sb-au logo
Story image

DDoS attacks doubled in Q1 2020 as attackers target remote workers

11 May 2020

Distributed Denial of Service (DDoS) attacks grew substantially in the first three months of this year, with Kaspersky reporting that it blocked double the amount of attacks in first quarter of 2020 than in Q4 2019, and 80% more than in Q1 2019.

Threat actors are clearly taking advantage of the great shift to remote working and learning incited by the outbreak of COVID-19, in which people are isolated and are therefore heavily reliant on digital resources. 

In particular, Kaspersky’s report revealed notable growth in the number of DDoS attacks on educational resources and cities’ official websites. 

In Q1 2020, this number tripled compared to the same period in 2019, with the share of DDoS attacks amounting to almost 1 in 5 (19%) of the total number of incidents in Q1 2020.

The average duration of DDoS attacks in general also grew: in Q1 2020, a DDoS attack lasted 25% longer than in Q1 2019.

Kaspersky experts suggest that the growth in attackers' interest is caused by the fact that people are becoming more reliant on online resources remaining stable and accessible during the outbreak. 

If cyber attackers can gain the trust of a victim by masquerading as a reputable source, such as the World Health Organisation or any given country’s Ministry of Health, then attacks are more likely to succeed.

“Outage of internet services can be especially challenging for businesses now, because this is often the only way to make goods and services available to their customers,” says Kaspersky DDoS proection team business development manager Alexey Kiselev.

“In addition, widespread adoption of remote working opens new vectors for those responsible for carrying out DDoS attacks. 

“Previously most attacks were conducted against the public-facing resources of companies. We now see that DDoS attacks target internal infrastructure elements, for example, corporate VPN gateways or email servers.” 

Kaspersky recommends taking the following steps to protect against DDoS attacks as staff work from home:

Don't panic. Unexpected traffic peaks may look like a DDoS attack, but these instances can be caused by legitimate users. They can visit resources which were not as popular before, at times they were not previously accessing them.

Conduct a fault tolerance analysis of your infrastructure to identify weak nodes and increase their reliability. Attack vectors and traffic peaks are changing, so some resources may work unstably.

Consider DDoS protection for your non-public services. Their importance to business continuity may increase, making them a target for malefactors.

Story image
ExtraHop reveals methods used by attackers in SUNBURST breach
The network detection and response company says between late March and early October 2020, detections of probable malicious activity increased by approximately 150%, including detections of lateral movement, privilege escalation and command and control beaconing.More
Story image
Essential tools for managing user identity and how they impact your bottom line
Customer identity and access management (CIAM) is how companies give their end-users access to their digital properties, as well as how they govern, collect, analyse, and securely store data for those users.More
Story image
2021's Most Wanted: Emotet continues reign as top malware threat 
The Emotet trojan continues to reign as top malware in January, despite international law enforcement taking control of its infrastructure.More
Story image
Cybercriminals take bold steps forward as confidence soars - CrowdStrike report
Criminals are especially interested in targeting the supply chain as it enables them to go after multiple targets from a single intrusion point.More
Story image
Kaseya acquires RocketCyber to bring SOC solutions to more businesses
"With this acquisition, we've doubled down on our security investments to provide our customers with access to experts who can continuously monitoring their IT environments without the cost and complexity of disparate tools.”More
Story image
Palo Alto Networks turns attention to supporting remote workforces
"We’re working with more organisations to pivot their security architecture and move towards a cloud-delivered security model that can safely connect any user, to any application, from anywhere.”More