DDoS Attacks Surge in the Middle East, Critical Infrastructure at Risk

By Emad Fahmy, Director of Systems Engineering, NETSCOUT

The recent NETSCOUT 1H2024 Threat Intelligence Report reveals alarming trends in Distributed Denial of Service (DDoS) attacks: a dramatic 43% rise in application-layer attacks and a 30% increase in volumetric attacks globally. Across Europe and the Middle East and Africa, attacks are up 25% from last year and Saudi Arabia is listed as one of the top five countries in EMEA targeted by hackers. This surge particularly impacts critical sectors such as banking, government, and utilities, posing significant threats to vital services that underpin the stability of society.

In the Middle East, while attacks are brief in duration – in Saudi Arabia, for example, the average attack lasts for just over 12 minutes and attacks in the UAE last an average of 18.53 minutes – these short-lived disruptions can have lasting consequences, crippling essential services and causing widespread economic impacts. The frequency and intensity of these assaults suggest a growing sophistication among attackers, who are employing increasingly coordinated multi-vector strategies.

The Hacktivist Landscape and their Evolving Tactics

Among the notable trends highlighted in the report is the rise of hacktivist groups, particularly NoName057(16), which has shifted its focus toward more sophisticated application-layer attacks. The group has notably utilised HTTP/S GET and POST floods to amplify its impact, underscoring a shift towards more targeted strategies that challenge traditional defences.

The emergence of new botnets, such as Zergeca, alongside the continued evolution of existing networks like DDoSia, illustrates the growing complexity of the threat landscape. These botnets employ advanced technologies, including DNS over HTTPS (DoH), complicating detection and mitigation efforts. This evolution of tactics reflects a wider trend where attackers leverage decentralised infrastructures to launch more resilient and robust assaults on critical networks.

Implications for Network Security

The findings indicate that over 75% of newly established networks are implicated in DDoS activities within a mere 42 days of coming online. This alarming statistic emphasises the need for proactive security measures as organisations expand their digital infrastructure. Companies must rethink their approach to DDoS protection, recognising that new networks do not automatically come equipped with the necessary defences.

As attackers exploit vulnerable networks and utilise “bulletproof” hosting providers, organisations must adopt comprehensive strategies that include advanced detection and rapid response capabilities. Failure to adapt could leave vital sectors exposed to damaging disruptions.

The implications of these findings are clear: as threat actors become increasingly adept at exploiting weaknesses in network architecture, the necessity for enhanced cybersecurity measures becomes paramount. In a global landscape where economies are heavily reliant on digital infrastructures, the cost of complacency could be catastrophic.

The 1H2024 Threat Intelligence Report serves as a vital resource for network operations teams, offering insights that can inform and refine their security strategies. It is imperative that organisations worldwide take heed of these trends and act decisively to bolster their defences against the evolving landscape of DDoS threats.