According to Gcore, in 2022, the number and volume of DDoS attacks will roughly double compared to 2021. The average attack power will grow from 150–300 Gbps to 500–700 Gbps.
Both ordinary users and businesses in any industry—fintech, gaming, e-commerce, and others—are being targeted.
Andrew Slastenov, Head of Web Security at Gcore, talks to his colleagues about trends in the cybersecurity market:
— Andrew, which business sectors are being attacked more often than others in 2022?
— Fintech, gaming, and e-commerce are suffering the most. We recently covered this in our study DDoS attack trends in Q1-Q2 2022. For example, in March of this year, we resisted a powerful UDP flood attack on a gaming company, and in April, we countered an over 24-hour TCP flood attack on a fintech service. New cases are emerging every month, and the volume and number of attacks have more than doubled over the past year.
— Are competitors to blame for attacks on businesses, or are there other reasons?
— There are millions of reasons. Everything depends on the industry.
Let’s take a gaming company, for example. An ordinary player not happy about something could be behind a DDoS attack, and such cases are well-known. Sometimes, players—this is more relevant to e-sports—try to influence the result of matches to get the prize money. Competitors can also be involved. For example, in games with short rounds, DDoS attacks help destroy the community and draw users to another project. There are different reasons for this, and the number of attacks is only growing. In December 2021, we protected our game dev client from over 200 attacks.
Competitors are usually the ones behind the attacks on streaming services. Imagine that the service goes down during a UEFA broadcast when the ball is already in the goal. Viewers would definitely not like that, and some would opt for competitors. The same goes for advertisers. No one would want to spend their ad budgets on an unstable platform.
In fintech, frauds are trying to hack and destabilize banks and financial services with targeted attacks. When everyone went online during the pandemic, the number of users of financial services increased significantly, and so did the number of attacks. Since then, we have constantly been receiving requests from fintech companies, which are being actively attacked and hacked.
Competitors are also attacking e-commerce, coming up with new types of actions, and it’s not limited to trivial DDoS attacks. For example, there’s bot scalping. Imagine on Black Friday, a crowd of bots buys up the store’s entire stock in a flash. Or bots in online stores create fake accounts and make many purchases, so the seller then loses money on processing those orders, which often leads to the disruption of marketing campaigns.
— It turns out that DDoS attacks are only the tip of the iceberg. How do users protect themselves from all types of real attacks?
— One needs to add protection, a technology that will analyze all incoming traffic and not allow attack requests to pass. Choosing the right solution is important: It must protect against things that threaten you. If you protect the transportation layer, but attacks are happening at the application level, it won’t help.
For example, our protection is divided into two products: Server Protection and Web Protection. Server Protection guards servers from all types of DDoS attacks: channel overflow, amplification attacks, UDP, ICMP, SYN Flood, and others. Web Protection defends websites, apps, and APIs from all types of L3–L7 attacks.
Server Protection is chosen by the game dev and fintech industries and hosting providers to protect game servers, trading platforms, and data centers. All you need to do is to order a secure server at our data center or submit a request to add protection to your existing infrastructure, and we’ll install the necessary hardware and software. We help block suspicious requests and keep services stable, which saves companies money. An hour of downtime due to DDoS attacks in the gaming industry costs an average of $25,000.
Web Protection is the preferred choice of e-commerce and banking companies, which are increasingly facing application-level attacks. Web Protection blocks the fraudsters’ actions by analyzing and filtering out different types of non-standard traffic in real time. You don’t need to stop your business processes to activate it. Just submit a request, and we’ll integrate the filtering platform into your application. It runs on powerful 3rd Generation Intel® Xeon® Scalable processors and protects applications from L3, L4, and L7 attacks.
— Can you get into details on how bot attacks work and how to defend against them?
— Let’s approach it from the opposite side. How does an ordinary user behave, for example, in an online store? They go to the home page, spend 5 seconds there, then go to the catalog and stay there for another 10 seconds. We consider it in behavioral analysis. If a user’s behavior differs from this scenario, they open the home page for a second and then go straight to the next page, we know it’s a bot, and we block it.
— Is it challenging to differentiate bots from real users?
— Yes, attackers are constantly evolving, and bot activity is growing. Here’s a simple example. A cybercriminal needs to steal information. They record normal user activity, then digitize that sequence of actions and build a bot-attack algorithm based on it. It doesn’t look that suspicious, but we catch it. If too many users go to a particular resource and perform the same type of actions at similar intervals, we spot it and stop it.
It’s a never-ending story. Fraudsters are constantly creating new types of attacks, and we look for effective ways to defend against them. The challenge for businesses is to promptly connect such protection against actual threats. If you underestimate the danger just a bit, it may be too late.
Sponsored by Gcore