Research highlights cyber-attacker behaviour during pandemic

May 12, 2021


Corero Network Security – a provider of real-time, high-performance, automatic Distributed Denial of Service (DDoS) cyber-defence solutions – has published the latest edition of its annual DDoS Threat Intelligence Report that compiles the latest trends, observations, predictions and recommendations based on DDoS attacks against Corero customers during 2020.

The report, now in its sixth year, highlights that DDoS threats are growing in sophistication, size and frequency. Yet 2020 also reveals changes in attacker behaviour during the pandemic, including a year-over-year increase of nearly 400% in the use of OpenVPN reflections as an attack vector.

“Workers will suffer from a degraded, or possibly unusable, service”

As the report co-author, Ashley Stephenson for Corero, explains: “OpenVPN as a reflection DDoS vector is bad news for the victim being attacked but, also for the organisation whose OpenVPN infrastructure is being used to launch the attack as their remote workers will suffer from a degraded, or possibly unusable, service, impacting productivity and, potentially, business continuity.”

The report also finds a 70% growth in DDoS attacks over 10Gbps as high packet rate attacks grew overall during 2020, compared to slight declines in 2019. The report suggests it is due to the increasing shift to 100Gbps Internet connectivity and is accompanied by a trend indicating more everyday DDoS larger than for 10G.

Frequency of repeat attacks also grew with a 68% increase of organisations experiencing a second attack within a week.

However, the report does have some constructive recommendations regarding DDoS defense: “With a 2020 estimate that 99% of observed attacks are coming in below link saturation, there is a real opportunity to detect and block many DDoS attacks in real-time without requiring expensive and time-consuming traffic redirection to cloud solutions,” says Stephenson.

“This means that most attacks can be addressed by on-premises solutions without the disruption, risk or cost of re-routing customer traffic across the Internet to third party scrubbing centres.”

The full report can be downloaded here:

Read Next