DDoS Attacks were up year-over-year in the 2nd quarter 2020 as people continued to work from home.
Says the latest Kaspersky quarterly DDoS attacks report, DDoS events were 3 times more frequent compared to the 2nd quarter of 2019 (up 217%) & were up 30% from the number of DDoS attacks observed in the first quarter of 2020.
Attacks
The usual annual trend for DDoS is for attacks to peak at the beginning of the year, during the busiest season for businesses, while they seem to reduce in late Spring & Summer.
Kaspersky researchers pointed out that the no. of attacks in Q2 2019 fell by 39% compared to Q1 2019; with a similar trend seen in 2018.
Attractive Target
The difference this year is plain: The Covid-19 pandemic. More people than usual are online for both personal & work-related activities, making for an attractive target for cyber-crime of all types & DDoS is no exception.
“Kaspersky experts believe the rise in malicious activity can be attributed to the impact of COVID-19, as both cyber-criminals & their targets have had to reconsider their Summer plans,” the firm commented, in research released on Monday.
Staycation
“The pandemic & subsequent social-distancing restrictions have significantly changed people’s lives & many are either spending their days off in ‘staycation’ or have cancelled their scheduled holidays. This change in Summer plans has had unexpected consequences, like an increased number of DDoS attacks.”
The avg. number of attacks per day also increased; the biggest number of attacks per day was almost 300 this quarter (April 9); while in the 1st quarter, the record was 242 attacks.
Education-Sector
Educational & government institutions were targeted the most frequently in the 2nd quarter; however, education-sector attacks decreased sharply starting in the 2nd half of June, which could be because of the start of the Summer holidays.
The top 3 most-attacked places were Mainland China (65.12%), the US (20.28%) & Hong Kong (6.08%). Romania left the top 10 compared to the 1st quarter, & was ranked 17th, & Great Britain rose from the 18th to the 10th position.
These top 3 also headed the charts in terms of both the number of targets & the number of attacks: Mainland China is 66.02%; the US represented 19.32%; & Hong Kong (6.34%).
Botnet
The firm saw that DDoS botnet activity increased on Weds. & Thurs. & decreased on Sats. Most attacks only lasted circa 20 mins. The longest attacks lasted a few days (215, 214 & 210 hours were the top), which is more than half the no. of the 1st quarter’s longest attacks (about 19 days).
The difference between Q1 & Q2 through 2018-2020. Q1 of each year is taken as 100%.
‘SYN Flood’ remains the main DDoS attack tool (94.7%), while ICMP attacks accounted for 4.9% – other types of DDoS attacks were rarely seen. However, Kaspersky noted that 2 new DDoS amplification methods were found last quarter.
DNS server
One is an exploit for a DNS server vulnerability in the DNS delegation process.
“The vulnerability exploitation scheme was dubbed NXNS Attack,” according to the report.
“The hacker sends to a legitimate recursive DNS server a request to several subdomains within the authoritative zone of its own malicious DNS server. In response, the malicious server delegates the request to a large no. of fake NS servers within the target domain without specifying their IP addresses.
Subdomains
As a result, the legitimate DNS server queries all of the suggested subdomains, which leads to traffic growing 1620 times.” This issue is patched in the latest version of DNS server software.
The other amplification method, named Range Amp, exploits HTTP range requests that allow downloading files in parts. A malicious range request can increase the traffic load on content delivery networks (CDNs) by anywhere between 724 & 43,330 times.
Ransomware
The increase in cyber-crime is continuing as the pandemic continues. In late July, research findings showed that ransomware attacks are up, particularly in the US, where they have more than doubled year-over-year (up 109%).
Malware targeting IoT devices has increased to 20.2 million, up 50% from this time in 2019, as cyber-criminals target the huge increase of employees working from home.