Skip to main

Woburn, MA – April 25, 2022 – Kaspersky released data showing the number of Distributed Denial of Service (DDoS) attacks in Q1 2022 rose 4.5 times, compared to Q1 2021, with a considerable number of the attacks likely the result of hacktivist activity. The attacks also showed an unprecedented duration for DDoS sessions, particularly those aimed at state resources and banks. Further information has been included in a new report.

Distributed Denial of Service (DDoS) attacks are designed to interrupt network resources used by businesses and organizations and prevent them from functioning properly. They become even more dangerous if the compromised systems are in government or financial sectors, since these services being unavailable has knock-on effects on the wider population. Q1 2022 saw a sudden increase in attacks in late February as a result of the crisis in Ukraine.

Compared to figures from Q4 2021, which had previously been considered the all-time highest period of DDoS attacks detected by Kaspersky solutions, Q1 2022 saw the total number of DDoS increase by 46%, while growing 4.5 times compared to the same quarter in 2021. The amount of “smart” or advanced and targeted attacks also showed a notable growth of 81% compared to the previous record from Q4 2021. The attacks were not only performed at scale but were also innovative. Examples include a site mimicking the popular 2048 puzzle game to gamify DDoS attacks on Russian websites, and a call to build a volunteer IT army in order to facilitate cyberattacks.

A comparative number of DDoS attacks: Q1 2022 and Q4 2021 as well as Q1 2021. Data for Q1 2021 is taken as 100%

Further investigation conducted by Kaspersky revealed that an average DDoS session lasted 80 times longer than those in Q1 2021. The longest attack was detected on March 29 with an atypically long duration of 177 hours.

A comparative duration of DDoS attacks: Q1 2022 and Q4 2021 as well as Q1 2021. Data for Q1 2021 is taken as 100%

“In Q1 2022 we witnessed an all-time high number of DDoS attacks,” said Alexander Gutnikov, security expert at Kaspersky. The upward trend was largely affected by the geopolitical situation. What is quite unusual is the long duration of the DDoS attacks, which are usually executed for immediate profit. Some of the attacks we observed lasted for days and even weeks, suggesting that they might have been conducted by ideologically motivated cyberactivists. We’ve also seen that many organizations were not prepared to combat such threats. All these factors have caused us to be more aware of how extensive and dangerous DDoS attacks can be. They also remind us that organizations need to be prepared against such attacks.”

Read more about DDoS attacks in Q1 2022 on Securelist.


To stay protected against DDoS attacks, Kaspersky experts offer the following recommendations:

·       Maintain web resource operations by assigning specialists who understand how to respond to DDoS attacks.

·       Validate third-party agreements and contact information, including those made with internet service providers. This helps teams quickly access agreements in case of an attack.

·       Implement professional solutions to safeguard your organization against DDoS attacks. For example, Kaspersky DDoS Protection combines Kaspersky’s extensive expertise in combating cyberthreats and the company’s unique in-house solutions.

·       Know your traffic. It’s a good option to use network and application monitoring tools to identify traffic trends and tendencies. By understanding your company's typical traffic patterns and characteristics, you can establish a baseline to more easily identify unusual activity that is symptomatic of a DDoS attack.

·       Have a restrictive Plan B defensive posture ready to go. Be in a position to rapidly restore business-critical services in the face of a DDoS attack.


The geographical locations of DDoS-attack victims and C&C servers used to send commands are determined by their respective IP addresses. The number of unique targets of DDoS attacks in this report is counted by the number of unique IP addresses in the quarterly statistics.


DDoS Intelligence statistics are limited to botnets detected and analyzed by Kaspersky. Note that botnets are just one of the tools used for DDoS attacks, and that this section does not cover every single DDoS attack that occurred during the review period.

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 240,000 corporate clients protect what matters most to them. Learn more at


Media Contact

Sawyer Van Horn

(781) 503-1866

Cyberwar in Ukraine leads to all-time-high levels of DDoS attacks

Kaspersky Logo