09:10, 1 July 2020
1033 views
DDoS attacks in RuNet rose fivefold during lockdown
The fivefold jump in the number of DDoS attacks was recorded during the COVID-19 lockdown (March-May 2020) compared to the same period a year earlier, says a report prepared by Rostelecom experts for the period of first five months of 2020.
The reporting period clearly shows the dynamics of attackers’ activity as quarantine measures were imposed. As compared to January 2020, the number of attacks increased by 56% in March, and by record 88% in April to become the peak of hacker activity. Meanwhile, the dynamics was not so strong a year earlier, with the number of attacks remaining approximately the same from month to month.
With a dramatic increase in the number of attacks, their power and sophistication decreased significantly. Attackers mostly used simple and easily accessible tools, for example, DNS- or NTP-amplifications. The power of such DDoS attacks does not exceed 3 Gb/s, the attackers use unsecured servers with Internet access, available to virtually anyone. It is noteworthy that Rostelecom Solar experts recorded an opposite trend at the end of 2019: a sharp increase in the attack power and technological level. During the pandemic, the number of sophisticated attacks did not decrease, but their total share fell against the backdrop of a sharp increase in the number of simple ones. This may mean that DDoS attacks in the reporting period were more likely undertaken by “amateurs” rather than professional hackers.
The largest number of attacks in March-May was recorded in the online commerce sector (31%), a traditionally major target of DDoS attackers, followed by the public sector (21% of attacks), finance (17%), telecom (15%), education (9%) and the gaming segment (7%).
Despite the fact that online commerce became the most attacked area, the education sector demonstrated the most pronounced dynamics in terms of the growth in the number of attacks. At the peak period (in April) the interest of hackers to educational resources (including various electronic school diaries, sites with test works, online lessons, etc.) grew 5.5 times compared to March and 17 times compared to January 2020. If we recall that the “junk” traffic was generated mainly by “amateur hackers”, we can assume that DDoS attack initiators were schoolchildren who wanted to disrupt lessons, experts at Rostelecom say.
A significant increase in the number of attacks was also recorded on government agencies’ sites and in the gaming segment, with both of them suffering almost a triple growth in the number of attacks in April compared to March.