Extortion demands grew in 2020, as cyber criminals targeted new online industries
There is a 154% increase in the number of attacks between 2019 and 2020, with growth in ransom-related DDoS (RDDoS) attacks and a rise in use of existing attack vectors, including web applications, according to Neustar’s Cyber Threats & Trends: Pandemic Style report. The report also provides key details around the amount, size, duration, and intensity of DDoS attacks throughout 2020 to keep cyber security professionals informed.
DDoS Ransom Attacks on the Rise
Primarily, the report highlights a rise in ransom-related DDoS attacks, by which extortion demands are issued against organizations. These attacks grew in persistence and sophistication, as well as by target, compared to previous years.
While RDDoS is not a new phenomenon for many online industries, attackers have recently set their sights on organizations across a wider variety of sectors including financial services, government, and telecommunications.
One reason for the adoption of DDoS as a ransom vector, as opposed to using malware, is the ease with which such attacks can be carried out. Infecting an organization’s networks with malware or ransomware takes time and careful planning. Launching a DDoS attack, in comparison, has become relatively simple and has the added benefit of being harder to trace back to its origin.
2020 saw bad actors posing as prolific threat groups such as Fancy Bear in ransom notes – capitalizing on fear of high-profile nation-state attacks – and threatening DDoS attacks unless the ransom was paid within a specific time frame.
“Organizations should avoid paying these ransoms,” said Michael Kaczmarek, Vice President of Security Product Management at Neustar. “Instead, any attack should be reported to the nearest law enforcement field office, as the information may help identify the attackers and ultimately hold them accountable. Beyond this, organizations can prepare by setting up a robust DDoS mitigation strategy, including assessing the risks, evaluating available solutions, considering mitigation strategies and keeping their plan and provider up to date.”
Existing attack vectors
While 2020 did not see any dramatically new attack vectors emerge, there was certainly a greater use of existing ones like web applications, which were the top targeted hacking vector in 2020.
Numerous built-in access protocols, which have been increasingly exploited as attack vectors, came up again in 2020. In fact, the FBI issued an alert in July warning that common network protocols like ARMS (Apple Remote Management Services), WS-DD (Web Services Dynamic Discovery) and CoAP (Constrained Application Protocol) were being abused by hackers to conduct DDoS reflection and amplification attacks – while cautioning that disabling them could cause a loss in business productivity and connectivity.
In response to this heightened threat level, the results of the latest Neustar International Security Council (NISC) survey indicated that more cyber security professionals are outsourcing DDoS mitigation, having increased by a full percentage point in the last quarter alone.
In 2020, Neustar also saw an increase in attacks on the Domain Name System itself — or what look like attacks, as bad actors abuse the system.
“Acting as the Internet’s address book and backbone of today’s digital services, it’s unsurprising that DNS is an increasingly appealing target for malicious actors, particularly as more consumers turn to websites during peak online shopping periods,” said Rodney Joffe, Senior Vice President and Fellow, Neustar.
Recent NISC survey data supports this trend, with three in five respondents in a December 2020 study reporting they had fallen victim to a DNS attack in the last year. Even more concerning, over 70% of organizations admitted to having reservations about their awareness of, and ability to respond to, DNS attacks.
The total number of DDoS attacks Neustar mitigated on behalf of its customers in 2020 increased by more than two and a half times over 2019. The largest attack size observed during this time was also the largest that Neustar has ever mitigated and, at 1.17 Terabits per second (Tbps), among the largest ever seen on the Internet. The longest duration for a single attack was also the longest Neustar has mitigated, at 5 days and 18 hours.