How the pandemic affected DDoS attack patterns, global internet traffic

There has been a shift in internet traffic patterns coinciding with an increase in DDoS and other types of network attacks in recent months as organizations across industries quickly transitioned to remote workforces and individuals under stay-at-home orders began relying on the internet more heavily, according to Neustar.

Growing reliance on the internet

The pandemic effect was clear in traffic to specific websites, such as the 250% increase in queries for a popular collaboration platform as lockdowns commenced and the sharp rise in traffic to the website of a N95 masks manufacturer.

A noticeable rise in traffic was noticed in mid-March correlating with the dates that schools and organizations began to implement isolation policies, and query numbers continued to rise afterward, with a sharp uptick about a month after isolation policies had begun to take hold.

There was a 14% increase in DNS query volumes between March 1 and May 3, as the full impact of the pandemic set in around the world.

Of course, not all industries have been affected equally. As might be expected, queries to retail companies and streaming services saw a large increase during the one-month period coinciding with the beginning of stay-at-home orders, while the travel industry saw decline initially but appears to be recovering.

Traffic patterns and increasing attacks

Concurrent with these changes in traffic patterns, there was dramatic rise in DDoS and other attacks across virtually every metric measured, including increases in the overall number of attacks; attack severity, which considers the volume of attack (measured in tera- or gigabits per second, which congests bandwidth); and attack intensity (measured in millions of packets per second, which targets infrastructure).

“It’s no surprise that in this massive and unplanned shift of the global workforce now suddenly being reliant on home internet and corporate VPN connectivity, bad actors and cyber criminals would seek to take advantage of emerging network vulnerabilities,” said Brian McCann, President of Security Solutions at Neustar.

“Whereas it could take years for a business to build and execute on a plan to support a remote workforce, every organization suddenly had to implement one immediately.”

The DNS hijacking threat

While many DDoS and other types of attacks focus on corporate assets, there has also been an increase in DNS hijacking, a technique in which DNS settings are changed to redirect the user to a website that might look legitimate but often contains malware disguised as something useful.

“Combined with the growing number of threats against the internet’s DNS infrastructure, the unexpected need to support a fully distributed workforce often exposes new vulnerabilities that are difficult for organizations to guard against, underscoring the importance of having effective cybersecurity measures like always-on DDoS protection services in place to ensure operational continuity,” added McCann.