The environmental services industry has witnessed an “unprecedented surge” in HTTP-based decentralized denial of service (DDoS) attacks, accounting for half of all its HTTP traffic.
Web infrastructure and security company Cloudflare said in its fourth quarter 2023 DDoS threat report released last week that this marked a 61,839% annual increase in DDoS attack traffic.
Security researchers Omer Yoachimik and Jorge Pacheco said: “The surge in cyberattacks coincides with the COP 28 conference from November 30 to December 12, 2023,” describing it as “a disturbing addition to the cyber threat landscape.” the trend of”.
The increase in HTTP attacks against environmental services websites is part of a larger trend observed annually over the past few years, particularly during COP 26 and COP 27 and other United Nations environment-related resolutions or announcements.
“This recurring pattern highlights the growing intersection between environmental concerns and cybersecurity, a connection that is increasingly a focus for attackers in the digital age,” the researchers said.
Although the environmental services industry became a new target in the fourth quarter of 2023, the cryptocurrency industry remains the main victim in terms of the volume of HTTP DDoS attack requests.
More than 330 billion HTTP requests were targeted at this attack, and attack traffic accounted for more than 4% of all HTTP DDoS traffic this season. Gaming and gambling and telecommunications emerged as the second and third most attacked industries.
On the other side are the United States and China, which are the main sources of HTTP DDoS attack traffic. Notably, the United States has been the largest source of HTTP DDoS attacks for five consecutive quarters since the fourth quarter of 2022.
“China and the United States together account for just over a quarter of global HTTP DDoS attack traffic,” the researchers said. “Brazil, Germany, Indonesia, and Argentina account for the next 25 percent.”
The development comes amid an onslaught of DDoS attacks targeting Palestinian banks, information technology (IT) and online platforms following the outbreak of the Israel-Hamas war and Israel’s counteroffensive codenamed Operation Iron Sword.
Cloudflare said DDoS attack traffic targeting Palestinian websites increased by 1,126% month-on-month, adding that DDoS attack traffic targeting Taiwan increased by 3,370% amid Taiwan’s presidential election and heightened tensions with China.
Akamai also released its own DDoS trend review in 2023, stating that “DDoS attacks are becoming more frequent, longer lasting, highly complex (with multiple vectors), and focused on horizontal targets (attacking multiple targets in the same attack event). IP destination).”
The findings also follow a Cloudflare report on the growing threat posed by unmanaged or unsecured API endpoints, which could allow threat actors to leak potentially sensitive information.
“HTTP exceptions – the most common threat to APIs – are a common sign of malicious API requests,” the company said. “More than half (51.6%) of API origin traffic errors contain the ‘429’ error code: ‘Too many requests’.”
