Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

4/14/2021
04:20 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Vital Pandemic Industries Foster Unprecedented DDoS Attack Activity, NETSCOUT Threat Intelligence Report Finds

Record-setting 10 million-plus DDoS attacks and 22% increase in attack frequency; WISR survey findings reinforce impact of global DDoS extortion attack campaign.

WESTFORD, Mass.--(BUSINESS WIRE)--NETSCOUT SYSTEMS, INC., (NASDAQ: NTCT) today announced findings from its bi-annual Threat Intelligence Report, punctuated by a record-setting 10,089,687 Distributed Denial of Service (DDoS) attacks observed during 2020. Cybercriminals exploited vulnerabilities exposed by massive internet usage shifts since many users were no longer protected by enterprise-grade security. Attackers paid particular attention to vital pandemic industries such as e-commerce, streaming services, online learning, and healthcare generating a 20% year-over-year increase in attack frequency over 2019 plus a 22% increase in the last six months of 2020.

In August, a threat actor NETSCOUT dubbed Lazarus Bear Armada (LBA) launched one of the most sustained and extensive DDoS extortion campaigns yet seen, taking down the New Zealand stock exchange and targeting organizations involved in COVID-19 testing and vaccine development.

According to NETSCOUT's Worldwide Infrastructure Security Report® (WISR), which helps inform the Threat Intelligence Report findings, the number of enterprise respondents reporting DDoS extortion attacks increased by 125%. Overloaded firewalls and virtual private network (VPN) concentrators, crucial technologies used during the pandemic lockdown, contributed to the outages in 83% of the enterprises that suffered DDoS attacks. This finding represents a 21% increase over 2019 figures.

"Cybercriminals set multiple records in 2020, taking advantage of the shift towards remote work across the globe," stated Richard Hummel, threat intelligence lead, NETSCOUT. "The second half of last year witnessed a huge upsurge in DDoS attacks, brute-forcing of access credentials, and malware targeting internet-connected devices. As the COVID-19 pandemic continues, it will be imperative for security professionals to remain vigilant to protect critical infrastructure."

Other key findings from the NETSCOUT 2H2020 Threat Intelligence Report include:

  • Monthly DDoS attack numbers surpassed 800,000. Threat actors increased their DDoS onslaught due to the pandemic lockdown; monthly DDoS attacks exceeded 800,000 in March and never looked back, representing a new normal for DDoS attack activity. On average, there were 839,083 attacks per month in 2020, an increase of nearly 130 thousand attacks over 2019.
  • Mirai malware continued to thrive during the pandemic. Adversaries using Mirai malware and its variants took advantage of shifts away from enterprise-grade protection to generate a surge in brute-force attempts on Internet of Things (IoT) consumer-grade devices. Threat actors absorbed more devices into their botnets to further strengthen the frequency, size, and throughput of DDoS attacks worldwide.
  • Commonly Used UDP-based DDoS attack vectors fueled attack increases. New reflection/amplification DDoS vectors permitted the abuse of misconfigured Microsoft RDP over UDP, Plex Media SSDP, and DTLS services resulting in an increasingly complex threat landscape.

 

NETSCOUT's Threat Intelligence Report covers the latest trends and activities in the DDoS threat landscape. It covers data secured from NETSCOUT's Active Level Threat Analysis System (ATLAS™) coupled with NETSCOUT's ATLAS Security Engineering & Response Team (ASERT) insights.

The visibility and analysis represented in the Threat Intelligence Report and Cyber Threat Horizon fuel the ATLAS Intelligence Feed used across NETSCOUT's Arbor security product portfolio to detect and block threat activity for enterprises and service providers worldwide.

For more information on NETSCOUT's semi-annual Threat Intelligence Report, please visit our new interactive website. You can also find us on Facebook, LinkedIn, and Twitter for threat updates and the latest trends and insights.

About NETSCOUT

NETSCOUT SYSTEMS, INC. (NASDAQ: NTCT) helps assure digital business services against disruptions in availability, performance, and security. Our market and technology leadership stems from combining our patented smart data technology with smart analytics. We provide real-time, pervasive visibility and insights customers need to accelerate and secure their digital transformation. Our approach transforms the way organizations plan, deliver, integrate, test, and deploy services and applications. Our nGenius™ service assurance solutions provide real-time, contextual analysis of service, network, and application performance. Arbor Smart DDoS Protection by NETSCOUT products help protect against attacks that threaten availability and advanced threats that infiltrate networks to steal critical business assets. To learn more about improving service, network, and application performance in physical or virtual data centers, or in the cloud, and how NETSCOUT's performance and security solutions powered by service intelligence can help you move forward with confidence, visit www.netscout.com or follow @NETSCOUT on Twitter, Facebook, or LinkedIn.

©2021 NETSCOUT SYSTEMS, INC. All rights reserved. NETSCOUT, the NETSCOUT logo, Guardians of the Connected World, Adaptive Service Intelligence, Arbor, ATLAS, Cyber Threat Horizon, InfiniStream, nGenius, and nGeniusONE are registered trademarks or trademarks of NETSCOUT SYSTEMS, INC., and/or its subsidiaries and/or affiliates in the USA and/or other countries. Third-party trademarks mentioned are the property of their respective owners.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-16632
PUBLISHED: 2021-05-15
A XSS Vulnerability in /uploads/dede/action_search.php in DedeCMS V5.7 SP2 allows an authenticated user to execute remote arbitrary code via the keyword parameter.
CVE-2021-32073
PUBLISHED: 2021-05-15
DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote attacker to send a malicious request to to the web manager allowing remote code execution.
CVE-2021-33033
PUBLISHED: 2021-05-14
The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value.
CVE-2021-33034
PUBLISHED: 2021-05-14
In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.
CVE-2019-25044
PUBLISHED: 2021-05-14
The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs and blk_cleanup_queue.