Organizations globally encountered over 4.83 million distributed denial-of-service (DDoS) attacks in the first half of 2020. According to a research from Netsount, cybercriminals attacked health care, e-commerce, and educational service providers with short, complex, and high-throughput attacks designed to target their services. The research “2020 Threat Intelligence Report” stated that more than 929,000 DDoS attacks occurred in May 2020, which is the largest number of attacks reported in a month.
The research also found a 25% surge during the height of pandemic lockdown. “Cybercriminals pounced on pandemic-driven vulnerabilities, launching an unprecedented number of shorter, faster, more complex attacks designed to increase ROI. Attacks were also more complex, as 15-plus vector attacks spiked 2,851 percent in popularity since 2017. Three years ago, such attacks were considered outliers. Now, they are one of the most potent weapons in the DDoS attack arsenal. Meanwhile, we saw single-vector attacks drop 43 percent year over year,” the report said.
- A total of 4.83 DDoS attacks were discovered in H1 2020.
- A 25% growth in DDoS attack frequency was observed during the pandemic lockdown.
- 15+ vector attacks have spiked 126% Y-o-Y and 2,851% since 2017.
- A 43% decline was reported in single-vector DDoS attacks in H1 2020.
- Malicious attempts included Mirai variants, brute-force username/password combinations, and exploitation attempts.
“The DDoS attacks consumed enormous amounts of bandwidth and throughput—and both service providers and enterprises must absorb that traffic as a cost of doing business in the digital economy. But then, cybersecurity math has always favored the bad guys. The latest example is the trend towards fast but complex multi vector attacks. Such scenarios only highlight the vital role of advanced and automated DDoS technology,” the report added.
Weaponizing Documents for DDoS Attacks
Many industry experts stressed that DDoS attacks have evolved into weaponized instruments used to disseminate ransomware, as well as launch disruptive attacks against their targets. Attack vectors targeted for weaponization include mobile devices, documents, browsers, with the current favorite being IoT devices.
The researchers from Sophos discovered a weaponized document serving the dual purpose of delivering ransomware to the system, as well as exploiting it for potential DDoS attacks. The weaponized document was sent as a spear phishing email which upon opening launched Microsoft Word and initiated embedded macros, which enabled elevated privileges for the malicious document to execute an encoded VBscript.