In a report published on January 24, 2023, Russian telecommunications company Rostelecom revealed 21.5 million critical web attacks. These attacks aimed at roughly 600 Russian organizations from various industries, including telecom, retail, financial, and the public sector. The most powerful DDoS attack recorded by Rostelecom was 760 GB/sec. It was nearly twice as large as the most potent attack of the previous year. The longest DDoS attack lasted nearly three months.

The target states for DDoS attack

According to the report, the most attacked region in 2022 was Moscow. It is the state’s largest number of Russia’s top companies located. Rostelecom detected over 500,000 DDoS attempts targeting the city’s entities. The spike in attacks coincides with when Sberbank, one of Russia’s largest banks. The bank reported that it suffered the most significant DDoS attack it had ever seen, measured at 450 GB/sec.

In May 2022, Ukraine’s IT Army announced that it had disrupted the distribution of alcoholic beverages in Russia. It was after targeting an essential online portal. The attack volume remained relatively stable from July until December 2022 but was notably lower compared to Q2 2022. After that, the Russian ISP says that the attacks became more sophisticated and targeted.

In December 2022, an attack on VTB Bank, Russia’s second-largest financial institution, forced the bank’s mobile apps and main website to go offline for several days. About 80% of all cyberattacks targeting Russian entities were DDoS, but Rostelecom also recorded the targeting of website vulnerabilities. These vulnerabilities included arbitrary command execution after successfully exploiting a vulnerability (10%), path traversal (4%), local file inclusion (3%), SQL injection (3%), and cross-site scripting (1%).

The target sectors for attack

The largest number of cyberattacks in 2022 targeted the public sector. It accounts for 30% of all recorded incidents, 12 times more than in 2021. A notable 25% targeted financial institutes and services. Rostelecom believes the motivation for these attacks was to create a disruption in the highly-critical economic sector. To access databases containing financial information and personal data of customers. In third place, accounting for 16% of all cyberattacks, were education institutes, which Rostelecom says might have been attacked due to their links to Russian companies.

In March 2022, the Moscow-based meat producer Miratorg Agribusiness Holding announced that it suffered a catastrophic cyberattack. This also involved data encryption, causing a disruption in the distribution of food to the market.

The report concludes that the scale and sophistication of these cyberattacks were unprecedented and demonstrated the increasing vulnerability of Russian organizations. The company recommends that organizations adopt a proactive approach to cybersecurity and invest in advanced security solutions to protect against future cyber threats.