DDoS attack activity: 10 million-plus attacks and 22% increase in attack frequency

Netscout announced findings from its bi-annual Threat Intelligence Report, punctuated by a record-setting 10,089,687 DDoS attacks observed during 2020.

Cybercriminals exploited vulnerabilities exposed by massive internet usage shifts since many users were no longer protected by enterprise-grade security. Attackers paid particular attention to vital pandemic industries such as e-commerce, streaming services, online learning, and healthcare generating a 20% year-over-year increase in attack frequency over 2019 plus a 22% increase in the last six months of 2020.

The number of enterprise respondents reporting DDoS extortion attacks increased by 125%. Overloaded firewalls and VPN concentrators, crucial technologies used during the pandemic lockdown, contributed to the outages in 83% of the enterprises that suffered DDoS attacks. This finding represents a 21% increase over 2019 figures.

“Cybercriminals set multiple records in 2020, taking advantage of the shift towards remote work across the globe,” stated Richard Hummel, threat intelligence lead, Netscout. “The second half of last year witnessed a huge upsurge in DDoS attacks, brute-forcing of access credentials, and malware targeting internet-connected devices. As the COVID-19 pandemic continues, it will be imperative for security professionals to remain vigilant to protect critical infrastructure.”

Other key findings from the Netscout 2H2020 Threat Intelligence Report include:

Monthly DDoS attack activity

Threat actors increased their DDoS onslaught due to the pandemic lockdown; monthly DDoS attacks exceeded 800,000 in March and never looked back, representing a new normal for DDoS attack activity. On average, there were 839,083 attacks per month in 2020, an increase of nearly 130,000 attacks over 2019.

Mirai malware continued to thrive during the pandemic

Adversaries using Mirai malware and its variants took advantage of shifts away from enterprise-grade protection to generate a surge in brute-force attempts on IoT consumer-grade devices. Threat actors absorbed more devices into their botnets to further strengthen the frequency, size, and throughput of DDoS attacks worldwide.

Commonly Used UDP-based DDoS attack vectors fueled attack increases

New reflection/amplification DDoS vectors permitted the abuse of misconfigured Microsoft RDP over UDP, Plex Media SSDP, and DTLS services resulting in an increasingly complex threat landscape.