Skip to content Skip to footer

Hit-and-run attacks: the short but high-risk DDoS

As society plunges further into the digital age, denial-of-service (DDoS) attacks are becoming not only more frequent, but also more cunning. Among them, an intriguing category stands out: Hit-and-Run attacks. These brief but intense episodes of digital disruption have plagued Internet providers. As a result, much has been said about the stability of networks and the trail of uncertainty for companies and consumers.

This article seeks to shed light on the phenomenon of Hit-and-Run attacks, exploring not only their nature and impact, but also presenting solutions and mitigation strategies in the face of this growing challenge in the cyber landscape. In addition, we will delve into the motivations behind these attacks, including not only the financial aspects, but also the political motives that drive this practice. By better understanding this type of threat and its ramifications, we hope to offer valuable insights and practical guidelines to strengthen your company’s resilience against these increasingly frequent and sophisticated attacks.

The wave of Hit-and-Run attacks

Almost a year ago, at the end of February 2023, a series of denial-of-service (DoS) attacks hit several Internet service providers in the state of Rio de Janeiro. Not in the capital or the big cities, but in medium-sized or small towns. Some examples were Saquarema, Angra dos Reis, Arraial do Cabo, São João de Meriti and Guapimirim. It wasn’t the first time, nor was it the last. As a result of successive attacks, these telecommunications companies have been left with extremely poor customer service. As a result, their servers have been overwhelmed by the flood of requests from attackers and customers are unable to use the Internet.

Although the IT and telecommunications sector is already starting to get used to the risk of large denial-of-service attacks (usually “distributed” attacks, in which thousands of devices contaminated with malware make requests to servers), these attacks against small and medium-sized Internet providers can be considered small. They usually last only a short time, although they can be very intense. These attacks are known among network experts as “hit & run”, i.e. the attacker strikes the blow and disappears. Temporarily, he disappears.

DDoS attacks can damage a company's reputation

Despite these characteristics, this type of attack can be extremely damaging, not only for ISPs, but also for any other type of company. This is because it degrades the use of data networks in general and the Internet in particular. For an Internet access provider, it is indisputable to recognize that the incident causes scratches on the service’s reputation. An attack of this kind against an e-commerce operator at a time of high sales, for example, could be disastrous. It’s quite possible that you know someone who has already fallen victim to Hit-and-Run attacks, especially when it comes to the telecommunications service.

However, attacks don’t happen by chance. They are triggered and orchestrated by bad actors, with the aim of extorting money from companies – whether they are access providers or not. Denial of service attacks of this type are usually accompanied by messages to one or more of the company’s managers, threatening further attacks if a certain amount of money is not paid. And in such a situation, the company is unfortunately at the mercy of cybercriminals. When the company doesn’t pay, another attack happens shortly afterwards.

Ataques Hit-and-Run - Características

Solutions to Hit-and-Run attacks

Hit-and-run attacks don’t just happen in Brazil. They keep happening all over the world, and companies have to turn to good network and telecommunications technology providers to solve the problem.

Last year, Huge Networks mitigated thousands of such attacks against its customers by detecting and taking down malicious traffic sent from contaminated devices. The solution, although complex and built on cutting-edge technology, can be implemented in just one hour, rendering denial-of-service attacks ineffective. Thus allowing your company to operate in peace.

Cybercriminals also develop technology

Unfortunately, cybercriminals are also investing in the development of cyberweapons to make denial-of-service attacks increasingly efficient. A new technique called“HTTP/2 Rapid Reset” is already being used to bring down the operation of websites. This technique exploits a security flaw registered as CVE-2023-44487. According to information from Google, the biggest DDoS attack in history used this technique in August 2023 against one of the company’s clients. This attack reached a peak of 398 million requests per second (RPS). This represents an increase of more than 54% on the previous record of 46 million RPS registered in June 2022.

Although many attacks are financially motivated, in 2023 there were also many politically motivated denial of service attacks. Hacker groups have extended their cyber attacks against companies in enemy countries.

In this way, Russian hackers continued to attack Ukrainian organizations and vice versa, just as Palestinian and Israeli hackers continue to do. Groups from other countries such as Iran, Yemen and Sudan, for example, have also entered these battles in support of one of the sides.

In Brazil, in December, a hacker announced a denial of service attack on an educational organization in Mato Grosso do Sul in protest against sexual harassment cases.

Prevention is the best way to deal with Hit-and-Run attacks

From the combination of all these facts, it is inevitable to conclude that the risk of denial of service attacks remains and will remain high for various reasons. Not only because cybercriminals will develop new techniques, but also because they are increasingly offering attacks as a service.

What’s more, the volume of “things” connected to the Internet is growing at an alarming rate, expanding the possibilities for creating ever larger, more powerful and more resilient botnets. In August 2023, for example, an international police operation led by Germany, the United States, France and the Netherlands dismantled the infrastructure of the QakBot botnet. Two months later, a cybersecurity company reported evidence that QakBot was already being rebuilt, literally from the ashes.


Hit-and-run attacks are just one of several other attack methods used by cybercriminals. The conclusion is that the scenario is not pretty for companies that don’t invest in their protection: the risk will remain high.

There is no other solution than to invest in mitigation services provided by companies that have the technology, processes and people that can stop these attacks.

Security controls against this must always be in place and it is essential that the company plans everything that needs to be done beforehand. So creating a last-minute solution is like betting on the Mega Sena: the probability of getting it right is extremely low.

Did you like this post? So be sure to check out our other materials, and always stay informed about cybersecurity trends. See you next time!

Go to Top