AI-based attacks are increasing in number and threaten critical infrastructures

  • Over 70 percent increase in DDoS attacks (H1 2023) in Link11 network increases digital resilience requirements of enterprises.
  • Registered DDoS attacks reach critical volume after an average of 60 seconds in H1 2023 (2022: 93 seconds) – an increasing share of HTTPS attacks to 30% heightens complexity.
  • Critical infrastructures in e.g., NATO countries remain the preferred target of politically motivated hackers – Artificial intelligence opens the way for additional professionalization of DDoS attacks.


During the first half of 2023, the Link11 Security Operations Center (LSOC) has registered a significant increase in attacks. Compared to the same period last year, the number of DDoS attacks registered in the Link11 network increased by more than 70%. In addition to the increase in quantity, the intensity and complexity of attacks also been elevated in the first half of the year.

The ongoing armed conflict between Russia and Ukraine has led to a further increase in politically motivated cyberattacks, orchestrated by well-organized perpetrators. The groups “REvil”, “Killnet”, and the hacktivists “Anonymous Sudan”, active since the beginning of this year, have joined forces to form a new hacker collective, the “Darknet Parliament”, in order to combine their offensive capabilities.


Politically motivated attacks remain at a high level main target is critical infrastructure 

Critical infrastructures (CRITIS) in NATO countries are especially at risk as a result of these attacks. In the first half of 2023, DDoS activities reached a new threat level compared to the previous year.  The transport, energy, finance, as well as government sectors are particularly vulnerable to DDoS attacks and in numerous cases lack competitive DDoS protection. Not a month has gone by in the current year without cyberattacks against NATO countries and their critical infrastructure.

In addition to the increasing number of attacks, the LSOC recorded a growing intensity of attacks. High-volume attacks, with bandwidths exceeding 200 Gbps (gigabits per second) every month, were not uncommon. The average bandwidth peak was at 454 Gbps, while the largest attack was stopped at 795 Gbps (H1 2022: 574 Gbps). In parallel, DDoS attacks observed on the Link11 network in 2023 reach their critical volume after an average of just 60 seconds, which can cause systems to fail entirely (2022: 93 seconds).

While the intensity of attacks increased in the first half of the year, compared to the same period last year, the average duration of the attacks decreased, compared to the first half of 2022. The moment the intended goals cannot be reached, DDoS attacks are swiftly stopped. It seems that hackers are increasingly using artificial intelligence to improve their methods and to amend attack types.

The longest attack in the first half of 2023 lasted 1,444 minutes, or in other words 24 hours and 4 minutes (H1 2022: 981 minutes/16.5 hours).  As far as popular attacks the biggest increase is in HTTPS attacks. Their share has grown to 30%, which reflects a significant increase in Layer 7 attacks.


Perfection of DDoS? How cybercriminals operate 

The potential consequences of a “triple extortion” are devastating attackers threaten with a DDoS attack, in the shadow of which the criminals can then infiltrate the malware into the system unnoticed or siphon off data. Following the encryption by the inserted ransomware, they either threaten to publish, or directly publish the stolen data on the darknet. The flourishing “cybercrime-as-a-service” industry reinforces this trend.

In addition, the rapid increase in smart IoT and cloud technologies further empowers attackers. The perpetrators currently have access to a huge arsenal of botnets, which they know how to deploy optimally with increasingly intelligent attacks. Worldwide, up to 1,000,000 IoT hosts and cloud server instances are active every day. These generate more than 40 percent of all DDoS traffic.


Lisa Fröhlich, company spokesperson at Link11: “Companies and operators of critical infrastructures must understand that the danger of DDoS attacks is ever-present. In addition to the professionalization that has already taken place in 2022, we also see constantly increasing attack numbers in 2023, which massively increases the danger situation.

Artificial intelligence has the potential to further sophisticate DDoS attacks. Lack of awareness and missing investments in competitive protection therefore represent a permanent danger for those affected.”

The full report is available for download on the Link11 website.


About Link11  

Link11 is a specialized European IT security provider protecting web services and infrastructures against cyber-attacks. Headquartered in Germany, Link11 maintains global locations, including in Europe, North America, and Asia. The company’s cloud-based IT security services help customers avoid business disruptions and strengthen the cyber resilience of their business networks and critical applications.


Link11’s product portfolio includes a wide range of security services, such as web and infrastructure DDoS protection, Bot Management, Zero-Touch WAF, and Secure CDN Services. According to unanimous analyst opinion (Frost & Sullivan, Gartner a. o.), Link11 offers high- performance mitigation across all layers and for all attack vectors, including unknown ones, within seconds. The technological basis for this is Link11’s patented DDoS protection, which relies on machine learning and consistent automation. The company’s global multi-terabit network, which currently has 42 PoPs (Points of Presence), interconnects the DDoS filter clusters, and is monitored 24/7 by the Link11 Security Operations Center.


The German Federal Office for Information Security (BSI) recognizes Link11 as a qualified DDoS protection provider for critical infrastructures. With ISO certification 27001, the company also offers high-level data security processes. Since being founded in 2005, Link11 has received multiple awards for its innovative solutions and business growth.