Last week, Imperva released the Q1 2022 Global DDoS Threat Landscape Report. To produce the report’s findings, Imperva performs detailed statistical analysis of all DDoS activity that our Threat Research Labs monitored from our global network of PoPs during the first three months of 2022. In response to the ways in which recent geopolitical events have significantly accelerated the rate at which the DDoS threat landscape can change, Imperva has increased the frequency of our reporting from annually to quarterly. This is the first report in the new quarterly cadence, designed specifically to provide the most recent and up to date information about DDoS attacks and the impact they can have on business and global affairs. Here are three of the key findings from the first quarter of 2022:
- The year got off to a turbulent start as major global events impacted the DDoS landscape with geopolitical tensions causing volumes of DDoS attacks on Ukrainian websites to increase by 73%.
- The number of Layer 3 and 4 attacks increased by 70% overall and new attack vectors, TCP Middlebox Amplification and UDP TP240 PhoneHome were reported as being used in DDoS attacks against several of our customers.
- February saw the largest attack mitigated by Imperva. The Layer 7 attack, which was part of a ransom DDoS attempt and one of multiple attacks on different sites within one company, lasted several days and at its peak reached up to 2.5 million requests per second (rps).
More Q1 2022 Global DDoS Threat Landscape Report highlights
18%+ of Layer 7 attacks lasted more than 12 hours
More than 60% of all Layer 7 attacks mitigated by Imperva in Q1 lasted over 15 minutes, with almost 20% sustained for more than 12 hours.
50% of websites hit by a Layer 7 DDoS were attacked again
More than half of the total number of websites attacked in the first quarter of this year came under attack a second time.
Ransom DDoS threats continue to disrupt
Ransom Denial of Service threats continued to present a challenge in Q1, with threat actors using more innovative tactics to disrupt business and attempt to extort payment.
Attacks on websites in Ukraine and Russia quadrupled
Between January and February 2022 attacks on Russian and Ukrainian websites increased fourfold as Imperva reported an increase of 320% in attacks month on month.
DDoS attacks increased overall by 70% in March
The number of attacks almost doubled from January to February 2022, with an increase in Layers 3 and 4 attacks of 70%.
Almost 80% of attacks were single-vector
Only 20% of Layers 3 and 4 DDoS attacks used more than one vector which should not be underestimated. Without the right DDoS protection in place repeated short single-vector attacks could result in a network becoming overwhelmed before mitigation has a chance to kick in.
A high percentage of attacks were short in duration
Layer 3 and 4 DDoS attacks were quite short in duration during Q1, with almost 62% of all attacks lasting seven minutes or less.
Shorter attacks are dangerous for a number of reasons and are often used as a distraction tactic as part of a wider, multi-vector attack.
Download the full Q1 2022 Global DDoS Threat Landscape Report here.
Try Imperva for Free
Protect your business for 30 days on Imperva.