NETSCOUT Threat Intelligence Report, 2H 2020

Not all world records are cause for celebration—just look at the DDoS attack numbers from 2020.

As the COVID-19 pandemic triggered a massive shift in internet usage, cybercriminals quickly pounced, launching more than 10 million DDoS attacks aimed at crippling targets with a heavy reliance on online services. Attack frequency spiked 20 percent year over year and 22 percent for the last six months of 2020.

Research from both NETSCOUT’s ATLAS Security Engineering & Response Team (ASERT) and the 16th annual Worldwide Infrastructure Security Report (WISR) survey shows that the COVID-19 pandemic was the clear catalyst for this year’s unprecedented DDoS attack activity. Vital pandemic industries such as ecommerce, streaming services, online learning, and healthcare all experienced increased attention from malicious actors targeting the very online services essential to remote work and online life. According to data from the WISR, 83% of enterprises that suffered a DDoS attack reported that firewalls and/or VPN devices contributed to an outage due to the traffic, a year-over-year increase of more than 20 percent.

In mid-August, Lazarus Bear Armada (LBA) launched one of the largest campaigns of DDoS extortion attacks yet seen. Unsurprisingly, the number of DDoS extortion attacks reported by enterprise WISR respondents ballooned by 125 percent. LBA’s work was likely also influenced by the exigencies of the pandemic: the group’s victims included businesses involved in COVID-19 testing and vaccine development—enticing targets given their combination of both deep pockets and urgent deadlines. In addition to conventional attacks on internet-facing services, the cybercriminals also focused on disrupting ongoing operations within a company, such as the inbound/outbound use of VPNs, firewalls, and cloud-based tools by employees working from home.

Key Findings

• DDoS crosses the 10 million attack threshold
• A new normal: More than 800,000 attacks per month
• Global DDoS extortion campaign
• UDP-based DDoS attack vectors fuel attack increases
• Botmasters exploit pandemic vulnerabilities

Download the report today to find more.