Assessing the Silent Frontlines: Exploring the Impact of DDoS Hacktivism in the Russo-Ukrainian War

This study assessed the impact and effectiveness of Distributed Denial of Service (DDoS) attacks during a period of about four months of the Russo-Ukrainian war, by observing the exchanges between the opposing sides. The data collection phase took place between the 28th of November 2022 and the 15th of April 2023. In total, we monitored 1,257 websites and web applications targeted in the conflict, with 633 targeted by pro-Russian and 624 by pro-Ukrainian entities. Only a small fraction (1.27%) of the targets remained unaffected, whereas 30.63% faced complete shutdowns. When considering the extent of the attacks conducted by the belligerents in the war, the attacks by pro-Russian entities showed a slightly more successful overall impact, with 36.18% of their targets were taken down, compared to 25.00% on the opposite side. Businesses demonstrated greater resilience against DDoS attacks compared to governmental and educational institutions. An in-depth analysis revealed significant differences in target categories, despite both sides primarily targeting businesses. Our findings regarding the usage of DDoS protection services among the 1,257 analysed targets showed that only 13.37% used such services. Among these minority of users, 70.24% had protection from the beginning of our analysis, while 29.76% adopted it only after experiencing attacks. We also looked into the use of geolocation-based access policies on websites targeted by pro-Ukrainian entities. Our findings indicated that most of these websites do not implement geolocation-based access restrictions. To an extent, such restrictions could have been useful for preventing some unsophisticated attacks. Surprisingly, only a small percentage (4.50%) restricted access to solely Russian addresses, while a fraction (12.56%) seemed to implement adaptive access policies in response to cyberattacks. Lastly, and quite surprisingly for us, we discovered that a significant number of targets on the Russian side were using anti-DDoS services and technology provided by countries that have for a long time imposed economic and commercial sanctions on Russia. This may or may not be strictly illegal, but it is without question against the spirit of these sanctions.