DDoS attacks down year-on-year but assaults on wireless sector increased, became more sophisticated

  • 9.7 million DDoS attacks in 2021, down 3 per cent on 2020, according to latest NETSCOUT Threat Intelligence Report, but there are still 3 attacks every second
  • Wireless telecoms bearing the brunt 
  • Global connectivity supply chain under constant attack
  • DDoS-for-Hire organisations provide tools and expertise for anyone to mount an attack for US$10 an hour, or less

Last year, 9.7 million DDoS attacks were launched. That’s a hell of a number, but actually three per cent down on 2020, according to the latest Threat Intelligence Report from NETSCOUT, which covers the second half of 2021. However, that reduction, in itself, is not necessarily as good a thing as it might seem if a smaller number of attacks are more successful. The bi-annual publication provides an excellent summation of global DDoS attacks and shows that such assaults happen somewhere every three seconds, day and night, 24/7, and seemingly ad infinitum

It also shows that the global wireless industry actually experienced a big increase in the number of attacks made, even as other types of telecoms networks and services registered a small but significant decline. The combination of well-organised ransomware gangs, the proliferation of DDoS-for-Hire Services and ‘server-class ‘armies of botnet invaders are resulting in the proliferation of increasingly sophisticated attacks. The report says the increase is unlikely to be temporary as it “reflects a continued increase in gamers leveraging wireless hotspots and the rapid expansion of 5G technologies and services.”

It adds that “the connectivity supply chain is increasingly under attack in the UK and around the world with telcos, electronic computing manufacturers and data processing services all [being] highly targeted” and are happening at a rate 14 per cent above what was routinely the case before the Covid-19 pandemic struck. The report also details how, over the second half of 2021, high-powered botnet armies ‘rebalanced the scales” between volumetric and direct-path (non-spoofed) attacks. This change created more sophisticated operating procedures for attackers who began to apply new tactics, techniques, and methods to diversify their assaults and achieve greater success. It’s bleak picture that looks even darker given the overt belligerence and threats that are so evident as a result of, and corollary to, Russia’s invasion of Ukraine and the west’s less-than-amicable relations with China.

DDoS extortion and ransomware incursions are also rising with, for the first time, three high-profile extortion campaigns being carried out simultaneously with ransomware gangs including Avaddon, REvil, BlackCat, AvosLocker, and Suncrypt detected as ruthlessly extorting their victims. Things have got so bad (or so successful have the ransomware gangsters become), that there now other extortionists masquerading as affiliates of their favourite DDoS extortion operators such as REvil. Imitation remains the sincerest form of flattery - even amongst blackmailers.

Elsewhere, Dynamic Voice Over IP (DVOIP) services have been targeted with concerted attack campaigns being mounted by the REvil imitator, with one VOIP provider brave enough to go public and admit that it had lost up to US$12 million in revenues as a result.

DDoS-for-Hire behind the new cottage industry of attacks mounted by technially incapable individuals

NETSCOUT, of Westford, Massachusetts, is, in true Baden-Powell style, doing its best to help digital business services against security, availability, and performance disruptions and for its report examined 19 DDoS-for-Hire services that make it easy and cheap (as little as $10 an hour) for technically unsophisticated individual malefactors or small groups to launch cyberattacks by providing the botnets and know-how needed. It’s becoming a strange and horrible new cottage industry.

Of course, DDoS attacks are illegal in most parts of the world but DDoS-for-hire ‘companies’ get around by advertising booter and/or stresser services and tools that in the hands of legitimate and law-abiding companies are used to test and stress a server’s ability to handle large amounts of traffic. Legitimate providers know that their tools can be misused and will always ask for proof of ownership of a server or servers before providing booter or stresser capabilities. Other, illegitimate providers don’t - and will always help enable attacks against any server or website. 

Interestingly, incursions on Asia-Pacific companies and organisations increased by seven per cent year-on-year even as they declined in a number of other regions.

Attackers also target selected industries with assaults on software publishers increasing by an astonishing 606 per cent compared with the same period in 2020. Insurance agencies and brokers were hit with a 257 per cent increase in the incidence of attacks while computers manufacturers suffered a 162 per cent rise. Even schools, colleges and universities experienced a 102 per cent rise in attacks during the second half of last year. The NETSCOUT report puts this down to the return to normal on-site teaching and the ever-increasing use of wireless technologies. Rather coyly, NETSCOUT says it is aware that many of the attacks have been perpetrated by students, but won’t tell how it knows.

Back in 1605, when William Shakespeare was still wielding the quill and King Lear was being written, another playwright, Thomas Middleton, wrote a well-received comedy called “It’s a Mad World, My Masters.” Nothing has changed over the intervening 417 years.

Email Newsletters

Sign up to receive TelecomTV's top news and videos, plus exclusive subscriber-only content direct to your inbox.