Coronavirus
COVID-19 Sparks Big DDoS and Password Login Attack Surge
The COVID-19 pandemic has driven a significant spike in DDoS and password login attacks, according to new analysis from F5 Labs.
Based on new global data sourced from the F5 Security Incident Response Team (SIRT), the research reveals an unprecedently febrile and vulnerable threat landscape post-lockdown.
“F5 Labs reviewed all the reported incidents from the beginning of 2020 until August, and attackers are clearly doing everything they can to exploit pandemic-related online behavior,” said Raymond Pompon, Director of F5 Labs.
“Expect more turbulence on the horizon as COVID-19 continues to evolve and wield an economic impact. This year’s holiday shopping season, for example, will be more online than ever and under intense fire from cybercriminals. One thing is clear: our rising usage and dependence on technology have also brought increased levels of already growing attack trends.”
Lockdowns unlocking new threats
In January, the number of all reported SIRT incidents was half the average reported in previous years. As lockdowns hit from March onwards, incidents rose sharply. Numbers plateaued with a three-fold spike over previous years in April, and only began to fall back to normal in May and June. In July, they crept back up to twice the level seen at the same time in 2019.
The attacks fell into two large buckets: Distributed Denial of Service (DDoS) and password login attacks. Password login attacks were comprised of brute force and credential stuffing attacks. Both involve attackers trying guess their way past a password login.
From January through August, 45% of SIRT reported incidents were related to DDoS and 43% were password login attacks. The remaining 12% were reported incidents for things like malware infections, web attacks, or attacks that were not classified.
DDoS surges and shifts
In January, DDoS attacks started off as just a tenth of reported incidents. By March, they had grown to three times that of all incidents.
In 2019, 4,2% of DDoS attacks reported to the F5 SIRT were identified as targeting web apps. This increased six-fold in 2020 to 26%.
Meanwhile, attack types are becoming more diverse. In 2019, 17% of all DDoS attacks reported to the SIRT were identified as DNS amplification attacks, which spoof DNS requests to flood back at a victim. The number nearly doubled to 31% this year.
DNS Query Flood are also on the rise. This is where an attacker sends malicious requests that are purposely malformed to cause a DNS server to exhaust its resources. 12% of DDoS attacks during the period studied by F5 Labs used this method.
Retail bears brunt of login attacks
67% of all SIRT-reported attacks on retailers in 2020 were password attacks, which is a 27% rise on last year.
During the same period, half of all incident reports from service providers were attributed to password login attacks. The figure stood at 43% of incidents for financial services customers.
F5 Labs also observed a spike in authentication attacks on APIs, which doubled from 2.6% in 2019 to 5% so far in 2020.
-
Oil & Gas1 month ago
Oman Oil Exports Exceed 135.3m Barrels by End of June 2024
-
Banking & Finance2 weeks ago
Apple Pay Officially Launched in Oman
-
Investment3 days ago
With Over RO600M in Foreign Investments, Future Fund Oman Unveils the First Batch of Investment Projects with an Overall Value of RO830M+
-
Uncategorized2 weeks ago
A Quick Guide to OQEP IPO Roadshow Dates & Locations
-
Economy2 weeks ago
Trade Exchange Between Oman & KSA Exceed RO1.014B
-
Insurance3 days ago
Liva Insurance Shines with Triple Honors at Alam Al-Iktisaad Wal Aamal Awards 2024
-
Lifestyle3 days ago
Royal Opera House Muscat Welcomes First Shows of its 2024/25 Season
-
Oil & Gas3 days ago
Oct 2, 2024: Oman Oil Price Rises By US$4.56