Russia’s largest internet service provider Rostelecom says 2022 was a record year for Distributed denial of service attacks (DDoS) targeting organizations in the country.
DDoS attacks are cyberattacks aimed at making an internet-connected website or service unavailable by overwhelming it with many requests that deplete the server’s ability to accept new connections, causing the service to become unresponsive.
Hacktivists have used DDoS attacks on both sides of the Ukraine-Russian conflict to disrupt critical services, usually as retaliation for actions or announcements made concerning the ongoing war.
In a report published today, Rostelecom says its experts recorded 21.5 million critical web attacks aimed at roughly 600 Russian organizations from various industries, including telecom, retail, financial, and the public sector.
The most powerful DDoS attack recorded by Rostelecom was 760 GB/sec, almost twice as big as the most potent attack of the previous year, while the longest DDoS lasted nearly three months.
Overloading Russia
The most attacked region in 2022 was Moscow, where the largest number of Russia’s top companies are located. Rostelecom says it detected over 500,000 DDoS attempts targeting the city’s entities.
March marked the beginning of the attacks, while May 2022 was the culmination point of the DDoS activities. Rostelecom says the origin of these attacks based on the IP addresses was the United States, while the targets were in the banking sector.
The spike in the attacks coincides with when Sberbank, one of Russia’s largest banks, reported it suffered the most significant DDoS attack it had ever seen, measured at 450 GB/sec.
Also, in May 2022, Ukraine’s IT Army announced it had disrupted the distribution of alcoholic beverages in Russia after targeting an essential online portal.
The attack volume stayed relatively stable from July until December 2022 but was notably lower compared to Q2 2022. After that, however, the Russian ISP says the attacks became more sophisticated and targeted.
In December 2022, an attack on VTB Bank, Russia’s second-largest financial institution, forced the bank’s mobile apps and main website to go offline for several days.
Cyberattacks targeting the state
About 80% of all cyberattacks targeting Russian entities were DDoS, but Rostelecom also recorded the targeting of website vulnerabilities.
These vulnerabilities included arbitrary command execution after successfully exploiting a vulnerability (10%), path traversal (4%), local file inclusion (3%), SQL injection (3%), and cross-site scripting (1%).
The largest number of cyberattacks in 2022 targeted the public sector, accounting for 30% of all recorded incidents, 12 times more than in 2021.
A notable 25% targeted financial institutes and services. Rostelecom believes the motivation for these attacks was to create a disruption in the highly-critical economical sector, as well as to access databases containing financial information and personal data of customers.
In third place, accounting for 16% of all cyberattacks, there are education institutes, which Rostelecom says might have been attacked due to their links to Russian companies.
In March 2022, the Moscow-based meat producer Miratorg Agribusiness Holding announced it suffered a catastrophic cyberattack that also involved data encryption, causing a disruption in the distribution of food to the market.
