Cybercriminals launched approximately 5.4 million Distributed Denial of Services (DDoS) attacks in the first half of 2021, increasing 11% over 1H2020 figures, according to a study by cybersecurity company, Netscout Systems, Inc.
Findings from the Threat Intelligence Report, a bi-annual study by Netscout that analyzed the impact of cyberattacks on public and private institutions worldwide, suggest that 2021 records may surpass records of 11 million DDoS attacks.
The report further reveals that the rising spate of cybercriminal attacks has made it a global cybersecurity crisis with far-reaching impact on critical internet gateways
Netscout’s Active Level Threat Analysis System (ATLAS) Security Engineering and Response Team (ASERT) “expects this long tail of attacker innovation to last, fueling a growing cybersecurity crisis that will continue to impact public and private organizations.”
In the wake of Colonial Pipeline, JBS, Harris Federation, Australian broadcaster Channel Nine, CNA Financial, and several other high-profile attacks, according to the findings, “the impact of DDoS and other cybersecurity attacks has been felt worldwide.
“As a result, leading governments are introducing new programs and policies to defend against attacks, and policing organizations are initiating unprecedented collaborative efforts to address the crisis.”
Netscout reports that during 1H2021, cybercriminals weaponized and exploited seven newer reflection/amplification DDoS attack vectors putting organizations at greater risk. “This attack vector explosion spurred an increase in multivector DDoS attacks with a record-setting 31 attack vectors deployed in a single attack against one organization.”
DDoS Attacks: The Findings
Other key findings from the NETSCOUT 1H2021 Threat Intelligence Report include:
- New adaptive DDoS attack techniques evade traditional defenses. By customizing their strategies, cybercriminals evolved their attack efforts to bypass cloud-based and on-premise static DDoS defenses to target commercial banks and credit card processors.
- Connectivity supply chain increasingly under attack. Bad actors looking to cause the most collateral damage focused their efforts on vital internet components, including DNS servers, virtual private network (VPN) concentrators, services, and internet exchanges, disrupting essential gateways.
- Cybercriminals add DDoS to their toolkit to launch triple extortion campaigns. Ransomware has become big business, with extortionists adding DDoS to their attack regimen to ratchet up the pressure on victims and add stress to security teams. Triple extortion combines file encryption, data theft, and DDoS attacks, increasing the possibility that cyber criminals receive payment.
- The fastest DDoS attack recorded a 16.17% year-over-year increase. A Brazilian wireline broadband internet user launched the attack, which was likely related to online gaming. Using DNS reflection/amplification, TCP ACK flood, TCP RST flood, and TCP SYN/ACK reflection/amplification vectors, the sophisticated attack recorded 675 Mpps.
- The largest DDoS attack, 1.5 Tbps, represented a year-over-year increase of 169%. ASERT data identified this attack against a German ISP, deploying a DNS reflection/amplification vector. This attack represents a dramatic increase in size over any attacks recorded in 1H2020.
- Botnets contribute to major DDoS activity – Tracked botnet clusters and high-density attack-source zones worldwide showcased how malicious adversaries abused these botnets to participate in more than 2.8 million DDoS attacks. In addition, well-known IoT botnets Gafgyt and Mirai continue to pose a severe threat contributing to more than half of the total number of DDoS attacks.
Richard Hummel, Netscout threat intelligence lead says that “cybercriminals are making front-page news launching an unprecedented number of DDoS attacks to take advantage of the pandemic’s remote work shift by undermining vital components of the connectivity supply chain.”
He says that “Ransomware gangs added triple-extortion DDoS tactics to their repertoire. Simultaneously, the Fancy Lazarus DDoS extortion campaign kicked into high gear threatening organisations in multiple industries with a focus on ISPs and specifically their authoritative DNS servers.”