NETSCOUT recently released the latest installment of its Threat Intelligence Report, which features the insights and information extrapolated from the data generated by NETSCOUT ASERT in their work defending the networks of government agencies and large enterprises from DDoS atatcks. And this edition of the report, which includes findings from the second half of 2021, has some good news and bad news for government cybersecurity professionals.
The good news? Distributed Denial of Service (DDoS) attacks decreased slightly in the second half of 2021. The bad news? Even with the slight decrease that NETSCOUT witnessed during this time, the number of DDoS attacks remained above pre-pandemic levels.
The reality is cyberattacks and DDoS attacks remain a major threat to the safety of sensitive data and the smooth operation of governments and organizations. While there was some good news regarding a decrease in some reflection/amplification vectors, government networks and data are still under near-constant threat of attack.
Here are three major takeaways from the 2H 2021 Threat Intelligence Report and what it means for government agencies and public sector organizations looking to build a more robust cybersecurity posture.
The hits keep coming
The report found that the total number of DDoS attacks dipped slightly compared to its high in 2021. However, with 4.4 million attacks in the second half of 2021, and 9.5 million in 2021 total, DDoS attacks remain 14 percent above pre-pandemic levels.
DDoS remains a favorite and reliable tool for many malicious actors. Organizations must prepare their networks for the eventuality of a DDoS attack and find ways to ensure that their services will be able to handle the added server load during an incident.
Extortion and DDoS: better together
DDoS attacks have continued to be particularly effective for exerting pressure and gaining leverage. When faced with the loss of services, many government agencies and public sector organizations face a grim reality of either giving in to extortion demands or limiting citizens’ access to necessary services. For healthcare organizations, this becomes even more dangerous as critical lifesaving technology may be inaccessible to patients and providers when they are most needed.
When approaching the issue of maintaining a system that is under attack, government agencies and public sector organizations should look for ways to circumvent compromised networks. Utilizing a variety of solutions, organizations can continue to operate regardless of the best efforts of these malicious actors. It goes without saying that if it is possible to remove the threat of a DDoS attack impeding the ability of critical services to function, then the attackers will likely run out of resources to continue the attack.
Hackers for hire
As an attack, DDoS has become a favorite of a new class of malicious actors; the For-Hire Actor. Richard Hummel spoke with GovCyberHub recently and shared that there has been a shift in the way that malicious actors operate. Almost replicating the enterprises they target, these cybercriminals have begun to differentiate and specialize their operations creating teams that are talented at one specific role in the organization.
“These operations over the past four or five years have contributed to a kind of ‘commercialization’ of cybercrime,’ Hummel told GovCyberHub. “It used to be you would have one guy out there who can code malware, figure out how to distribute it to his victims, and then get them to pay ransomware payments – in other words create and execute all aspects of the attack campaign. In today’s day and age, that is a rare case. Today attacks use affiliated business models where different individuals are hired or get a cut of the extortion payment to create or execute a single aspect of the attack campaign they specialize in. ”
Government agencies and public sector organizations need to understand that these actors are not static, they are not content with utilizing the same means over and over again. They are evolving, they are learning to defeat solutions, and there is no silver bullet that can make the threat go away. As part of the commitment to safeguarding sensitive data, and enabling critical services, government agencies and public sector organizations must be prepared to maintain constant watch and adapt to meet the needs of the time.