For the first time, DDoS attacks cross the annual threshold of 10 million in 2020, almost 1.6 million more attacks than in 2019.
“Not all world records are worth celebrating – just look at the denial of service (DDoS) attack numbers for 2020. For the first time in history, the number of DDoS attacks recorded on a year has crossed the threshold of 10 million. NETSCOUT’s ATLAS Security Engineering and Response Team (ASERT) recorded 10,089,687 attacks during the year, including 3.71 million in the EMEA region. This represents nearly 1.6 million more attacks than in 2019 (8.5 million) globally. At the regional level, 598,000 attacks (against 389,000 in 2019) concerned the United Kingdom, 445,000 affected Germany (against 162,000) and 178,000 (against 137,000 in 2019) targeted France.
It is true that DDoS attacks are only progressing in one direction: on the rise. However, it’s important to keep the context in mind when looking at DDoS statistics for 2020. From March to the end of the year, the perpetrators of DDoS attacks operated in the midst of the COVID-19 pandemic. As most of the world went through an unprecedented global health crisis, malicious actors saw new vulnerabilities and new opportunities. It is rare that the annual activity is so deeply affected by the same event, but this is nevertheless the case of the activity and the trends of DDoS attacks in 2020. The fact that this significant number of global attacks is reached at a When businesses rely heavily on online services to survive is no coincidence.
The start of containment linked to the pandemic has set a “new standard” in the way we live and work, causing a major upheaval in the use of the internet, as people have increasingly turned to the world online. When employees around the world transitioned to telecommuting, devices and devices that were once behind firewalls and secure corporate environments found themselves in the home, behind routers and traditional consumer networking devices.. Attacks quickly exploited this situation by more than doubling the number of IoT-specific malware samples circulating in the wild, contributing to the rise in DDoS attacks in 2020.
The number of DDoS attacks, bandwidth and throughput have all increased sharply since the start of the COVID-19 pandemic.
Thus, the frequency of attacks has increased by 20% in one year, but this figure includes the months before the health crisis, namely January, February and most of March. In the second half of 2020, which was all about the pandemic, attacks increased 22% from the previous year.
As cybercriminals quickly exploited the possibilities offered by the pandemic, we have seen another kind of “new normal” emerge. From March, monthly DDoS attacks regularly exceeded 800,000, while the confinement induced by the health situation entered into force. Indeed, as reported in NETSCOUT’s Threat Intelligence Report for the first half of 2020, cybercriminals launched 929,000 DDoS attacks in May, the highest number of monthly attacks on record. While wired and wireless broadband providers have been hit the hardest, sectors vital in the context of the pandemic, such as e-commerce, e-learning and healthcare, have all been affected. receives increased attention from malicious actors. ASERT thus carried out a biannual review of global education networks to analyze DDoS activity and observed a 25% increase in attacks compared to the previous year.
DDoS Cyber Extortion Campaign
The other landmark DDoS activity of 2020 began in mid-August, when a relatively prolific cybercriminal launched the worldwide campaign of DDoS extortion attacks “Lazarus Bear Armada” (LBA), a campaign that remains active as the hackers began to retarget the original victims. The attackers justify their new attacks by the fact that the victim did not pay the initial extortion request.
Here too, the demands imposed by the pandemic probably influenced the attackers’ target choices. While the LBA campaign initially focused on financial services, campaigners quickly broadened their reach to include large companies in the healthcare industry, including insurers, medical screening companies and pharmaceutical companies. global. Some of these companies were associated with COVID-19 testing efforts and vaccine development. While it is unlikely that the attackers specifically sought to disrupt their work, these companies were prime targets because they both had significant financial resources and were under urgent deadlines.
Communications service providers, ISPs, big tech companies and manufacturers have also come under intense attack.
In addition, attackers have targeted infrastructure alongside more traditional attacks focused on online services. Here, too, pandemic adaptation measures such as remote working were instrumental, as cybercriminals focused on disrupting day-to-day operations within an organization, such as inbound / outbound usage. outbound VPNs and cloud-based tools by employees working from home.
As the COVID-19 pandemic continues into 2021, we can logically expect threat actors to target the vulnerabilities exposed by the global crisis and to discover and use new attack vectors intended to exploit the weak points of our new normal. Indeed, these numbers only scratch the surface of the problem, and we expect to uncover new elements as we continue our research as part of NETSCOUT’s upcoming Threat Intelligence Report. It is imperative that advocates and security professionals be vigilant in order to protect the critical infrastructure that connects the modern world and enables it to function. “