By Carol Hildebrand for CSO
As the COVID-19 pandemic triggered a massive shift in internet usage, cybercriminals quickly pounced, launching more than 10 million distributed denial-of-service (DDoS) attacks aimed at crippling targets with a heavy reliance on online services. Attack frequency spiked 20 percent year over year and 22 percent for the last six months of 2020.
According to the most recent NETSCOUT Threat Intelligence Report, vital pandemic industries such as ecommerce, streaming services, online learning, and healthcare all experienced increased attention from malicious actors targeting the very online services essential to remote work and online life.
The top 10 vertical industries under attack in the second half of 2020 further illustrates the enormous impact COVID-19 has had on DDoS attack activity. Threat actors always have embraced an opportunistic pivot, and this was no exception as they enthusiastically flocked to the ensuing smorgasbord of new opportunities.
The top 10 are:
- Wired telecommunications carriers
- Data processing, hosting and related services
- Wireless telecommunications carriers
- Internet publishing and broadcasting
- Electronic shopping and mail order houses
- Electronic computer manufacturing
- All other telecoms
- Colleges, universities and professional schools
- Software publishers
- Computer training
The top three listed sectors fall under the category of Old Faithfuls because attacks on both subscribers and their operational infrastructures are inherent to their role as connectivity providers. However, attackers widened their target profile beyond typical targets as the massive shift to online work and play opened promising new avenues of attack.
For instance, the fourth sector—Internet Publishing and Broadcasting—is by no means a usual suspect in the NETSCOUT top 10. Its presence can be summed up in two words: Netflix and Zoom.
Similarly, online shopping, which grew an impressive 44 percent in 2020, represents another pandemic stalwart that came under increased attack, as did online learning. Interestingly, this activity was seen not only at the usual hot spots of colleges and universities but also at the high school and middle school levels.
With DDoS-for-hire services both readily available and incredibly cheap, it seems likely that budding online delinquents set about playing hooky on an internet scale.
South Africa is facing one of the largest cyber attacks it has ever seen, with banks, ISPs, and the government being targeted.
In the last two months:
- The City of Johannesburg fell victim to a cyberattack which led to its information systems becoming compromised, and its systems (including the website and billing) being such down. A ransom was demanded but the City is refusing to pay
- The banking industry was hit by a wave of DDoS attacks targeting consumer-facing services
- ISPs were hit by a number of DDoS attacks, as previously reported in My Tech News. In September, Cool Ideas and Atomic Access suffered an attack that severely affected their services; in October, Cybersmart was hit by a large DDoS attack which caused intermittent connectivity over two days; and recently Afrihost, Axxess, and Webafrica were hit by a very large DDoS attack which affected DSL and fibre subscribers
Parmi Natesan, CEO of the Institute of Directors in South Africa (IoDSA), told MyBroadband that “these attacks should serve as a wake-up call to companies” – who may not be taking adequate steps to protect themselves.
Internet service provider (ISP) Cool Ideas was hit by a second distributed denial of service (DDoS) attack in as many weeks on Saturday.
The first attack took place on 11 September and knocked the provider out for more than eight hours.
Cool Ideas then put a number of measures in place to mitigate these attacks; however, the second attack, on 21 September, was more than four times the size.
Below are highlights of the events that took place:
- Cool Ideas posted a notice to its website at 14:00 on Saturday to inform clients that it was being hit with another distributed denial of service attack (DDoS)
- It seemed that the cybercriminals were watching for announcements from the ISP, as the attack then increased in intensity
- DDoS attacks work by using “zombie” devices, which fake or “spoof” the amount of traffic on a given network
- DDos attacks do not have a specific target – the idea is merely to do reputational damage
- The attack occurred across the whole IP space, changing over time to use different ports and protocols
- One aspect of the attack was DNS amplification or DNS reflection attacks. A poorly configured Domain Name System (DNS) is used to flood computers with network traffic. The high volume of fake traffic prevents the computer from being able to carry out legitimate commands and the website appears to be offline
- The sheer size and distribution of the attack made it as effective as it was
- It is not known who attacked the ISP nor what the motivation for doing so was
Internet service provider Cool Ideas yesterday suffered a distributed denial of service (DDoS) attack, which affected all customers on their network.
The attack lasted almost four hours. Customers experienced intermittent connectivity loss and degraded performance during this time.
In a statement issued last night, the company did not have an exact time to resolution. By this morning, however, the issue affecting the Cool Ideas network has been mitigated.
What is a DDoS attack?
Accoding to CloudFlare, a DDoS attack is defined in the following way:
“A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. DDoS attacks achieve effectiveness by utilizing multiple compromised computer systems as sources of attack traffic. Exploited machines can include computers and other networked resources such as IoT devices. From a high level, a DDoS attack is like a traffic jam clogging up with highway, preventing regular traffic from arriving at its desired destination.”