In the eye of the online storm that arrived during 2020 with the realities of the global pandemic, service providers and security experts chose not to let cybercriminals win on all fronts, but instead rallied to defend the critical infrastructure of the online world.
In the face of the record-breaking cyberattacks of last year, businesses remained connected to their employees, students continued their education via distance learning, and ecommerce revenue increased by leaps and bounds.
This is the word from Richard Hummel, threat intelligence lead at Netscout, introducing the bi-annual report Threat Intelligence Report for 2020, which also includes Netscout’s 16th annual Worldwide Infrastructure Security Report (WISR).
In the ‘2020 2H Threat Intelligence Report: DDoS in a time of pandemic’, he notes: “Against the backdrop of an unprecedented shift toward online workforce participation across the globe, Netscout’s Atlas Security Engineering and Response Team (ASERT) observed a huge upsurge in distributed denial-of-service (DDoS) attacks, brute-forcing of access credentials, and malware targeting of internet-connected devices.
“We observed multiple record-breaking events: the most DDoS attacks launched in a single month (929K), the most DDoS attacks in a single year (more than 10-million), and monthly DDoS attack numbers that regularly exceed the 2019 averages by 100 000 to 150 000 attacks. Combined with the weaponisation of new reflection/amplification DDoS attack vectors allowing the abuse of misconfigured RDP over UDP, Plex Media SSDP, DTLS services, an increasingly complex threat landscape rapidly emerged.
“And if that weren’t enough, a new threat actor known as Lazarus Bear Armada launched a global DDoS extortion campaign, using network reconnaissance to launch multivector attacks on critical pandemic infrastructure elements such as VPN concentrators, authoritative and recursive DNS servers, and upstream internet service providers’ (ISPs’) peering and customer aggregation routers.”
DDoS attacks are an attempt to exhaust the resources available to a network, application or service, so that genuine users cannot gain access.
Key findings of the report include some of the following points:
* For the first time in history, the annual number of observed DDoS attacks crossed the 10-million threshold.
* As the pandemic lockdown took effect, DDoS attacks exceeded 800 000 in March and remained above that threshold for the rest of the year – this is the new norm.
* A global DDoS extortion campaign began with attacks that took down the New Zealand Stock Exchange in the debut attack.
* Botmasters are exploiting pandemic vulnerabilities, as remote work and online learning shifted core workforce access away from enterprise-grade protection and toward consumer-grade devices.
Risna Steenkamp, GM: ESM division at Netscout distributor Networks Unlimited, says, “The online world – and the defence of its operations and the data it carries – has obviously become more important than ever, and this Netscout report clearly shows how much the Covid-19 pandemic has played into the hands of threat actors.”