DDoS attacks become smarter and easier to carry out
Although ransomware has dominated 2020's cyber threat landscape, DDoS attacks haven’t gone away. In fact the year has seen the largest DDoS attack ever recorded, peaking at 2.3 Terabytes per second.
The attack was carried out by deploying hijacked CLDAP (Connection-less Lightweight Directory Access Protocol) web servers and caused three days of downtime for the unnamed targeted business. This is one of the things highlighted in new analysis from Digital Shadows.
Attackers have also been able to exploit large numbers of unpatched IoT devices that have inadequate passwords in order to create effective botnets. Mirai is probably the best known of these.
"Throughout the lifecycle of all cybercriminal trends, when threat actors observe a more efficient method, they naturally become more popular and complex over time," says Digital Shadows threat researcher Stefano De Blasi, writing on the company's blog. "The digitization of society has inherently increased cyber risks across all geographies and industries. Most notably, the Internet of Things has exponentially grown over the past few years, and cybercriminals are looking to leverage its increased attack surface and double down on users' unfamiliarity with proper security hygiene."
There's also been a rise in DDoS-as-a-Service offerings on cybercriminal forums. These allow anyone to rent a DDoS toolkit to conduct attacks against their preferred targets for just a few dollars a month by renting a botnet with minimal technical expertise needed.
This year has seen a resurgence in DDoS extortion attacks too, something that last peaked in 2017, where the attack is used to take down a website in order to demand a ransom.
You can find out more including advice on how to guard against and deal with attacks on the Digital Shadows blog.