DDoS Attacks on the Rise, but Education Networks Largely Spared
In the first half of 2021, dedicated denial of service (DDoS) attacks were up by double digits. But somehow schools, colleges and
universities, despite being favorite targets for ransomware and
various other forms of malware, have been by and large overlooked —
even as DDoS becomes a companion tool in ransomware incidents.
According to a
report released this week by network security company NetSCOUT,
everything about DDoS attacks increased in the first half of the
year:
-
The total number of attacks increased to 5.35 million, up 11 percent over the same period last year;
-
The average duration increased to 50 minutes, up 31 percent;
-
The largest attack in terms of bandwidth was 1.5 Tbps
(against a German ISP), up 169 percent over the largest attack in the first
half of last year; and
-
The fastest attack was 675 Mpps (million packets per second),
targeted at a Brazilian broadband user and likely related to online
gaming, up 16.17 percent.
In total there were four terabit-class DDoS attacks (none of them
against a target in the United States).
According to the report, DDoS is increasingly being used as part
of ransomware (as well as stand-alone extortion) campaigns, with
actors using encryption and data theft, then adding more pressure on
the IT/security organization through DDoS.
Amid all of this, however, the report noted that education didn't
even crack the top 10 as a target. In addition, education (including
both K–12 and higher ed) made up less than a third of a percentage
point of all bottled nodes (defined as "devices/systems that
have been compromised by malicious bot software") used in DDoS
attacks in the first half of the year (0.3 percent), well behind businesses
(at 4.47 percent), hosting services (8.45 percent), mobile (11.57 percent) and ISP
(75.22 percent).
According to the report: "This is probably due to more
stringent control over what devices are allowed on the network in
these institutions. The top three source network profiles were ISP,
mobile, and hosting, where device control is nearly nonexistent. That
lack of control means that those ISP and mobile numbers really
represent compromised subscribers."
The complete report, the
NetSCOUT Threat Intelligence Report 1H 2021, which includes many additional statistics, best practices and further explanations of attack vectors and operating systems, can be found on
NetSCOUT's site and is available in both interactive versions and
static PDFs.