The analysis is based on 310 verified Denial-of-Service incidents during the reporting period of January 2022 to August 2023.
A large-scale study is also included of publicly reported incidents.
The study focuses on the motivations of attackers, their goals and the socio-political profiles of targets.
Since the beginning of 2022, DoS attacks have turned into a novel and massive threat using new techniques and are fuelled by warfare motivations.
In the last few years, DoS attacks have become easier, cheaper and more aggressive than ever before.
The emergence of new armed conflicts around the world acted as fuel to new waves of DoS attacks where newly formed threat actors pick and choose targets without fear of repercussions.
To provide a better understanding of this type of threat by analysing the motivations and impact of the DoS attacks and raise awareness at the same time by suggesting prevention and remediation recommendations.
The research performed illustrates that most impacted sectors over the reported period covering January 2022 to August 2023 are associated with government services.
These attacks stand as retaliation acts triggered by political decisions.
The report highlights that the last few years, DoS attacks have increased in number especially in the public administration and have become easier and more aggressive than before, largely due to geopolitical reasons.
The current DoS threat landscape is greatly influenced by the emergence of the recent armed conflicts around the world and especially by the Russia-Ukraine War that fuelled new waves of DoS attacks where recently introduced threat actors select targets without the fear of repercussions.
The study also illustrates that while no sector is exempted from DoS attacks, the government infrastructure has become a preferred target by threat actors that often manage to be successful by causing downtime.
The detection, description and analysis of DoS attacks is highly complex and different from other cybersecurity attacks.
In other types of cybersecurity attacks, such as exploitation of services or even supply chain attacks, the attackers leave artefacts behind that the incident responders can find, analyse, share, confirm, verify and ultimately use for some explanation or even attribution.
In the case of DoS attacks artefacts do not exist or are usually fake ones.
This is part of the reasons why official databases of such attacks are difficult to be compiled.
There is a wide range of difficulties when it comes to defining what a DoS attack is.
Denial-of-service attacks are defined for this report as availability attacks in which attackers, partially or totally, obstruct the legitimate use of a target's service by depleting or exploiting the target's assets over a period of time.
A Distributed Denial-of-Service attack DDoS is a subset of DoS attacks.
DoS attacks can be distributed which means that they may originate from thousands of sources from all over the world, usually relying on large-scale botnets or proxies.
This Cyber News was published on www.enisa.europa.eu. Publication date: Wed, 06 Dec 2023 11:43:18 +0000