sb-eu logo
Story image

DDoS attacks doubled in Q1 2020 as attackers target remote workers

11 May 2020

Distributed Denial of Service (DDoS) attacks grew substantially in the first three months of this year, with Kaspersky reporting that it blocked double the amount of attacks in first quarter of 2020 than in Q4 2019, and 80% more than in Q1 2019.

Threat actors are clearly taking advantage of the great shift to remote working and learning incited by the outbreak of COVID-19, in which people are isolated and are therefore heavily reliant on digital resources. 

In particular, Kaspersky’s report revealed notable growth in the number of DDoS attacks on educational resources and cities’ official websites. 

In Q1 2020, this number tripled compared to the same period in 2019, with the share of DDoS attacks amounting to almost 1 in 5 (19%) of the total number of incidents in Q1 2020.

The average duration of DDoS attacks in general also grew: in Q1 2020, a DDoS attack lasted 25% longer than in Q1 2019.

Kaspersky experts suggest that the growth in attackers' interest is caused by the fact that people are becoming more reliant on online resources remaining stable and accessible during the outbreak. 

If cyber attackers can gain the trust of a victim by masquerading as a reputable source, such as the World Health Organisation or any given country’s Ministry of Health, then attacks are more likely to succeed.

“Outage of internet services can be especially challenging for businesses now, because this is often the only way to make goods and services available to their customers,” says Kaspersky DDoS proection team business development manager Alexey Kiselev.

“In addition, widespread adoption of remote working opens new vectors for those responsible for carrying out DDoS attacks. 

“Previously most attacks were conducted against the public-facing resources of companies. We now see that DDoS attacks target internal infrastructure elements, for example, corporate VPN gateways or email servers.” 

Kaspersky recommends taking the following steps to protect against DDoS attacks as staff work from home:

Don't panic. Unexpected traffic peaks may look like a DDoS attack, but these instances can be caused by legitimate users. They can visit resources which were not as popular before, at times they were not previously accessing them.

Conduct a fault tolerance analysis of your infrastructure to identify weak nodes and increase their reliability. Attack vectors and traffic peaks are changing, so some resources may work unstably.

Consider DDoS protection for your non-public services. Their importance to business continuity may increase, making them a target for malefactors.

Story image
Claroty finds four vulnerabilities in Schneider Electric OT device
Unmitigated vulnerabilities could give an attacker access to the device, enabling the attacker to break encryption, modify code, and run certain commands.More
Story image
2020's most wanted malware: Trickbot and Emotet trojans driving spike in ransomware attacks
"We've seen ransomware attacks increasing since the start of the coronavirus pandemic, to try and take advantage of security gaps as organisations scrambled to support remote workforces."More
Story image
CyberArk launches AI-powered service to remove excessive cloud permissions
“Cloud adoption has massively accelerated, but as new environments and cloud services are deployed, thousands of identity-based permissions are created – many of which go overlooked."More
Story image
Securing the 'next normal' — Check Point's cybersecurity predictions for 2021
“One of the few predictable things about cyber-security is that threat actors will always seek to take advantage of major events or changes – such as COVID-19, or the introduction of 5G – for their own gain."More
Story image
The ultimate network security audit checklist
Experts project that losses and damage from cybercrime will skyrocket, with attacks ranging from spam and phishing to malware and spyware — all compromising the safety of sensitive data and proprietary information. These attacks can be minimised by performing network security audits regularly.More
Story image
Ping Identity acquires Symphonic Software
The acquisition will add Symphonic’s dynamic authorisation platform to Ping Identity’s portfolio.More