DDoS Attacks During COVID-19
You’ve Heard This All Before... or Have You?
DDoS attacks are nothing new. The first recorded DDoS attack happened over twenty years ago. These threats have grown steadily over the years, in size, intensity and number. The growth of these attacks has, in fact, been so…steady…that warnings about the dangers of DDoS had almost become background noise.
Then came 2020 and COVID-19. Internet use changed radically, and the security landscape has been altered accordingly.
2020 has already brought us the largest volumetric attack on record at 2.3 Tbps in mid-February. The attack utilized Connectionless Lightweight Directory Access Protocol (CLDAP) as an amplification factor. CLDAP has been used in DDoS attacks for years, and while these servers can amplify traffic by 56 to 70 times, the volume of the attacks speaks to the numbers involved. Neustar mitigated a 1.17 Tbps CLDAP-based attack in the first half of 2020, a size comparable to the largest volumetric attacks on record. The previous record of 1.7 Tbps utilized Memcached servers, which feature a much larger amplification factor, to reach its peak.
Not only have we now topped the previous volume record, 2020 has also delivered a new record in attack intensity at 809 million packets per second. While the goal of volumetric attacks is fairly intuitive – congest bandwidth to a given target – DDoS attacks with very high intensity are aiming to overwhelm specific parts of infrastructure. Neustar has regularly mitigated DDoS attacks of over 300 million pps in 2020.
Not only have the biggest attacks gotten bigger in 2020, but the overall number of attacks have seen a dramatic increase as well. Here at Neustar we have seen two-and-a-half times as many attacks in the first half of 2020 as we have last year. This rise in attacks mirrors with what we’ve observed throughout the industry.
All for a Good Reason
Businesses with an increasing reliance upon online resources, such as retail/ecommerce or financial institutions, make them richer targets for cybercriminals. As lockdowns and quarantines stretch on, gaming and gambling sites – always popular targets – see ever more attacks. Recent attacks on healthcare institutions and government authorities cast a more opportunistic light on threats.
DDoS threats have become the utility player of today’s attacker. Large 1 Tbps + attacks are valuable on their own. Burst attacks can yield valuable information about a company’s defenses and wreak havoc and be gone before the target can even react. Lower level DDoS attacks can be used to drive brand preference away from the target brand.
DDoS attacks have become so affordable and easy to access that they can be a valuable distraction for other types of attacks. And let us not forget that today’s cybercriminal, as well as today’s bored teenagers and college age students, are probably in quarantine too, with hours on their hands and time to cause mayhem.
What to Do?
Neustar’s advice has always been, and remains, consider your assets and base the security with which you surround them on their value to your business. If you have never felt that you needed DDoS protection, this could be a good time to consider an on-demand solution. If you have been attacked, like the 68% of Neustar International Security Council (NISC) members who reported that they had been a victim of a DDoS, or in a vulnerable industry, it might be in your interest to think about an Always-On solution. It’s always worthwhile to envision what damage a DDoS attack could do, before it happens.
To learn more about NISC, please visit https://www.nisc.neustar