The pandemic has seen an increase in cybercrime across the board but new research from Cloudflare has revealed that DDoS attacks are surging this year both in frequency and sophistication.
After doubling from Q1 to Q2, the total number of network layer attacks in Q3 of this year doubled again resulting in a four time increase in the number of attacks when compared to pre-Covid levels in the first quarter. At the same time, Cloudflare observed more attack vectors deployed than ever with a huge increase in protocol specific attacks including mDNS, Memcached and Jenkin DoS attacks.
The majority of DDoS attacks the CDN provider observed were under 500 Mbps and lasted less than one hour in duration though they still caused service disruptions. According to Cloudflare, 56 percent of all DDoS attacks launched this year took place in the third quarter.
Although the total number of attacks between 200-300 Gbps decreased in September, the firm saw more global attacks on its network in Q3 suggesting an increased use of distributed botnets to launch attacks. In July, Cloudflare observed one of the largest-ever attacks on its network generated by the Mirai-based botnet Moobot. The attack peaked at 654 Gbps and originated from 18,705 unique IP addresses.
When it came to attacks by country, the US saw the most attacks at 21.2 percent followed by Germany at just 3.9 percent and Australia at 3.2 percent.
Ransom-based DDoS attacks
In addition to an increase in DDoS attacks overall, Cloudflare also observed a rise in extortion and ransom-based DDoS (RDDoS) attacks targeting organizations around the world.
While RDDoS threats do not always result in an actual attack, the cases seen in recent months show that attacker groups are willing to launch large scale DDoS attacks which can overwhelm organizations lacking adequate protection. In an RDDoS attack, cybercriminals threaten either a person or organization with a cyberattack that could knock their networks, websites or applications offline unless a ransom is paid.
Cybercriminals claiming to be Fancy Bear, Cozy Bear and Lazarus have threatened to launch DDoS attacks against organizations’ websites and network infrastructure unless a ransom is paid before a given deadline. These attackers also launch an initial ‘teaser’ DDoS attack as a form of demonstration at the same time they sent out their ransom emails.
As DDoS attacks are once again becoming a popular tool in the arsenals of cybercriminals, it is essential that organizations deploy DDoS protection to avoid having their websites, apps and network infrastructure taken offline by cybercriminals.