In 2020, the world has changed, but changes affected not only ordinary life. Due to the new social norms, people massively switched to digital. Medicine, sales, food delivery, education: organizations from different fields were forced to work online. Naturally, hackers took advantage of the situation, and the number of cyber attacks of various kinds also increased. Let's have a look at what cybercrime looked like and what statistics we eventually received on DDoS attacks in 2020.
Hackers began to attack 2.5 times more often
In the first half of 2020, when total quarantine was introduced, people began to spend more time on the Internet by about 50-70%. The growth of traffic was also marked by the activity of cybercriminals. So, according to Neustar, from January to July 2020, more than 150% more cyber attacks were recorded than in the previous six months. Moreover, in the first quarter, the number of DDoS interventions doubled compared to the last reporting period. In the third quarter, cybercriminals decreased activity, and by the end of the year, the number of attacks decreased by 30%, compared with the previous period.
The geographical distribution of DDoS attacks remained the same throughout the year. Among the leaders were invariably China, the USA, and Hong Kong, with small changes in the number of interventions.
Medicine, education, and online media are the targets
Hackers' priorities have also partially changed. Earlier, DDoS attacks were most often directed to online stores, financial and entertainment services, but in 2020 the list of the most vulnerable industries included the following:
- medicine;
- streaming services;
- educational platforms.
We can also draw a parallel with the increase in Internet traffic on such services, and this is logical: people during quarantine actively use remote medical services and often spend leisure time watching films on platforms like Netflix. Also, due to the transition to distance learning, the number of educational platforms and their attendance increased.
In the first quarter, cybersecurity specialists had to stop DDoS attacks against large medical organizations. Even on the eve of quarantine, the attackers launched an attack against the website of the US Department of Health. A little later, European hackers tried to paralyze the work of the Parisian network of clinics.
An interesting fact is that attacks on medical facilities are not the only consequence of quarantine. In April, at the peak of the incidence, cases of malicious mailings became more frequent, in which the authors promised to help combat coronavirus infection. As a rule, the letters contained malicious file attachments and links. According to Trend Micro, mailings were mostly sent to residents of the United States, Germany, and France. The attackers reported fake information that because of the pandemic, the bank serving the user was closing, they offered to buy a non-existent vaccination and even talked about applications that were supposedly able to protect against the Covid. Thus, bank details were lured from people and, as a result, money was stolen.
Cybercriminals actively launched cyberattacks against educational platforms due to the transition to distance learning. One of the first such cases was noticed at the beginning of the year when hackers attacked the German service for remote training called Mebis in Bavaria. In the second quarter of 2020, Russian attackers became more active. They chose online training platforms as a target, as reported by Rostelecom. During this period, attempts to disable the educational services of the Russian Federation became 5 times more frequent, compared to previous years. At the beginning of the school year, attacks were launched against American educational resources - hackers disrupted remote lessons for several days. At the end of the year, failures caused by DDoS occurred on the sites of American and Canadian schools and universities. In the United States, the threat of disruption of classes was so obvious and terrifying that the FBI issued a warning and noted the need to more intensively protect educational platforms.
Akamai provides an interesting statistic about cyber attacks. According to the organization, in 2020, the biggest number of phishing and DDoS attacks were aimed at financial services. Accordingly, banks, insurance companies, and cryptocurrency exchanges were targeted by hackers, and remain under the target till now. The list of industries most vulnerable to phishing also included online retail and media services. Thus, medicine and education, although they came to the attention of attackers, did not become the leading industries in this negative rating.
DDoS were used for political purposes
We have already discussed the fact that the motivation of cybercriminals can also be politically conditioned. For such hacker attacks, there is a separate term: hacktivism. You can read about the purposes for which DDoS attacks are organized in this publication.
The hacktivists showed themselves especially vividly in 2020. The past year was rich in political events, and their participants spoke out, including through DDoS attacks. At the beginning of the year, Greek state portals were disabled twice, and in one case the group from Turkey took responsibility. A little later, in February, hackers tried to attack the US voter registration platform before the upcoming presidential election. By the way, they did not succeed due to the good level of security of the service.
In late May, when mass protests began in the United States in support of the BLM movement, cyber-attacks were directed on human rights organizations. The number of attacks increased by more than 1100 times. At the same time, activists on the other side of the confrontation hacked Minneapolis police sites and state information services in Minnesota, where the conflict occurred.
In June, a wave of DDoS attacks attacked Russian state portals. The reason was the amendment of the Constitution of the Russian Federation. The first intervention occurred a day after the start of the vote, as reported by the Russian Central Election Commission.
Hackers had been inventing new DDoS attack tactics
The cybersecurity industry is strengthening its position and introducing new ways to combat intruders. Because of this, DDoS attacks are becoming more sophisticated. For this, hackers come up with and launch new ways to attack resources. In 2020, experts noted more impulse and packet attacks. Also, more often they began to use ARMS, CoAP, WS-DD, and other applications, namely, their built-in network protocols.
Cybercriminals have returned to botnets we already know - malicious networks built from hundreds of IoT devices that have vulnerabilities and weak protection. In a previous publication, we have already discussed botnets in more detail. In 2020, malicious networks were used simultaneously for DDoS attacks and cryptocurrency mining. So, Trend Micro noted the XORDDoS and Kaiji botnets, which penetrate into unprotected Linux Docker containers. Following them, the Kaiten (Tsunami) botnet began to show similar activity. Capturing containers is difficult to use for DDoS attacks, so they are used for black cryptocurrency mining.
The distribution of botnets by type has changed insignificantly. Previously, the vast majority of botnets worked on Linux, and Windows botnets made a small percentage. According to Kaspersky Lab experts, by the end of the year, Linux-botnets began to prevail completely: they now account for 99.8% of the total number of malicious networks.
The most powerful DDoS attack in history was launched
Previously, we wrote about the most well-known cyberattacks against major global giants. In 2020, hackers set a new record by launching the most powerful DDoS attack in the history of the Internet. The target was the Shield service from Amazon Web Service. The power of the cyber attack against AWS was 2.3 TB/s. Cybercriminals used CLDAP web servers; they hacked them previously. CLDAPs can increase unauthorized traffic by 70 times; thanks to this, hackers were able to achieve such high power. It took cybersecurity specialists 3 days to fight the DDoS attack, but Amazon Web Service managed to cope with the problem without serious consequences.
How can I protect myself from a DDoS attack?
A DDoS attack is not just a situation where your site is temporarily inoperable. In some cases, such an intervention can literally destroy your business. If you run a small online store on a local scale, your chances of falling victim to such an attack are not big, compared to a large corporation. But there is still a probability, which is vividly indicated by a review of last year's DDoS attacks.
To prevent negative consequences, it is worth understanding at least in general terms how to act if an attack has already occurred. And it is better to study our detailed guide for victims of cyberattacks. In the case of a DDoS attack, you need to act as quickly as possible, otherwise, you can lose customers, reputation, money, and sensitive data. As a result, you will lose your business.But the likelihood of a cyber attack against your resource can be reduced to a minimum level if you think about security measures in advance. All you need to do is order effective anti-DDoS protection from King Servers. Geographically distributed filtering with a capacity of 1 Tb/s, 24-hour availability of your resources - this is not a full list of benefits that we offer our customers. You will continue developing your business, and we will take care of its safety.