Security News
In a new campaign analyzed by Radware, cybercriminals threaten organizations with Distributed Denial of Service attacks unless they acquiesce to their ransom demands. Published on Wednesday, a security alert entitled "2020 Ransom DDoS Campaign Update" describes how Radware and the FBI have been warning organizations about a global ransom DDoS campaign targeting financial companies and other businesses around the world.
Companies worldwide have continued to receive extortion emails threatening to launch a distributed denial-of-service attack on their network, unless they pay up - with British foreign-exchange company Travelex reportedly being one recent high-profile threat recipient. While the ransom DDoS campaign has been ongoing since August and has received widespread coverage, researchers with Radware said in a Wednesday post that they are continuing to see companies worldwide receive the extortion emails - and that attackers are becoming more sophisticated.
Corero Network Security announces that it has released a major update to its SmartWall Threat Defense System. Corero's SmartWall Threat Defense System already delivers line-rate performance for the fastest, always-on, real-time DDoS protection but these new enhancements propel the solution to industry leading levels of accuracy and effectiveness for automatic DDoS detection and mitigation.
Cloudflare now allows paid customers to create notifications that warn them when their sites are under a DDoS attack. Cloudflare has always offered DDoS protection as one of its core offerings, but unless a site owner or administrator were actively using their site or using monitoring tools, they would not know that their service was under attack until it was too late.
DDoS attacks would either slow down election-related public-facing websites or render them inaccessible, thus preventing voters from staying updated with voting information or from accessing voting results. "The public should be aware that if foreign actors or cyber criminals were able to successfully conduct DDoS attacks against election infrastructure, the underlying data and internal systems would remain uncompromised, and anyone eligible to vote would still be able to cast a ballot," the FBI and CISA note.
"The first half of 2020 witnessed a radical change in DDoS attack methodology to shorter, faster, harder-hitting complex multi-vector attacks that we expect to continue," stated Richard Hummel, threat intelligence lead, Netscout. More than 929,000 DDoS attacks occurred in May, representing the single largest number of attacks ever seen in a month.
Attackers shifted tactics in Q2 2020, with a 570% increase in bit-and-piece DDoS attacks compared to the same period last year, according to Nexusguard. Perpetrators used bit-and-piece attacks to launch various amplification and elaborate UDP-based attacks to flood target networks with traffic.
The increase was felt across all size categories, with the biggest growth happening at opposite ends of the scale - the number of attacks sized 100 Gbps and above grew a whopping 275% and the number of very small attacks, sized 5 Gbps and below, increased by more than 200%. Overall, small attacks sized 5 Gbps and below represented 70% of all attacks mitigated between January and June of 2020. The rise in smaller DDoS attacks has been matched by increases in attack sophistication and intensity.
Neustar's Security Operations Center saw a 151 percent increase in DDoS activity in the period, including one of the largest and longest attacks that Neustar has ever mitigated - that attack came in at 1.17 terabits-per-second, and lasted five days and 18 hours. DDoS attacks are getting bigger, with what Neustar said is a "Noticeable spike" in volume: The number of attacks sized 100Gbps and above grew a whopping 275 percent.
Without early threat detection, you may not know your website has been hit by a DDoS attack until it slows down or stops, says NordVPN Teams.