Although DDoS as a threat vector may have been overshadowed in the media as a result of several high-profile ransomware operations this year, instances of DDoS attacks show little sign of slowing down as a common tool for malicious actors.

According to new Digital Shadows research, 2020 saw the largest DDoS attack on record, peaking at rate of 2.3 terabytes per second and causing three days of downtime for the targeted business. The attack was carried out deploying hijacked CLDAP (Connection-less Lightweight Directory Access Protocol) web servers and caused three days of downtime for the unnamed targeted business. This event further proves how threat actors are refining their DDoS techniques to create a product more threatening than ever.

In 2020, for instance, Digital Shadows observed many attacks against the healthcare industry, with the most notable one being the March 2020 denial-of-service attack against the U.S. Health and Human Services Department operated by an unknown threat actor in a pivotal moment amid the virus outbreak.

After the killing of George Floyd, advocacy groups, government websites, such as those belonging to the police and the military, were subjected to the most significant number of attempted DDoS attacks.

Cybercriminal forums are filled with rentable botnets, so it’s even possible for those without technical know-how to execute powerful DDoS attacks. This market evolution, along with other factors, has ensured that the attacker’s DDoS playbook continues to expand in tandem with attempts to mitigate the threat of such attacks.

In its research, Digital Shadows describes three main trends for this year that will persist well into 2021.

  1. Leveraging IoT.
  2. Leasing DDoSaaS Solutions.
  3. DDoS extortion.

Digital Shadows highlights how organizations can effectively mitigate DDoS attacks, which have such a low barrier to entry and  a range of easily-accessible resources to aid attackers. Given the variety of organizations targeted – ranging from advocacy groups to governments to stock exchanges and private companies – researchers offer a broad strategic mitigation plan that any organization can leverage to protect itself, including:

For tips, and more details about the trends, please visit https://www.digitalshadows.com/blog-and-research/the-evolution-of-ddos-activity-in-2020/