Europol Reports Increase in DDoS During Pandemic

On April 3, 2020 Europol, the European Union’s law enforcement agency, published a report titled “Catching the virus: cybercrime, disinformation and the COVID-19 pandemic.” The report addresses a variety of cybercrime issues, including ransomware, child sexual exploitation, phishing, counterfeit product sales, and Distributed Denial of Service (DDoS) attacks.

Regarding DDoS attacks, the report states: “Only a slight increase in the number of distributed denial-of-service (DDoS) attacks has been observed following the outbreak of the COVID-19 pandemic. However, it is expected that will be an increase in the number of DDoS campaigns in the short to medium term. Due to a significant increase in the number of people working remotely from home, bandwidth has been pushed to the limit, which allows perpetrators to run ‘extortion campaigns’ against organisations and critical services and functions.”

Europol seems particularly concerned with ransom-driven DDoS attacks, in which cybercriminals take an organization offline—or at least degrade service and create latency— by sending high volumes of junk traffic, often via botnets. Extortion is one of the oldest tactics in the criminal playbook. When faced with the costs of their business going offline, if a successful DDoS attack is launched against them, organizations can feel compelled to pay the ransom demand. However, that approach offers no guarantee that an attack will not be launched (or stopped if it is already in progress), and paying the ransom only encourages more of such criminal behavior.

The Dark Web is fertile ground for criminals and their illegal activities. With individuals and organizations facing unusual times, and many more employees working remotely using secure Virtual Private Network (VPN) connections to access company resources, it is easier for bad actors to exploit weaknesses in cybersecurity defenses. While some cybercriminals have claimed that they will not take advantage of certain organizations, namely healthcare facilities, during this pandemic, it’s clear that there are plenty of other bad actors with no moral compass whatsoever. The U.S. Federal Bureau of Investigation (FBI) said recently the number of cybercrime reports has quadrupled compared to the months before the pandemic.

When it comes to cyberattacks of any kind, it is best to be proactive, rather than reactive, and this is especially true of DDoS attacks. If you don’t have an effective, real-time, automated, DDoS mitigation solution in place, it’s basically impossible to stop modern DDoS attacks from creating the damaging impact their perpetrators intended. As the saying goes, an ounce of prevention is worth a pound of cure. People often write about “what to do if your organization experiences a DDoS attack.” The truth is, without proper protection, there is not much one can do in that situation. The only options are to ride it out, or take the attacked services offline completely by blocking all the traffic to them, so you can at least remediate the servers and applications that deliver those services and be ready for when the attack ceases. Of course, you still then need to deal with the costs of lost productivity, revenue, and customer trust. It’s important to note, however, that many DDoS solutions do not have a reaction time that is fast enough to completely block attacks without any impact to their target, so be sure to check that the time-to-mitigation of any solution you consider is a few seconds, or less.

For over a decade, Corero has been providing state-of-the-art, highly-effective, real-time automatic DDoS protection solutions for enterprise, hosting and service provider customers around the world. Our SmartWall® DDoS mitigation solutions protect on-premise, cloud, virtual and hybrid environments. For more on Corero’s diverse deployment models, click here.  If you’d like to learn more, please contact us.

Sean Newman is VP Product Management, responsible for Corero’s product strategy. Sean brings over 25 years of experience in the security and networking industry, to guide Corero’s growing leadership in the real-time DDoS protection market. Prior to joining Corero, Sean’s previous roles include network security Global Product Manager for Cisco, who he joined as part of their acquisition of cyber-security vendor Sourcefire, where he was Security Evangelist and Field Product Manager for EMEA. Prior to that he was Senior Product Manager for endpoint and network security vendor Sophos, after having spent more than 12 years as an Engineer, Engineering Manager and then Senior Product Manager for network infrastructure manufacturer 3Com.