The pandemic saw a majority of employees working remotely and the world turning to digital services, causing an uptick in cyberattacks as almost all business was conducted virtually. In fact, 2020 saw over 10 million attacks, a 20% increase from 2019, with the attacks skyrocketing around mid-March when the pandemic gained momentum, according to Richard Hummel (pictured), manager of threat research at Arbor Networks, the security division of cybersecurity firm Netscout Systems Inc.
These cyberattacks aren’t motivated by a single factor, a notable example of a recent attack being the Miami Dade County distributed denial-of-service attack orchestrated by a high school student not willing to return to campus. The attack, launched using the open-source DDoS application Low Orbit Ion Cannon locked out up to 190,000 students and faculty out of the computer systems.
Netscout’s semiannual security report outlines how and why these attacks are carried out and what individuals and businesses can do to prevent attacks.
Hummel spoke with Lisa Martin, host of theCUBE, SiliconANGLE Media’s livestreaming studio, for a digital CUBE Conversation. They discussed the NETSCOUT “Threat Intelligence Report,” the rise of DDoS attacks, multi-vector attacks and more. (* Disclosure below.)
Criminals don’t discriminate
DDoS attacks are on the rise, often in tandem with ransomware to pressure victims into paying.
“Any person that wants to launch a DDoS attack can go into underground forums in marketplaces and they can purchase, maybe it’s $10 in bitcoin, and they can purchase an attack,” Hummel said. “That leverage is a bunch of different DDoS vectors. And so adversaries have no reason to remove a vector as new ones get discovered. They only have the motivation to add more.”
Cyberattacks, unfortunately, do not discriminate when it comes to picking targets.
“Our Arbor Cloud folks saw them targeting organizations that are part of vaccine development. These guys don’t care who they hurt. They don’t care who they’re going after,” Hummel said. “They’re going out there for a payday. That’s one aspect of the industry targeting that we’ve seen.”
The diversity of cyberattack victims was also revealed in the report.
“We didn’t see any one particular region, one particular vertical, a specific organization, specific country, none was more heavily targeted than another. What we saw is organizations that we’ve never seen targeted before,” Hummel stated. “We’ve seen industries that have never been targeted before all of a sudden are now getting DDoS attacks because they went from a local on-prem.”
As the internet becomes a necessity, adversaries recognize the leverage they hold with their ability to compromise people’s online experiences, enabling them to extort even more money with ransomware, often paired with DDoS to elevate the threat. Hummel gave a few pointers on how to avoid DDoS attacks.
“Something as simple as changing the way that you name your VPN concentrators might be sufficient to prevent them from hitting that weak link or right-sizing the DDoS protection services for your company,” he explained. “The key here is preparation. All of the customers that we’ve worked with for the [Lazarus Bear Armada] extortion campaigns, if they were properly prepared, they experienced almost no downtime or impact to their business.”
Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s CUBE Conversations. (* Disclosure: Netscout Systems Inc. sponsored this segment of theCUBE. Neither Netscout nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.