Ransom-Fuelled DDoS Attacks ‘Surged’ In 2020

Organisations have seen a massive rise in denial-of-service attacks over the past year, with more attackers now demanding ransoms, security researchers have found.

Security firm Neustar, which offers DDoS prevention services, said such attacks rose by 154 percent, or more than two and a half times, in 2020 compared with 2019.

The company said incidents in which the attacker demanded a ransom to prevent disruption also grew in frequency.

Moreover, ransom-related DDoS incidents extended into more areas, targeting finance, government, energy and other sectors.

Botnet

DDoS attacks involve the use of a distribute network of bots – usually computers that have been infected with malware without the knowledge of their users – to send junk traffic that overloads an organisation’s systems, making them inaccessible.

Such attacks have become more critical over the past year, due to a massive increase in staff working remotely during the pandemic.

Criminals are taking advantage of this fact by demanding ransoms from a broader array of organisations.

Ransom-related attacks are typically preceded by an extortion email promising a small attack the following day, followed by an attack utilising up t 2TB per second of junk traffic if the ransom is not paid.

Ransom

Attackers often signed the letter with the name of well-known, state-backed attack groups, including Fancy Bear, the Lazarus Group and the Armada Collective.

“While it is unknown how many of these threats were actually perpetuated by these organisations, it is likely that the fear of nation-state attack groups such as these were intended to amplify the fear that the letters themselves generated,” Neustar said in an advisory.

The company said DDoS incidents broke records for size and duration in 2020, with Neustar fending off an attack that used 1.17 Tbps of data, making it one of the internet’s biggest to date.

Google last October disclosed a 2.5 Tbps DDoS attack that is currently the internet’s largest-known incident of its kind.

The company also defended a client against an attack that lasted nearly six days.

DNS attacks

It said the number of DDoS attacks throughout the year was “unprecedented”.

Neustar also found that attacks targeting the Domain Name System (DNS) were increasingly frequent in 2020 as another way of disrupting organisations’ network access.

The company echoed the advice of law enforcement in urging organisations not to pay ransoms, and instead to report the incident to authorities.

“Beyond this, organisations can prepare by setting up a robust DDoS mitigation strategy, including assessing the risks, evaluating available solutions, considering mitigation strategies, and keeping their plan and provider up to date,” said Neustar vice president of security product management Michael Kaczmarek.