Category Archives: Cybersecurity

New privacy research pegs AI as a rival threat to cybercrime

  • More than half of developers believe AI will almost equal Cybercrime in terms of risk to data privacy
  • Developers concerned about current regulatory frameworks, with 98% advocating for proactive measures to address future data privacy concerns

 

21st May 2024: New research* released today reveals the extent of concern regarding the future threat posed by AI and Machine learning to our privacy.

Cybercrime is still seen as the main threat with 55%, but AI comes in close second at 53%.  Despite AI being a relatively new menace, the research shows that developers believe the technology is a threat that is rapidly catching up with cybercrime, as it becomes more mainstream. The cost of cybercrime is projected to reach $13.82 trillion by 2028: the reality is that with increasingly sophisticated AI potentially in the hands of a new generation of cybercriminals, this cost could grow exponentially.

The study, commissioned by Zama – a Paris-based deep tech cryptography firm specialising in the world of Fully Homomorphic Encryption (FHE)* – surveyed developers across both the UK and US.

During the research, more than 1000 UK and US Developers were asked their opinions on the subject of privacy, to uncover insight from the people that build privacy protection into everyday applications.  The research revealed developers’ own perceptions and relationship with privacy, delving into subjects such as , what privacy considerations should be at the centre of evolving innovation frameworks, who holds the ultimate ownership of privacy and what their opinion is on the approach to regulation.

 

In addition to the findings revealing significant concerns about AI’s threat, the research also reveals that 98% of developers believe that steps need to be taken now to address future privacy and regulation framework concerns.  72% also said that regulations made to protect privacy are not built for the future with 56% believing that dynamic regulatory structures – which are meant to be adaptable to tech advancements – could pose an actual threat.

“Despite cybercrime expected to surge in the next few years to the cost of trillions, 55% of developers we surveyed in our research stated that they feel cybercrime is only ‘marginally more of an issue’ than the threat to privacy that AI will pose. We have seen from our work that many developers are the real champions of privacy in organisations and the fact that they have some legitimate concerns about the privacy of our data, in relation to the surge in AI adoption, is a real worry,” says Pascal Palier, CTO and Co-founder of of Zama.

“Zama shares the concerns expressed by developers about the privacy risks posed by AI and its potential irresponsible use. Regulators and policymakers should take this insight into consideration as they try to navigate this new world. It’s important not to underestimate the very real threat highlighted by the experts who are thinking about protecting privacy every day, and make sure upcoming regulations address the increased risks to users’ privacy,” he added.

 

The survey went on to reveal that 30% of developers believe that those behind making the regulations are not as knowledgeable as they could be about all the technologies that should be taken into consideration, also presents a real danger, while 17% believe this would pose a possible threat to future tech advancements.

 

“It’s undoubtedly an exciting time for innovation, especially with AI advancements developing as fast as they have. But with every new development, privacy must be at the centre; it’s the only way to ensure the data that powers new innovative use cases is protected. Developers know this,  embracing the vision championed by Zama in which they have the ability and responsibility of safeguarding the privacy of their users. It’s clear, in analysing their insights, that they would like to see regulators taking more responsibility for understanding how Privacy Enhancing Technologies can be used to ensure privacy of use for even the newest of innovations, including Gen AI. Advanced encryption technology such as FHE can play a positive role in ensuring innovation can still flourish, while protecting privacy at the same time,” he adds.

References

*FHE, Fully Homomorphic Encryption

FHE is an encryption technique that enables processing data without decrypting it. With data encrypted both in transit and during processing, everything you do online could be encrypted end-to-end, allowing companies and organisations to offer their services without ever seeing their users’ data — and users will never notice a difference in functionality.

The research was carried out by Research Without Barriers (RWB) between 9th January 2024 and 8th February 2024 with a sample comprising 1,098 Developers from the UK (571) & USA (527).

About Zama

Zama is a cryptography company building open-source homomorphic encryption solutions for blockchain and AI. Their technology enables a broad range of privacy-preserving use cases, from confidential smart contracts to encrypted machine learning and privacy-preserving cloud applications. Zama was founded by Pascal Paillier and Rand Hindi, and currently has the largest research team in homomorphic encryption.

Since it was founded in 2020, Zama has established itself as the main actor shaping the FHE market, having already made significant contributions to the field of data privacy and encryption, including 17+ filed patent families, $100 million in secured deals and the successful delivery of four innovative products/solutions to the market.

 

 

Learning at work week: cybersecurity specialist shares his top tips to help stay one step ahead of the hackers.

A leading cybersecurity specialist has shared his tips on how to avoid falling victim to hackers following reports of a big upswing in the number of attacks on financial services firms.

Research by law firm Reynolds Porter Chamberlain showed the number of data breaches reported by financial firms increased threefold from 187 in 2022 to 640 last year.

According to an analysis of data gathered by the Information Commissioner’s Office, the pensions sector saw the biggest increase with a 4,000% increase in reported data breaches.

It is thought criminals are targeting the pensions sector because of the vast amount of valuable and sensitive information that are held by schemes.

The need for firms to pay pensioners without disruption also makes them attractive targets for ransomware gangs.

Greg Buchanan, Technical Director of the Connectus Group, has now issued three tips that can help firms stay a step ahead of the hackers:

Speaking during Learning At Work Week, and outlining his tips, Greg said: “There is no such thing as a totally bulletproof solution to cyberhackers. But by following these three tips you will hugely boost your chances of not falling victim.”

Here are Greg’s three tips:

Password Management: In today’s UK cyber security threat landscape, organisations face various challenges such as phishing, ransomware, data breaches, and identity theft. These threats can compromise the security and privacy of organisations and their customers, as well as cause financial and reputational damage. One of the most common and effective ways to prevent these threats is to use a password manager, such as Keeper for Enterprise, that can help organisations create and manage strong and unique passwords for all their accounts and applications. Central Password Management is a secure and easy-to-use solution that helps organisations protect their data and improve their productivity by allowing numerous assigned people multi factor authentication for shared services. An example being remote connections to customer/supplier environments. It enables organisations to create, store, and share strong passwords, encryption keys, and other sensitive information across devices and platforms.

Media Intelligence: Forewarned is forearmed – I recommend keeping abreast of what threats are live in the world which would form a great method of keeping your staff aware of the landscape in front of them. There  are several areas that can provide you with current and ongoing threat information, here are just a few that I personally use:

>Wired is a magazine and website that covers technology, culture, business, and politics with a focus on innovation and impact. It  features in-depth reporting, analysis, and commentary on the most important stories and developments in cyber security, as well as interviews, reviews, and podcasts.

>The Hacker News: This is a website and newsletter that provides the latest news and insights on hacking, cyber attacks, malware, vulnerabilities, and cyber security. The Hacker News covers both technical and non-technical aspects of cyber security, and features expert opinions, tips, and resources.

>Krebs on Security: This is a blog and podcast that is run by Brian Krebs, a former >Washington Post reporter and one of the most respected and influential journalists in the cyber security field. It is known for its investigative reporting, scoops, and exposés, and often collaborates with law enforcement and security researchers to track down and expose cyber criminals.

Sleight of Hand: One of the ways to improve your productivity and efficiency on Windows is to use keyboard shortcuts. These are combinations of keys that perform certain actions without using the mouse. Keyboard shortcuts can save you time, reduce hand strain, and make your work more accurate and consistent, it will also make you look like a tech wiz to your friends and colleagues. Some of the most useful keyboard shortcuts to use in Windows 11:

Windows key + L: Lock your PC or switch accounts, important when in a shared space to prevent people accessing your data when absent from your screen.

Windows key + M: Minimise all open windows and show the desktop.

Windows key + S: Open Search, where you can find apps, files, settings, web results, and more.

Windows key + Tab: Open Task View, where you can see and switch between your open windows and virtual desktops, especially useful when working on single monitors/laptops and having to reference multiple programmes.

EfficientEther Ltd Secures Cyber Essentials Certification, Enhancing Its Cybersecurity Framework

London, 29th April 2024 – EfficientEther Ltd, an AI and cloud cost optimisation start-up, is delighted to announce its recent achievement in obtaining the Cyber Essentials certification. This accomplishment follows the successful certification of ISO 9001 and ISO 27001 standards in October 2023, underscoring the company’s unwavering commitment to governance and security in its innovative solutions.

Established in June 2023, EfficientEther Ltd. is headquartered in London, UK, and specialises in artificial intelligence and deliver cost-effective cloud solutions. This certification marks a significant milestone in the company’s journey towards enhancing IT security frameworks and operational excellence. This accreditation not only bolsters our security credentials but also broadens our market opportunities in sectors that mandate compliance with Cyber Essentials standards.

Ryan Mangan, CEO of EfficientEther Ltd, highlighted the importance of this certification, stating, “Securing the Cyber Essentials certification further validates our dedication to robust cybersecurity measures. This achievement reassures our customers of our growing capabilities in protecting our infrastructure against cyber threats, and it aligns with our commitment to governance and security in the rapidly evolving cloud market.”

 

The Cyber Essentials scheme is designed to help organisations of all sizes fortify their IT systems against common cyber-attacks, offering a clear view of their cybersecurity level. It is also a critical requirement for businesses seeking to engage in certain government contracts, further enhancing their trustworthiness and competitive edge in the industry.

About EfficientEther Ltd

EfficientEther Ltd is an innovative start-up specialising in AI and cloud cost optimisation solutions. Founded in 2023 and headquartered in London, the company is committed to transforming the cloud industry through a focus on sustainability, information security, and cost-effectiveness. Following the attainment of the Cyber Essentials certification, alongside ISO 9001 and ISO 27001, EfficientEther Ltd is committed to providing secure and sustainable cloud solutions.

Cybercrime drives demand for IT security professionals.

Increased concerns from businesses around cybercrime are driving a widening skills gap, according to technology specialists at SPG Resourcing.

The UK government estimates the economic cost of cybercrime to UK businesses is £21 billion per year, including losses from intellectual property theft, industrial espionage, extortion, and data breaches. For individuals in the UK, the estimated economic cost of cybercrime is £3.1 billion per year, primarily from identity theft and online scams.

SPG Resourcing has published a study outlining the challenges companies face when recruiting IT security professionals and offering advice on securing talent in a competitive job market.

Commenting on the report, Richard Howarth, associate director at SPG Resourcing, said: “The demand for IT security professionals in the UK is on the rise, evidenced by the thousands of job opportunities currently available across multiple platforms. With the IT security market experiencing a surge in vacancies, many businesses are either actively hiring or have hiring plans for the second quarter.

“This surge in demand underscores the critical need for a proactive and flexible approach to addressing the growing IT security talent gap. As businesses navigate an increasingly complex digital landscape, the importance of skilled professionals in safeguarding sensitive data and mitigating cyber threats cannot be overstated. We hope our new whitepaper will give companies a useful roadmap to address their cybersecurity recruitment needs.”

SPG Resourcing advises companies wishing to recruit IT security professionals to enhance the candidate experience by prioritising clear communication, providing prompt feedback, and offering personalised interactions.

Given the competitiveness of the cybersecurity sector, companies should provide remote work options. Additionally, offering career advancement opportunities, certifications, and upskilling options is vital for attracting and retaining cybersecurity talent, particularly in an industry facing a notable talent shortage.

The UK National Cyber Security Centre predicts AI will increase the volume and impact of cyberattacks over the next two years. AI may contribute to developing malware that evades detection by current security protocols.

SPG Resourcing helps companies and organisations across the digital sector find the talent they need. It operates internationally from offices in Leeds and Newcastle.

The SPG Resourcing whitepaper can be downloaded here https://spg-resourcing-144291094.hubspotpagebuilder.eu/spg-resourcing-itsecurity-whitepaper

 

New research shows that poor PIN hygiene leads to 62% of phone theft victims in the UK facing further financial loss and data breaches

  • 45 per cent of Britons use their main phone PIN for multiple apps
  • Businesses, including banks and fintechs, are not doing enough to support customers in protecting their personal data when they lose their phones

 

22 April 2024—London, UK: Nuke From Orbit, a fintech startup headquartered in the UK, has unveiled findings from its latest research report, shedding light on a concerning trend in smartphone thefts. The report indicates that in 62% of cases of smartphone thefts in the UK, the repercussions extend far beyond the initial loss of the device.

According to the research, not only were respondents’ social media and email accounts accessed, but one in four individuals also fell victim to digital wallet theft, resulting in monetary losses. Alarmingly, the study reveals that one in five respondents experienced compromised personal bank accounts through unauthorised access via mobile banking apps.

The alarming findings come amid the evolving boom in smartphone usage and the growing identity threat that users face. Although smartphones were created to simplify life with their many functions, users do not realise that this convenience has also made them more vulnerable to risk and therefore aren’t taking the appropriate precautions.

Other key findings from the research include:

  • The further losses the respondents reported can partly be attributed to poor PIN hygiene despite repeated warnings and guidance on password and PIN best practices.
  • 78% of the respondents use their smartphones for mobile banking, 85% for accessing email, 71% for managing social media and 51% for a digital wallet, indicating that cybercriminals can easily access their personal data from a single mobile device.
  • However, nearly half (45%) are in the habit of using the same PIN to gain access to the phone and multiple apps, services, and bank cards.

James O’Sullivan, CEO and founder of Nuke From Orbit commented, “Biometrics were introduced to make smartphones more secure because the frequency with which you need to input a PIN is greatly reduced, but our research shows this has led to some complacency. Criminals are returning to old-school shoulder surfing tactics – that made ATMs a nightmare – to access the phones they then steal to commit secondary crimes.”

A legislation that will contribute to the fight against such threats is The UK Product Security and Telecommunications Infrastructure (Product Security) Act, which will come into effect on the 29th of April. The Act will ensure that consumer technology products meet mandatory security requirements to protect against cyberattacks. Businesses will be accountable for protecting customer data as the regulation mandates them to set safety measures such as minimum default password requirements and providing information on reporting security issues.

With so much interconnectivity, and even authenticator apps and one-time passcodes utilising the same device, smartphones are at the heart of the challenge this legislation is designed to tackle.

“The Act is relevant for consumers and businesses, including banks, fintechs and online service providers. Service providers are responsible for ensuring they do everything possible to protect consumers when the worst happens. Our research suggests that currently, they are not doing enough. Nuke From Orbit is on a mission to support such service providers in protecting the digital identities of individuals and putting them back in control of their data swiftly when their smartphones are stolen.”

Nuke From Orbit offers a unique digital panic button, allowing individuals to block access to various services and accounts all at once if their smartphone is stolen. This world’s first solution adds a higher level of data protection and privacy in the mobile security market by fixing a significant vulnerability. Consumers can join the waiting list to be alerted when the service goes live in their region.

About Nuke From Orbit: 

Founded in 2023, Nuke From Orbit is a UK-based company developing a service that allows subscribers to block access to multiple services and accounts simultaneously, avoiding account compromise issues and monetary loss when their smartphone gets stolen. For more information and to see how the service works, visit https://nuke.app.

Cyber attack surge is “tip of iceberg”, expert warns

New figures showing a surge in cyber-attacks on businesses are just the “tip of the iceberg”, a leading expert has revealed.

Government data shows 50% of companies have experienced a breach or attack in the past year.

But Roy Shelton, CEO of the Connectus Group, said that the true scale of the problem may be much higher, due to the unwillingness of businesses to disclose such incidents.

He said: “Attacks are rising and getting more and more sophisticated. Those reported are just the tip of the iceberg. A lot more happen and exist under the radar and are never reported. All businesses need to be vigilant to the growing risk.”

He was commenting in the wake of the 2024 Cyber Security Breaches Survey, which found that 74% of large businesses had been attacked, 70% of medium-sized businesses had been targeted, along with 66% of charities with an annual income of £500,000 or more.

The most common type of breach or attack is phishing (84% of businesses and 83% of charities), followed by others impersonating organisations in emails or online (35% of businesses and 37% of charities), and then viruses or other malware (17% of businesses and 14% of charities).

In all, it is estimated that UK businesses have experienced around 7.78 million cyber crimes of all types and approximately 116,000 non-phishing cyber crimes in the last 12 months. For UK charities, the estimate is some 924,000 cyber crimes in the past year.

Mr Shelton added: “This report is a good and welcome update which highlights the growing need to be ever vigilant.

“These figures are based on only reported breaches: I would suspect many are never reported due to fear of brand and reputational damage.

“The common breaches remain as phishing, malware, and impersonation. All of this can be avoided with training of staff and or deploying low cost, high value counter measures.”

The figures show that, in terms of counter-measures, 51% of businesses have tried multiple approaches to try and minimise the risks of cyber attacks, while 40% of charities have done so.

The report also found how, among businesses, 33% have deployed security monitoring tools and 31% have carried out risk assessments.

Just 18% have tested staff with exercises, such as mock phishing attacks, 17% have carried out vulnerability audits, 11% have tried penetration testing, and 10% have invested in threat intelligence.

The growing cyber threat has prompted the Connectus Group to develop a new tool which helps provide businesses with advanced 24/7 protection from cyber attacks.

The Connectus Managed Extended Detection and Response (MXDR) service is powered by the acclaimed Heimdal XDR Unified Security Platform, which is specifically designed to help modern enterprises to stay safeguarded by integrating detect-and-respond services with the industry’s broadest coverage for total protection against cyber threats.

The Heimdal MXDR is unmatched: a proactive team of experts and an accredited Security Operations Centre (SOC) works in real-time and closely with IT and Security counterparts to create an integrated approach to threat-hunting and response.

For legal and property firms, the risks associated with a data breach are greater than most due to the additional risk of financial information being captured and further exploited by criminal gangs via banking fraud, for example.

Mr Shelton concluded: I’d advise looking for a more holistic managed service from professionals to ensure they have the right solution set and skill set working proactively on their behalf?

“Only a small number of companies actually understand how to respond to a cyber breach so, again, working with a trusted partner to deliver a managed, detect and resolve service would make more sense.”

Crossword Cybersecurity launches new CyberAI Practice, helping CISOs embrace AI with confidence across the enterprise

Crossword Cybersecurity Plc, the cybersecurity solutions company focused on cyber strategy and risk, has launched a new CyberAI Practice.  The practice, which sits within Crossword Cybersecurity’s Consulting business, consolidates Crossword’s artificial intelligence (AI) expertise into a centre of excellence that will deliver AI-focused cybersecurity consulting services and products to help clients harness the power of AI in the organisation.

The ever-evolving threat landscape and proliferation of data-generating apps and devices has had organisations grasping at Generative AI and Large Language Models (LLM) as the solution to the problems they face. While AI has a huge role to play in improving security posture, customer experience, identifying insights and streamlining business processes, the pace of change, regulation, deployment by employees of ‘Shadow AI’, and ‘AI washing’ by marketers, can leave cybersecurity teams struggling to remain current.

 

The LLM dilemma

LLMs have led to the emergence of many new tools, which must be assessed and assured so that adoption is controlled and does not pose legal, reputational, or commercial threats. Simultaneously, LLMs have empowered would-be attackers by lowering the barriers to launching successful attacks.

Crossword has already led a significant initiative in investigating the application of Generative AI to cyber security. This has been conducted with major industry partners and leading universities, including academics from Oxford University and MIT in the USA and AI researchers from the world famous Alan Turing Institute.

 

Helping enterprises keep pace with AI innovation

The CyberAI Practice will provide organisations with advisory, security testing and engineering services, which will allow organisations to manage AI threats and grasp the opportunities to improve efficiency, cybersecurity, and create new experiences for end users.  Following its launch, the CyberAI Practice is offering the following services:

 

  • Engineering – Modular services designed to support the assessment and development of LLM architectures, LLM security testing, design and security architecture reviews, and wider LLM-related engineering services
  • CyberAI onsite workshops – Education and maturity workshops to help organisations understand the market, assess their needs and existing AI use, and consult on whether to ‘build or buy’

 

James Henry, Consulting Innovation Director at Crossword Cybersecurity said: “The latest wave of AI technologies hit the security industry with such pace that many businesses have been struggling to keep up.  At Crossword it is our mission to provide businesses with the knowledge and tools needed to securely embrace the benefits of Generative AI technologies, whilst also managing the associated risks.”

Cybersecurity firm launches simulated phishing-attack training

~ New managed service lets businesses use fake phishing attacks to increase staff awareness ~

London-based managed IT services provider OryxAlign has announced the launch of its new managed cybersecurity awareness training service in partnership with training specialist KnowBe4. The service will allow businesses, especially SMEs, to periodically test their employees’ awareness and preparedness against phishing attacks. Based on their responses, staff will receive a customised training programme and access to a library of thousands of resources, including webinars, quizzes and games to develop their cybersecurity awareness.

Phishing is a type of cyberattack where an attacker sends a fraudulent email, message or website that appears to be legitimate, to trick the recipient into sharing sensitive information, such as login credentials or financial information.

According to the Information Commissioner’s Office (ICO) phishing attacks accounted for 31 per cent of all cyber related incidents. It was superseded only by ransomware attacks at 34 per cent.

The phishing security test from OryxAlign provides businesses with the ability to simulate a phishing attack by sending randomised fake phishing emails to their employees every quarter. The emails are designed to look like real phishing emails that employees may receive. The tool allows organisations to track who clicked on the links in the email or provided sensitive information in response to the email.

Based on their responses, users are given a cybersecurity awareness score, which is used to provide them with an ongoing programme of cybersecurity training, via an online library of webinars, quizzes, games and even a Netflix-style TV series.

“Employees across a business can vary significantly in their cybersecurity skills, so there’s no such thing as a one-size-fits-all training programme to improve awareness and preparedness,” explained Nathan Charles, Head of Customer Experience at OryxAlign. “This is why we’ve partnered with KnowBe4 to offer a simulated phishing attack and training service for SMEs.

“By using this tool, organisations can assess their employees’ ability to identify and avoid phishing attacks. The results of the test can help businesses identify areas of weakness in their security, from shop-floor workers to the CEO.”

The training is delivered virtually at the user’s own pace and organisations can integrate their corporate IT policies into the platform. As well as scoring individual users, the results of the simulated attacks can be used to benchmark the overall score for the company against similar businesses in the same sector.

The cybersecurity awareness training is offered as a managed service, but interested users can carry out a free phishing test for up to 100 employees by filling out the online form on OryxAlign’s website.

Crossword Cybersecurity Launches Trillion HarVista

Crossword Cybersecurity Plc, the cybersecurity solutions company focused on cyber strategy and risk, has launched Trillion HarVista, a new product in its Trillion Threat Intelligence platform that for the first time allows enterprise security teams to safely gather threat intelligence from multiple dark web forums, discussion channels, ransomware sites and messaging platforms, without leaving a trail of activity or risking malware infection.

As a groundbreaking threat intelligence tool, Trillion HarVista works by constantly scraping new posts, chats and replies, creating keyword searchable indexes and screenshots with automated alerts based on the terms defined by an enterprise, such as a company name, or a known exploit. It does this by creating ‘offline’ copies of forums and chats, stripping them of harmful content and attachments, before storing them on secure servers for a safe browsing experience.  This data can then be tagged, searched, and analysed.

Keeping safely ahead of the threat actors

Security defenders know that monitoring the dark web can provide insights that could make the difference between being in front of an attack or being a victim, but accessing and tracking this underground information can be challenging, and the locals hostile. It requires time and deft skill to avoid detection, which can place a company at higher risk of attack.

Stuart Jubb, Group Managing Director from Crossword Cybersecurity Plc said, “For the first time, Trillion HarVista gives enterprise security professionals a new level of proactive threat intelligence, and a safe way to secretly monitor the channels used by criminal communities and stay one step ahead in the race to keep organisations safer from attacks and data breaches.  Trillion HarVista takes the pain, risk, and endless hours out of monitoring the dark web, allowing security professionals to focus on analysis and action.”

 

Key features of Trillion HarVista

  • Safe access to a wide range of sources – Immediate, anonymous, and safe access to closed and difficult to access forums.  Hacker chat channels from popular messaging apps like Telegram can also be searched.
  • Data pivoting – Search results within Trillion HarVista are parsed and presented in a meaningful data model, making the information easy to navigate and drill through.  With a single click analysts can jump from a high level search into detailed discussion threads or even alternative topics posted by a specific threat actor.
  • Keyword searches and alerts – Allow security professionals to easily search topics, as well as be alerted to topics of interest when they are being discussed.
  • Original screenshots – Get complete context by seeing what was being said and by who through stored screenshots.
  • Private tags – Easily make other members of an enterprise security team aware of key discoveries by applying private tags.

 

Trillion HarVista is part of the Trillion platform, Crossword’s dark web credential monitoring service, which monitors the billions of account credentials passing through dark markets and criminal forums, and alerting customers when leaked credentials are discovered.

 

Gcore Radar Report Reveals DDoS Peak Attack Volumes Doubled in H2 of 2023

Surge in volume sees cybersecurity industry measuring DDoS attacks in a new unit, Terabits. 

Gcore, an international cloud and edge solutions provider, has today revealed the findings of its Q3-Q4 2023 Gcore Radar report that provides insights into the current state of the DDoS protection market and cybersecurity trends. The report finds that there were a number of significant developments in the scale and sophistication of cyberthreats in 2H 2023.

Key Highlights from Q3–Q4

  • The maximum attack power rose from 800 Gbps (1H 2023) to 1.6 Tbps.
  • UDP floods constitute 62% of DDoS attacks. TCP floods and ICMP attacks remain popular at 16% and 12% respectively and SYN, SYN+ACK flood, and RST Flood, account for just 10% combined.
  • The most-attacked business sectors were gaming (46%), financial (including banks and gambling services) (22%) and telecom (18%).
  • USA (24%), Indonesia (17%) and The Netherlands (12%) list as the top three attack source countries.
  • In Q3/Q4, the longest attack duration lasted 9 hours.
  • The average length of attack was approximately an hour.

High-Volume Attacks: A Surging Threat

The past three years have brought about a >100% annual increase in DDoS peak (registered maximum) attack volume:

  • In 2022, the peak capacity of DDoS attacks increased from 300Gbps (2021) to 650 Gbps
  • In Q1–Q2 of 2023, it increased again to 800 Gbps
  • In Q3–Q4 of 2023, it rocketed to 1600 Gbps (1.6 Tbps)

The jump in H2 of 2023 has resulted in the cybersecurity industry now measuring DDoS attacks in a new unit, Terabits. This escalation illustrates a significant and ongoing rise in the potential damage of DDoS attacks which, according to Gcore, is a trend that it expects to see continue in 2024.

Maximum attack power in 2021–2023 in Gbps

DDoS Attack Techniques

According to Gcore’s statistics, in Q3-Q4 of 2023:

  • UDP floods continue to dominate having become more popular amongst attackers in H1 of 2023.
  • TCP floods and ICMP attacks have jumped into second and third place respectively.
  • There was a decrease in the number of SYN flood attacks from 24% in H1 of 2023, seeing SYN, SYN+ACK floods, and RST Floods making up the remaining types of attack in Q3/Q4.
Dominant attack types in H2 of 2023

 

Commenting on these findings, Andrey Slastenov, Head of Security Department at Gcore, said: “The exponential surge in attack power and variation in attack methods that we saw in the second half of 2023 illustrates how sophisticated cyber attackers are becoming. It’s more essential than ever for organisations to adopt a multifaceted defence strategy that can protect against a range of DDoS techniques. Failure to address these evolving threats can result in costly disruptions, reputational damage, loss of customer trust, and security breaches.”

 

DDoS Attacks by Geography

Gcore’s findings in the latter half of 2023 illustrate a widespread global threat as it identified attack sources ranging from the US, Indonesia and The Netherlands as the top three countries respectively, and Mexico, Germany and Brazil coming in as the bottom three attack source countries.

Geographical attack source spread

 

DDoS Attacks by Business Sector

According to Gcore’s report, the gaming, financial and telecom were the most attacked sectors in Q3–Q4 of 2023 which is likely to be due to their financial gains and the potential impact on users. These findings underscore the need for targeted cybersecurity strategies like countermeasures for specific gaming servers.

 

DDoS attacks by affected industry

 

Slastenov concluded: “The increase in attack power to 1.6 Tbps is particularly alarming, signalling a new level of threat for which organisations must prepare. Paired with the geographical distribution of attack sources, it’s clear that DDoS threats are a serious and global issue, necessitating international cooperation and intelligence sharing to mitigate potentially devastating attacks effectively.”