• DDoS attacks in 2022: Critical payload reached after 55 seconds on average (2021: 184 seconds)
• Increase in packet rate: Average number in 2022 is 3.3 million packets per second – only 990,000 in the previous year.
• Absolute decrease in attacks by -79%: A deceptive all-clear?

Frankfurt, February 23, 2023. After the very high DDoS attack numbers in 2021, mainly due to the effects of the Corona pandemic, the war in Ukraine led to an increase in mainly politically motivated DDoS attacks. Attacks on the Link11 network decreased year-on-year for the first time in 2022 (-79%). Nevertheless, the long-term trend of increasing cyberattacks is unstoppable. Experts at the World Economic Forum warned of a veritable “cyber storm” expected in the coming years.

Turbo attacks and packet rate driving new DDoS reality

“We are currently seeing a very dynamic situation,” says Lisa Fröhlich, company spokesperson at Link11. “Attacks may have decreased, but the attacks recorded in 2022 were more adaptive, intense, and sophisticated.” One of the reasons for this is the so-called “turbo attacks.” DDoS attacks recorded in the Link11 network were analyzed by how many seconds must pass after the first bytes are transmitted before the traffic reaches its maximum value.

These very fast-onset attacks reached their critical payload in 2022, an average of just 55 seconds after the DDoS attack began. In comparison, attacks in 2021 peaked only after an average of 184 seconds. In addition, nearly three-quarters of attacks (71%) lasted less than five minutes in 2022.

Two other important factors accompany this trend. One is the increased average packet rate (3.3 million packets per second) compared to the previous year (990,000 packets per second). Second, the average total bandwidth of attacks has almost doubled. While it was 1.4 Gbit/s in 2021, it increased to 2.6 Gbit/s in 2022.

Attacks are simultaneously shorter and more intense. In addition, enterprises are highly targeted with sophisticated DDoS attacks. The more concentrated, targeted, and sophisticated attacks are, the more precision and speed are required to detect and defend against them. Therefore, time is becoming increasingly essential in dealing with DDoS attacks.

DDoS as a tool of geopolitical warfare

Cyber actors deploy sophisticated malware or complex DDoS attacks even in peacetime, but using them as weapons in cyberwarfare has taken the threat to a new level. The

consequences can be much more far-reaching. Since the German government pledged to supply battle tanks to Ukraine in January 2023, hardly a day goes by without media reports of DDoS attacks, especially on critical infrastructure operators. In its latest situation report, the BSI notes that the threat is “higher than ever.”

The pro-Russian hacker group “Killnet” has attracted much media attention since 2022. It has declared cyberwar on NATO countries, including Germany, and carried out attacks on critical infrastructure, airport websites, government services, banks, and the media – coupled with disinformation campaigns to unsettle the public.

Lisa Fröhlich, the company spokesperson at Link11, says: “2022 showed how dynamic and unpredictable the attack landscape is. Politically motivated DDoS attacks dominated as a component in cyber warfare. While it may look like a breather, the threat has not gone away

– the number of attacks has already increased in January 2023 and the metamorphosis of DDoS attacks is well underway. They are becoming more diverse, complex, and sophisticated. This makes them an unpredictable threat to organizations of all types and sizes. “

The full report is available for download on the Link11 website.

About Link11

Link11 is a specialized European IT security provider protecting web services and infrastructures against cyber-attacks. Headquartered in Germany, Link11 maintains global locations, including Europe, North America, and Asia. The company’s cloud-based IT security services help customers avoid business disruptions and strengthen the cyber-resilience of their business networks and critical applications.

Link11’s product portfolio includes a wide range of security services, such as web and infrastructure DDoS protection, Bot Management, Zero-Touch WAF, and Secure CDN Services. According to unanimous analyst opinion (Frost & Sullivan, Gartner a. o.), Link11 offers high- performance mitigation across all layers and for all attack vectors, including unknown ones, within seconds.

The technological basis for this is Link11’s patented DDoS protection, which relies on machine learning and consistent automation. The company’s global multi-terabit network, which currently has 43 PoPs (Points of Presence), interconnects the DDoS filter clusters, and is monitored 24/7 by the Link11 Security Operations Center.

The German Federal Office for Information Security (BSI) recognizes Link11 as a qualified DDoS protection provider for critical infrastructures. With ISO certification 27001, the company also offers high-level data security processes. Since being founded in 2005, Link11 has received multiple awards for its innovative solutions and business growth.