The long tail of cybercrime innovation swept through the lockdown days of the COVID-19 pandemic to infiltrate the bulk of 2021. Seven emergent attack vectors in seven months represents a much faster discover-and-weaponize rate than we usually see. Meanwhile, threat actors discovered ever-more-ingenious ways to part organizations from their money, such as the advent of triple extortion ransomware and DDoS extortion campaigns.
Although the vulnerabilities introduced by the global shift to online work and play are admittedly an outlier event, the avidity of the threat actors’ response should serve as a clarion call for an integrated global response to what many cyber experts believe is a national security risk. The U.S. Government Accountability Office (GAO) recently issued a report that highlights “the pressing need to strengthen federal cybersecurity and IT management,” with a recommendation to urgently address high-risk areas, such as by actually creating a comprehensive federal cybersecurity strategy.
As noted in our research into attacks on the connectivity supply chain, the information and communication technology supply chains also represent risks, a fact also called out by the GAO. In the wake of events such as the Colonial Pipeline ransomware attack and the Solarwinds hack, it’s clear that enterprise and service provider cybersecurity is increasingly intertwined with that of the public sector and what we consider critical infrastructure. As the danger posed by cybercrime rises to the level at which heads of state get involved, it’s clearly past time for a concerted global effort to combat the crisis. Although the genie likely never will be returned to the bottle, world leaders need to do a better job of corralling such activity.
A Note From the Editors
Given the ongoing surge in DDoS attack activity, we fully expected that our “up and to the right” mantra would prove correct for the first half of 2021 with a record-setting 5.4 million attacks. The world recently witnessed record-setting performances and athletics with the Tokyo Olympics, but such records in the DDoS world represent a shift in polarity and not something we ever want to achieve. Like elite athletes or smart entrepreneurs, threat actors know they must continually push beyond the expected and known. Innovation in the threat landscape happens swiftly—and when it comes to parting unsecured organizations from their money, those innovations never stop.
But the sea change wrought by the COVID-19 pandemic means that we’re now in uncharted territory. The breadth and depth of opportunities to exploit the increasing online dependence of organizations in every sector of human activity triggered a long tail of attacker innovation that continued well into 2021, culminating in the mainstreaming of complex, adaptive DDoS attack methodologies that can pose significant challenges to defenders.
These threat actors use adaptive DDoS attack techniques to custom-build attacks that attempt to evade the specific DDoS defenses of a target, both cloud-based and on premises. We see cybercriminals increasingly target the global connectivity supply chain by attacking vital components of internet operations, such as DNS servers, VPN concentrators, and internet exchanges. Meanwhile, ransomware gangs hit a perfect trifecta with triple extortion attacks that combine data encryption, data theft, and DDoS attacks. Throw in DDoS extortion, and both these types of campaigns continue to wreak havoc around the world. This year, we saw the self-dubbed “Fancy Lazarus” campaign surface, while the adversaries behind the existing Lazarus Bear Armada remain active. Industries such as broadband and wireless communications companies continue to remain top targets, particularly as attacks on online gaming—a perennial top target—affect broadband, wireless, and cable internet companies.
We have long held that vigilance and ongoing adherence to best current practices, when exercised appropriately, serve to protect against a plethora of threats. Starting with and building on these practices will help organizations construct a strong foundation for cybersecurity. But as threat landscape activity continues to move up and to the right, enterprises need to move beyond today’s status quo in order to survive. All organizations, regardless of size, industry, or location, need to pick up the baton of security and run the race together to defeat our enemies—cybercriminals.
Richard Hummel and Carol Hildebrand, Editors
Contributors: Richard Hummel, Carol Hildebrand, Hardik Modi, Roland Dobbins, Steinthor Bjarnson, Chris Conrad, Jon Belanger