For the first time in history, the annual number of DDoS attacks crossed the 10 million threshold, with NETSCOUT’s ATLAS Security Engineering and Response Team (ASERT) observing 10,089,687 attacks over the course of the year. That’s nearly 1.6 million more attacks than 2019’s count of 8.5 million.

From March until the end of the year, DDoS attackers operated amidst the COVID-19 pandemic. While most of the world saw an unprecedented global health crisis, malicious actors saw new vulnerabilities and opportunity. It is seldom that annual activity is so deeply affected by one event, but such is the case with 2020 DDoS attack activity and trends.

The start of the pandemic lockdown ushered in a ‘new normal’ in the way we live and work, causing a seismic shift in internet usage as people increasingly moved their lives online. As the global workforce shifted to remote work, devices that previously sat behind enterprise firewalls and secure environments were used at home, behind typical consumer-grade routers and network devices. Attacks quickly exploited this by more than doubling the number of IoT-specific malware samples circulating in the wild, further contributing to the increase in DDoS attacks for 2020.

“It is no coincidence that this milestone number of global attacks comes at a time when businesses have relied so heavily on online services to survive,” says Richard Hummel, threat intelligence lead at NETSCOUT. “Threat actors have focused their efforts on targeting crucial online platforms and services, such as healthcare, education, financial services and e-commerce that we all rely on in our daily lives. As the COVID-19 pandemic continues to present challenges to businesses and societies around the world, it is imperative that defenders and security professionals remain vigilant to protect the critical infrastructure that connects and enables the modern world.”

DDoS attack count, bandwidth and throughput have all saw big increases since the start of the global COVID-19 pandemic. For instance, attack frequency rose 20% year over year, but that includes the pre-pandemic months of January, February and most of March. For the second half of 2020, which was entirely pandemic-ridden, attacks rose 22% year over year.

As cybercriminals quickly exploited pandemic-driven opportunities, we saw another kind of ‘new normal’. Monthly DDoS attacks regularly exceeded 800,000, starting in March, as the pandemic lockdown took effect. Indeed, as noted in the NETSCOUT Threat Intelligence Report 1H 2020*, cybercriminals launched 929,000 DDoS attacks in May, which constitutes the single largest number of monthly attacks we’ve ever seen. And while wired and wireless broadband providers saw the brunt of the attacks, pandemic lifeline industries such as ecommerce, online learning and healthcare all experienced increased attention from malicious actors.

* https://www.netscout.com/threatreport