Healthcare Sector Faced Brunt of DDoS Attacks Last Year, Report Finds

April 21, 2022 - Distributed Denial-of-Service (DDoS) attacks continued to plague all sectors last year, Comcast Business discovered. Nearly three-quarters of all multi-vector attacks targeted just four industries: healthcare, government, education, and finance.

DDoS attacks are extremely effective because they flood the victim’s network with traffic, rendering network resources unusable. DDoS attacks also may serve as a foothold for threat actors to deploy more sinister malware while distracting victims.

Compared to the 10.1 million global DDoS attacks that Comcast observed across all sectors in 2020, it observed 9.84 DDoS attacks in 2021. Although that number may be lower, it is still a 14 percent increase compared to 2019.

“A few factors account for the slight decrease in global attacks from 2020 to 2021. First, 2020 was a full lockdown year where the world operated remotely, giving threat actors a unique landscape against which to launch unprecedented numbers of DDoS attacks,” Comcast noted.

“Second, cryptocurrency had an incredible year in 2021, creating a lucrative opportunity for threat actors to redirect their botnet resources, the ones typically used in DDoS attacks, to crypto mining activities.”

In addition, the report noted that the true count is likely much higher than reported since organizations do not always publicly report the total number of attacks targeted at them.

The COVID-19 pandemic catalyzed a shift in targets from individuals to health and government infrastructure, the report continued. But as all sectors enter the recovery phase of the pandemic, those targets will likely shift again to reflect emerging trends.

“COVID-19, school re-openings, and vaccine availability drove healthcare attacks. The first half of the year stayed low primarily due to improving COVID-19 numbers,” the report noted.

“But starting in September, customers experienced a rapid increase in attacks due to schools re-opening for in-person instruction followed by the booster vaccine rollouts. Attacks stayed steady through November and December as Omicron cases hit.”

These trends show that threat actors are more likely to manipulate organizations when their workforce is already stretched thin dealing with other crises. Following this same trend, the Cybersecurity & Infrastructure Security Agency (CISA) has released multiple warnings about the increasing likelihood of ransomware attacks on holidays and weekends.  

For example, threat actors deployed DarkSide ransomware against Colonial Pipeline over Mother’s Day weekend in 2021, causing a massive fuel supply chain disruption. During the Fourth of July weekend, REvil/Sodinokibi ransomware targeted IT management company Kaseya and impacted hundreds of the organization’s customers.

Comcast Business also observed a pattern of short, repeated attacks against its customers’ networks. Most attacks lasted under 10 minutes.

“Threat actors design low-volume attacks to fly under the radar of IT teams and cause damage on multiple levels. They can degrade website performance over time, and because they go largely undetected, most organizations don’t even know they are victims until they start hearing complaints from their customers,” the report also noted.

“Often part of a multi-vector attack that exhausts and distracts IT resources, low-volume vectors are used with precision to map out network vulnerabilities and carry out other criminal activities like data theft or malware activation.”

Following industry best practices, healthcare organizations should implement technical safeguards such as multifactor authentication and VPNs to mitigate risk.