There has been a 151% increase in the number of DDoS attacks in the first half of 2020, compared to the same period in 2019.
According to Neustar’s latest CyberThreats and Trends Report, these attacks include the largest that Neustar has ever mitigated at 1.17 Tbps.
As reports of the number of detected DDoS attacks increase, Neustar said the number of attacks sized 100 Gbps and above grew by 275%, and the number of “small attacks,” sized 5 Gbps and below, increased by more than 200%. These small 5 Gbps and below attacks represented 70% of all attacks mitigated by Neustar between January and June 2020.
Michael Kaczmarek, Neustar vice-president of security products, said: “These shifts put every organization with an internet presence at risk of a DDoS attack – a threat that is particularly critical with global workforces reliant on VPNs for remote login. VPN servers are often left vulnerable, making it simple for cyber-criminals to take an entire workforce offline with a targeted DDoS attack.”
There was also evidence of 52% of mitigated threats leveraging three vectors or more, with the number of attacks featuring a single vector essentially non-existent. Neustar tracked new amplification methods and attacks of higher intensity targeted at critical pieces of web infrastructure. The previous high-water mark of 500 millions-of-packets-per-second (Mpps) was topped this year, with an attack of over 800 Mpps recorded.
In an email to Infosecurity, Rory Duncan, security GtM Leader at NTT Ltd, said: “DDoS attacks are increasing in size partly because it is easier: cyber-criminals are now able to compromise more end points with commercialized DDoS services. In addition, organizations have more capacity than ever before to “absorb” or mitigate DDoS attacks, which means that basic volumetric DDoS attacks need to be bigger to overwhelm defenses. In response, our adversaries are also constantly evolving their techniques – and automation is a tool used on both sides of the battle.”
Duncan recommended utilizing incident response and digital forensics capabilities when hit by a DDoS attack, as “having awareness of whether the organization’s infrastructure is compromised and contributing to the botnets that are launching the DDoS attacks is key.” That forensic investigation will involve reviewing and monitoring what every endpoint is doing.
“DDoS attacks can cripple employee productivity, damage brand reputation and eat into sales and profits,” he said. “DDoS protection is therefore an insurance policy against this worst-case scenario. It can be a significant investment with plenty of variables — so it pays for an organization to plan ahead to find the right option. We recommend a hybrid approach which combines on-premise inline devices, to protect against application layer attacks and signal to the cloud if a volumetric attack is detected and cloud-based scrubbing solutions which allow sanitized business traffic to pass.”