Spike in DDoS and password login attacks


The COVID-19 pandemic has driven a significant spike in DDoS and password login attacks, according to a new analysis from F5 Labs.

Based on new global data sourced from the F5 Security Incident Response Team (SIRT), the research reveals an unprecedently febrile and vulnerable threat landscape post-lockdown.

“F5 Labs reviewed all the reported incidents from the beginning of 2020 until August, and attackers are clearly doing everything they can to exploit pandemic-related online behavior,” said Raymond Pompon, Director of F5 Labs.

“Expect more turbulence on the horizon as COVID-19 continues to evolve and wield an economic impact. This year’s holiday shopping season, for example, will be more online than ever and under intense fire from cybercriminals. One thing is clear: our rising usage and dependence on technology have also brought increased levels of already growing attack trends.”

COVID-19: Lockdowns unlocking new threats

In January, the number of all reported SIRT incidents was half the average reported in previous years. As lockdowns hit from March onwards, incidents rose sharply.

Numbers plateaued with a three-fold spike over previous years in April, and only began to fall back to normal in May and June. In July, they crept back up to twice the level seen at the same time in 2019.

The attacks fell into two large buckets: Distributed Denial of Service (DDoS) and password login attacks. Password login attacks were comprised of brute force and credential stuffing attacks. Both involve attackers trying to guess their way past a password login.

From January through August, 45% of SIRT reported incidents were related to DDoS and 43% were password login attacks.

The remaining 12% were reported incidents for things like malware infections, web attacks, or attacks that were not classified.

COVID- 19: DDoS surges and shifts

In January, DDoS attacks started off as just a tenth of reported incidents. By March, they had grown to three times that of all incidents.

In 2019, 4,2% of DDoS attacks reported to the F5 SIRT were identified as targeting web apps. This increased six-fold in 2020 to 26%.

Meanwhile, attack types are becoming more diverse. In 2019, 17% of all DDoS attacks reported to the SIRT were identified as DNS amplification attacks, which spoof DNS requests to flood back at a victim. The number nearly doubled to 31% this year.

DNS Query Flood are also on the rise. This is where an attacker sends malicious requests that are purposely malformed to cause a DNS server to exhaust its resources. 12% of DDoS attacks during the period studied by F5 Labs used this method.

Retail bears brunt of login attacks

67% of all SIRT-reported attacks on retailers in 2020 were password attacks, which is a 27% rise on last year.

During the same period, half of all incident reports from service providers were attributed to password login attacks. The figure stood at 43% of incidents for financial services customers.

F5 Labs also observed a spike in authentication attacks on APIs, which doubled from 2.6% in 2019 to 5% so far in 2020.

More about Irish Tech News and Business Showcase here.
FYI the ROI for you is => Irish Tech News now gets over 1.5 million monthly views, and up to 900k monthly unique visitors, from over 160 countries. We have over 860,000 relevant followers on Twitter on our various accounts & were recently described as Ireland’s leading online tech news site and Ireland’s answer to TechCrunch, so we can offer you a good audience!

Since introducing desktop notifications a short time ago, which notify readers directly in their browser of new articles being published, over 50,000 people have now signed up to receive them ensuring they are instantly kept up to date on all our latest content. Desktop notifications offer a unique method of serving content directly to verified readers and bypass the issue of content getting lost in people’s crowded news feeds.

Drop us a line if you want to be featured, guest post, suggest a possible interview or just let us know what you would like to see more of in our future articles. We’re always open to new and interesting suggestions for informative and different articles.

Contact us, by email, twitter or whatever social media works for you and hopefully, we can share your story too and reach our global audience. We are agile, responsive, quick and talented, we look forward to working with you!

If you would like to have your company featured in the Irish Tech News Business Showcase, get in contact with us at [email protected] or on Twitter: @SimonCocking