DDoS attacks increased by 542% within the first quarter of the year compared to the last quarter of the previous year according to the NexusGuard Q1 2020 Threat Report. Researchers attribute the sharp rise in incidents to malicious efforts during the COVID-19 pandemic when most consumers became dependent on online services while workers started working from home during the pandemic to prevent the spread of the virus. The heavy reliance on remote services overwhelmed most ISPs thus allowing the attacks to take place. The researchers also discovered various abnormal traffic patterns, including small-sized, short attacks known as “invisible killers” which most ISPs overlook thus allows the attackers to gain access to online services and cause disruption.
DDoS attacks skyrocket during the pandemic
Compared to Q1 2019, DDoS attacks rose by over 278% in Q1 2020. However, the increase between Q3 2019 and Q1 2020 skyrocketed to 542%. The sharp increase in DDOS attacks was witnessed when consumers and workers became dependent on online services to meet their various obligations.
The Q1 2020 Threat Report revealed that 90% of DDoS attacks preferred a single-vector to the previously popular multi-vector approach.
The report also indicated that bits-and-pieces attacks continue to infiltrate traditional threshold-based detection. These forms of attacks result from drip-feeding doses of junk traffic into a large IP pool. Such attacks clog the targeted infrastructure when small bits of attacks accumulate from various source IPs.
While internet service providers played a crucial role in preventing such attacks, the rise of abnormal traffic, such as invisible killers and reflection attacks, undermined their efforts to contain the DDoS attacks during the pandemic.
Additionally, the rise in the volume of traffic stemming from the rise in demand for online services has overwhelmed ISPs thus hindering their efforts to contain DDoS attacks.
The researchers said the ISPs had no choice but to address the new attack methods, which were becoming more prevalent during the pandemic. They warned that failure to do so could cause massive disruptions emanating from widespread DDoS attacks.
Brute force cyber pandemic
Coincidentally, COVID-19 pandemic caused an increase of brute force attacks as employees access companies’ systems through Windows Remote Desktop Protocol (RDP). However, most companies fail to secure their remote access services opening a new attack vector within their organizations.
Javvad Malik, Security Awareness Advocate at KnowBe4, says the current pandemic created the necessary conditions for cybercriminals to exploit RDP connections to execute attacks.
“RDP has been a popular attack vector for many years now, but this has increased even more ever since IT teams had to accommodate a remote workforce due to COVID-19. In an attempt to keep the show on the road, many IT teams would have enabled RDP in addition to relaxing security controls in order to allow employees to work unhindered from home.”
He adds that organizations should only resort to RDP when no other alternatives exist, and “should enforce strong passwords, MFA, and enhance monitoring of connections.”
Many organizations use weak passwords and fail to implement additional layers of authentication. Consequently, many ransomware operators brute force RDP connections and use them to run ransomware to encrypt organizations’ data. As a result, the number of unique clients having reported at least one RDP attack has increased, according to ESET Telemetry.
Mitigating brute force attacks
The most effective method of securing RDP protocols in the absence of an RDP protection solution is to disable internet-facing RDP. Similarly, system administrators could limit the number of users allowed to connect to the corporate servers over the internet.
Organizations should also implement password policies that demand strong and complex passwords to gain access to companies’ information system through RDP.
Saryu Nayyar, CEO at Gurucul, says although no perfect solution exists, complex passwords are a life-saver.
“While there are no perfect solutions, reducing the threat from brute-force attacks is straightforward. Enforcing password discipline, where users must choose complex passwords with uppercase, lowercase, numeric, and special characters, with a minimum length greater than 14 characters, makes a brute-force attack much more complicated. Fifteen characters is a minimum to withstand rainbow table attacks, with longer passwords giving much greater security.”
Creating an additional layer of authentication through multifactor authentication (MFA) and two-factor authentication (2FA) would prevent such attacks from succeeding during the pandemic. The use of a VPN gateway to broker all RDP connections to the local network is also a corresponding solution.
Additionally, sysadmins should disable external connections through TCP/UDP port as well as any other RDP port to prevent brute force attacks from succeeding.
Implementing self-defense mechanisms for security software such as using passwords to access configuration settings, would prevent tampering. These measures could prevent malicious users from disabling or uninstalling anti-viruses and firewalls.
Replacing outdated computers or preventing them from being accessed from the internet is also a good option.