Earlier today, NETSCOUT’s ATLAS Security Engineering and Response Team (ASERT) released their Threat Intelligence Report featuring findings from 1H 2021.
The report analyzes the data generated by NETSCOUT ASERT in their work defending the networks of government agencies and large enterprises. And it seeks to identify cybersecurity trends and extrapolate the ways in which malicious actors are actively working to deny organizations access to their mission-critical digital services and capabilities.
The seventh – and most recent – edition of the Threat Intelligence Report illustrates a continued uptick in distributed denial-of-service (DDoS) attacks against government organizations and private enterprises. According to the report, 5.4 million DDoS attacks were launched in the first half of 2021 – which represents an 11 percent increase from the same period in 2020.
This continues the trend of DDoS attacks increasing in frequency, year-over-year. In their 1H 2020 Threat Intelligence Report, NETSCOUT ASERT claimed to have observed 4.83 million DDoS attacks, which was a 15 percent increase from 2019.
Moreover, not only is the trend of increased attack complexity rising, but threat actors are rapidly evolving their thinking to continue to discover and weaponize new attack vectors to exploit vulnerabilities in our digital landscape. That means the job that security professionals have keeps getting harder week-by-week, day-by-day, and minute-by minute, to protect critical infrastructure, information, and people.
Hackers Leveling Up
Anyone that has ever played a video game understands the feeling of accomplishment from grinding and completing side quests to level up their character and unleash more powerful and effective attacks against adversaries and bosses that they previously couldn’t even scratch. Unfortunately for IT and cybersecurity professionals, it would appear that malicious actors have used their time at home during COVID-19 quarantines to increase their abilities and advance their own skill trees.
“Using adaptive DDoS principles, threat actors now can customize each attack to bypass both cloud-based and on-premises static DDoS defenses.” – 1H 2021 Threat Intelligence Report
In 1H 2021, adversaries leveled a number of new DDoS attacks and leveraged a number of new vectors to overcome the defenses of their targets and take down their IT services. According to the Threat Intelligence Report and ATLAS data, “Threat actors exploited or weaponized at least seven of the newer reflection/amplification DDoS attack vectors within the past seven months, igniting an explosion of new attack vectors that exploit abusable commercial and open-source User Datagram Protocol (UDP) services and applications.”
Not only are attackers leveraging new vectors to increase the effectiveness of their attacks, they’re also increasing the number of vectors that they’re utilizing in multivector DDoS attacks. NETSCOUT ATLAS ASERT found that the number of vectors being used in attacks reached a record number of 31 deployed in a single attack at the beginning of 2021.
Finally, malicious actors have been innovating a new generation of adaptive DDoS attack techniques to make their attacks even more effective against the DDoS defenses that organizations implement to protect their networks.
According to the Threat Intelligence Report, “Using adaptive DDoS principles, threat actors now can customize each attack to bypass both cloud-based and on-premises static DDoS defenses.” They accomplish this by conducting “significant pre-attack research and reconnaissance,” which is then leveraged to, “…launch a single, orchestrated onslaught of attack vectors perfectly calibrated to take down a target.”
…new vectors, more vectors, more adaptive and targeted attacks, and triple extortion attacks are now being leveled at organizations. And they’re being targeted against the very Internet and connectivity gateways that we’ve grown so dependent on during the pandemic.
The result of all of this innovation has been more targeted, complex attacks that leverage multiple vectors and leave organizations less safe. And these attacks are now being directed against new targets that can create massive problems for organizations in our increasingly distributed, COVID-impacted world.
Compromising Our Connectivity
While the rapid development and release of the COVID-19 vaccine led many to believe the pandemic was in the world’s rearview, new variants and outbreaks have resulted in many organizations and government agencies reversing course on “back to the office” initiatives and recommitting to working from home. In this environment, digital services remain paramount for productivity – and creating connectivity problems can virtually grind all operations, communications, and collaboration to a halt.
Unfortunately for enterprise IT and security teams, this is exactly what adversaries were looking to accomplish in 1H 2021.
According to the Threat Intelligence Report, “The global connectivity supply chain is increasingly under attack as cybercriminals concentrate their activities on vital components of internet operations, such as DNS servers, virtual private network (VPN) concentrators and services, and internet exchanges.”
By attacking these vital Internet and connectivity gateways, malicious actors can impact a litany of different organizations and enterprises – all of which are more dependent on digital services for their operations than ever before. The first half of 2021 even witnessed the launch of a new DDoS extortion campaign coined, “Fancy Lazarus DDoS,” that, according to the Threat Intelligence Report, ”…primarily targets authoritative DNS servers for internet service providers (ISPs).”
“Threat actors exploited or weaponized at least seven of the newer reflection/amplification DDoS attack vectors within the past seven months, igniting an explosion of new attack vectors that exploit abusable commercial and open-source User Datagram Protocol (UDP) services and applications.” – 1H 2021 Threat Intelligence Report
The term “DDoS extortion” may sound familiar. Leveraging DDoS attacks in an effort to extort a financial payment from enterprises and government organizations was not a new concept that arose in the first half of 2021. However, this year has given rise to an increase in triple extortion attacks. These multi-pronged attacks leverage DDoS, data theft, and ransomware, in what the Threat Intelligence Report calls, “a ransomware trifecta designed to increase the possibility of payment.” These triple extortion attacks became increasingly common in the past year, as adversaries looked for new ways to circumnavigate their targets’ defenses and ensure their efforts resulted in profit.
Ultimately, if there was one major trend from the 1H 2021 Threat Intelligence Report that really stuck out to me, it was this – the game is changing. IT departments and security teams are no longer facing, “Your daddy’s DDoS attack.”
New vectors, more vectors, more adaptive and targeted attacks, and triple extortion attacks are now being leveled at organizations. And they’re being targeted against the very Internet and connectivity gateways that we’ve grown so dependent on during the pandemic. This means that government agencies and private enterprises need to improve their defenses to keep pace, even if that means continuing to fuel a DDoS arms race with their adversaries.
To download a complimentary copy of the 1H 2021 Threat Intelligence Report, click HERE.
