Thought leadership. threat analysis, news and alerts.
Cybercriminals Take Advantage of the COVID-19 Crisis by Launching DDoS Attacks
As a significant number of people have shifted to working remotely from home in light of the COVID-19 pandemic, cybercriminals are taking advantage of the current crisis by launching distributed denial-of-service (DDoS) attacks.
What Is DDoS Attack?
DDoS, short for distributed denial-of-service, is a type of cyberattack by which an attacker hijacks vulnerable computers and controls these hijacked computers as a “botnet” – a group of hijacked computers controlled by an attacker to perform malicious activities such as DDoS attacks.
DDoS enables attackers to launch more attack power on a target such as a particular website, driving more traffic to this targeted website and rendering this target unable to serve its legitimate users. DDoS attacks nowadays can be launched by low skilled attackers as botnets aimed for DDoS attackers are being rented out as “attack-for-hire” services, making this type of crime readily available and relatively cheap.
DDoS attack-for-hire services and the mere fact that those that launch the actual attacks are hijacked computers make attribution of the real source of the DDoS attack difficult to identify.
DDoS Attacks During the COVID-19 Pandemic
As of April 4, 2020, the Canadian Government reported 13,882 confirmed COVID-19 cases and 231 confirmed deaths in Canada. Globally, as of April 5, 2020, the World Health Organization (WHO) reported 1,093,349 confirmed COVID-19 cases and 58,620 confirmed deaths worldwide.
The COVID-19 pandemic, which resulted in the lockdown or quarantine of nearly a billion people worldwide, gave way to the unprecedented number of people shifting to working remotely from home. This global crisis requires everyone to step up in terms of cybersecurity as attackers have seemed to be stepping up in exploiting the crisis.
DDoS attackers collectively exploit the growing need of businesses to serve their customers online. In the foreword of the paper "Catching the virus cybercrime, disinformation and the COVID-19 pandemic", Catherine De Bolle, Executive Director of the European Union Agency for Law Enforcement Cooperation, better known under the name Europol, said: "This pandemic brings out the best but unfortunately also the worst in humanity. With a huge number of people teleworking from home, often with outdated security systems, cybercriminals prey on the opportunity to take advantage of this surreal situation and focus even more on cybercriminal activities.”
The Europol reported that since the outbreak of the COVID-19 pandemic, there has been a slight increase in DDoS attacks. The report added that it’s expected that there will be an increase in the number of DDoS attacks in the short to medium term. “Due to a significant increase in the number of people working remotely from home, bandwidth has been pushed to the limit, which allows perpetrators to run ‘extortion campaigns’ against organisations and critical services and functions,” the Europol said.
Last March 19, Jitse Groen, Founder and CEO of Takeaway.com, shared a screencap via Twitter a message from the DDoS attacker or attackers. The attackers demand from Groen 2 bitcoins (valued nearly 14,000 USD as of April 5, 2020).
Groen’s company Takeaway.com is one of Europe’s leading online food delivery marketplace, connecting consumers and restaurants in different European countries. The attackers told Groen that one of his company’s websites was under DDoS attack and the attackers threatened to attack another company website.
In another part of the globe, last March 15, DDoS attackers attempted to launch an attack on the U.S. Department of Health and Human Services (HHS) website using an undisclosed flood of DDoS traffic. “On Sunday, we became aware of a significant increase in activity on HHS cyber infrastructure and are fully operational as we actively investigate the matter,” HHS spokeswoman Caitlin Oakley said in a statement.
Officials told Bloomberg that the campaign of disruption on HHS’s website was part of a campaign of disinformation that was aimed at undermining the response of the U.S. Government to the COVID-19 pandemic. The HHS website is one of the go-to places for US citizens looking for health information, including official announcements and links to COVID-19 updates from the Centers for Disease Control and Prevention (CDC).
How to Protect Your Organization’s Website from DDoS Attacks
In a DDoS attack, two vulnerabilities are exploited by attackers: vulnerable computers hijacked for botnets and vulnerable websites.
Vulnerable computer systems, including IoT devices such as routers, often don’t have sound security postures, making them easy prey for DDoS attackers. These IoT devices come with default username and password combinations that are never changed by users, making them vulnerable to be exploited as part of a botnet for DDoS attacks.
By using IoT products’ default username and password combinations, a DDoS attacker can easily hijack hundreds of thousands of these IoT devices, all along without the knowledge of the owners of the IoT devices. To prevent your organization from being part of the bigger DDoS problem, ensure that default username and password combinations of IoT devices are changed to stronger authentication credentials.
Owners of websites that are vulnerable to DDoS attacks often don’t even realize that their websites are under DDoS attacks as symptoms of these attacks are similar to non-malicious activities such as slow network performance in either accessing the website or in opening files or total unavailability of a website. Owners of sites that are under DDoS attacks often only know about this form of attack when notified by the attackers themselves.
A DDoS attack can best be monitored via a firewall or intrusion detection system. Through this firewall or intrusion detection system, rules can be set up to detect unusual traffic or drop network packets when certain criteria are met.
Call today and we will mitigate DDoS attack in under 10-minutes. Best of all, there is no hardware or software to buy or maintain, and no IT support requirements. Stay safe!
Steve E. Driz, I.S.P., ITCP