Parallel Battlegrounds

Cyberattacks in EMEA reflect sociopolitical upheaval.

Continents with a warning sign

Since the beginning of the Russia-Ukraine conflict in early 2022, cyberattacks have increasingly become part of the offensive playbook—so much so that more than 80 percent of security professionals today believe that geopolitics and cybersecurity are intrinsically tied to one another. 
Likewise, 66 percent of organizations have changed their cybersecurity strategies in response to the conflict, and 64 percent say they believe their organization has been the target of a nation-state cyberattack.

Rising Attacks Tied to Russia-Ukraine Conflict 
These findings also are reflected in data from the latest DDoS Threat Intelligence Report for Europe, Middle East, and Africa (EMEA), which looks at distributed denial-of-service (DDoS) attack trends across 128 countries throughout EMEA. Our findings show that cyberattacks increased more than 7 percent in this region from the last six months of 2021 through the first six months of 2022.
The tie between cyberattacks and sociopolitical events in EMEA is especially evident in light of the conflict between Russia and Ukraine. Initially, organizations in Ukraine experienced a significant increase in cyberattacks—behavior that continued until resources were moved outside of Ukraine to protect them.
At that point, a significant shift in cyberattacks occurred, with adversaries then targeting other countries that showed support for Ukraine. When Finland announced its intention to join NATO, cyberattacks against that country increased by 249 percent—a concerning trend that, unfortunately, was mirrored in many countries throughout EMEA. For instance, many Ukrainian resources were moved into cloud-based systems located in Ireland. That move mirrored a 200 percent increase in cyberattacks against organizations in Ireland over the reporting period.
Telecom Industry in the Crosshairs
Cyberattacks related to sociopolitical events also can be seen when examining trends in vertical industries for the EMEA region. Adversaries have a long history of attacking organizations that provide communications and network services. But in 1H 2022, attacks against “all other telecommunications” providers—which includes Voice over Internet Protocol (VoIP) service providers, satellite telemetry and tracking services, dial-up providers, and customer-supplied internet connections—increased by 302 percent. Likewise, attacks against wireless telecommunications carriers increased by nearly 75 percent. 
Attack Bit Rate and Vectors Changing
Another important shift for the EMEA region is a 57 percent increase in the maximum attack bit rate in attacks that occurred between 2H 2021 and 1H 2022. This growth from 611 Gbps to 957 Gbps occurred despite the fact that the packet-per-second attack difference slowed by 37 percent.

Moreover, we continue to see adversaries abandon DNS amplification attacks as a primary vector. Instead, adversaries are increasingly turning to TCP-based vectors. At the end of 2021, there was almost an equal number of TCP ACK flood attacks, as there were DNS amplification attacks. However, by the end of June, the number of TCP attacks had almost doubled. 

Overall, the trends for EMEA illustrate that malicious actors continue to learn and build upon successes they experience in terms of attack type and target. Learn more about the DDoS attack trends for the EMEA region by reading the 1H 2022 DDoS Threat Intelligence Report.

Check out the full NETSCOUT DDoS Threat Intelligence Report at