Link11, the leading European IT security provider in the field of cyber-resilience, has released findings from its annual DDoS Report for 2020, which revealed DDoS attacks reached a record high during the pandemic as cybercriminals launched new and increasingly complex attacks.
The analysis, which was carried out by the Link11 Security Operations Center (LSOC) in combination with OSINT, showed a boom in DDoS attacks that were closely linked to the pandemic.
Key findings from the Link11 DDoS Report include:
● Boom in Attacks: from February to September 2020, the number of DDoS attacks nearly doubled and was on average 98% higher than in the same period last year. It Is estimated that there were 50 million DDoS attacks worldwide over twelve months.
● Increased Attack Volumes: High-volume attacks of over 50 Gpbs became a problem for inadequately protected businesses.
● Complex Attacks: 59% of incidents used so-called multi-vector attacks, which are harder to prevent and defend against.
● New Attack Techniques: Numerous new DDoS vectors were detected; in particular, DVR DHCPDiscovery, Plex Media Server, and Citrix Netscaler stood out.
● High Attack Frequency: The attackers increasingly relied on short, repetitive attacks lasting for hours and days.
● The longest DDoS attack was 5,698 minutes equating to four full days of continuous bombardment.
As the attack surfaces for companies have increased in size and complexity due to the digital transformation triggered by the pandemic, DDoS attackers have adapted to these trends. In addition to VPNs and APIs, attackers also focused on CRMs, databases, and email and web servers, which attacks extending across all layers.
"We’ve seen a large increase in vulnerabilities that can be exploited by DDoS attacks,” says Marc Wilczek, Managing Director of Link11. “Attackers are constantly scanning the internet for new ports and protocols that can be used to overload companies' IT infrastructures. Not all companies have adapted to this threat, and there have been many headline-grabbing outages as a result."
The 2020 DDoS report revealed that cybercriminals began ramping up their DDoS extortion efforts in the second half of the year. Extortionists posing as Fancy Bear, Cozy Bear, Armada Collective, and Lazarus Group mainly targeted operators of critical infrastructure and providers of financial services, eCommerce, and hosting services. Often using large-volume warning attacks of over 50 Gbps, the extortionists pressured companies to pay ransoms ranging from five to 15 Bitcoins.
The report also suggests that DDoS attacks will continue to be prevalent in 2021. Digital corporate IT, cloud services and APIs will continue to experience heavy DDoS fire in the coming months and companies should include the threat of DDoS extortion in their risk assessments.