At this point, everyone is well aware of the global health risks of the ongoing COVID-19 pandemic. So far, more than 1 million people have been killed by the virus around the world, and almost 37 million have been infected by it. The ferocity and infectiousness of COVID-19 has resulted in lockdowns that have forced people into their homes for weeks at a time, hamstrung multiple industries, and tanked some large economies.
But, while the health and safety risk of COVID-19 has been well-reported and understood around the globe, the virus has created another threat that is currently passing under the radar.
According to the newly-released NETSCOUT 1H 2020 Global Threat Intelligence Report, COVID-19 is creating a DDoS pandemic around the world. And those attacks – which function to deny access to online tools and resources – couldn’t come at a less opportune time, as COVID-19 forced people out of classrooms and offices and made them increasingly dependent on online and digital services for their work and daily lives.
As the report illustrates, “During the shutdown, the world was hit by the single largest number of monthly attacks we’ve ever seen—929,000 DDoS attacks in May alone. As seen by our Active Threat Level Analysis System (ATLAS), NETSCOUT Threat Intelligence observed 4.83 million DDoS attacks in the first half of 2020, up 15 percent from 2019. Even more telling, DDoS attack frequency jumped 25 percent during the pandemic lockdown months of March through June.”
Similar to ransomware attacks and phishing attacks, DDoS attacks can generate financial profit for the perpetrators – or compromise credentials – so that they can steal the valuable intellectual property of customer data. This is often done through DDoS extortion attacks. In other instances, DDoS attacks are intended to disrupt the availability of online services.
The COVID-19 pandemic provided the perfect opportunity to launch DDoS attacks with maximum disruptive impact, as online tools took a more central and important role in the everyday life.
What types of organizations and services were being targeted for these more frequent and disruptive attacks? According to NETSCOUT, they included, “…COVID-era lifelines such as internet service providers, eCommerce, healthcare, and educational services.”
However, the report doesn’t just show how malicious actors leverage the COVID-19 pandemic for particularly effective DDoS attacks, it also illustrates new trends and changes in how DDoS attacks are being launched. Today’s attacks are becoming increasingly complex. They’re also being conducted in shorter windows to both make defense harder and to make the attack, itself, less expensive to launch. As the report indicates, these trends combine to create a nightmare for cybersecurity professionals:
“…average attack duration plummeted more than 50 percent. Why? It’s all about the money. Shorter attacks consume fewer resources for the bad guys and, even better (from their point of view), narrow the response window for defenders. Attacks were also more complex, as super-sized 15-plus vector attacks grew 2,851 percent from 2017 when such attacks were considered outliers. This adds up to some bad math for defenders: Shorter duration + increased complexity = less time to respond to increasingly difficult-to-mitigate attacks.
What’s more, the NETSCOUT report once again found an increase in a disturbing DDoS trend – the use of our own IoT devices against us.
The report found that the Mirai malware and its variants are once again increasing in usage – being leveraged by cybercriminals to turn IoT devices – which can include anything from a network-connected refrigerator to a smart speaker – into an army of robots capable of participating in DDoS attacks.
However, while Mirai remained the most popular botnet malware, the people at NETSCOUT also identified a number of new botnet malware tools being leveraged in 2020, including Linux-based malware. As the report explains, “While Mirai variants are the most dominant IoT bots seen on the internet today, several non-Mirai IoT malware are also causing a ruckus.”
If the analysis of attacks from the first half of 2020 is any indication, DDoS remains a major concern for network providers and corporations. And the impact of a successful DDoS attack is higher and more costly than ever before. The COVID pandemic may be a massive health and safety concern, but it’s having the added side-effect of making DDoS attacks more enticing for cybercriminals. And organizations need to take steps to protect themselves, lest they see massive disruptions in a time when they can least afford them.
For additional information about the current DDoS threat facing organizations, click HERE to download a complimentary copy of the NETSCOUT Global Threat Report.
