May 21 2021

Easy and Inexpensive, DDoS Attacks Surge in Higher Ed

A low barrier to entry and colleges’ increased vulnerability put institutions at greater risk of distributed denial of service.

Educational institutions should double-check their defenses against distributed denial of service attacks, which disrupt operations by overwhelming internet traffic, according to new research from NETSCOUT.

DDoS hit record-breaking highs in 2020: More than 10 million attacks occurred, including at least 120,000 known incidents in education. Most likely, that number is significantly higher, says Richard Hummel, NETSCOUT threat intelligence lead.

“We’re constantly going up,” he says. “Is there really a plateau? We haven’t hit it yet.”

The “NETSCOUT Threat Intelligence Report: DDoS in a Time of Pandemic,” released in April, reports a 20 percent year-over-year increase in the number of DDoS attacks, averaging 130,000 more attacks per month than in 2019.

RELATED: Brian Kelly discusses the effect of the pandemic on cybersecurity in higher education.

Between January and June of 2020, DDoS attacks in education jumped by more than 350 percent, according to Kaspersky. In October, District Administration sounded the alarm to its readers, warning that such attacks were likely to get worse.

Frequency isn’t the only difference, NETSCOUT’s research shows. Last year, industries and organizations that had never been targeted by DDoS suddenly found themselves in the crosshairs. The nature of the risk has changed too, Hummel notes: With so much of education now dependent on online connectivity, the stakes are much higher when an attack threatens to disrupt operations.

“The common misconception that ‘I will never be DDoS attacked’ is absolutely wrong,” says Hummel. “It must be a consideration for organizations of any size.”

Disruptive DDoS Attacks Can Be Accessible and Anonymous

In the fall of 2020, a high school student launched at least eight DDoS attacks that shut down the Miami-Dade County Public Schools online learning platform, the Miami Herald reports. Using “easy-to-download software,” he was able to bring virtual classes to a halt for three days.

That incident demonstrates one of the reasons that DDoS attacks have become so prevalent, Hummel says.

“The barrier to entry is superlow, it’s supercheap, and it can work,” he says. “It doesn’t take a sophisticated team of people. It can be a disgruntled 16-year-old who doesn’t want to go to school.”

In addition, compared to other cybersecurity threats, DDoS events are easier to launch anonymously, Hummel says. A false username and a masked IP address — via VPN access, for instance — obscure the trail of evidence.

MORE ON EDTECH: Here are 5 VPN myths your end users need to know. 

“The majority of attacks are related to gaming and these attacks can have a financial motivation, as there are large amounts of money in the e-gaming industry and in underground betting," says Hummel.

In these sectors, DDoS may strike a broadband network with the goal of targeting players and disrupting a competition on which gamblers have placed bets.

Extortion is another common strategy. An attacker launches a demonstration DDoS and then sends an email demanding money and threatening an even bigger attack if the victim doesn’t pay. Here too, attackers have adapted their tactics, Hummel says.

Richard Hummel
The common misconception that ‘I will never be DDoS attacked’ is absolutely wrong.”

Richard Hummel NETSCOUT, threat intelligence lead

In the past, they often sent emails to generic human resources addresses or support addresses listed on a website. Now, they are more likely to do their research and send emails directly to high-level executives in the organization, he says.

“The biggest thing that sets this group apart is their persistence and their reconnaissance factor, the fact that they do research about who they’re targeting and what to target,” says Hummel.

In other cases, the intent is simply to cause damage or disruption — such as shutting down an online learning environment.

DOWNLOAD THE WHITEPAPER: Learn the key elements of an effective incident response strategy. 

Online Learning Raises the Security Stakes for Higher Education

The move to remote learning had a dramatic effect on institutions’ vulnerability to DDoS attacks, Hummel says. Not only are colleges conducting learning and testing online, they are absolutely dependent on that connectivity in ways they weren’t before.

That’s why, in 2020, attackers displayed a new preference for attacks on videoconferencing and collaboration platforms, such as Zoom and Webex. That type of target took the No. 4 spot among the most frequent targets, which was unusual, the report notes.

Together, all of these changes underscore the new reality that educational institutions need to account for DDoS in their security stacks, says Hummel. The assumption that only smaller targets or industry-specific organizations need to worry is no longer the case, he says.

In NETSCOUT’s research, 83 percent of organizations that experienced a DDoS attack said that overloaded firewalls or VPN devices were a contributing factor in the outage, an increase of 21 percent over the previous year. Attacks also became more complex in 2020, with the number of multivector attacks jumping significantly.

As more organizations were hit by DDoS attacks for the first time last year, they increasingly turned to managed security services to help them manage these risks — particularly in education and healthcare, NETSCOUT reports. Large enterprises increased demand for DDoS mitigation services by 69 percent, mid-tier enterprises by 50 percent and small to midsize businesses by 61 percent.

Last year’s 10 million attacks may have been record-breaking, but this year is shaping up to be even worse, Hummel says. “We’re on track this year to beat that number,” he says.

fizkes/Getty Images