Corero highlights attacker behaviour during pandemic in latest report

Corero Network Security has published its latest edition if its annual DDoS Threat Intelligence Report which highlights threats are growing in sophistication, size and frequency. The year 2020 revealed changes in attacker behaviour during the pandemic including a year-over-year increase of nearly 400% in the use of OpenVPN reflections as an attack vector.

“OpenVPN as a reflection DDoS vector is bad news for the victim being attacked but, also for the organisation whose OpenVPN infrastructure is being used to launch the attack as their remote workers will sugger from a degratded, or possibly unusable, service, impacting productivity and, potentially, business continuity,” explained Ashley Stephenson, Report Co-Author for Corero.

The report also found a 70% increase in DDoS attacks over 10Gbps as high packet rate attacks grew overall during 2020, compared to slight declines in 2019. It suggested that this is due to the increasing shift to 100Gbps Internet connectivity and is accompanied by a trend indicating more everyday DDoS larger than for 10G. Frequency of repeat attacks also grew with a 68% increase of organisations experiencing a second attack within a week.

Regarding DDoS defence, the report does have several recommendations. “With a 2020 estimate that 99% of observed attacks in real time without requiring expensive and time-consuming traffic redirection to cloud solutions,” Ashley added. “This means that most attacks can be addressed by on-premises solutions without the disruption, risk or cost of re-routing customer traffic across the Internet to third party scrubbing centres.

“Once again we are reporting a net increase in the number of unique DDoS attack vectors seen in the wild and in the level of year-over-year DDoS activity. The specific example of the mid-year FBI alert regarding the malicious use of built-in network protocols for DDoS attacks demonstrates that development of new vectors is inevitable.

“Yet our data shows that these exploits were already being used in attacks before the FBI alert and their use continues to grow to this day. Prevention is an impractical strategy, detection and mitigation continue to be the only defence.” 

As the trend towards short duration, high intensity attacks using multiple vectors continues. Ashley concluded that “…as organisations plan their strategy for effective DDoS protection, the relationship between time-to-mitigation and potential downtime is a vital consideration. Organisations must consider that the typical time to swing traffic to cloud DDoS protection means the attack is often already over and the damage may be done.”


Related posts

Scroll to Top