Shifting work and classes online proved to be a security nightmare if precautionary measures were not in place. According to the latest Kaspersky report on DDoS (distributed denial of service) attacks covering the first quarter of 2020, there was a significant spike in attacks on municipal and educational sites.
The cybersecurity solutions company suspects that it might be because DDoS actors found a plethora of opportunities now that communications and other work- or school-related activities are performed over the internet. The amount of information, which is there for the taking, seemed irresistible.
In Q1 2020, this number tripled compared to the same period in 2019. The share of such attacks amounted to 19% of the total number of incidents in Q1 2020.
In general, the total amount of DDoS attacks in Q1 2020 has increased as well. During this period, Kaspersky DDoS Protection detected and blocked double the amount of attacks than in Q4 2019, and 80% more in comparison with Q1 2019. The average duration of attacks also grew: in Q1 2020, a DDoS attack lasted 25% longer than in Q1 2019.
Kaspersky experts believe that more and more people refer to official sites for more reliable updates on the COVID-19 pandemic, and hackers saw an opportunity there.
“Outage of internet services can be especially challenging for businesses now because this is often the only way to make goods and services available to their customers,” said Alexey Kiselev, business development manager on the Kaspersky DDoS Protection team. “In addition, widespread adoption of remote working opens new vectors for those responsible for carrying out DDoS attacks. Previously, most attacks were conducted against the public-facing resources of companies. We now see that DDoS attacks target internal infrastructure elements, for example, corporate VPN gateways or email servers.”
To help organizations protect themselves from DDoS attacks while staff work from home and during significant spikes in attackers’ activity, Kaspersky recommends taking the following measures:
- Do not panic. Unexpected traffic peaks may look like a DDoS attack, but these instances can be caused by legitimate users. They can visit resources that were not as popular before, at times they were not previously accessing them.
- Conduct a fault tolerance analysis of your infrastructure to identify weak nodes and increase their reliability. Attack vectors and traffic peaks are changing, so some resources may work unstably.
- Consider DDoS protection for your non-public services. Their importance to business continuity may increase, making them a target for malefactors.