Internet security firm NetScout has today published its 2020 Threat Intelligence Report that has found a record-breaking number of Distributed Denial of Service (DDoS) attacks took place during the year of the COVID-19 pandemic.
They speculate that the increase in remote working and distance learning is responsible for this spike.
20% increase in attack frequency
According to the report, the firm observed 10,089,687 DDoS attacks in 2020. This represented a 20% year-on-year increase in attack frequency, which is a huge jump. Even more dramatic was the increase over the last six months of 2020, when NetScout observed an additional 22% increase.
These were global figures. In the UK, the increase was even more pronounced.
Overall, the UK saw a 48% increase in the frequency of attacks in 2020, with November and December bearing the bulk of these.
NetScout believes that the increase is down to the number of workers who have shifted from in-office devices, which are typically protected by enterprise-grade security tools to remote devices which are generally less well secured.
The sectors that NetScout have observed being most commonly targeted are those that have been key to the pandemic and lockdown periods such as e-commerce, streaming services, online learning, and healthcare.
Of those enterprises that were subjected to a DDoS attack, 83% suffered some form of outage, either as a result of overloaded firewalls or corporate virtual private network (VPN) concentrators. This is also a 21% increase on the previous year.
Specific actors responsible
The report highlights a number of examples. These includes one example from an actor known to NetScout as Lazarus Bear Armada (LBA).
They conducted what was described as “one of the most sustained and extensive DDoS extortion campaigns yet seen” which managed to take down a number of high profile organisations including the New Zealand stock exchange and targeting organisations involved in COVID-19 testing and vaccine development.
On a month-to-month basis, NetScout observed more than 800,000 DDoS attacks with a steady increase in numbers once the pandemic kicked in in March. This represents an overall increase in attacks of almost 130,000 a month over 2009.
Coining a phrase which has become increasingly commonly used over the past year, this increase in attacks appears to be “the new normal”.
NetScout also observed an increase in the use of Mirai malware in 2020 too. Hackers used this tool in particular to take advantage of more lax security on many devices to attempt to brute-force attack Internet of Things (IoT) consumer-grade devices. Multiple new variants of this malware were also observed in 2020.
As Richard Hummel, the threat intelligence lead at NetScout explained, “Cybercriminals set multiple records in 2020, taking advantage of the shift towards remote work across the globe.”
“The second half of last year witnessed a huge upsurge in DDoS attacks, brute-forcing of access credentials, and malware targeting internet-connected devices. As the COVID-19 pandemic continues, it will be imperative for security professionals to remain vigilant to protect critical infrastructure.”
Individual user responsibility
He is absolutely right but it is important to note that he is addressing security professionals because that is NetScout’s key market. But the message is just a true for individual internet users as well.
The risks of being targeted or getting caught up in a DDoS attack (for example by having your device hijacked and tied into a hackers botnet) are increasing too and that means you too need to consider how best to protect yourself from such threats.
Our advice is unchanged and has been consistent for some time. All internet users need an effective suite of tools to keep themselves safe online. These include a strong firewall, anti-virus and anti-malware software, a decent password manager, and, of course, a VPN.
With a VPN, your internet connection and your data is encrypted and secure. This minimises the risk of you being targeted by hackers.
VPNs alone will not protect you from a DDoS attack, but are an essential part of a suite of internet security tools that can help to keep you safe. As NetScout have shown in their report, this has never been more important.