According to Gcore, in 2022 the number and volume of DDoS attacks will approximately double compared to 2021. The average attack power will increase from 150-300 Gbps to 500-700 Gbps.
Regular users and businesses from all industries (fintech, gaming, e-commerce and others) are targeted.
Andrew Slastenov, Head of Web Security at Gcore, talks to his colleagues about cybersecurity market trends:
— Andrew, which industries are attacked more often than others in 2022?
— Fintech, gaming and e-commerce are suffering the most. We recently covered this in our study DDoS attack trends in Q1-Q2 2022. For example, in March this year, we withstood a powerful UDP flood attack against a gaming company, and in April, we countered a TCP flood attack lasting more than 24 hours on a fintech service. New cases are emerging every month, and the volume and number of attacks have more than doubled over the past year.
— Are the competitors responsible for the attacks on the companies or are there other reasons?
“There are a million reasons. It all depends on the industry.
Take a game company, for example. A regular gamer unhappy with something could be the source of a DDoS attack, and such cases are well known. Sometimes players – this is more relevant for esports – try to influence the outcome of matches to get the prize money. Competitors may also be involved. For example, in games with short games, DDoS attacks help destroy the community and lure users to another project. There are different reasons for this, and the number of attacks is only increasing. In December 2021, we protected our game development client against over 200 attacks.
Competitors are usually the ones behind attacks on streaming services. Imagine the serve goes down during a UEFA broadcast when the ball is already in the goal. Viewers certainly wouldn’t like that, and some would opt for contestants. The same goes for advertisers. No one would want to spend their advertising budget on an unstable platform.
In fintech, fraudsters attempt to hack into and destabilize banks and financial services with targeted attacks. When everyone went online during the pandemic, the number of financial service users increased dramatically, as did the number of attacks. Since then, we constantly receive requests from fintech companies, which are actively attacked and hacked.
Competitors are also attacking e-commerce, offering new types of actions, and this is not limited to trivial DDoS attacks. For example, there is the scalping bot. Imagine on Black Friday, a crowd of bots are buying up all the store’s stock in a flash. Or bots in online stores create fake accounts and make many purchases, so the seller then loses money when processing these orders, which often leads to the interruption of marketing campaigns.
— It turns out that DDoS attacks are just the tip of the iceberg. How do users protect themselves against all types of real-world attacks?
— Add protection, technology that will scan all incoming traffic and not let attack requests pass. Choosing the right solution is important: it must protect you against the elements that threaten you. If you’re protecting the transport layer, but attacks are happening at the application level, that won’t help.
For example, our protection is divided into two products: Server Protection and Web Protection. Server Protection protects servers against all types of DDoS attacks: channel overflow, amplification attacks, UDP, ICMP, SYN Flood, etc. Web Protection protects websites, applications and APIs against all types of L3 to L7 attacks.
Server Protection is chosen by game development and fintech industries and hosting providers to protect game servers, trading platforms and data centers. Just order a secure server in our data center or Submit a request to add protection to your existing infrastructure, and we’ll install the necessary hardware and software. We help block suspicious requests and maintain service stability, saving businesses money. An hour of downtime due to DDoS attacks in the gaming industry costs an average of $25,000.
Web protection is the preferred choice for e-commerce and banking businesses, which increasingly face application-level attacks. Web Protection blocks the actions of fraudsters by analyzing and filtering different types of non-standard traffic in real time. You don’t need to stop your business processes to activate it. Just Submit a request, and we will integrate the filtering platform into your application. It runs on powerful 3rd Generation Intel® Xeon® Scalable processors and protects applications against L3, L4 and L7 attacks.
— Can you go into detail on how bot attacks work and how to defend against them?
“Let’s approach from the opposite side. How does an ordinary user behave, for example in an online store? They go to the home page, spend 5 seconds there, then go to the catalog and stay there another 10 seconds. We consider it in behavioral analysis. If a user’s behavior differs from this scenario, they open the home page for a second, then go straight to the next page, we know it’s a bot and we block it.
— Is it difficult to differentiate bots from real users?
— Yes, attackers are constantly evolving and bot activity is increasing. Here is a simple example. A cybercriminal needs to steal information. They record normal user activity, then digitize this sequence of actions and create a bot attack algorithm based on it. It doesn’t look so suspicious, but we catch it. If too many users are accessing a particular resource and performing the same type of actions at similar intervals, we catch it and stop it.
It’s an endless story. Fraudsters are constantly creating new types of attacks and we are looking for effective ways to defend against them. The challenge for enterprises is to quickly connect such protection against real threats. If you underestimate the danger a little, it may be too late.
Sponsored by Google Core