Analyzes by F5 Labs show significant increases in cyber attacks during the COVID-19 pandemic and changing attack patterns, especially for DDoS and password login attacks.
According to a recent analysis by F19 Labs, the COVID-5 pandemic has led to a significant increase in DDoS and password login attacks. Based on global data from the F5 Security Incident Response Team (SIRT), the study shows a feverish and dangerous threat landscape.
“F5 Labs analyzed all reported incidents from early 2020 to August. Accordingly, the attackers are trying everything to exploit pandemic-related online behavior, ”says Raymond Pompon, Director of F5 Labs. “Further turbulence is to be expected. For example, this year at Christmas time more than ever online purchases are being made and shopping is being heavily attacked by cyber criminals. One thing is clear: Our increasing use of and dependence on technology leads to an increase in attack trends that are already growing. "
Lockdown leads to more cyber attacks
In January, the number of all incidents reported to SIRT was half the average of previous years. When the lockdown started in March, the incidents rose sharply. In April there was a plateau with values three times higher than in previous years. It wasn't until May and June that the numbers began to return to normal. In July, they shot back to double compared to 2019.
The cyber attacks fell into two broad categories: Distributed Denial of Service (DDoS) and password login attacks. The latter consisted of brute force and credential stuffing attacks. In both variants, attackers try to guess the password for dialing in. From January to August, 45 percent of the reported incidents were related to DDoS and 43 percent were password login attacks. The remaining 12 percent were malware infections, web attacks, or unclassified methods.
Increasing and changing DDoS attacks
In January, only every tenth cyber attack was a DDoS attack. By March, the proportion increased threefold. Of all DDoS attacks reported to the F2019 SIRT in 5, 4,2 percent attacked web apps. In 2020 this proportion increased sixfold to 26 percent.
Meanwhile, the types of attacks are becoming more diverse. In 2019, 17 percent of all DDoS attacks reported to the SIRT were based on forged DNS queries. The number has almost doubled this year to 31 percent. The flood of DNS queries is also increasing. Here an attacker sends malicious requests to overload a DNS server. 12 percent of the DDoS attacks in the period under review used this method.
Retail hit hard by login attacks
67 percent of all retailer attacks reported to SIRT in 2020 were password attacks. This is an increase of 27 percent over the previous year. In the same period, half of all incidents at service providers were attributed to password login attacks. For financial service providers, the figure was 43 percent. F5 Labs also observed an increase in authentication attacks on APIs, which doubled from 2,6 percent in 2019 to 5 percent in 2020.
More on this at F5.com
Via F5 Networks F5 (NASDAQ: FFIV) gives the world's largest companies, service providers, government agencies and consumer brands the freedom to deliver any app securely, anywhere, with confidence. F5 offers cloud and security solutions that enable companies to use the infrastructure they choose without compromising speed and control. Please visit f5.com for more information. You can also visit us on LinkedIn and Facebook for more information about F5, its partners and technologies.