Botnet attackers are working around limitations of residential bandwidth and devices
The second half of 2021 marked a shift in dedicated denial of service attacks: A reduction in overall numbers, but a shift toward smarter and higher-volume attacks, according to Netscout’s new Threat Intelligence Report.
Netscout, analyzing data from its Active Level Threat Analysis System (ATLAS) and insights from its ATLAS security engineering and response team, said that cybercriminals launched approximately 4.4 million DDoS attacks in the second half of last year, for a total of about 9.75 million attacks during the course of 2021.
The overall number of attacks saw a decrease from 5.4 million in the first half of 2021, to 4.4 million during the second half of the year. Despite the sequential dip, Netscout pointed out that when you look at attacks independent of pandemic years 2020 and 2021, attacks were still up 14% compared to 2019.
Attack behavior is also changing. Attackers are establishing “high-powered botnet armies,” the report said. While botnets are not a new phenomenon — and are usually made up of connected consumer devices with minimal security and default credentials that can be exploited — Netscout noted that “attacks from DDoS botnets on residential networks have limited power due to the fact that most home users lack high-powered bandwidth. The result is that botnet attacks have been carried out via reflection/amplification attacks over direct-path attacks.” Now, however, cybercriminals are not only building bigger IoT botnets, but they are conscripting high-powered servers and high-capacity network devices.
“Adversaries are … taking a fresh look at overcoming the limitations of residential devices by using server-class devices to push past the network limitations in home environments,” Netscout’s report said.
“While it may be tempting to look at the decrease in overall attacks as threat actors scaling back their efforts, we saw significantly higher activity compared to pre-pandemic levels,” said Richard Hummel, threat intelligence lead at Netscout, in a statement. “The reality is that attackers are constantly innovating and adapting new techniques, including the use of server-class botnets, DDoS-for-Hire services, and increased used direct-path attacks that continually perpetuate the advancement of the threat landscape.”
Among other findings of the report:
-Lines are blurring between DDoS and ransomware attacks, in the form of DDoS extortion campaigns. Netscout said that Voice over IP providers reported between $9 million-$12 million in lost revenue due to DDoS attacks.
-Attacks-as-a-service are reducing the technical requirements and costs for cybercriminals; Netscout said that it examined 19 DDoS-for-Hire services that, combined, offered more than 200 attack types.
-Geopolitical tensions are reflected in regional attacks. Netscout saw a rise of 7% in attacks in the Asia-Pacific regions, amid heightened tensions among China, Hong Kong and Taiwan.
-The most often-hit targets are software publishers, insurance agencies and brokers, computer manufacturers and colleges, universities and professional schools.
Read more in Netscout’s interactive report here.