A Russian IP address is no longer a security guarantee.
A new report from Qrator Labs, which specializes in network security, provides an analysis of the situation with DDoS attacks on the Russian IT infrastructure for 2023. The study revealed that hackers have learned to successfully bypass GeoIP blockages and a significant part of cyber attacks are now generated by local sources close to the victims ' region.
Attacks are still being carried out from afar, but using devices in Russia, Qrator Labs explained. According to the company, the total number of blocked IP addresses reached a maximum by the end of 2023: 22.3 million addresses were blocked in the fourth quarter. Growth was 19.25% by the third quarter and 120% by the second. In 2022, the company did not conduct such measurements.
Attackers actively use "gray proxy servers" on the territory of Russia, which allows them to disguise malicious traffic as legitimate Russian IP addresses. Experts point to the use of hacked network equipment, vulnerable IoT devices, and mobile gadgets as proxy servers.
Interestingly, the frequency of attacks from foreign IP addresses is decreasing, while the number of attacks using Russian addresses is growing. Innostage notes that this trend indicates an increase in cases of renting local IP addresses. DDoS-Guard also says that now attacking requests come from Russian IP addresses in 50% of cases, the rest - from China, Indonesia or the United States.
Geo-tag blocking was used as a means of restricting access to resources that are not intended to work outside of certain regions. In 2022, due to the growth of cyber attacks, many Russian Internet services, in particular state-owned ones, began to restrict access to all foreign IP addresses.
Roskomnadzor in 2023 announced the creation of its own database, which should match IP addresses with their approximate location. This will make it possible to counteract distributed attacks, the sources of which are resources and vulnerable devices outside the Russian segment of the network, the department clarified to Kommersant.
Analysts note that most attacks using Russian devices are politically motivated and organized by foreign groups. To implement attacks, attackers can rent equipment in Russia through fake legal entities.
Despite the increased threats, experts are confident that most attacks can be prevented using automatic protection systems, although sometimes additional measures are required. The growing number of cyber attacks increases the load on the networks of Russian providers and hosters, which may lead to the introduction of new regulatory measures against hosting providers for using their resources for illegal purposes.
A new report from Qrator Labs, which specializes in network security, provides an analysis of the situation with DDoS attacks on the Russian IT infrastructure for 2023. The study revealed that hackers have learned to successfully bypass GeoIP blockages and a significant part of cyber attacks are now generated by local sources close to the victims ' region.
Attacks are still being carried out from afar, but using devices in Russia, Qrator Labs explained. According to the company, the total number of blocked IP addresses reached a maximum by the end of 2023: 22.3 million addresses were blocked in the fourth quarter. Growth was 19.25% by the third quarter and 120% by the second. In 2022, the company did not conduct such measurements.
Attackers actively use "gray proxy servers" on the territory of Russia, which allows them to disguise malicious traffic as legitimate Russian IP addresses. Experts point to the use of hacked network equipment, vulnerable IoT devices, and mobile gadgets as proxy servers.
Interestingly, the frequency of attacks from foreign IP addresses is decreasing, while the number of attacks using Russian addresses is growing. Innostage notes that this trend indicates an increase in cases of renting local IP addresses. DDoS-Guard also says that now attacking requests come from Russian IP addresses in 50% of cases, the rest - from China, Indonesia or the United States.
Geo-tag blocking was used as a means of restricting access to resources that are not intended to work outside of certain regions. In 2022, due to the growth of cyber attacks, many Russian Internet services, in particular state-owned ones, began to restrict access to all foreign IP addresses.
Roskomnadzor in 2023 announced the creation of its own database, which should match IP addresses with their approximate location. This will make it possible to counteract distributed attacks, the sources of which are resources and vulnerable devices outside the Russian segment of the network, the department clarified to Kommersant.
Analysts note that most attacks using Russian devices are politically motivated and organized by foreign groups. To implement attacks, attackers can rent equipment in Russia through fake legal entities.
Despite the increased threats, experts are confident that most attacks can be prevented using automatic protection systems, although sometimes additional measures are required. The growing number of cyber attacks increases the load on the networks of Russian providers and hosters, which may lead to the introduction of new regulatory measures against hosting providers for using their resources for illegal purposes.
