F5 analysis reveals spikes, shifts in cyberattacks following Covid-19 lockdowns
Now Reading
F5 analysis reveals spikes, shift in cyberattacks following Covid-19 lockdowns

F5 analysis reveals spikes, shift in cyberattacks following Covid-19 lockdowns

Retailers were the most targeted segment, attacks rising 27% YoY


Covid-19 has driven a significant spike in DDoS and password login attacks, according to new analysis from the F5 Security Incident Response Team (SIRT).

In January, the number of all reported incidents was half the average reported in previous years. As lockdowns hit from March onwards, incidents rose sharply. Numbers plateaued with a three-fold spike over previous years in April, and only began to fall back to normal in May and June. In July, they crept back up to twice the level seen at the same time in 2019.

The attacks fell into two large buckets: Distributed denial of service (DDoS) and password login attacks. Password login attacks were comprised of brute force and credential stuffing attacks. Both involve attackers trying to guess their way past a password login.

From January through August, 45 per cent of reported incidents were related to DDoS and 43 per cent were password login attacks. The remaining 12 per cent were reported incidents for things like malware infections, web attacks, or attacks that were not classified.

In January, DDoS attacks started as just a tenth of reported incidents. By March, they had grown to three times that of all incidents.

In 2019, 4.2 per cent of DDoS attacks reported to the F5 SIRT were identified as targeting web apps. This increased six-fold in 2020 to 26 per cent.

Read: Brand exploitation by cyber criminals raises alarm in UAE, Saudi

Meanwhile, attack types are becoming more diverse. In 2019, 17 per cent of all DDoS attacks reported to the SIRT were identified as DNS amplification attacks, which spoof DNS requests to flood back at a victim. The number nearly doubled to 31 per cent this year.

DNS Query Flood are also on the rise. This is where an attacker sends malicious requests that are purposely malformed to cause a DNS server to exhaust its resources. Twelve per cent of DDoS attacks during the period studied by F5 Labs used this method.

Retail bore the brunt of login attacks in the period under review. According to the report, 67 per cent of all SIRT-reported attacks on retailers in 2020 were password attacks, which is a 27 per cent rise on last year.

You might also like


Scroll To Top