Latest NETSCOUT Threat Intelligence Report Shows How Cybercriminals Exploit a Pandemic

4.8 million attacks, combined with a 126% rise in 15-plus vector attacks and a 31% increase in throughput, increases mitigation difficulty

Latest NETSCOUT Threat Intelligence Report Shows How Cybercriminals Exploit a Pandemic

For cybercriminals, the COVID-19 pandemic was nothing short of a unparalleled business opportunity—and they took full advantage. Research from NETSCOUT’s 1H 2020 Threat Intelligence Report shows that the COVID-19 pandemic added rocket fuel to the growth in DDoS attacks. During the shutdown, the world was hit by the single largest number of monthly attacks seen to date—929,000 DDoS attacks in May alone. Attackers targeted COVID-era lifelines such as e-commerce, education platforms, and educational services with short, complex, high-throughput attacks designed to quickly overwhelm and take down targeted entities. Unsurprisingly, as schools closed and online usage increased, we also saw a surge in attacks on broadband networks, which translates largely to online gaming.

“The first half of 2020 witnessed a radical change in DDoS attack methodology to shorter, faster, harder-hitting complex multi-vector attacks that we expect to continue,” stated Richard Hummel, threat intelligence lead, NETSCOUT. “No matter the target, adversary, or tactic used, it remains imperative that defenders and security professionals remain vigilant in these challenging days to protect the critical infrastructure that connects and enables the modern world.”

The impact of this activity extends beyond the visible risks to critical services and cost of attack mitigation, however. DDoS attacks consume significant amounts of bandwidth and throughput—traffic that we all pay for. Here are just a few of the report’s highlights:

  • Pandemic Profiteers. Cybercriminals pounced on pandemic-driven vulnerabilities, launching an unprecedented number of shorter, faster, more complex attacks. The world-class researchers from NETSCOUT’s ATLAS Security Engineering & Response Team (ASERT saw 4.83 million attacks in the first half of 2020, up 15 percent from 2019—and jumping 25 percent during the height of the pandemic lockdown
  • Multivector Attacks Get Super-Sized. Complex 15-plus vector attacks have spiked 126 percent year over year and 2,851 percent since 2017. Meanwhile, the average duration of attacks fell 51 percent from the first half of 2019. This adds up to a giant headache for defenders, giving them less time to react to more difficult mitigation scenarios. At the same time, we saw a 43 percent decrease in single-vector DDoS attacks.
  • The Hidden Impact of DDoS Traffic. Of all the unprecedented DDoS numbers we saw, the sheer magnitude of bandwidth and throughput consumed by DDoS attacks took the prize. To measure the impact of that activity, we created the DDoS Attack Coefficient (DAC), which represents the total sum of DDoS traffic traversing any given region or country in one minute. Why does this matter? DDoS attackers don’t pay for it— we do. The cost of that activity trickles down to every internet-connected entity, enterprises and individuals alike. 
  • IoT-based Malware Expands. Mirai still rules the ever-expanding IoT-based malware world, and the pandemic effect triggered massive growth in Mirai-based variants in March. "Actors behind Mirai attacks have utilized the chaos behind the COVID pandemic to greatly accelerate and broaden their activities," said Mario Vuksan, CEO of ReversingLabs, a partner for the report. "As the world has turned towards work-from-home scenarios, the vulnerabilities associated with IoT and in general Linux-borne threat vectors have taken a much greater prominence."

About the Report

As threats grow across the landscape, NETSCOUT's unique position protecting enterprise networks and the internet through our service provider customers gives us wide visibility into this dynamic and ever-changing environment. NETSCOUT’s Arbor Active Threat Level Analysis System (ATLAS®) has actively monitored the global internet threat landscape since 2007. Today, it provides us with visibility into approximately one-third of the global internet.

By drawing on that comprehensive view with analysis driven by ASERT, we have created a representative view of the threat landscape as we observed in the first half of 2020 based on all our data and driven by extensive research and analysis.

To download the full report, click here

Our experts will dig into the details of the report in an upcoming webinar. Register here.