DDoS attacks doubled in Q1 2020 as attackers target remote workers
Distributed Denial of Service (DDoS) attacks grew substantially in the first three months of this year, with Kaspersky reporting that it blocked double the amount of attacks in first quarter of 2020 than in Q4 2019, and 80% more than in Q1 2019.
Threat actors are clearly taking advantage of the great shift to remote working and learning incited by the outbreak of COVID-19, in which people are isolated and are therefore heavily reliant on digital resources.
In particular, Kaspersky’s report revealed notable growth in the number of DDoS attacks on educational resources and cities’ official websites.
In Q1 2020, this number tripled compared to the same period in 2019, with the share of DDoS attacks amounting to almost 1 in 5 (19%) of the total number of incidents in Q1 2020.
The average duration of DDoS attacks in general also grew: in Q1 2020, a DDoS attack lasted 25% longer than in Q1 2019.
Kaspersky experts suggest that the growth in attackers' interest is caused by the fact that people are becoming more reliant on online resources remaining stable and accessible during the outbreak.
If cyber attackers can gain the trust of a victim by masquerading as a reputable source, such as the World Health Organisation or any given country’s Ministry of Health, then attacks are more likely to succeed.
“Outage of internet services can be especially challenging for businesses now, because this is often the only way to make goods and services available to their customers,” says Kaspersky DDoS proection team business development manager Alexey Kiselev.
“In addition, widespread adoption of remote working opens new vectors for those responsible for carrying out DDoS attacks.
“Previously most attacks were conducted against the public-facing resources of companies. We now see that DDoS attacks target internal infrastructure elements, for example, corporate VPN gateways or email servers.”
Kaspersky recommends taking the following steps to protect against DDoS attacks as staff work from home:
Don't panic. Unexpected traffic peaks may look like a DDoS attack, but these instances can be caused by legitimate users. They can visit resources which were not as popular before, at times they were not previously accessing them.
Conduct a fault tolerance analysis of your infrastructure to identify weak nodes and increase their reliability. Attack vectors and traffic peaks are changing, so some resources may work unstably.
Consider DDoS protection for your non-public services. Their importance to business continuity may increase, making them a target for malefactors.