Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

4/14/2021
04:20 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Vital Pandemic Industries Foster Unprecedented DDoS Attack Activity, NETSCOUT Threat Intelligence Report Finds

Record-setting 10 million-plus DDoS attacks and 22% increase in attack frequency; WISR survey findings reinforce impact of global DDoS extortion attack campaign.

WESTFORD, Mass.--(BUSINESS WIRE)--NETSCOUT SYSTEMS, INC., (NASDAQ: NTCT) today announced findings from its bi-annual Threat Intelligence Report, punctuated by a record-setting 10,089,687 Distributed Denial of Service (DDoS) attacks observed during 2020. Cybercriminals exploited vulnerabilities exposed by massive internet usage shifts since many users were no longer protected by enterprise-grade security. Attackers paid particular attention to vital pandemic industries such as e-commerce, streaming services, online learning, and healthcare generating a 20% year-over-year increase in attack frequency over 2019 plus a 22% increase in the last six months of 2020.

In August, a threat actor NETSCOUT dubbed Lazarus Bear Armada (LBA) launched one of the most sustained and extensive DDoS extortion campaigns yet seen, taking down the New Zealand stock exchange and targeting organizations involved in COVID-19 testing and vaccine development.

According to NETSCOUT's Worldwide Infrastructure Security Report® (WISR), which helps inform the Threat Intelligence Report findings, the number of enterprise respondents reporting DDoS extortion attacks increased by 125%. Overloaded firewalls and virtual private network (VPN) concentrators, crucial technologies used during the pandemic lockdown, contributed to the outages in 83% of the enterprises that suffered DDoS attacks. This finding represents a 21% increase over 2019 figures.

"Cybercriminals set multiple records in 2020, taking advantage of the shift towards remote work across the globe," stated Richard Hummel, threat intelligence lead, NETSCOUT. "The second half of last year witnessed a huge upsurge in DDoS attacks, brute-forcing of access credentials, and malware targeting internet-connected devices. As the COVID-19 pandemic continues, it will be imperative for security professionals to remain vigilant to protect critical infrastructure."

Other key findings from the NETSCOUT 2H2020 Threat Intelligence Report include:

  • Monthly DDoS attack numbers surpassed 800,000. Threat actors increased their DDoS onslaught due to the pandemic lockdown; monthly DDoS attacks exceeded 800,000 in March and never looked back, representing a new normal for DDoS attack activity. On average, there were 839,083 attacks per month in 2020, an increase of nearly 130 thousand attacks over 2019.
  • Mirai malware continued to thrive during the pandemic. Adversaries using Mirai malware and its variants took advantage of shifts away from enterprise-grade protection to generate a surge in brute-force attempts on Internet of Things (IoT) consumer-grade devices. Threat actors absorbed more devices into their botnets to further strengthen the frequency, size, and throughput of DDoS attacks worldwide.
  • Commonly Used UDP-based DDoS attack vectors fueled attack increases. New reflection/amplification DDoS vectors permitted the abuse of misconfigured Microsoft RDP over UDP, Plex Media SSDP, and DTLS services resulting in an increasingly complex threat landscape.

 

NETSCOUT's Threat Intelligence Report covers the latest trends and activities in the DDoS threat landscape. It covers data secured from NETSCOUT's Active Level Threat Analysis System (ATLAS™) coupled with NETSCOUT's ATLAS Security Engineering & Response Team (ASERT) insights.

The visibility and analysis represented in the Threat Intelligence Report and Cyber Threat Horizon fuel the ATLAS Intelligence Feed used across NETSCOUT's Arbor security product portfolio to detect and block threat activity for enterprises and service providers worldwide.

For more information on NETSCOUT's semi-annual Threat Intelligence Report, please visit our new interactive website. You can also find us on Facebook, LinkedIn, and Twitter for threat updates and the latest trends and insights.

About NETSCOUT

NETSCOUT SYSTEMS, INC. (NASDAQ: NTCT) helps assure digital business services against disruptions in availability, performance, and security. Our market and technology leadership stems from combining our patented smart data technology with smart analytics. We provide real-time, pervasive visibility and insights customers need to accelerate and secure their digital transformation. Our approach transforms the way organizations plan, deliver, integrate, test, and deploy services and applications. Our nGenius™ service assurance solutions provide real-time, contextual analysis of service, network, and application performance. Arbor Smart DDoS Protection by NETSCOUT products help protect against attacks that threaten availability and advanced threats that infiltrate networks to steal critical business assets. To learn more about improving service, network, and application performance in physical or virtual data centers, or in the cloud, and how NETSCOUT's performance and security solutions powered by service intelligence can help you move forward with confidence, visit www.netscout.com or follow @NETSCOUT on Twitter, Facebook, or LinkedIn.

©2021 NETSCOUT SYSTEMS, INC. All rights reserved. NETSCOUT, the NETSCOUT logo, Guardians of the Connected World, Adaptive Service Intelligence, Arbor, ATLAS, Cyber Threat Horizon, InfiniStream, nGenius, and nGeniusONE are registered trademarks or trademarks of NETSCOUT SYSTEMS, INC., and/or its subsidiaries and/or affiliates in the USA and/or other countries. Third-party trademarks mentioned are the property of their respective owners.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24259
PUBLISHED: 2021-05-05
The “Elementor Addon Elements� WordPress Plugin before 1.11.2 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2021-24260
PUBLISHED: 2021-05-05
The “Livemesh Addons for Elementor� WordPress Plugin before 6.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2021-24261
PUBLISHED: 2021-05-05
The “HT Mega – Absolute Addons for Elementor Page Builder� WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by ...
CVE-2021-24262
PUBLISHED: 2021-05-05
The “WooLentor – WooCommerce Elementor Addons + Builder� WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-priv...
CVE-2021-24263
PUBLISHED: 2021-05-05
The “Elementor Addons – PowerPack Addons for Elementor� WordPress Plugin before 2.3.2 for WordPress has several widgets that are vulnerable to stored Cross-Site Scriptin...