Kaspersky Lab is announcing the
availability of its DDoS Q4 2018
Intelligence Report, which covers statistics of last quarter of the year as
well as all of 2018.
The
report highlights a decline (13%) in the overall number of DDoS attacks when
compared to the previous year, however, the company's experts noticed a trend
in cybercriminals turning to longer, more sophisticated, mixed and HTTP flood
attack techniques.
DDoS
Attacks in Q4 2018
In
the last quarter of the year, the longest DDoS attack lasted 329 hours (almost
14 days) - such a long attack was last registered at
the end of 2015. In addition, the top three counties with the most
DDoS attacks remain the same - with China in first place, although its share
dropped significantly (from 77.67% to 50.43%), the U.S. remaining in second and
third place with Australia for
the second quarter in a row since reporting began.
By
geographical target distribution, China continues to top the list but its share
declined significantly from 70.58 percent in Q3 to 43.26 percent while all
other top 10 countries increased in their shares. In second place was the U.S.
(29.14%) followed with Australia (5.91%) in third.
In
Q4 2018, Kaspersky Lab also witnessed changes in the countries hosting the most
command & control (C&C) servers. As in
the previous quarter, the U.S. remained the leader, but the UK and the
Netherlands came second and third, replacing Russia and Greece respectively.
Experts believe this is because of the number of active C&C Mirai servers
increasing significantly in the aforementioned countries.
DDoS
attacks in 2018: Duration on the rise
Although
the number of attacks in 2018 decreased, Kaspersky Lab experts found that the
average attack duration grew. Compared with the beginning of the year, the
average length of attacks has more than doubled - from 95 minutes in Q1 to 218
minutes in Q4 2018.
Complex
attacks, such as HTTP misuse, which require time and money, continue to remain
lengthy. As the report revealed, the HTTP flood method and mixed attacks with
HTTP component, which shares were relatively small (17% and 14%), constituted
about 80 percent of DDoS attack time for the whole year.
Accounting
for almost half (49%) of the DDoS attacks in 2018, the most common type of
attack is actually User Datagram Protocol (UDP)
flooding, but these attacks observed over the year rarely last more than five
minutes.
Kaspersky
Lab experts assume that the decline in the duration of UDP flood attacks
illustrates that the market for easy-to-organize attacks is continuing to
shrink. Protection from DDoS attacks of this type is becoming widely
implemented, making them ineffective in most cases. The researchers propose that
attackers launched numerous UDP flood attacks to test whether a targeted
resource is not protected.
"When
cybercriminals do not achieve their goals of earning money by launching simple
DDoS attacks, they have two options," said Alexey Kiselev, business development
manager on the Kaspersky DDoS Protection team. "They can reconfigure the
capacities required for DDoS attacks towards other sources of revenue, such as
cryptomining, or malefactors who orchestrate DDoS attacks have to improve their
technical skills, as their customers will look for more experienced attackers.
Given this, we can anticipate that DDoS attacks will evolve in 2019 and it will
become harder for companies to detect them and stay protected."
According
to Kaspersky Lab researchers, as more and more organizations adopt solutions to
protect themselves from simple types of DDoS attacks, 2019 will likely see
attackers improve their expertise to overcome standard DDoS protection measures
and bring overall complexity of this type of threat to the next level.
Kaspersky
Lab recommends the following steps to protect an organization from DDOS
attacks:
- Train
and make IT personnel aware of how to respond to DDoS incidents.
- Ensure that the organization's websites and web
applications can handle high traffic.
- Use professional solutions to protect against all
types of DDoS attacks regardless of their complexity, strength or
duration.
Read the full report on Securelist:
https://securelist.com/ddos-attacks-in-q4-2018/89565