There were more than 10 million DDoS attacks in 2020, driven by new attack vectors and new threat actors; most of the industries targeted were vital to life during the COVID-19 pandemic.
Cybersecurity firm NETSCOUT has released a new report detailing the state of DDoS attacks during the past year and it leads with an unfortunate new statistic: 2020 was the first year that the number of observed DDoS attacks crossed the 10-million mark. What that means, NETSCOUT said, is that everyone should consider themselves at risk.
In addition to 2020 being an all-time high for the number of DDoS attacks, a few more records were set as well. The most DDoS attacks recorded in a single month hit a new high at 929,000, and average DDoS attacks per month topped 2019 averages by between 100,000 and 150,000.
SEE: Security incident response policy (TechRepublic Premium)
In all, there was a 20% increase in the number of DDoS attacks from 2019 to 2020, and the second half of 2020 was where most were concentrated, with a 22% spike in the last six months of the year.
Much of the rise in DDoS frequency can be attributed to the COVID-19 pandemic. “Cybercriminals exploited vulnerabilities exposed by massive internet usage shifts since many users were no longer protected by enterprise-grade security,” NETSCOUT said. It also found that e-commerce, streaming services, online learning and healthcare, which it describes as “vital pandemic industries,” were the most popular targets for DDoS operators in 2020.
In addition to the rise in overall DDoS attacks, NETSCOUT identified a new threat actor it dubbed Lazarus Bear Armada, which it said was responsible for “one of the most sustained and extensive DDoS extortion campaigns yet seen” as it knocked the New Zealand stock exchange offline in its first known attack. After that, the group was seen attacking financial services, ISPs, large tech firms and manufacturing companies. Lazarus Bear Armada remains active and has begun retargeting former victims, citing the fact that those organizations didn’t meet ransom demands.
NETSCOUT also found several new UDP-based attack vectors that may also be responsible for the DDoS uptick. “New reflection/amplification DDoS vectors that leverage abusable commercial products and open source User Datagram Protocol (UDP) capabilities continued to be discovered across the internet,” the report said.
There’s a lot to digest in NETSCOUT’s report, but suffice it to say that 2020 was a banner year for cybercriminals utilizing DDoS attacks as their weapon of choice. Richard Hummel, threat research manager at NETSCOUT, said that every organization needs to be ready to face a DDoS attack.
“Preparation is the key for defending against DDoS attacks. In most cases when we deal with customer escalations or more advanced attacks, it’s because an adversary is using new, unique or overwhelming tactics,” Hummel said.
SEE: How to manage passwords: Best practices and security tips (free PDF) (TechRepublic)
In the case of an attack, Hummel said, keep a DDoS expert’s contact info handy so they can provide emergency support and answer questions that may be overwhelming IT and security teams. “Ultimately, organizations should consider DDoS to be a normal part of their risk posture and plan to include protections as part of the core security measures in place,” Hummel said.