NETSCOUT Threat Intelligence Report Show Dramatic Increase in Multivector DDoS Attacks in First-Half 2020
September 2020 by NETSCOUT SYSTEMS, INC.
NETSCOUT SYSTEMS, INC., announced the findings of its 1H 2020 Threat Intelligence Report, which reinforces the dramatic impact cybercriminals have had during the COVID-19 pandemic. Attackers focused on COVID-era lifelines such as healthcare, e-commerce, and educational services with complex, high-throughput attacks designed to overwhelm and quickly take them down.
“The first half of 2020 witnessed a radical change in DDoS attack methodology to shorter, faster, harder-hitting complex multi-vector attacks that we expect to continue,” stated Richard Hummel, threat intelligence lead, NETSCOUT. “Adversaries increased attacks against online platforms and services crucial in an increasingly digital world, such as e-commerce, education, financial services, and healthcare. No matter the target, adversary, or tactic used, it remains imperative that defenders and security professionals remain vigilant in these challenging days to protect the critical infrastructure that connects and enables the modern world.”
Key findings from the NETSCOUT 1H 2020 Threat Intelligence Report include:
· Cybercriminals launched record-breaking attacks at online platforms and services during the pandemic – More than 929,000 DDoS attacks occurred in May, representing the single largest number of attacks ever seen in a month. 4.83 million DDoS attacks occurred in the first half of 2020, a 15% increase. However, DDoS attack frequency jumped 25% during peak pandemic lockdown months (March through June).
· Bad actors focused on shorter, more complex attacks – Super-sized 15-plus vector attacks increased 2,851% since 2017, while the average attack duration dropped 51% from the same period last year. Moreover, single-vector attacks fell 43% while attack throughput increased 31%, topping out at 407 Mpps. The increase in attack complexity and speed, coupled with the decrease in duration, gives security teams less time to defend their organisations from increasingly sophisticated attacks.
· Organisations and individuals bear the cost of cyber attacks – To determine the impact that DDoS attacks have on global Internet traffic, the NETSCOUT ATLAS Security Engineering and Response Team (ASERT) developed the DDoS Attack Coefficient (DAC). It represents the amount of DDoS attack traffic traversing the internet in a given region or country during any one-minute period. If no traffic can be attributed to DDoS, the amount would be zero. DAC identified top regional throughput of 877 Mpps in the Asia Pacific region, and top bandwidth of 2.8 Tbps in EMEA. DAC is important since cybercriminals don’t pay for bandwidth. It demonstrates the “DDoS tax” that every internet-connected organisation and individual pays.
NETSCOUT’s Threat Intelligence Report covers the latest trends and activities in the DDoS threat landscape. It covers data secured from NETSCOUT’s Active Level Threat Analysis System (ATLAS) coupled with insights from the ASERT.
The visibility and analysis represented in the Threat Intelligence Report and Cyber Threat Horizon fuel the ATLAS Intelligence Feed used across NETSCOUT’s Arbor security product portfolio to detect and block threat activity for enterprises and service providers worldwide.