The 28th United Nations Climate Change Conference (COP 28) that took place in Dubai towards the end of 2023 witnessed a concerning surge in distributed denial of service (DDoS) attacks targeting environmental services. According to Cloudflare’s DDoS Threat Report for the fourth quarter of 2023, there was a staggering 61,839% increase in HTTP DDoS attack traffic aimed at environmental websites compared to the same period in 2022. This marked a shift from the previous trend dominated by cryptocurrency-related DDoS attacks.
During the last quarter of 2023, DDoS attacks on environmental websites made up half of all observed DDoS attacks, indicating a significant shift in the targeting preferences of threat actors. This trend was not isolated to COP 28, as similar patterns were observed during previous UN climate summits and environmental events.
Cloudflare noted that significant environmental events such as the UN’s resolution on climate justice and the launch of the United Nations Environment Programme’s Freshwater Challenge in February and March 2023 potentially heightened the visibility of environmental websites, leading to an increase in attacks on these platforms. This highlights the growing convergence of environmental issues and cybersecurity, making it a prime target for cyber attackers in the digital age.
DDoS attacks are a form of cyber-attack that aims to disrupt online services by overwhelming them with more traffic than they can handle, rendering them inaccessible to users. Cloudflare identified three main types of DDoS attacks: HTTP request intensive attacks, IP packet-intensive attacks, and bit-intensive attacks, each with the goal of causing a denial-of-service event by overwhelming different components of the network infrastructure.
In 2023, Cloudflare reported mitigating over 5.2 million HTTP DDoS attacks and 8.7 million network-layer DDoS attacks, representing a significant increase compared to the previous year. The report highlighted a 117% year-over-year increase in network-layer DDoS attacks in the fourth quarter, with specific targeting of retail, shipment, and public relations websites during peak shopping seasons like Black Friday and the holidays.
The sophistication of DDoS attacks in 2023 reached unprecedented levels, with some exploiting vulnerabilities in the HTTP/2 protocol, the standard protocol for web data communication. Additionally, Cloudflare noted a rise in DDoS attacks related to the Israel-Hamas conflict and Taiwan, underscoring the geopolitical motivations driving cyber threats.
To gather data on DDoS attacks, Cloudflare surveyed affected customers on the nature of the attacks and the effectiveness of mitigation efforts, collecting an average of 164 responses per quarter over the past two years. This data provides valuable insights into the evolving landscape of cyber threats and the need for robust cybersecurity measures to protect against DDoS attacks on critical online services.