blog.malwarebytes.com
Open in
urlscan Pro
130.211.198.3
Public Scan
Submitted URL: https://info.silobreaker.com/e2t/tc/VVN1hK6LpV61VlXzTl38wDRqW2jjqKJ4qssLHN1TFhvp2-HwrV1-WJV7CgDqKW4JJZqB1fgMnwW8XBRP88VsyX-VS...
Effective URL: https://blog.malwarebytes.com/reports/2021/04/huge-upsurge-in-ddos-attacks-during-pandemic/?_hsmi=88974744&_hsenc=p2ANqtz--Qzn...
Submission: On April 16 via api from DE
Effective URL: https://blog.malwarebytes.com/reports/2021/04/huge-upsurge-in-ddos-attacks-during-pandemic/?_hsmi=88974744&_hsenc=p2ANqtz--Qzn...
Submission: On April 16 via api from DE
Form analysis
3 forms found in the DOM<form><span class="fieldset">
<p><input type="checkbox" value="check" id="chkMain" checked="checked" class="legacy-group-status optanon-status-checkbox"><label for="chkMain">Active</label></p>
</span></form>
GET
<form id="search-form" onsubmit="submitSearchrightrail(event)" method="get">
<div class="searchbar-wrap-rightrail">
<label for="cta-labs-rightrail-search-submit-en" aria-label="cta-labs-rightrail-search-submit-en" aria-labelledby="cta-labs-rightrail-search-submit-en">
<input type="text" id="st-search-input-rightrail" class="st-search-input-rightrail" placeholder="Search Labs">
</label>
<button type="submit" id="cta-labs-rightrail-search-submit-en" aria-label="Submit your search query"><span class=""><img src="https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/search.svg" alt="Magnifying glass"></span>
</button>
</div>
</form>
//www.malwarebytes.com/newsletter/
<form class="newsletter-form form-inline" action="//www.malwarebytes.com/newsletter/" _lpchecked="1">
<div class="email-input">
<label for="cta-footer-newsletter-input-email-en" aria-label="cta-footer-newsletter-input-email-en" aria-labelledby="cta-footer-newsletter-input-email-en">
<input type="text" class="email-input-field" id="cta-footer-newsletter-input-email-en" name="email" placeholder="Email address">
</label>
<input name="source" type="hidden" value="">
<input type="submit" class="submit-bttn" id="cta-footer-newsletter-subscribe-email-en" value="">
</div>
</form>
Text Content
Who doesn't like cookies? We use cookies to help us enhance your online experience. If that sounds good, click “Accept All Cookies” or review our Privacy and Cookie Policy. Close Accept All Cookies * Your Privacy * Strictly Necessary Cookies * Performance Cookies * Functional Cookies * Targeting Cookies * More Information Privacy Preference Center Active Always Active Save Settings Allow All The official Malwarebytes logo The official Malwarebytes logo in a blue font B We research. You level up. Personal Personal * Security & Antivirus * Malwarebytes for Windows * Malwarebytes for Mac * Malwarebytes for Chromebook * Malwarebytes Browser Guard * Overview * Security & Antivirus for Mobile * Malwarebytes for Android * Malwarebytes for iOS * Online Privacy * Malwarebytes Privacy VPN * Get Started * Explore all Personal Products * Explore Pricing * FREE TRIAL OF MALWAREBYTES PREMIUM Protect your devices, your data, and your privacy—at home or on the go. Get free trial Business Business * Security & Antivirus * Malwarebytes Nebula - Cloud Hosted Security Platform * Malwarebytes Endpoint Protection * Malwarebytes Endpoint Detection & Response * Malwarebytes Incident Response * Malwarebytes Remediation for CrowdStrike * Malwarebytes for Teams * Services * Malwarebytes Malware Removal * Server Protection * Malwarebytes Endpoint Protection for Servers * Malwarebytes Endpoint Detection and Response for Servers * Solutions * BUSINESS SOLUTIONS * Small Business Antivirus * Secure Remote Workers * Enterprise Antivirus and Cybersecurity * INDUSTRY SOLUTIONS * Education * Finance * Healthcare * Get Started * Explore all Business Products * Explore Pricing * GET A FREE TRIAL Secure your endpoints and servers with industry-leading protection, detection, and response solutions. Get Started Pricing Partners Partners * Explore Partnerships * Partner Solutions * Resellers * Managed Service Providers * Computer Repair * Technology Partners * Partner Success Story * Marek Drummond Managing Director at Optimus Systems "Thanks to the Malwarebytes MSP program, we have this high-quality product in our stack. It’s a great addition, and I have confidence that customers’ systems are protected." * See full story Resources Resources * Learn About Cybersecurity * Antivirus * Malware * Ransomware * See all * Malwarebytes Labs * Explore * Business Resources * Reviews * Analyst Reports * Case Studies * See all * Press & News * Learn more * Events * Featured Event: RSA 2021 * See Event Support Support * Technical Support * Support * Premium Services * Forums * Vulnerability Disclosure * Training for Personal Products * Training for Business Products * Featured Content * Activate Malwarebytes Privacy on Windows device. * See Content FREE DOWNLOAD CONTACT US COMPANY Company * About Malwarebytes * Careers * News & Press SIGN IN Sign In * My Account * Cloud Console * Partner Portal SUBSCRIBE Reports “HUGE UPSURGE” IN DDOS ATTACKS DURING PANDEMIC Posted: April 15, 2021 by Pieter Arntz A new report by Netscout sets yet out another way in which why 2020 was a record-breaking year for for all the wrong reasons. Researchers at Netscout have released a report analyzing the malicious internet traffic of 2020 and comparing it to the years before. Some of the results were as expected: Brute-forcing credentials and more targeting towards internet-connected devices were foreseeable and have been discussed at length. And even a record-breaking year in Distributed Denial of Service (DDoS) attacks might have been expected as it follows the upward trend over the years. But the sheer number of attacks, their size, and a new big player in the field of DDoS extortion may raise some surprised eyebrows. THE RECORDS The report identifies a “huge upsurge” in DDoS traffic during 2020, with a number of records broken: * The most DDoS attacks launched in a single month (929,000). * The most DDoS attacks in a single year (more than 10 million). * Monthly DDoS attack numbers that regularly exceed the 2019 averages by 100,000-150,000 attacks. As you can see the records are found in the number of attacks. The attack frequency spiked by 20 percent year over year and 22 percent in the last six months of 2020. NEW METHODS A DDoS attack stops people from using a computer system by keeping it so busy with traffic from multiple locations that it is overloaded and either crashes or is permanently busy. Because they work by delivering more traffic than the system or network under attack can handle, they hinge on an attackers’ ability to deliver significant volumes of traffic. To increase the amount of data they can deliver, attackers look for methods that amplify the amount of traffic they can create. Typically an attacker will look for a service that will return a lot of data in response to a simple request (often hundreds of times more data). They will then make as many requests to that service as possible, but spoof their address so that it looks like the requests are coming from the victim. Because of the spoofed address the responses are reflected: sent to the victim instead of back to the attacker. According to Netscout, threat actors exploited and weaponized at least four new reflection/amplification DDoS attack vectors in 2020. The report specifically mentions that abusable applications and services based on the UDP protocol remained a valuable asset for attackers. These applications and services were analysed and abused to provide new reflection/amplification vectors for DDoS attacks and helped provide the power required for the new wave of attacks. OLD METHODS According to the report, UDP-based reflection/amplification attacks continued to dominate the list of most popular attack vectors, with TCP ACK flood attacks coming in a close second. This represents a changing of the guard, given that TCP SYN floods were dominant in previous years. However, Domain Name System (DNS) reflection/amplification attack frequency rose steadily over approximately the past 18 months and became the top vector of choice in 2020. Recommended background reading: SYN/ACK in the TCP Protocol LAZARUS BEAR ARMADA The Netscout report also reveals that in August of 2020 a new threat actor in the field of DDoS extortion emerged and quickly started to make waves. In a DDoS extortion attack an attacker demands a ransom in exchange for halting a DDoS attack that is stopping the victim or its customers from using systems they need. The new group named themselves Lazarus Bear Armada (LBA). Very likely to imply that they are affiliated with well-known APT groups like the Lazarus Group, Fancy Bear, and the Armada Collective. Affiliations that they like to emphasize when threatening victims. Their extortion attacks were primarily directed towards companies in the financial and travel-industry sectors, and sometimes included their upstream internet transit providers too. ISPs, healthcare providers, insurance providers, personal care product manufacturers, regional energy providers, and IT-related vendors were also targeted, according to Netscout. EXTORTION AND ATTACKS The LBA attacks are characterized by the attacker initiating a demonstration DDoS attack against parts of the target’s online infrastructure, followed shortly after by an email demand for a substantial payment in Bitcoin. The extortion demands typically stated that the attacker had up to 2 Tbps of DDoS attack capacity at the ready, which could be directed at the victim’s systems if the demands were not met. And they did not shy away from actual DDoS attacks against those unwilling to pay. Not even when it concerned organizations that played a crucial role in fighting the pandemic. DDOS ATTACK CAPACITY Even though there are no, agreed upon, international standards to measure DDoS attack capacity, the attack volumes observed over the course of the LBA’s campaign maxed out at 300 Gbps, which is significant. DEFENDING AGAINST A DDOS ATTACK As in most areas of security, searching for a solution at the moment you find out that you are the target of a DDoS attack is not the best strategy, especially if your organization depends on Internet-facing servers. DDoS mitigation is a complex subject, but we suggest that your chosen solution should offer you one or more of these options: * Allow users to use your systems normally as much as possible, even during an attack. * Protect your network from breaches during an attack. * Establish an alternative system to work with. Broadly speaking organizations either need to be able operate in spite of systems being unavailable, with ways to keep the work going and the revenue flowing, or they need a way to absorb, re-route or drop DDoS traffic so they can continue to operate as close to normally as possible. Defending against massive-scale DDoS attacks requires access to enormous network resources, which may only be accessible via a third-party offering DDoS mitigation services. Whatever form your protection takes, make sure you have a plan or protocols in place before an attack occurs. You can read more on the subject in our article DDoS attacks are growing: What can businesses do? SHARE THIS ARTICLE -------------------------------------------------------------------------------- COMMENTS -------------------------------------------------------------------------------- RELATED ARTICLES Reports LABS CYBERCRIME TACTICS AND TECHNIQUES REPORT FINDS BUSINESSES HIT WITH 235 PERCENT MORE THREATS IN Q1 April 25, 2019 - The Labs team discovered that businesses are being targeted with 235 percent more threats than the previous year. Download the report and find out which threats are revving up, and which are dying out. CONTINUE READING1 Comment Reports LABS QUARTERLY REPORT FINDS RANSOMWARE’S GONE RAMPANT AGAINST BUSINESSES August 8, 2019 - This quarter, we noticed one threat dominating the landscape so much it deserved its own hard look. Ransomware is back in a big way, targeting businesses with brute force. CONTINUE READING1 Comment Reports CAPITAL ONE BREACH EXPOSES OVER 100 MILLION CREDIT CARD APPLICATIONS August 2, 2019 - The Capital One data breach is an exceptional example, if only because of how much we already know. Not only that, but the breach happened to one of the technical front-runners in banking. CONTINUE READING0 Comments Reports LABS REPORT FINDS CYBERTHREATS AGAINST HEALTHCARE INCREASING WHILE SECURITY CIRCLES THE DRAIN November 13, 2019 - In this special edition of our quarterly CTNT report, we focus on the top attack methods and threats plaguing the healthcare industry over the last year, plus highlight recurring security challenges and reasons why cybercriminals target patient data. CONTINUE READING0 Comments Reports MALWAREBYTES LABS RELEASES 2020 STATE OF MALWARE REPORT February 11, 2020 - The 2020 State of Malware Report reveals how cybercriminals upped the ante on businesses, Mac threats outpaced PCs, and ransomware continued its targeted, deadly assault with new families in 2019. Learn all this and more in the full report, linked in our blog. CONTINUE READING3 Comments -------------------------------------------------------------------------------- ABOUT THE AUTHOR Pieter Arntz Malware Intelligence Researcher Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books. Contributors Threat Center Glossary Scams Write for Labs CYBERSECURITY INFO YOU CAN'T DO WITHOUT Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats. Imagine a world without malware. We do. FOR PERSONAL FOR BUSINESS COMPANY ABOUT US CAREERS NEWS AND PRESS MY ACCOUNT SIGN IN CONTACT US GET SUPPORT CONTACT SALES 3979 Freedom Circle, 12th Floor Santa Clara, CA 95054 One Albert Quay, 2nd Floor Cork T12 X8N6 Ireland English Legal Privacy Accessibility Terms of Service © 2021 All Rights Reserved Select your language * English * Deutsch * Español * Français * Italiano * Português (Portugal) * Português (Brasil) * Nederlands * Polski * Pусский * 日本語 * Svenska Cybersecurity basics Your intro to everything relating to cyberthreats, and how to stop them. Antivirus Malware Ransomware Adware Spyware Hacker Phishing Data breach Android antivirus Trojan Mac antivirus Emotet Keylogger Spam SQL injection DDoS Spoofing Cryptojacking Scam call Exploits Malvertising Backdoor Identity theft Computer virus GandCrab VPN Social engineering Password manager What is EDR? What is endpoint protection? Pharming Ryuk ransomware Trickbot