Attackers focused on COVID-era lifelines such as healthcare, e-commerce, and educational services with complex, high-throughput attacks designed to overwhelm and quickly take them down, Netscout reveals.
“The first half of 2020 witnessed a radical change in DDoS attack methodology to shorter, faster, harder-hitting complex multi-vector attacks that we expect to continue,” stated Richard Hummel, threat intelligence lead, Netscout.
“Adversaries increased attacks against online platforms and services crucial in an increasingly digital world, such as e-commerce, education, financial services, and healthcare. No matter the target, adversary, or tactic used, it remains imperative that defenders and security professionals remain vigilant in these challenging days to protect the critical infrastructure that connects and enables the modern world.”
Record-breaking DDoS attacks at online platforms and services
More than 929,000 DDoS attacks occurred in May, representing the single largest number of attacks ever seen in a month. 4.83 million DDoS attacks occurred in the first half of 2020, a 15% increase. However, DDoS attack frequency jumped 25% during peak pandemic lockdown months (March through June).
Bad actors focused on shorter, more complex attacks
Super-sized 15-plus vector attacks increased 2,851% since 2017, while the average attack duration dropped 51% from the same period last year. Moreover, single-vector attacks fell 43% while attack throughput increased 31%, topping out at 407 Mpps.
The increase in attack complexity and speed, coupled with the decrease in duration, gives security teams less time to defend their organizations from increasingly sophisticated attacks.
Organizations and individuals bear the cost of cyber attacks
To determine the impact that DDoS attacks have on global Internet traffic, the Netscout ATLAS Security Engineering and Response Team (ASERT) developed the DDoS Attack Coefficient (DAC). It represents the amount of DDoS attack traffic traversing the internet in a given region or country during any one-minute period.
If no traffic can be attributed to DDoS, the amount would be zero. DAC identified top regional throughput of 877 Mpps in the Asia Pacific region, and top bandwidth of 2.8 Tbps in EMEA. DAC is important since cybercriminals don’t pay for bandwidth. It demonstrates the “DDoS tax” that every internet-connected organization and individual pays.