2022 was a turbulent year full of regional conflicts. NSFOCUS Global Threat Hunting System detected a large number of DDoS worldwide in 2022, with some governments or banks suffering from the largest attacks in their history.
Launching a DDoS attack is not expensive but can paralyze critical infrastructure and network systems, bringing huge economic losses and damaging the victims’ reputation. Plus, attack tools and services are easy to access, so DDoS attacks have always been one of the most common attacks in cyberspace.
NSFOCUS keeps tracking and analyzing DDoS attack trends and publishes the DDoS attack landscape report each year to help organizations build dynamic protection schemes to defend the increasingly complicated DDoS attacks. The 2022 Global DDoS Attack Landscape has been published recently. Download the Report. According to the report, DDoS threats have maintained consistent growth over the past four years and terabit DDoS attacks frequently emerged.
Here we compiled a list of significant DDoS attacks in 2022. Combined with the 2022 Global DDoS Attack Landscape, we hope we can help you to know the trends to keep an eye on for 2023 and plan/adjust your DDoS mitigation solution in advance.
January 2022
Nobel Foundation site hit by DDoS attack on award day
The Nobel Foundation and the Norwegian Nobel Institute disclosed a cyber-attack that unfolded during the award ceremony on December 10, 2021. As revealed, the institution’s site was hit by a DDoS (distributed denial of service) attack which aims to overwhelm a website with high volumes of “garbage” traffic and a large number of bogus connection requests. “The cyberattack subjected the websites to extremely high loads and was designed to try to prevent our ability to update and publish new information about the Nobel Prize and the achievements of the Nobel Laureates,” details the official announcement.
February 2022
Vodafone Portugal 4G and 5G services down after cyberattack
Vodafone Portugal suffered a cyberattack causing country-wide service outages, including the disruption of 4G/5G data networks, SMS texts, and television services.
Ukrainian military agencies, state-owned banks hit by DDoS attacks
The Ministry of Defense and the Armed Forces of Ukraine and two of the country’s state-owned banks, Privatbank (Ukraine’s largest bank) and Oschadbank (the State Savings Bank), are being hammered by Distributed Denial-of-Service (DDoS) attacks.
March 2022
Russia Releases List of IPs, Domains Attacking Its Infrastructure with DDoS Attacks
the Russian government released a massive list containing 17,576 IP addresses and 166 domains that it said are behind a series of distributed denial-of-service (DDoS) attacks aimed at its domestic infrastructure. Some of the noticeable domains in the listing released by Russia’s National Coordination Center for Computer Incidents (NCCCI) included the U.S. Federal Bureau of Investigation (FBI), and Central Intelligence Agency (CIA).
Cyberattacks Against Israeli Government Sites: ‘Largest in the Country’s History’
Israel’s Nation Cyber Directorate confirmed that a denial-of-service (DDoS) attack against a telecommunications provider took down several government sites, as well as others not affiliated with the government. The incident led to the Directorate to briefly declare a state of emergency, while sources said the cyberattack was the largest ever against Israel. The sites for the Israeli departments of interior, health, justice, welfare and even the Prime Minister’s office were taken offline due to such a large-scale attack.
April 2022
Beijing health code app suffers overseas cyber attack: official
Beijing’s health code app, known as Jiankangbao, suffered a cyber attack from overseas on April 28. The attack occurred when the use of the application was at its peak, and a preliminary analysis showed that the hack originated from overseas, said Wei Bin, vice director of the news division of the publicity department of the CPC Beijing Committee, at a press conference on pandemic control. The attack was thwarted effectively and in time by the app’s maintenance team, and services were not affected. The threat actor used the disclosed malicious code family Fbot as an attack weapon. The botnet maps three C&C domain names to multiple IP addresses through DNS domain names for load balancing.
From March 29 to April 10, 2022, the total number of unique Fodcha bots (IPs) has exceeded 62,000, and daily numbers fluctuate around 10,000. The top provinces that the bots are coming from are the Shandong Province (12.9%), the Liaoning Province (11.8%) and the Zhejiang Province (9.9%). The service providers that these bots originate from are China Unicom(59.9%), China Telecom(39.4%), and China Mobile(0.5%).
May 2022
Russian Sberbank says it’s facing massive waves of DDoS attacks
On May 6, 2022, Sberbank says it repelled the biggest DDoS attack it has ever seen, measured at 450GB/sec. The malicious traffic that supported the attack against Sberbank’s main website was generated by a botnet with 27,000 compromised devices located in the United States, the U.K., Japan, and Taiwan.
Italian CERT: Hacktivists hit govt sites in ‘Slow HTTP’ DDoS attacks
Italy’s Computer Security Incident Response Team (CSIRT) disclosed the attacks on the country’s government, ministry, parliament, and even army websites. The CSIRT warned that attackers used “Slow HTTP” technique and characterized “slow HTTP” as an unusual type of DDoS attack, warning system administrators that their existing defenses may not be effective if they are not targeted towards the attack. Pro-Russian hacktivists known as the Killnet group claimed responsibility for the attacks.
June 2022
Russian hacktivists take down Norway govt sites in DDoS attacks
Norway’s National Security Authority (NSM) published a statement warning that some of the country’s most important websites and online services are being rendered inaccessible due to distributed denial of service (DDoS) attacks. The statement further explains that a criminal pro-Russian group is believed to be behind the attacks.
July 2022
Lithuanian Energy Firm Disrupted by DDoS Attack
Lithuanian energy company Ignitis Group was hit by what it described as its “biggest cyber-attack in a decade” when numerous distributed denial of service (DDoS) attacks were aimed at it, disrupting its digital services and websites. Pro-Russian hacking group Killnet claimed responsibility for the attack on its Telegram channel, making this the latest in a series of attacks launched by the group in Lithuania due to that country’s support for Ukraine in the war with Russia.
August 2022
Google blocked HTTPS DDoS attacks peaking at 46 million requests per second.
Google says it blocked an HTTPS-based DDoS attack that peaked at 46 million requests per second, at least 76% larger than its the previously reported record. According to experts, the attack involved more than 5,000 IP addresses from 132 countries, with around 30 percent of the traffic coming from Brazil, India, Russia, and Indonesia. The geographical distribution and botnet characteristics suggest the use of the Mēris family.
Lumen stops 1.06 Tbps DDoS attack in the company’s largest mitigation to date
Lumen Technologies successfully mitigated a 1.06Tbps attack that was part of a larger campaign targeting a single victim. Lumen reported stopping an attack with a capacity of over 1 terabyte per second on the servers of its client. At the time of the attack, the target servers were hosting a gaming service. In the week leading up to the incident, the attackers tested various DDoS methods and studied the victim’s protection capabilities by issuing commands to bots from three different C2 servers.
LockBit ransomware blames Entrust for DDoS attacks on leak sites
The LockBit ransomware operation’s data leak sites have been shut down over the weekend due to a DDoS attack telling them to remove Entrust’s allegedly stolen data. In late July, digital security giant Entrust confirmed a cyberattack disclosing that threat actors had stolen data from its network during an intrusion in June. LockBit claimed responsibility for the attack and began leaking data. This leak consisted of 30 screenshots of data allegedly stolen from Entrust, including legal documents, marketing spreadsheets, and accounting data. Soon after they started leaking data, researchers began reporting that the ransomware gang’s Tor data leak sites were unavailable due to a DDoS attack.
September 2022
Large-scale DDoS Attacks Target Many Critical Industries as Election Approaches in Brazil
According to the data from the NSFOCUS Global Threat Hunting System, the trend of DDoS attacks against Brazil was unusual in 2022. There was a significant increase in July and August, which was suspected to be related to the upcoming Brazilian election in October. In a series of DDoS attacks monitored by NSFOCUS Global Threat Hunting System, critical sectors including government agencies, educational institutions, news agencies, and communication operators in Brazil were attacked.
Russian resources suffered from DDoS attacks by pro-Ukrainian hacktivists
Russian resources suffered from DDoS attacks by pro-Ukrainian hacktivists. Victims included the Unistream, Korona Pay, and Mir payment systems, as well as the Russian National Payment Card System, which ensures the operation of Mir and the Faster Payments System. What’s more, activists brought down the website, call center, and SMS provider of Gazprombank; Otkritie Bank noted disruptions to its internet banking service and mobile app, and SberBank reported 450 repelled DDoS attacks in the first two months of Q3. According to SberBank, this is the same number as in the previous five years put together.
October 2022
US airports’ sites taken down in DDoS attacks by pro-Russian hackers
The pro-Russian hacktivist group ‘KillNet’ claimed large-scale distributed denial-of-service (DDoS) attacks against websites of several major airports in the U.S., making them unaccessible. Notable examples of airport websites that were unavailable include the Hartsfield-Jackson Atlanta International Airport (ATL), one of the country’s larger air traffic hubs, and the Los Angeles International Airport (LAX), which is intermittently offline or very slow to respond.
Russia’s Sberbank repels largest cyber attack in its history
Sberbank, the most important bank in Russia, repelled one of the biggest cyber attacks in its history, which lasted 24 hours and seven minutes, the institution’s vice-president, Stanislav Kuznetsov, informed. The DDoS attack involved at least 104,000 hackers with at least 30,000 computers located in different countries, Kuznetsov told Rossiya 24 television channel on Tuesday.
Darkweb market BidenCash gives away 1.2 million credit cards for free
A dark web carding market named ‘BidenCash’ released a massive dump of 1,221,551 credit cards to promote their marketplace, allowing anyone to download them for free to conduct financial fraud. BidenCash is a stolen cards marketplace launched in June 2022, leaking a few thousand cards as a promotional move. The threat actors announced the credit card dump on new URLs BidenCash launched late September in response to DDoS attacks, so it could be a way to promote the new shop domains.
November 2022
Russian KillNet Shuts Down EU Parliament Website With DDoS
Pro-Kremlin KillNet hackers took down the website of the European Parliament in a DDoS attack that came just hours after the legislative body declared Russia a terrorist state.
Russian brokers faced most powerful series of DDoS attacks in history
Russian brokerage companies were subjected to a wave of the most powerful DDoS-attacks in history, which caused technical problems in the operation of their websites and deprived users of access to their services for several hours, company StormWall reported. According to the company’s experts, in the past there were registered only isolated cases of attacks on brokers, and only with the purpose of extortion. This time there were really powerful series of attacks on several companies at once, including BCS, Finam and Otkrytie investments.
December 2022
Massive DDoS attack takes Russia’s second-largest bank VTB offline
Russia’s second-largest financial institution VTB Bank encountered the worse cyberattack in its history after its website and mobile apps were taken offline due to an DDoS attack. “It is not only the largest cyberattack recorded this year, but in the entire history of the bank.” stated a VTB spokesperson. The bank says its internal analysis indicated the DDoS attack was planned and orchestrated with the specific purpose of causing inconvenience to its customers by disrupting its banking services.