DDoS Protection , Fraud Management & Cybercrime , Fraud Risk Management

Netscout: 10 Million DDoS Attacks in 2020

Researchers Say Pandemic Triggered Surge in Activity
Netscout: 10 Million DDoS Attacks in 2020

The number of distributed denial-of-service attacks launched in 2020 surpassed 10 million, up from 8.5 million in 2019, according to NetScout's Atlas Security Engineering and Response Team.

See Also: Live Webinar | SolarWinds Breach: If Cyber Companies Can Get Hit, Do You Stand A Chance?

DDoS attacks are often waged as part of extortion campaigns, with hackers threatening to escalate attacks if a ransom is not paid.

NetScout noted the the number of DDoS attacks exceeded 800,000 per month starting in March 2020, when the spread of the COVID-19 virus was declared a pandemic, peaking in May 2020 when 929,000 were launched. By comparison, the number of attacks each month averaged about 725,000 in 2019.

"DDoS attack count, bandwidth and throughput all saw significant increases since the start of the global COVID-19 pandemic," say NetScout researchers Richard Hummel and Carol Hildebrand, citing the company’s findings.

The researchers note the number of malware samples targeting IoT devices last year doubled, compared to 2019. The hackers waging DDoS attacks pushed out malware to pull additional unprotected IoT devices into their botnets to help fuel additional attacks.

Tracking DDoS Attacks

North American entities were hit most often by DDoS attacks in 2020, followed by South Korea, the U.K., Brazil and China, NetScout’s research shows.

Most of the attacks targeted broadband providers. "However, we also observed cloud providers, e-commerce and education break into the top targeted industries in light of the new dynamics with COVID and education and shopping taking place over the internet," the researchers note.

Scale of Attacks Increasing

NetScout found the size of DDoS attacks varied by region, with the largest attack last year - with 1.12 TB of data per second sent – occurring in the EMEA [Europe, Middle East and Africa] region, the researchers say. The fastest attack - at 586 MB per second – was in the Asia Pacific region.

"Notably, the bandwidth and throughput for attacks often change, and we will go long periods of time between very large and very fast attacks,” the researchers say. “However, in most countries and regions, the throughput of attacks continues to increase, while the duration of attacks continues to decrease, resulting in faster, shorter attacks that become more difficult to mitigate.”

Lazarus Bear Armada

The NetScout researchers singled out one DDoS threat group, Lazarus Bear Armada, as being particularly active last year. After originally concentrating on the financial services sector, the group branched out to target larger healthcare enterprises, including insurers, medical testing companies and global pharmaceutical companies.

"Some of these businesses were involved in COVID-19 testing and the development of vaccines,” the researchers say. “While it is doubtful that the attackers aimed specifically to disrupt the work, the fact that these companies had both deep pockets and urgent deadlines made them prime targets."

This year, the Lazarus Bear Armada gang is again targeting organizations it hit last year that refused to pay a ransom when threatened with escalated DDoS attacks. It's threatening them with additional DDoS attacks if they continue to reject paying ransoms, according to the researchers (see: DDoS Attackers Revive Old Campaigns to Extort Ransom).


About the Author

Doug Olenick

Doug Olenick

News Editor, ISMG

Olenick has covered the cybersecurity and computer technology sectors for more than 25 years. Prior to joining ISMG as news editor, Olenick was online editor for SC Media, where he covered every aspect of the cybersecurity industry and managed the brand's online presence. Earlier, he worked at TWICE - This Week in Consumer Electronics - for 15 years. He also has contributed to Forbes.com, TheStreet and Mainstreet.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing ddos.inforisktoday.com, you agree to our use of cookies.