DDoS attacks fuelling geopolitical tensions and infrastructure disruptions, reveals NetScout

NetScout’s report highlights a sharp rise in DDoS attacks in 2024, with Israel, Georgia, Mexico, and the UK facing major spikes during political conflicts, legislative debates, national elections, and parliamentary sessions

NetScout Systems has released its 2H2024 DDoS Threat Intelligence Report, highlighting how Distributed Denial of Service (DDoS) attacks have become a primary weapon in cyberwarfare, often coinciding with elections, civil protests, and policy disputes. The findings underscore how cybercriminals take advantage of national vulnerabilities to amplify disruption, targeting critical infrastructure in government, commerce, and public services.

According to the report, DDoS attacks in 2024 were closely linked to global sociopolitical events. Israel experienced a staggering 2,844% surge in attacks amid hostage rescues and ongoing political conflicts. In Georgia, incidents spiked 1,489% during heated debates over the passage of the controversial “Russia Bill.” Mexico witnessed a 218% increase in DDoS activity as national elections took place, while the United Kingdom saw a 152% jump on the day the Labour Party resumed its session in Parliament.

The report underscores how cybercriminals strategically exploit geopolitical tensions, using DDoS attacks to destabilize critical infrastructure and erode trust in public institutions. As these threats continue to escalate, the need for robust cybersecurity measures has never been more urgent.

“DDoS has emerged as the go-to tool for cyberwarfare,” stated Richard Hummel, director, threat intelligence, NetScout. “NoName057(16) continues to be the leading actor for politically motivated DDoS campaigns targeting governments, infrastructure, and organizations. In 2024, they repeatedly targeted government services in the United Kingdom, Belgium, and Spain.”

AI and Automation Drive Scale and Impact

DDoS-for-hire services have become more powerful using AI for CAPTCHA bypassing, with about nine in ten platforms now offering this capability. Additionally, many employ automation to enable dynamic, multi-target campaigns and offer infrastructure exploitation techniques such as carpet bombing, geo-spoofing, and IPv6 to expand attack surfaces. Even the most novice operators can launch significant DDoS attack campaigns causing substantial harm.

Botnets Playing a Bigger Role

Enterprise servers and routers have been exploited to intensify attacks and make remediation more challenging. Overall botnet populations declined by 5% but demonstrated strong resiliency despite concerted takedown efforts. Law enforcement takedown efforts, like Operation PowerOFF, continue to target DDoS-for-hire services but only momentarily disrupt attack platforms as new platforms take their place. The long-term impact is uncertain as attackers adapt and reconstitute their networks, with no significant decline in global attack volume.

DDoS Attacks are Adaptive and Persistent

DDoS attacks are evolving and adapting faster than ever, creating a challenge for defenders and those entrusted with protecting critical infrastructure networks and service availability. Enterprises, government organizations, and service providers are all targets for DDoS attacks. Successful strategies must deploy proactive intelligence-driven methodologies and automation to mitigate modern-day DDoS attacks effectively. Staying ahead of new threats demands that organizations outmaneuver an adversary that can force multiply its strength, speed, intelligence, and persistence like nothing the world has ever seen.

Unparalleled Attack Visibility