The latest NCC Group report shows a spike in distributed denial of service (DDoS) attacks last month. Meantime, ransomware attacks fell slightly.

October saw the highest number of DDoS attacks this year, with a 14% increase from September, to 2,090 attacks. The monumental growth warns that the threat of DDoS is on the rise.

Ransomware attacks decreased by 7% in October from the previous month.

Industrials (34%) and consumer cyclicals (18%) remain the sectors targeted most by malicious hackers. Health care (10%) replaced technology (8.5%) as the third most targeted sector.

Most Prevalent Threat Actors

Lockbit 3.0, Black Basta and BlackCat remain the most prevalent threat actors. October was the tenth month that Lockbit (Lockbit 2.0/Lockbit 3.0) has been the most active.

The ransomware attack numbers this month are half of those recorded in October of last year. Therefore, the total number of attacks this year is unlikely to reach the same heights as in 2021.

Jack Hirst is threat intelligence consultant with NCC Group.

NCC Group’s Jack Hirst

“It is possible that the spike in DDoS attacks is correlated to the shift in fortunes for the Russian forces in Ukraine,” he said. “DDoS attacks are being used as an effective tool of disruption and are often used in conjunction with Russian aims/against organizations and nations which oppose Russia’s efforts to conquer Ukraine. Continuous monitoring of DDoS numbers combined with analysis through the lens of  the cyber landscape as a whole – ransomware, data leaks, wiper malware attacks – will be necessary to provide a more confident assessment.”

Many Motivations for DDoS Attacks

Threat actors can use DDoS attacks to satisfy several motivations, Hirst said. Those include financial gain for organized crime groups and acts of protest for hacktivists. In addition, it’s occasionally cyber sabotage via operational disruption for nation-states.

“By targeting an organization’s most essential resources and rendering them unusable, threat actors are able to cause significant financial loss and brand damage when public-facing web components are taken offline, incentivizing the victim to pay a ransom in exchange for a ceasefire,” he said. “There have also been instances where DDoS attacks are used as a distraction technique to mask a more sophisticated attack that is occurring concurrently, or to create additional pressure that further incentivizes ransom payments, like in the triple extortion ransomware model.”

In a wildcard turn of events, newly emerged threat actors Sparta and IceFire have gone silent this month, according to the NCC Group report. This follows their respective explosive entrances to the threat landscape in previous months.

Across the regions, North America suffered 84 attacks, making it the most targeted region. That’s ahead of Europe, which experienced 51 attacks. Asia remained the third most targeted region.

“Noting the consistent changes in attack methodologies and techniques displayed by threat actors around the world, cybersecurity providers generally will continue to find the these threats a challenge, particularly as we progress into the next calendar year,” Hirst said. “With that said, NCC Group Global Threat Intelligence Team continue to monitor and assess the threat landscape, ensuring all areas of the business have the intelligence it needs to support our clients accordingly.”