LAST May all the way to the end of June, a series of events caused a $400 billion wipe out caused by a crash in cryptocurrency prices. On May 7, the stablecoin USDTerra (UST) fell from its $1 peg to 35 cents sending the crypto world into a frenzy. Time magazine reported that the event caused Bitcoin to tank to its lowest in recent years. Another cryptocurrency exchange Coinbase, plunged in value. Other crypto firms suffered from a meltdown not seen since the pandemic. One local exchange that boldly promoted itself as a stable purveyor of cryptocurrency also spiraled down sending investors into a sellout frenzy just to recover what they could.
As the crypto world went into a full meltdown, Kaspersky noticed a parallel increase in Distributed Denial of Service (DDoS) activity. Compared to figures from Q2 2021, Kaspersky reported that its solutions had defended its users against approximately 2.5 times more DDoS attacks. At the same time, in contrast to the beginning of the year with its dramatic surge in attacks due to hacktivist activity, absolute numbers decreased in Q2 2022. However, this does not mean that the DDoS market has cooled down, instead attacks have changed in quality, becoming longer and more complicated.
Did the attacks increase in relation to the cryptocurrency breakdown?
“The collapse of cryptocurrencies began with the plummet of the Terra (Luna) and has only been gaining momentum since. Various factors indicate that the tendency may continue: for example, cryptominers are selling off farms at low prices to gamers. This can lead to a surge in global DDoS activity,” Alexander Gutnikov, a security expert at Kaspersky explains.
The average duration of an attack in Q2 2022 was 3,000 minutes, or two days, which is 100 times longer than in Q2 2021, when an attack lasted just for 30 minutes on average. Compared to Q1 2022, which was marked with unprecedented durations for DDoS sessions as the result of hacktivist activity, the Q2 figure also shows an increase — by three times.
A Distributed Denial of Service (DDoS) attack is designed to hinder the normal functioning of a website or crash it completely. During an attack (which usually targets government institutions, retail or financial companies, media or other organizations) the victim loses customers due to the unavailability of their website and their reputation suffers.
“It is extremely expensive to continue an attack for such a long time, especially if it is ineffective due to being filtered by protection solutions. When bots are constantly active, the risk of botnet wear-off, node failure or control center detection increases. The extreme duration of these attacks and the growth in the number of smart and targeted DDoS attacks makes us wonder about the capabilities, professional affiliation and funding sources of the organizers,” Gutnikov comments.
Every second attack in Q2 2022 detected by Kaspersky’s products was smart, meaning its organizers conducted rather sophisticated preparation. The share of smart attacks reached almost 50 percent in this quarter, which was nearly a new record. The all-time highest share was set four years ago when the DDoS market was in a slump, and it’s unexpected to observe figures that high during a “heated” year in terms of DDoS activity.
In terms of the number of DDoS attacks, the second quarter was quieter than the first. This is a common phenomenon: the experts usually see a decline in DDoS activity as summer nears. According to the Kaspersky DDoS Intelligence system, this year the dynamics of the number of DDoS attacks within the quarter didn’t match this typical pattern. After a slowdown at the end of Q1, botnet activity steadily grew throughout Q2, resulting in more activity in June than in April. This is consistent with the decline of cryptocurrency, which usually stimulates the heating of the DDoS market.