By Carol Hildebrand for CSO
As the COVID-19 pandemic triggered a massive shift in internet usage, cybercriminals quickly pounced, launching more than 10 million distributed denial-of-service (DDoS) attacks aimed at crippling targets with a heavy reliance on online services. Attack frequency spiked 20 percent year over year and 22 percent for the last six months of 2020.
According to the most recent NETSCOUT Threat Intelligence Report, vital pandemic industries such as ecommerce, streaming services, online learning, and healthcare all experienced increased attention from malicious actors targeting the very online services essential to remote work and online life.
The top 10 vertical industries under attack in the second half of 2020 further illustrates the enormous impact COVID-19 has had on DDoS attack activity. Threat actors always have embraced an opportunistic pivot, and this was no exception as they enthusiastically flocked to the ensuing smorgasbord of new opportunities.
The top 10 are:
- Wired telecommunications carriers
- Data processing, hosting and related services
- Wireless telecommunications carriers
- Internet publishing and broadcasting
- Electronic shopping and mail order houses
- Electronic computer manufacturing
- All other telecoms
- Colleges, universities and professional schools
- Software publishers
- Computer training
The top three listed sectors fall under the category of Old Faithfuls because attacks on both subscribers and their operational infrastructures are inherent to their role as connectivity providers. However, attackers widened their target profile beyond typical targets as the massive shift to online work and play opened promising new avenues of attack.
For instance, the fourth sector—Internet Publishing and Broadcasting—is by no means a usual suspect in the NETSCOUT top 10. Its presence can be summed up in two words: Netflix and Zoom.
Similarly, online shopping, which grew an impressive 44 percent in 2020, represents another pandemic stalwart that came under increased attack, as did online learning. Interestingly, this activity was seen not only at the usual hot spots of colleges and universities but also at the high school and middle school levels.
With DDoS-for-hire services both readily available and incredibly cheap, it seems likely that budding online delinquents set about playing hooky on an internet scale.