Distributed Denial of Service Attacks Skyrocket During Pandemic

Distributed denial of service attacks jumped during the first three months of 2020 due mostly to the ongoing COVID-19 pandemic.

That’s according to Kaspersky’s Q1 2020 Distributed Denial of Service (DDoS) attacks report. Attacks on educational and municipal sites spiked during the quarter.

Cybercriminals are taking advantage of increased demand in online resources to attack the most vital and popular digital services. For instance, they targeted the U.S. Department of Health and Human Services, hospitals in Paris and online game servers.

Alexander Gutnikov is a system analyst at Kaspersky DDoS prevention service. He said on average, organizations became more vulnerable when working from home.

Kaspersky’s Alexander Gutnikov

“First, as people are more reliant on online services, the risk related to their downtime has also increased, which means that malefactors have become more interested in attacks on such services,” he said. “Secondly, some parts of a company’s infrastructure, which previously were not very important for company functioning, now become critical as the work of the company depends on them. These can be, for example, a VPN server that employees use to remotely connect to the company’s infrastructure. At the same time, the load on these infrastructure elements is growing. This makes them an attractive target for attackers, and victim organizations may not have the experience of protecting these parts of infrastructure.”

In the first quarter, DDoS attacks tripled compared to the same period in 2019. And the share of such attacks amounted to 19% of the total number of incidents in the first quarter.

During this period, Kaspersky DDoS protection detected and blocked double the amount of attacks than in the fourth quarter of 2019, and 80% more compared to the first quarter of 2019. The average duration of attacks also grew, with first-quarter 2020 DDoS attacks lasting 25% longer than in the year-ago quarter.

Organizations don’t contact qualified specialists, and that is a big problem, Gutnikov said. DDoS attacks and protection against them is a complex service. Therefore, it’s difficult to organize and maintain it on your own.

“Many companies now need an infrastructure audit to find weakest links, so MSSPs can provide such a service,” he said.

It’s difficult to estimate the monetary damage of DDoS attacks, including the price of service downtime and reputation losses, Gutnikov said.

“Taking the example of the VPN server: If because of a DDoS attack employees cannot connect to the company’s infrastructure and therefore cannot do their work, the damage will be equal to a day of downtime,” he said.

Datrium Ransomware Research

Meantime, Datrium’s latest research shows ransomware is a top concern for companies during the pandemic. The company surveyed more than 300 IT professionals from organizations with 500 or more employees, and that have experienced a ransomware attack in the last year.

Nearly 96% say their companies are increasingly concerned about being hit with a ransomware attack during the pandemic. This marks an increase from Datrium’s State of Enterprise Data Resiliency and Disaster Recovery 2019 study. In it, nearly 90% of companies considered ransomware a critical threat to business.

Most respondents said ransomware attacks have cost their companies between $100,000-$500,000, while 19.7% reported a loss of more than $500,000. That includes ransomware payment, downtime and lost business.

“Ransomware continues to dramatically plague businesses, and this research shows that businesses are even more concerned about it because of their newly distributed workforces resulting from the COVID-19 pandemic,” said Tim Page, Datrium’s CEO. “The current pervasiveness of remote work puts businesses in a more vulnerable position as they are more open to increased targeting by ransomware criminals.”

Most respondents reported that disaster recovery (DR) has become more important at their company given their newly distributed workforces.

The survey asked what kind of disaster recovery approaches businesses have in place. To that question, many respondents said they currently or plan to use the cloud as part of their DR strategy.