As COVID-19 restrictions eased in the second half of 2021, so too did distributed-denial-of-service (DDoS) attacks. However, business leaders and security professionals should note that total attack numbers remained above pre-pandemic highs, demonstrating a continued overall increase of attacks year on year.
Indeed, although DDoS activity decreased in the second half of the year, findings from NETSCOUT’srecently published DDoS Threat Intelligence Reportshow that attackers are developing new and improved strategies to bolster their criminal efforts as countries recover from the pandemic.Globally, cybercriminals launchedmore than 4.4 million DDoS attacks from July to December of 2021, representing an average of a DDoS attack occurring every three seconds.These attacks have caused major disruptions to several industries from education and telecoms, to manufacturingand insurance.
What caused the decrease in DDoS attacks?
Given the sudden, wide-scale switch to remote working and learning during the pandemic – combined with threat actors’ tendance to take advantage of periods of economic uncertainty and hardship – the dramatic increase in attack numbers throughout the peak of the pandemicmirrored the increased reliance of digital services.
Confirming NETSCOUT’s previous predictions, DDoS activity then deceleratedin the second half of 2021 as countries started to emerge from lockdown restrictions and populations returned to in-person classes, work and social events before the rise of the Omicron variant. When compared to the first half of the year, DDoS activity had decreasedby three per cent from July to December of 2021.
DDoS free for all
A key finding in the DDoS Threat Intelligence Report was that DDoS-for-hire services arenow more available to the greaterpopulation. NETSCOUT’s researchers found numerous websites offering these serviceswhich nolonger charge anominal feeand have little to no vetting processes in place.So,any member of the public can launch DDoS attacks against a range of targetswithout needing a cryptocurrency account, nor even paying for the service that causes so much disruption.
NETSCOUT found 19 confirmed DDoS-for-hire services offering more than 200 different kinds of attacks for customers to choose from.Some of these services offered to target online gaming platforms for gamers wanting to attack their opponents, and others offered ways to avoidstandard anti-DDoS protections. Deploying DDoS attacks hastherefore become far easier due to these services.
As an example of how these services could be more widely used, NETSCOUTdetected an uptick in DDoS attacks targeting colleges, universities, and professional schools – some of which will have been using DDoS-for-hire services. Indeed, academic institutions faced a sizable 102 per cent increase in DDoS attacksthroughout the autumn months of 2021.
NETSCOUT has reason tobelieve thatstudents are behind these attacks, to avoid commuting to campuses or to delay their assignment deadlines and exams, as the timing aligns with the return to classes held in-person as COVID restrictions were eased. This may seem like a lot of effort for a small reward, but the repercussions are huge. These attacks can cause significant damage to communications service providers and their customer base as well as causinga knock-on effect toother businesses within that connectivity supply chain.
Upping the ante with DDoS extortion
Of all DDoS activity observed, findings show significant changes in the modus operandi by DDoS attackers via the use of 5G networkswhichprovide the speed and bandwidth needed to launch higher-profile attacks. While many other telecommunications sub-sectors experienced fewer attacks in the second half of 2021, there was, however, an increase in attacks towards wireless telecommunications with a global 38 per cent increase. The activity was likely due to the sudden widescale use of 5G technology, with attackers exploiting the vulnerabilities enabled by wireless hotspotgaming to use as attack vectors.
On top of this, it’s clear thatcybercriminals have beenlookingto make quick profits from an increase in DDoS extortion attacks. In fact, NETSCOUT identified a new record of three high-profile DDoS extortion attack campaigns being deployed within a similar timeframe.While it’s not uncommon to have one high-profile DDoS extortion campaign in a year, it’s fairly rare to see two or more campaigns within this timeframe. This displayshowattackers are highly motivated when it comes toexpanding the use of extortion tactics involving compromising data, deploying ransomware, and launching DDoS attacks.
When regards to targets, insurance agencies and brokers were heavily targetedby DDoS extortion attacks throughout the second half of last year, with anincrease of257 percent, most probably due to the perceived capital available at these organisations. Voice over internet protocol (VoIP) providersalso experienced an increase of 93 per cent inDDoS extortion activity andreported approximately $9 to $12 million in revenue losses over those six months.
With the large adoption of these attack techniques, it is expected that triple extortion campaigns will become increasingly sophisticated and destructive in the future. As a result, damages imposed by an attack will cause serious disruptions to day-to-day operations as well as financial losses when businesses pay out large sums of extortion money just to keep attackers at bay.
Defence against DDoS attacks
Overall, DDoS activity is proving to reach new records year on year. The changes observed in attack targets and methodology are signs that attackers have no intention in slowing down but are expanding their range of strategies. For businesses to successfully defend their online infrastructure from these threats, it is paramount that they invest in a strong and effective DDoS protection system and that they test it regularly to account for these changes in methodology.
Businesses should also consider partnering with an on-demand DDoS attack specialist. By utilising their expertise, businesses can negotiate unfamiliar circumstances and terrain, which should benefit the entire company, as well as individual teams. By adhering to best current practice procedures and puttingthese aforementioned recommendationsinto practice, they will be in a strong position to successfully defend their online properties should they be the target of a DDoS attack.