The pandemic has seen an increase in cybercrime across the board but new research from Cloudflare (opens in new tab) has revealed that DDoS (opens in new tab) attacks are surging this year both in frequency and sophistication.
After doubling from Q1 to Q2, the total number of network layer attacks in Q3 of this year doubled again resulting in a four time increase in the number of attacks when compared to pre-Covid levels in the first quarter. At the same time, Cloudflare observed more attack vectors deployed than ever with a huge increase in protocol specific attacks including mDNS, Memcached and Jenkin DoS attacks.
The majority of DDoS attacks the CDN provider (opens in new tab) observed were under 500 Mbps and lasted less than one hour in duration though they still caused service disruptions. According to Cloudflare, 56 percent of all DDoS attacks launched this year took place in the third quarter.
- We've put together a list of the best DDoS protection (opens in new tab)
- Keep your devices protected with the best antivirus (opens in new tab) software
- Also check out our roundup of the best malware removal (opens in new tab) software
Although the total number of attacks between 200-300 Gbps decreased in September, the firm saw more global attacks on its network in Q3 suggesting an increased use of distributed botnets to launch attacks. In July, Cloudflare observed one of the largest-ever attacks on its network generated by the Mirai (opens in new tab)-based botnet Moobot. The attack peaked at 654 Gbps and originated from 18,705 unique IP addresses.
When it came to attacks by country, the US saw the most attacks at 21.2 percent followed by Germany at just 3.9 percent and Australia at 3.2 percent.
Ransom-based DDoS attacks
In addition to an increase in DDoS attacks overall, Cloudflare also observed a rise in extortion and ransom-based DDoS (RDDoS) attacks targeting organizations around the world.
While RDDoS threats do not always result in an actual attack, the cases seen in recent months show that attacker groups are willing to launch large scale DDoS attacks which can overwhelm organizations lacking adequate protection. In an RDDoS attack, cybercriminals threaten either a person or organization with a cyberattack that could knock their networks, websites or applications offline unless a ransom is paid.
Cybercriminals claiming to be Fancy Bear (opens in new tab), Cozy Bear and Lazarus (opens in new tab) have threatened to launch DDoS attacks against organizations' websites and network infrastructure unless a ransom is paid before a given deadline. These attackers also launch an initial 'teaser' DDoS attack as a form of demonstration at the same time they sent out their ransom emails.
As DDoS attacks are once again becoming a popular tool in the arsenals of cybercriminals, it is essential that organizations deploy DDoS protection (opens in new tab) to avoid having their websites, apps and network infrastructure taken offline by cybercriminals.
- We've also highlighted the best endpoint protection (opens in new tab) software