The prevalence of distributed denial of service (DDoS) attacks in South Africa has remained unchanged despite Secure List by Kaspersky reporting a 46% increase in DDoS attacks during the first quarter of 2022, network operators told MyBroadband.
The Russia-Ukraine conflict led to concerns over cybercriminal activity globally, but South African Internet service providers MTN, Vodacom, and Afrihost say their networks have been unaffected.
Denial of service attacks exploit capacity limitations on network resources. Attackers send an overwhelming number of requests to the targetted resource in the hope of exceeding its capacity.
MTN told MyBroadband that it hadn’t noticed a significant change in the frequency of DDoS attacks.
“There hasn’t been an increase in the prevalence of DDoS attacks towards [the MTNSA network],” the company stated.
Afrihost’s observations were similar. It told MyBroadband that there had been “no increase or change in frequency of DDoS attacks on the Afrihost network”.
Vodacom said it had not experienced any recent major spikes or disruption of services.
Kaspersky’s DDoS intelligence system recorded 91,052 attacks in the first quarter of 2022 — up 46% from the same period in 2021.
The cybersecurity firm noted that the US was the nation most hit by DDoS attacks, with 44% of attacks directed at targets in the country. China was a distant second with under 12%.
Kaspersky revealed that 95% of DDoS attacks recorded this year lasted less than four hours, with the longest lasting 549 hours — or almost 23 days.
User Datagram Protocol (UDP) flooding constituted nearly 54% of all attacks. SYN attacks were the next most common, while Generic Routing Encapsulation (GRE) attacks were the least common.
Kaspersky said that the geopolitical situation primarily influenced the frequency of DDoS attacks in the first quarter of 2022.
Russia invaded Ukraine on 24 February 2022.
“Since the end of February, we have seen a surge in hacktivist activity and the emergence of a large number of spontaneous botnets that users connected to voluntarily,” it said.
DDoS attacks in South Africa
Kaspersky didn’t provide data specific to South Africa, but it would appear that DDoS attack frequency in South Africa has remained unaffected by the Russia-Ukraine conflict.
This is despite a warning from Stellenbosch University’s head of information security, Professor Bruce Watson, who said the cyber weaponry used to attack Russia and Belarus could easily attack South Africa too.
“A cyberweapon is a blunt instrument, and it’s very difficult to refine it in such a way that it’s aimed at only one specific target,” Watson said.
“It attacks indiscriminately and can destroy everything in its path.”
Watson also warned that South Africa’s neutral stance on Russia’s invasion of Ukraine could make it a target for hacktivists who are unsatisfied with the country’s response.
Cybersecurity group Orange Cyberdefense warned South African organisations to be on alert for DDoS attacks.
Watson agreed with Orange Cyberdefense’s warning, saying that DDoS attacks are commonly used by hacktivists, country hackers, and cybercriminals.
Russian outfits, in particular, are associated with large international DDoS attacks.