DDoS Attacks Get Amplified, Extortion Threats and Bit-and-Piece Attacks Rise

In the continuing evolution of cyber threats, a new wave of DDoS attacks is scaring targeted corporates into paying ransoms. Additionally, there has been a significant shift in attack patterns as attackers blend different types of DDoS attacks for greater effect.

State of DDoS attacks in H1 2020

  • In a recent report, Neustar revealed that the first half of 2020 saw a 151% rise in the number of DDoS attacks compared to the same period in 2019.
  • The longest of all the attacks, which was recorded at 1.17 Tbps, lasted for 5 days and 18 hours.
  • Furthermore, Akamai disclosed that the number of attacks over 100 Gbps and the variety of other DDoS attacks reached up to 30 in a month during H1 2020.

DDoS extortion threat emerges from the shadow

  • In early-September, the FBI released a flash warning about unprecedented levels of DDoS extortion attacks against multiple industries.
  • The agency revealed that thousands of organizations had faced such incidents, where malicious actors threatened them with DDoS attacks if a ransom was not paid.
  • Also termed as Ransom Denial of Service (RDoS), the attacks were carried out in the name of Armada Collective, Cozy Bear, Fancy Bear, and Lazarus threat actor groups.
  • The targeted organizations included financial, retail, hospitality, retail, and travel sectors in North America, APAC, and EMEA.
  • In late-August, ZDNet reported massive DDoS extortion attacks against money transfer services such as MoneyGram, YesBank India, Worldpay. PayPal, Braintree, and Venmo.
 

A shift in the attack pattern observed

  • According to the latest report from Nexusguard, there has been a 570% increase in bit-and-piece DDoS attacks in Q2 2020.
  • This indicates that attackers are adopting smaller and more complex UDP-based attacks and other amplification attacks to maximize the impact of collateral damage on target networks.
  • These types of sophisticated attacks can be a major challenge for communications service providers (CSPs) as they typically employ threshold-based detection.

What to infer from this?

DDoS attacks are increasing in size as cybercriminals are now able to compromise more endpoints with commercialized botnet services. Though organizations have more capacity than ever to defend themselves against DDoS attacks, adversaries are also constantly evolving their techniques to cripple employee productivity and damage brand reputation.