The Long Tail of Attacker Innovation

Given the unprecedented nature of the past 18 months, NETSCOUT’s ATLAS Security Engineering and Response Team (ASERT) fully expected that their “up and to the right” mantra would prove correct for the first half of 2021, as the team observed a record-setting 5.4 million attacks. And as the findings from the 1H 2021 NETSCOUT Threat Intelligence Report show, the ongoing surge in DDoS activity is just one aspect of the dramatic impact cyberattacks continue to have on private and public organizations and governments worldwide.

The report details how the long tail of cybercrime innovation swept through the lockdown days of the COVID-19 pandemic to infiltrate the bulk of 2021.  Cybercriminals weaponized and exploited seven newer reflection/amplification DDoS attack vectors, a much faster discover-and-weaponize rate usually seen.  This attack vector explosion spurred an increase in multivector DDoS attacks, with a record-setting 31 attack vectors deployed in a single attack against one organization. Meanwhile, threat actors discovered ever-more- ingenious ways to part organizations from their money, such as the advent of triple extortion ransomware and DDoS extortion campaigns.

"Cybercriminals are making front-page news launching an unprecedented number of DDoS attacks to take advantage of the pandemic's remote work shift by undermining vital components of the connectivity supply chain," stated Richard Hummel, threat intelligence lead, NETSCOUT. "Ransomware gangs added triple-extortion DDoS tactics to their repertoire. Simultaneously, the Fancy Lazarus DDoS extortion campaign kicked into high gear threatening organizations in multiple industries with a focus on ISPs and specifically their authoritative DNS servers."

The report details how the long tail of cybercrime innovation swept through the lockdown days of the COVID-19 pandemic to infiltrate the bulk of 2021. - Read more at @NETSCOUTKey findings from the NETSCOUT 1H 2021 Threat Intelligence Report include the following:

• New adaptive DDoS attack techniques evade traditional defenses. By customizing their strategies, cybercriminals evolved their attack efforts to bypass cloud-based and on-premises static DDoS defenses to target commercial banks and credit card processors.
• Connectivity supply chain increasingly under attack. Bad actors looking to cause the most collateral damage focused their efforts on vital internet components, including DNS servers, virtual private network (VPN) concentrators, services, and internet exchanges, disrupting essential gateways.
• ISPs face DDoS extortion attacks. Threat actors launched the self-dubbed Fancy Lazarus DDoS extortion campaign that primarily targets authoritative DNS servers for internet service providers (ISPs). Meanwhile, the more broadly based Lazarus Bear Armada (LBA) DDoS extortion campaign continues to target victims across a range of industries.
• Triple extortion: a ransomware trifecta. Ransomware gangs added triple extortion attacks to their service offerings. By combining file encryption, data theft, and DDoS attacks, threat actors have hit a ransomware trifecta designed to increase the possibility of payment.
• Botnet exposé. Tracked botnet clusters and high-density attack-source zones worldwide showcased how malicious adversaries abused these botnets to participate in more than 2.8 million DDoS attacks.

NETSCOUT's Threat Intelligence Report covers the latest trends and activities in the DDoS threat landscape. It covers data secured from NETSCOUT's Active Level Threat Analysis System (ATLAS™) coupled with NETSCOUT's ATLAS Security Engineering & Response Team insights.

Explore the full interactive report