CISA Warns of Increased DDoS AttacksSecurity Experts Say Remote Workforce, Online Learning Create Opportunities
The U.S. Cybersecurity and Infrastructure Security Agency is warning of an increase in targeted distributed denial-of-service attacks against financial and government organizations worldwide. And security firms also are tracking the incidents in these and other sectors.
DDoS attacks are surging, in part, because threat actors see an opportunity to disrupt the remote workforce as well as schools resuming online education and potentially earn a ransom for ending an attack, security experts say.
"With so much of the world still in a state of pandemic where school is virtual, healthcare visits are remote and shopping has gone digital, the targets are ripe for potential attacks," says Richard Hummel, manager for threat research at Arbor Networks - the security division of Netscout.
"Education, healthcare and e-commerce all saw significant increases [in attacks] as the world shifted to online education and shopping and the healthcare industry was bombarded with the pandemic," Hummel says.
Barrett Lyon, CEO of the network security firm Netography, says threat actors are aiming to disrupt mission-critical systems during the pandemic.
This CISA alert follows a similar warning the FBI issued in July about an increase in DDoS attacks using amplification techniques (see: FBI Alert Warns of Increase in Disruptive DDoS Attacks).
The CISA warning cites no figures and lists no targeted industries. But it links to an Aug. 31 alert issued by the New Zealand National Cyber Security Center that discussed an ongoing campaign of denial-of-service attacks in that country.
The New Zealand warning followed the start of a multiday DDoS attack that halted that nation's stock market from trading for several days (see: New Zealand Stock Exchange Trades Again After DDoS).
The agency “is aware of open-source reporting of targeted denial-of-service and distributed denial-of-service attacks against finance and business organizations worldwide," CISA reports.
CISA's broad warning is appropriate because those waging DDoS attacks are not just targeting one sector or region, security experts say.
"Based on past experience, there often isn't a single organization that becomes the target of these attackers. Rather, they tend to target indiscriminately, or choose an array of targets that may result in a payout, and not because of a vendetta against any one entity," Hummel says.
But Hummel says Netscout has tracked a rash of attacks and extortion emails targeting financial and travel organizations.
Threat actors waging DDoS attacks originally targeted industries - such as online gaming, sportsbooks and banking - that depend heavily on internet connectivity, Lyons says. But when they see a new opportunity they move to other targets.
"That's the risk we are seeing now with the schools and small [stock] exchanges,” Lyons says. “The infrastructure in these environments is just not very good. Add to that in many instances the local cable provider is the network provider in these schools and communities and it's just not a secure as the corporate network."
A recently released Kaspersky report notes the number of DDoS attacks affecting educational resources between January and June of this year was up 350% compared to the same period a year ago.
"And a large portion of that increase can be attributed to the growing number of attacks against distance e-learning services," according to Kaspersky.
Miami-Dade County Public Schools in Florida canceled online classes Sept. 2 due to a DDoS attack. The district reports one of its students was arrested in connection with the attack (see: Ransomware and DDoS Attacks Disrupt More Schools).