DDoS attackers exploited COVID-19 'lifelines' in 1H 2020 - NETSCOUT report
The first half of 2020 was littered with multivector distributed denial of service (DDoS) attacks - with more than 4.8 million recorded attacks over the period, and more than 929,000 in the month of May alone.
Findings from the recent NETSCOUT 1H 2020 Threat Intelligence Report indicates that attackers have exploited COVID-19 related ‘lifelines’ such as healthcare, education, and e-commerce with the aim of conducting attacks designed to bring these lifelines down.
“Cybercriminals pounced on pandemic-driven vulnerabilities, launching an unprecedented number of shorter, faster, more complex attacks designed to increase ROI,” NETSCOUT states.
The report also indicates that DDoS attack frequency spiked considerably during the peak-pandemic lockdown months from March through to June, however, May still accounted for the highest spike.
The report also analyses regional breakdowns in terms of the number of attacks. EMEA topped the list at more than 1.7 million attacks, followed by Asia Pacific (1.24 million), North America (1.2 million), and Latin America (528,725). All regions experienced a higher attack rate in 1H 2020 compared to what they experienced in 1H 2019.
Since 2017, there has been an overwhelming 2851% increase in ‘super-sized 15-plus vector attacks’, with several countries reporting up to 24 attack vectors.
Contrasted with a drop in single-vector attacks (which experienced a 43% year over year drop), attack throughput increased 31% - suggesting attacks are stronger and utilise more methods to bring targets down.
“The first half of 2020 witnessed a radical change in DDoS attack methodology to shorter, faster, harder-hitting complex multi-vector attacks that we expect to continue,” comments NETSCOUT threat intelligence lead Richard Hummel.
“Adversaries increased attacks against online platforms and services crucial in an increasingly digital world, such as e-commerce, education, financial services, and healthcare. No matter the target, adversary, or tactic used, it remains imperative that defenders and security professionals remain vigilant in these challenging days to protect the critical infrastructure that connects and enables the modern world.”
NETSCOUT goes on to state that 4.8 million attacks used large amounts of bandwidth and throughput, which service providers and enterprises must then absorb as a cost of doing business.
The company believes that there is a strong trend towards fast and complex multivector attacks, which highlight the importance of advanced, automated DDoS protection technologies.
The visibility and analysis represented in the Threat Intelligence Report and Cyber Threat Horizon fuel the ATLAS Intelligence Feed used across NETSCOUT’s Arbor security product portfolio.