The number of DDoS attacks in 2020 exceeds 10 million

The network security company NETSCOUT released a report on the status of DDoS attacks in the past year, stating that the number of DDoS attacks observed in 2020 exceeded the 10 million mark for the first time, setting a record high. NETSCOUT pointed out that this means that everyone should realize that they are at risk.

At the same time, the number of DDoS attacks launched in a single month reached 929,000, a record high; the average monthly number of DDoS attacks was 100,000 to 150,000 times higher than the 2019 average. In general, from 2019 to 2020, the number of DDoS attacks has increased by 20%. Attacks in the second half of 2020 were particularly concentrated, with the number of attacks increasing by 22%.

According to NETSCOUT, the increase in the frequency of DDoS attacks is largely inseparable from the coronavirus pandemic; cybercriminals have exploited the vulnerabilities exposed by the large-scale shift in Internet use. It also shows that industries such as e-commerce, streaming media services, online learning, and healthcare are the most vulnerable targets for DDoS attacks in 2020.

In addition, the report also pointed out that a new threat actor called Lazarus Bear Armada launched a global DDoS blackmail campaign, which is one of the most sustained and widespread DDoS blackmail campaigns to date. In its first attack, it caused the interruption of trading on the New Zealand Stock Exchange, and then successively attacked financial services, Internet service providers, large technology companies, and manufacturing companies. Currently. Lazarus Bear Armada remained active and began to retarget former victims on the grounds that these organizations did not meet the ransom requirements.

NETSCOUT also discovered several new attack vectors based on UDP (User Datagram Protocol), which may also be the cause of the increase in the number of DDoS attacks. Richard Hummel, threat research manager at NETSCOUT, said that every organization needs to be prepared for DDoS attacks, and that preparation is the key to defending against DDoS attacks. Organizations should treat DDoS as a normal part of their risk posture and plan to include protective measures as part of existing core security measures.