NETSCOUT: The Long Tail of Adversary Innovation

2 months ago 3155
Image sourced from Shutterstock.

NETSCOUT’s ATLAS Security Engineering and Response Team (ASERT) observed a record-setting 5.4 million attacks in the first half of 2021, further confirmation that their “up and to the right” mantra would continue to hold true.

As the findings from the 1H 2021 NETSCOUT Threat Intelligence Report show, the ongoing surge in DDoS activity is just one aspect of the dramatic global impact cyberattacks continue to have on private and public entities.

“Cybercriminals are making front-page news launching an unprecedented number of DDoS attacks to take advantage of the pandemic’s remote work shift by undermining vital components of the connectivity supply chain,” stated Richard Hummel, threat intelligence lead, NETSCOUT.

“Ransomware gangs added triple-extortion DDoS tactics to their repertoire. Simultaneously, the Fancy Lazarus DDoS extortion campaign kicked into high gear threatening organizations in multiple industries with a focus on ISPs and specifically their authoritative DNS servers.”

The report details how the long tail of cybercrime innovation swept through the lockdown days of the COVID-19 pandemic to infiltrate the bulk of 2021.

Key findings include the following:

  • New adaptive DDoS attack techniques evade traditional defenses. By customizing their strategies, cybercriminals evolved their attack efforts to bypass cloud-based and on-premise static DDoS defenses to target commercial banks and credit card processors.
  • Connectivity supply chain increasingly under attack. Bad actors looking to cause the most collateral damage focused their efforts on vital internet components, including DNS servers, virtual private network (VPN) concentrators, services, and internet exchanges, disrupting essential gateways.
  • SPs Face DDoS Extortion Attacks. Threat actors launched the self-dubbed Fancy Lazarus DDoS extortion campaign that primarily targets authoritative DNS servers for internet service providers (ISPs). Meanwhile, the more broadly based Lazarus Bear Armada (LBA) DDoS extortion campaign continues to target victims across a range of industries.
  • Triple Extortion: A Ransomware Trifecta. Ransomware gangs added triple extortion attacks to their service offerings. By combining file encryption, data theft, and DDoS attacks, threat actors have hit a ransomware trifecta designed to increase the possibility of payment.
  • Botnet Exposé. Tracked botnet clusters and high-density attack-source zones worldwide showcased how malicious adversaries abused these botnets to participate in more than 2.8 million DDoS attacks.

NETSCOUT’s Threat Intelligence Report covers the latest trends and activities in the DDoS threat landscape. It covers data secured from NETSCOUT’s Active Level Threat Analysis System (ATLAS™) coupled with NETSCOUT’s ATLAS Security Engineering & Response Team insights.

NETSCOUT Threat Intelligence Report


By Staff Writer.

Source Article