Complex Made Simple

Exclusive: Cybercrime is profitable, always innovating, a step ahead

The COVID-19 pandemic essentially handed threat actors the keys to an all-you-can-eat buffet of malicious opportunities that triggered an enormous and extended upswing in attacker innovation

Adversaries developed new DDoS attack techniques designed to evade traditional defenses Cybercriminals have not let the dissipation of the pandemic slow down their attempts Broadband and wireless communications companies will always top the list of targets

The COVID-19 pandemic essentially handed threat actors the keys to an all-you-can-eat buffet of malicious opportunities that triggered an enormous and extended upswing in attacker innovation, according to the recently released Netscout Threat Intelligence Report.

NETSCOUT expects this long tail of attacker innovation to last well into 2021, further fueling a growing cybersecurity crisis that broadly impacts organizations across the public and private sectors, from governments to corporate behemoths.

The report said adversaries launched approximately 5.4 million distributed denial-of-service (DDoS) attacks in the first half of 2021, an 11% increase from the same period in 2020. Although attack counts abated slightly from May to June, this level of activity still puts the world on track to hit close to a record-breaking 11 million DDoS attacks in 2021. And all the while, cybercriminals are stoking the innovation machine.

Adversaries developed new DDoS attack techniques designed to evade traditional defenses. Using adaptive DDoS principles, threat actors now can customize each attack to bypass both cloud-based and on-premises static DDoS defenses. Adaptive DDoS attackers perform significant pre-attack research and reconnaissance to identify areas within service delivery chains that are vulnerable to specific types of attacks. Armed with this intelligence, they then launch a single, orchestrated onslaught of attack vectors perfectly calibrated to take down a target.

The report and the ME country sheets are available for download here.

AMEinfo conducted a threat intelligence report interview with Emad Fahmy, Systems Engineering Manager Middle East at NETSCOUT, whom we asked:

1- What are the lessons to learn from the results of this report? 

There are a few important takeaways from our 1H 2021 Threat Intelligence Report. Importantly, the results indicate that the current surge in cybercrime is far from over. While initial assumptions were that the spike in cyber-attacks was directly associated with the COVID-19 pandemic, the results of this report clearly show that cybercriminals have not let the dissipation of the pandemic slow down their attempts. Another key point is that no matter how far cybersecurity solutions have come, attackers remain one step ahead, as DDoS attacks have become adaptive. Thus, as cybersecurity professionals, we must be vigilant and consistently find ways to improve our defenses against these threats. 

2- What are NETSCOUT’S immediate solutions on offer?

At NETSCOUT, we believe in getting inside the mind of the enemy to beat them. The intention of our Threat Intelligence Report is not only to raise awareness of DDoS attack trends but also to help identify the common trends and techniques used by threat actors. This helps with our understanding. Our Omnis™ Cybersecurity advanced threat detection and response platform offers comprehensive network visibility, threat detection, highly contextual investigation, and automated mitigation at the network edge. NETSCOUT nGenius™ service assurance solutions provide real-time, contextual analysis of service, network, and application performance. Additionally, the Arbor Smart DDoS Protection by NETSCOUT products help protect against attacks that threaten availability and advanced threats that infiltrate networks to steal critical business assets.

Saudi attack
Saudi verticals attacked

3- What type of impact and cost is there on target businesses and economic sectors?

If cybercrime organizations could be publicly traded, it would likely create a new, multibillion-dollar industry. According to a report by Cybersecurity Ventures, global cybercrime costs are expected to increase by 15% over the next five years, reaching $10.5 trillion by 2025. The Middle East has seen a surge of cyberattacks ranging from phishing, scams, data breaches, and ransomware. The consequences for enterprises ranged from critical data loss to financial damage. Our report shows that ransomware attacks, which have become more prevalent than ever, affect companies and governments, schools, and public infrastructure. A ransomware gang reportedly collected $100,000,000 in ransom payments in the first half of 2021. Moreover, DDoS attacks continue to disrupt enterprise operations across sectors such as Wired Telecommunications Carriers, Internet Publishing, Broadcasting, Web Search Portals, and Educational Institutions.

DDoS attacks also target the mission-critical business applications that organizations rely on to manage daily operations, such as email, salesforce automation, CRM, and many others.

4- Which public and private sectors are on the attack watchlist?

Broadband and wireless communications companies will always top the list of targets, with attackers aiming for both subscribers and operational infrastructure. Attacks against online gaming providers — another hugely popular target — indirectly impact broadband, wireless, and cable internet companies. The financial sector is also at risk, including commercial banks and payment card processors. As credit card processors can service up to 5,000 transactions per second, even a few minutes of downtime can result in millions of dollars in lost revenues, not to mention negative brand impact and broad-based customer churn.

Attacks will only grow more complex, and threat actors will continue to discover and weaponize new attack vectors designed to exploit the vulnerabilities found in our digital world. Defenders and security professionals must remain vigilant in their efforts to protect the critical infrastructure that drives the modern digital economy.

5- What are the next steps for companies/governments? 

As cybersecurity continues to make headlines worldwide, companies and governments alike have begun to realize that the risk is much bigger than anticipated, thus requiring more investment and consideration. The threat of DDoS attacks has become much more complex than it used to be, with triple extortion attacks surfacing and causing significant financial harm to organizations. Therefore, it is important to set in place a preventative and proactive cybersecurity strategy rather than wait for the worst to happen.