions, which Rostelecom says could have been attacked because of their ties to Russian companies.
In March 2022, Moscow meat producer Miratorg Agribusiness Holding announcement it suffered a catastrophic cyberattack that also involved data encryption, causing disruption in the distribution of food in the market.