Extortion, ransom-related DDoS attacks surged in 2020
New research has revealed there was a 154% increase in the number of cyber attacks between 2019 and 2020, with growth in ransom-related DDoS (RDDoS) attacks and a rise in use of existing attack vectors, including web applications.
Neustar Inc has published its Cyber Threats and Trends: Pandemic Style report, detailing the security risks faced by companies as the COVID-19 pandemic accelerated the digital revolution.
DDoS ransom attacks on the rise
Primarily, the report highlights a rise in ransom-related DDoS attacks, by which extortion demands are issued against organisations. These attacks grew in persistence and sophistication, as well as by target, compared to previous years.
While RDDoS is not a new phenomenon for many online industries, attackers have recently set their sights on organisations across a wider variety of sectors including financial services, government and telecommunications.
One reason for the adoption of DDoS as a ransom vector, as opposed to using malware, is the ease with which such attacks can be carried out. Infecting an organisations networks with malware or ransomware takes time and careful planning.
Launching a DDoS attack, in comparison, has become relatively simple and has the added benefit of being harder to trace back to its origin.
2020 saw bad actors posing as prolific threat groups such as Fancy Bear in ransom notes capitalising on fear of high-profile nation-state attacks and threatening DDoS attacks unless the ransom was paid within a specific time frame.
"Organisations should avoid paying these ransoms," says Michael Kaczmarek, vice president of security product management at Neustar.
"Instead, any attack should be reported to the nearest law enforcement field office, as the information may help identify the attackers and ultimately hold them accountable," he says.
"Beyond this, organisations can prepare by setting up a robust DDoS mitigation strategy, including assessing the risks, evaluating available solutions, considering mitigation strategies and keeping their plan and provider up to date."
Existing attack vectors
While 2020 did not see any dramatically new attack vectors emerge, there was certainly a greater use of existing ones like web applications, which were the top targeted hacking vector in 2020.
Numerous built-in access protocols, which have been increasingly exploited as attack vectors, came up again in 2020. In fact, the FBI issued an alert in July warning that common network protocols like ARMS (Apple Remote Management Services), WS-DD (Web Services Dynamic Discovery) and CoAP (Constrained Application Protocol) were being abused by hackers to conduct DDoS reflection and amplification attacks while cautioning that disabling them could cause a loss in business productivity and connectivity.
In response to this heightened threat level, the results of the latest Neustar International Security Council (NISC) survey indicated that more cyber security professionals are outsourcing DDoS mitigation, having increased by a full percentage point in the last quarter alone.
Rodney Joffe, senior vice president and fellow, Neustar, says in 2020, Neustar also saw an increase in attacks on the Domain Name System itself or what look like attacks, as bad actors abuse the system.
"Acting as the internet's address book and backbone of today's digital services, it's unsurprising that DNS is an increasingly appealing target for malicious actors, particularly as more consumers turn to websites during peak online shopping periods," he says.
Recent NISC survey data supports this trend, with three in five respondents in a December 2020 study reporting they had fallen victim to a DNS attack in the last year. Even more concerning, over 70% of organisations admitted to having reservations about their awareness of, and ability to respond to, DNS attacks.
The total number of DDoS attacks Neustar mitigated on behalf of its customers in 2020 increased by more than two and a half times over 2019. The largest attack size observed during this time was also the largest that Neustar has ever mitigated and, at 1.17 Terabits per second (Tbps), among the largest ever seen on the internet. The longest duration for a single attack was also the longest Neustar has mitigated, at 5 days and 18 hours.