The number of DDoS attacks on Russian companies doubled year on year in the first quarter

The number of DDoS attacks on Russian companies doubled year on year in the first quarter. Mostly companies from critical industries are under attack, but incidents also affect citizens. Roskomnadzor speaks of repelling almost three times more attacks in the first quarter alone than in the entire 2023. However, experts believe that the technology used by the department to block traffic based on geography will be less and less effective due to the distribution of attacks.

Kommersant got acquainted with the data of the Solar Group (a structure of Rostelecom) on network cyber attacks in the first quarter of 2024, according to which their number doubled year on year, to 119 thousand. We are talking about DDoS attacks (attack on a server using the “denial of service”). The longest incident since the beginning of the year was an incident that lasted 11 days, its maximum capacity reaching 724 Gbit/s. In particular, Solar notes more than 2.5 thousand DDoS attacks on energy companies – three times more than in the fourth quarter of 2023, and almost an order of magnitude more year on year. This is the strongest growth of any industry. In general, hackers are also most active in attacking the public sector, the financial market and IT.

Hackers are intensifying attacks, including by increasing their cost, explains Artem Izbaenkov, deputy director for product development at Solar Group of Companies. For example, they rent computing power in data centers in different countries, and not only find those who are willing to participate for ideological reasons. As a rule, these are low-skilled hackers. Also, the company believes, growth is facilitated by the spread of Internet of Things (IoT) technology and “smart” devices that hackers combine into botnet networks.

DDoS-Guard experts confirm the trend of increasing number of incidents: according to their estimates, year-on-year growth in the first quarter was 29%. The company clarified that they observed a decline in the activity of attackers in February, but by March the number of incidents approached 172.5 thousand. The number of attacks will continue to grow because more and more devices are involved in botnets, DDoS-Guard expects: “Robotic traffic is becoming more difficult to distinguish from real users.”

Not only organizations, but also citizens suffer from cyber attacks. According to Kommersant’s sources, on March 13, an Internet provider and a digital TV and telephony provider operating in the Moscow region, Telinkom, was subjected to a DDoS attack. On that day, the company sent out messages to subscribers stating that due to the DDoS attack, “there are restrictions on network operation.” Telinkom did not answer Kommersant. Also in March, the number of attacks on the travel segment in the Russian Federation increased, StormWall analysts reported. According to them, the attackers attacked the websites of travel agencies and airlines.

“We are seeing a trend toward DDoS localization: attacks from abroad are being blocked, and attackers are increasingly using Russian IP addresses, obtaining them under one pretext or another,” notes Nikita Tsaplin, CEO of the hosting provider RUVDS. The fight against this is underway, but so far it has not been possible to completely solve the problem, he emphasizes.

The dynamics of DDoS attacks has been growing since the beginning of the armed conflict in Ukraine. Thus, at the beginning of 2023, their number also increased relative to 2022, and the geography of the attacked objects expanded (see “Kommersant” dated May 29, 2023). To counter attacks, the Main Radio Frequency Center, subordinate to Roskomnadzor, ordered the development of a National System for Combating DDoS Attacks in 2023 for 1.4 billion rubles. It was planned to be created on the basis of an already functioning TSPU network (technical means of countering threats). According to the terms of the tender, the system must be developed by March 2024. Roskomnadzor did not answer Kommersant.

RIA Novosti, citing the agency, reported on April 14 that specialists from the Center for Monitoring and Management of Public Communications Networks (TsMU SSOP) of Roskomnadzor in the first quarter “repelled 512 major DDoS attacks, which is almost three times more than in the whole of 2023.” At the same time, says Kommersant’s interlocutor on the market, Roskomnadzor uses geographic blocking to combat network attacks, that is, cutting off traffic originating from the territory of the states where most of the malicious activity originated. However, says Kommersant’s source, “due to the distribution of modern cyber attacks, blocking only in this way is already becoming ineffective.”

Tatiana Isakova