This post is also available in: heעברית (Hebrew)

A new twist has been introduced to the DDoS attack narrative, with novel approaches allowing cybercriminals to bypass geoblocking defenses, flooding servers more frequently and for longer.

The third quarter of 2023 saw a persistent rise in UDP flood attacks, which have become the favored method for cybercriminals. It is a type of DDoS attack in which hackers overwhelm a server or network by sending an enormous quantity of useless data packets via a protocol usually used for streaming. The packets travel one way and do not require connection to the server, making the attack hard to stop, with even firewalls that are supposed to filter out bad traffic becoming exhausted.

The volume of UDP attacks increased to 67% in the last quarter, as reported by experts in continuous network availability and DDoS attack mitigation Qrator Labs. A single UDP flood attack lasts an average of 71.58 hours, which makes it the longest type of DDoS attack.

The report explains that nowadays, cyber adversaries are outmaneuvering geo IP blockades by cleverly sourcing traffic within the same country as their target, a tactic that brings them virtually closer to the target region, leading to an alarming spike in blocked IP addresses.

Victor Zyamzin, global head of business development at Qrator Labs, warns: “Instead of brute force, attackers are now focusing on efficiency. The sophistication of attacks is expected to grow, with yesterday’s mitigation methods likely to fail tomorrow.”

According to Cybernews, cyberattackers are increasingly exploiting HTTP/2 protocol to launch stealthier assaults, often against companies that are renting servers in the cloud.

“Now, we expect a new stage in the competition between the armor and the projectile. Instead of mass, the attackers are tasked with achieving efficiency. The sophistication of attacks will grow, and methods of neutralizing them, which were effective yesterday, will most likely not work tomorrow. In 2023, we expect Application Layer attacks, with their traffic mimicking the behavior of ordinary users, to become more widespread. Such attacks are challenging to detect and neutralize,” Zyamzin concluded.