COVID-19 Update

Ransomware Actors Leveraging DDoS Attacks, Report Says

Service providers are increasingly popular targets for cybercriminals and DDoS-related hacking campaigns, report says.

Leave a Comment

According to cybersecurity company Netscout, service providers are in the crosshairs of DDoS attackers as threat actors ramp up their use of the attack method, pairing it with ransomware and extortion tactics.

The company’s seventh bi-annual Threat Intelligence Report report says there were 5.4 million distributed-denial-of-service (DDoS) attacks in the first half of 2021, which is an 11% increase from the first half of 2020. The company also predicts a record-setting year for these attacks, expecting them to surpass 11 million globally, fueling a growing cybersecurity crisis impacting both public and private sectors.

Netscout also found that threat actors exploited seven newer reflection/amplification attack vectors, spurring an increase in multisector DDoS attacks with a record-setting 31 attack vectors deployed in a single attack against one organization.

The report also offers new insight into how cybercriminals are combining DDoS attacks with other attack methods, including ransomware. In this scenario, threat actors find their way into a victim’s network, encrypt data, steal that data and threaten to publicly release. If the victim still doesn’t pay, hackers resort to triple extortion and conduct DDoS attacks to pressure the victim into paying a ransom.

“First, it emphasizes the seriousness of the adversary,” the report says. “And second, maintaining availability adds yet another stressor to a security team already dealing with the first two events.”

The report comes as news of VoIP company VoIP.ms battles a DDoS attack, which has made the company require visitors to its website complete a CAPTCHA to prove that they’re human. In Twitter posts, the company said it is battling a “massive” DDoS attack and is working to re-establish its services.

Read Next: The Rise of Triple Extortion Ransomware

Although unconfirmed, a Twitter account purporting to be associated with the rEvil ransomware gang has claimed responsibility and has demanded $4.3 million to stop the attacks.

A message on the company’s website states the DDoS attacks continue to target the company’s website and POP servers, but some services have been restored. Check out the company’s twitter for more updates on this.

VoIP.ms, according to Netscout’s report, is an ideal target, as “vital components of the connectivity supply chain” are seeing increasing DDoS attacks. The report listed DNS servers, virtual private networks (VPN) and internet exchanges as the top targets.

According to Netscout, wired and wireless telecommunications carriers and data, hosting and related services make up the top vertical industry targets for DDoS attacks.

“Even if the attack does not take the component fully offline, these services represent hundreds of thousands, if not millions, of consumers, and are the gateways to everything we do online,” the report said. “Take one down, and you impact a huge array of people, organizations, and service providers.”

Indeed, VoIP.ms, which says it has over 80,000 clients, has had its hands full responding to the attack and working with customers to get services back online, according to its Twitter posts over the last several days.

Other findings in Netscout’s report include:

  • The fastest DDoS attack recorded a 16.17% year-over-year increase.
  • The largest DDoS attack, 1.5 Tbps, represented a year-over-year increase of 169%.
  • Botnets contribute to more than 2.8 million DDoS attacks. 

Check out the company’s report for more information on the DDoS threat landscape, including how to defend against these disruptive attacks.

A version of this story first appeared on our sister site My TechDecisions.