IT disaster recovery, cloud computing and information security news

Neustar highlights rise in ransom-related DDoS attacks: extortion demands grew in 2020

Neustar, Inc., has published a new report, ‘Cyber Threats and Trends: Pandemic Style’, detailing the security risks faced by companies as the COVID-19 pandemic accelerated digital transformation.

Informed by data from Neustar’s Security Operations Center (SOC), the report reveals a 154 percent increase in the number of attacks between 2019 and 2020, with growth in ransom-related DDoS (RDDoS) attacks and a rise in use of existing attack vectors, including web applications. The report also provides key details around the amount, size, duration and intensity of DDoS attacks throughout 2020.

DDoS ransom attacks on the rise

Primarily, the report highlights a rise in ransom-related DDoS attacks, by which extortion demands are issued against organizations. These attacks grew in persistence and sophistication, as well as by target, compared to previous years.

While RDDoS is not a new phenomenon for many online industries, attackers have recently set their sights on organizations across a wider variety of sectors including financial services, government, and telecommunications.

One reason for the adoption of DDoS as a ransom vector, as opposed to using malware, is the ease with which such attacks can be carried out. Infecting an organization’s networks with malware or ransomware takes time and careful planning. Launching a DDoS attack, in comparison, has become relatively simple and has the added benefit of being harder to trace back to its origin.

2020 saw bad actors posing as prolific threat groups such as Fancy Bear in ransom notes – capitalising on fear of high-profile nation-state attacks – and threatening DDoS attacks unless the ransom was paid within a specific time frame.

“Organizations should avoid paying these ransoms,” said Michael Kaczmarek, Vice President of Security Product Management at Neustar. “Instead, any attack should be reported to the nearest law enforcement field office, as the information may help identify the attackers and ultimately hold them accountable. Beyond this, organizations can prepare by setting up a robust DDoS mitigation strategy, including assessing the risks, evaluating available solutions, considering mitigation strategies and keeping their plan and provider up to date.”

Existing attack vectors

While 2020 did not see any dramatically new attack vectors emerge, there was certainly a greater use of existing ones like web applications, which were the top targeted hacking vector in 2020.

Numerous built-in access protocols, which have been increasingly exploited as attack vectors, came up again in 2020. In fact, the FBI issued an alert in July warning that common network protocols like ARMS (Apple Remote Management Services), WS-DD (Web Services Dynamic Discovery) and CoAP (Constrained Application Protocol) were being abused by hackers to conduct DDoS reflection and amplification attacks – while cautioning that disabling them could cause a loss in business productivity and connectivity.

In response to this heightened threat level, the results of the latest Neustar International Security Council (NISC) survey indicated that more cyber security professionals are outsourcing DDoS mitigation, having increased by a full percentage point in the last quarter alone.

DNS attacks

In 2020, Neustar also saw an increase in attacks on the Domain Name System itself — or what look like attacks, as bad actors abuse the system.

“Acting as the Internet’s address book and backbone of today’s digital services, it’s unsurprising that DNS is an increasingly appealing target for malicious actors, particularly as more consumers turn to websites during peak online shopping periods,” said Rodney Joffe, Senior Vice President and Fellow, Neustar.

Recent NISC survey data supports this trend, with three in five respondents in a December 2020 study reporting they had fallen victim to a DNS attack in the last year. Even more concerning, over 70 percent of organizations admitted to having reservations about their awareness of, and ability to respond to, DNS attacks.

The total number of DDoS attacks Neustar mitigated on behalf of its customers in 2020 increased by more than two and a half times over 2019. The largest attack size observed during this time was also the largest that Neustar has ever mitigated and, at 1.17 Terabits per second (Tbps), among the largest ever seen on the Internet. The longest duration for a single attack was also the longest Neustar has mitigated, at 5 days and 18 hours.

More details.



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.