The Kaspersky Lab DDoS report on T4, which includes last quarter and 2018 statistics, shows a 13 percent drop in total DDoS attacks compared to previous year’s statistics. The duration of mixed attacks and HTTP is, however, rising, which may indicate that offenders are using more complex DDoS attacks.
The low cost of renting DDoS (Distributed Denial of Service) services makes this type of attack one of the cheapest, at the expense of unfair competitors or “trolls.” Companies, irrespective of their size or field of activity, can face this threat, suffer financial losses and damage their reputation if they can no longer access their web resources. Despite the decrease in the number of DDoS attacks in 2018, it is too early to enjoy, because it does not mean that their severity has also decreased. According to researchers Kaspersky Lab, because increasingly more organizations adopt solutions to protect against attacks simple DDoS is likely in 2019 to determine its attackers to improve their skills and be able to negotiate protective measures DDoS.
Although the number of attacks is decreasing, an analysis by Kaspersky Lab experts has shown that the average attack time is on the rise. Compared to the beginning of the year, the average duration increased more than twice – from 95 minutes in T1 to 218 minutes in T4. It is worth noting that attacks UDP (User Datagram Protocol – a type of DDoS attack) flood (when an attacker sends a large number of UDP packets to ports server of the victim and makes it impossible to use) that are responsible for almost half of DDoS attacks (49 percent) from 2018, were very short and rarely lasted more than 5 minutes.
Kaspersky Lab experts assume that the decline in UDP attacks duration shows that the market for attacks easier to organize is decreasing. Protection against DDoS attacks of this type is widespread, rendering them ineffective in most cases. Researchers suspect the attackers have launched several UDP attacks to test whether the resources of a target are protected or not. If it becomes clear immediately that the attempts are unsuccessful, the villains stop the attack.
At the same time, more complex attacks – which require time and money – will not disappear too soon. As the report shows, the flood HTTP method and mixed attacks with an HTTP component, whose percentages were relatively small (17 percent and 14 percent), account for about 80 percent of DDoS attack time all year.
“When the simplest DDoS attacks do not reach their goal, authors who earn money from such attacks have two options,” said Alexey Kiselev, Business Development manager, Kaspersky DDoS Protection. “They can reconfigure their DDoS attacks for other sources of income, such as cryptocoins. Another option would be to improve their technical skills, otherwise, their clients will look for more experienced attackers. Considering these trends, we anticipate that DDoS attacks will evolve in 2019, and it will be harder for companies to detect and protect them.”
The longest DDoS attack in T4 lasted 329 hours (nearly 14 days) – an attack of such duration was last recorded at the end of 2015.
The top three countries with the most DDoS attacks are still the same: China is again the first, but its share dropped significantly from 77.67 percent to 50.43 percent. The US remains in second place and third place is occupied by Australia.
After targeting, China is ranked first, but with 43.26 percent from 70.58 percent in Q3.
In Q4, there have also been changes in the countries hosting the most command and control servers. As in the previous quarter, the US remained in the lead, but the UK and the Netherlands ranked second and third, replacing Russia and Greece. This probably happened because the number of active command and control servers increased significantly in the countries mentioned above.
Kaspersky Lab recommends the following steps to protect an organization against DDoS attacks:
- Training organizations for staff so that they can respond appropriately to such incidents;
- Ensure that your company’s sites and apps can handle a large amount of traffic.
- Use specialized solutions to protect against attacks, no matter how long or how long they are.