DDoS and Password Attacks Are Rising Rapidly During the COVID-19 Pandemic
Security researchers are looking back at 2020 and their findings are not particularly encouraging. Analysts from F5 Labs recently published a report on digital attacks and incidents that took place over the previous 11 months of the current year and the figures and statistics are not great to look at.
It was to be expected that with so many people in lockdown all over the world, online activity would dramatically increase, whether it's work, leisure or shopping. This gave bad actors ample opportunity to execute all sorts of attacks.
The year started with attack frequencies that were actually lower than the comparable period of 2019. However, once the lockdowns began, attacks skyrocketed. The stretch of peak bad actor activity was over the spring months, with things slowing down a bit in the summer.
Even with the decrease in attacks and incidents in late May and June, attacks were still twice as common as the same period of the previous year.
Focus on DDoS and Password Attacks
F5 Labs focused on two specific venues of attack - DDoS and password attacks, comprising respectively 45% and 43% of reported incidents for the months between January and August 2020.
Both the volume and focus of DDoS attacks is shifting, according to the F5 Labs report. While only 4% of DDoS attacks were aimed at web applications in 2019, that percentage grew nearly sevenfold year over year. DNS spoofing attacks also nearly doubled, going from 17% to 31% over 2020.
F5 also stated that in 2020 a good 67% of all attacks aimed at retailers were password-oriented, comprising an increase of nearly 30% against the previous year. Authentication attacks targeting APIs are also climbing, doubling in volume compared against 2019.
It makes sense for bad actors to be making everything they can to exploit the current lockdowns and heavily increased online presence of millions of people. This only means we should be even more vigilant and careful with our digital security.