'Hacktivist' activity drives DDoS volumes to all-time high

DDoS Attack
(Image credit: Shutterstock)

The war in Ukraine was a major catalyst for Distributed Denial of Service (DDoS) attacks, a new report suggests.

Cybersecurity researchers from Kaspersky have said that, between Q4 2021, and Q1 2022, the number of DDoS attacks grew 4.5 times, while the number of “smart” (or advanced and targeted) attacks rose by 81%.

To put things into perspective, Q4 2021 was said to have had the all-time highest number of DDoS attacks detected by the cybersecurity company.

Most of the growth was attributed to “hacktivists” who were looking to play a role in the conflict between Russia and Ukraine. 


Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

Long DDoS attacks

In many cases, the attackers targeted Russian endpoints, predominantly in the public and financial sectors. These attacks, the researchers said, have “knock-on effects” on the wider population. 

The attacks were both performed at scale, and in innovative ways. One example included a copy of the popular puzzle game 2048, which was used to DDoS Russian websites.

The average session also lasted 80 times longer than in the previous quarter. The longest attack, Kaspersky says, was detected on March 29, which lasted for 177 hours. The average DDoS attack usually lasts around four hours.

“The upward trend was largely affected by the geopolitical situation. What is quite unusual is the long duration of the DDoS attacks, which are usually executed for immediate profit,” said Alexander Gutnikov, security expert at Kaspersky.

“Some of the attacks we observed lasted for days and even weeks, suggesting that they might have been conducted by ideologically motivated cyberactivists. We’ve also seen that many organizations were not prepared to combat such threats. All these factors have caused us to be more aware of how extensive and dangerous DDoS attacks can be. They also remind us that organizations need to be prepared against such attacks.”

The Russia - Ukraine conflict has spilled into the cyber-realm from day one of the invasion. Among other incidents, a Ukrainian hacker leaked source code for Conti ransomware, allegedly operated by a Russian group.

After the leak, a number of copycats emerged, using Conti’s own source code to develop ransomware that was used against Russian organizations and entities. 

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.