NETSCOUT’s ATLAS Security Engineering & Response Team (ASERT) observed a huge upsurge in distributed denial-of-service (DDoS) attacks, brute-forcing of access credentials, and malware targeting of internet-connected devices. Emad Fahmy, Systems Engineering Manager, Middle East, NETSCOUT, gives the key findings of this report.
What was the key finding of ‘NETSCOUT Threat Intelligence Report’?
The NETSCOUT Threat Intelligence Report observed multiple record-breaking events. For the first time in history, the annual number of observed DDoS attacks crossed the 10 million threshold, with NETSCOUT’s ASERT (ATLAS Security and Engineering Research Team) seeing 10,089,687 attacks over the course of 2020.
Cybercriminals exploited vulnerabilities exposed by massive internet usage shifts, as many users were no longer protected by enterprise-grade security.
Globally, industries such as e-commerce, streaming services, online learning, and healthcare all experienced increased attention from malicious actors targeting the very online services essential to remote work and online life.
Several countries in the Middle East have also experienced a significant rise in DDoS attacks, with telecoms, hospitality, online retailers and education being among the top sectors on the receiving end of such attacks.
Why are DDoS attacks so dangerous?
The proliferation of IoT devices, attack vectors, and automated attack tools are the reason behind an onslaught of larger and more sophisticated DDoS attacks in our connected world.
DDoS represents a significant threat to business continuity. As organizations have grown more dependent on the Internet and web-based applications and services, connectivity and access to enterprise networks have become more critical than ever.
DDoS attacks also target the mission-critical business applications that organizations rely on to manage daily operations, such as email, salesforce automation, CRM, and many others. Other industries, such as manufacturing, pharma, and healthcare have internal web properties that the supply chain and other business partners rely on for daily business operations. All of these are targets for today’s sophisticated cyber attackers.
What role has the COVID 19 pandemic played in DDoS attack activity?
The pandemic caused a seismic shift in internet usage as people increasingly moved their lives online.
During the past year, IT and network professionals were forced into action as remote work became the “new normal”. This has resulted in large-scale change for remote access architectures and cloud and cloud-delivered services. Cybersecurity risks have therefore heightened. Cyber-attackers are taking advantage of shifts in business connectivity, finding new ways to exploit security vulnerabilities.
The education sector was a prime target too, with educational institutions around the world reporting disruption in distance learning efforts by cyber actors using ransomware, DDoS attacks and video conference disruptions. We saw a 41% jump in DDoS attacks on educational services over the past three quarters: 32,000 attacks from July-September 2020, 39,000 attacks from October-December 2020, and 45,000 attacks in the first quarter of 2021.
Elaborate on the global DDoS extortion campaign?
Also known as ransom DDoS (RDDoS) attacks, DDoS extortion attacks occur when cybercriminals threaten individuals or organizations with a DDoS incursion unless an extortion demand is paid. These demands call for payment in cryptocurrency in order to avoid traceability by law enforcement authorities.
In August 2020, a group of attackers named Lazarus Bear Armada (LBA) launched one of the most extensive campaigns of DDoS extortion attacks yet seen.
LBA took down the New Zealand stock exchange in its debut attack. From there, LBA broadened its target base considerably to include financial services and financial-adjacent entities, healthcare, communications service providers, internet service providers (ISPs), large technology companies, travel-industry companies, and manufacturing firms. According to NETSCOUT’s Worldwide Infrastructure Security Report (WISR), which helps inform the Threat Intelligence Report findings, the number of enterprise respondents reporting DDoS extortion attacks increased by 125%.
The campaign remains active as adversaries have begun retargeting previously targeted organizations. The adversary cites the victim’s failure to pay the original extortion demand as the cause for renewed attacks.
How can organizations prevent DDoS attacks?
Organizations must take preventive measures to truly protect their digital infrastructures from DDoS attacks. Managing today’s and tomorrow’s DDoS attacks effectively and efficiently requires an integrated approach to attack mitigation. Thus, organizations need an automated, orchestrated combination of the best mitigation mechanisms for a given attack in any given environment. By leveraging intelligent and network infrastructure capabilities, and cooperation across network boundaries, organizations can defend themselves against DDoS attacks. This is made possible with solutions that allow complete visibility across the network perimeter.
Network visibility has become increasingly important. On-premise network analysis and DDoS mitigation tools specifically designed with these attacks in mind, can detect all kinds of DDoS attacks, alerting staff to their presence.
By increasing network visibility, companies can even turn these attacks to their advantage. An attacker probing a network with a sub-saturating DDoS event may be planning something more intrusive later. If an administrator can spot these forays early enough, they could be able to take preventative action. In this new, evolved era of advanced DDoS attacks, then, to be forewarned is to be forearmed.
DDoS attacks can be mitigated only if organizations are prepared. Regular reassessment of DDoS attack protection strategy is crucial. After all, today’s DDoS attacks are ever-changing, and traditional protection methods may not be enough. Organizations should keep up with the latest trends in DDoS attacks, know what the current best practices are for defense, and test those defenses on a regular basis.