Cyberattackers were quick to spot an opportunity when the Covid-19 pandemic forced most businesses to make rapid changes to how they operate, with 2020 seeing record-breaking global distributed denial-of-service (DDoS) attack activity.
According to the latest NETSCOUT Threat Intelligence Report, DDoS attacks are on the rise exponentially with 10 million observed attacks last year alone.
Philippe Alcoy has more than 20 years of experience in the IT security risk and compliance industry. He currently serves as Security Technologies for NETSCOUT, where he works across the research, strategy, and presales of distributed denial-of-service threat detection, investigation, and mitigation solutions for service providers and enterprises.
Here Alcoy provides insight into the threat opportunities that have emerged as a result of today’s new business normal and what organisations need to do in order to defend themselves from cybercriminals.
In the last 18 months, businesses of all sizes have been forced to make rapid and substantial changes to how they operate, with the pandemic forcing a large portion of the workforce to work remotely. This led to large volumes of sensitive data and systems being accessed from external locations, ultimately exposing them to threats beyond the traditional perimeter. Unsurprisingly, threat actors have been quick to spot this lucrative opportunity.
As a result, the pandemic has also given rise to a stark increase in DDoS attacks. According to the most recently published NETSCOUT Threat Intelligence Report, 2020 was a record-breaking year for DDoS activity, with more than 10 million attacks observed globally. This is the highest number ever recorded in a single calendar year.
What’s more, research from NETSCOUT’s ATLAS Security Engineering & Response Team (ASERT) team found that threat actors launched roughly 5.4 million DDoS attacks globally in the first half of 2021, representing an 11 per cent increase from the same period in 2020. Worryingly, if this trend continues, we are on track to hit just under 11 million DDoS attacks in 2021. This would once again break the annual record.
Why has there been an increase in DDoS attacks?
The increase in DDoS attacks can be attributed to a number of factors. First, cybercriminals are clearly taking advantage of the current reliance on remote working. Threat actors have shown their opportunistic tendencies, having realised that online infrastructure is more important than ever to keep distributed workforces connected and businesses in operation. An example of this can be seen with internet publishing and broadcasting, as services such as Zoom, Microsoft Teams and other video conferencing applications are among the most attacked in 2020.
Other critical industries, such as financial services, education and e-commerce, also appeared in the top 10 most targeted sectors. This shows that attackers have focused their efforts where they can cause the most disruption.
The second factor is that many internet users are no longer safeguarded against cyberattacks by enterprise-grade security systems when working remotely. This has led to more incidents like the Lazarus Bear Armada DDoS extortion attacks, which targeted virtual private network (VPN) concentrators.
Broadly speaking, attackers have realised that they can now disrupt an entire business instead of the 10 to 20 per cent of the workforce prior to the introduction of social distancing measures. Additionally, they have exploited the vulnerabilities exposed by the dramatic and large-scale shifts in internet usage since the start of the pandemic. The fact that more people are online than ever before means there is more opportunity to launch damaging attacks. These factors illustrate the pivotal role played by the pandemic in causing recent surges in DDoS attacks.
The importance of developing secure protection systems
While it’s difficult to predict the future, DDoS attack rates are showing no significant signs of slowing. This means that businesses are still at risk of attacks that can destroy or halt large portions of their online services and systems.
Adding to this, the cost of being on the receiving end of a DDoS attack is substantial. According to a report from Allianz Global Corporate & Speciality, the monetary damage caused by cybercrime has increased by approximately 70 per cent in the last five years alone, rising to $13million.
What’s more, a recent NETSCOUT Worldwide Infrastructure Security Report found that downtime connected with internet service outages as a result of DDoS attacks cost businesses $221,836.80. This shows that it is critical for organisations to have strong DDoS protection in place and to develop strategies for combatting these attacks.
To meet this threat, organisations should invest in a powerful and effective DDoS mitigation system. This will defend their public-facing online infrastructure prior to an attack taking place, providing them with peace of mind if and when they become the target of a DDoS attack. Only then can they have confidence in the system utilised to block an attack. For those organisations that have proactively secured their systems with strong DDoS protection, the damage from an attack has been minimal.
Testing systems
Businesses should also think about testing their DDoS defence systems on a semi-regular basis. This ensures that any tweaks made to the online systems are incorporated into the overall DDoS defence plan. As such, the entirety of an organisation’s online infrastructure will be well protected from a DDoS attack. When it comes to defending VPN concentrators, organisations should consider implementing an on-premise ‘stateless’ solution.
The use of stateless packet processing technology, in addition to utilising an advanced defence solution at the perimeter of the network, will detect DDoS attacks instantly. This rapid detection means that the businesses can and will be notified of the attacks before any serious damage is done.
The complex and constantly evolving nature of modern-day DDoS attacks mean that companies must continue to invest in security to adapt to today’s increasingly sophisticated threats. By implementing robust preventive measures, organisations will be in a much better position to defend themselves from these opportunistic, ‘new normal’ cyberthreats.
