According to cybersecurity firm Kaspersky Lab, 2018 saw a significant 13 percent decline in the total number of distributed denial of service (DDoS) attacks.
Despite this discovery, Kaspersky, however, outlined that the duration of HTTP flood and mixed attacks is growing, which might suggest that hackers are gradually transforming to more complex DDoS attack methods.
From a financial perspective, DDoS is regarded as a much cheaper attack approach in comparison to other cyber weapons techniques even though no organization is safe and attackers can still target companies of any relevance or size. Any form of attack which cripples consumer services poses a significant loss both in revenue as well as public trust for any organization.
Kaspersky Lab further outlined that although there is a massive decline in the number of DDoS attacks, this does not mean the attacks are less severe. Cybersecurity researchers highlight that while more companies are adopting solutions to safeguard themselves from typical DDoS attacks, it is highly likely that cybercriminals will enhance their craft to breach standard DDoS protection methods and introduce more sophisticated threats in 2019.
Duration of Attacks
While the overall numbers might have dropped, Kaspersky researchers have however discovered that the average period of attack is still growing. Researchers outlined in their report that the average attack length has more than doubled, shifting from the previous 95 minutes as identified in Q1 to about 218 minutes in Q4.
The report outlines that ping flood attacks or User Datagram Protocol (UDP)—where a cybercriminal sends numerous UDP packets to the server ports of the target to both overwhelm it and render it unresponsive—that usually account for nearly half of 2018’s DDoS attacks were relatively short and seldom, none lasting more than a mere five minutes.
Kaspersky experts cite the decline in UDP flood attack duration as an indication that the market for quicker attacks is gradually shrinking. There is now a greater implementation of protection against such DDoS attacks subsequently rendering them generally ineffective.
The researchers suggest that attackers started by launching several UDP flood attacks to assess whether or not a target is protected; and if the attempts are unsuccessful, the hackers halt the attack.
Similarly, more sophisticated attacks (like HTTP misuse) that mandate for both money and time will remain long. According to the report, mixed attacks with a HTTP component and HTTP flood method whose shares were significantly small (14 and 17 percent) comprise approximately 80 percent of the whole year’s DDoS attack time.
The Kaspersky Lab report says that when many of the typical DDoS attacks fail to accomplish their mission, the benefactors of these launches only have two options:
- Reconfigure the precise capacities necessary to launch DDoS attacks towards new revenue sources like crypto mining, or
- DDoS attack orchestrators sharpen their skills or risk losing their clients to experts
This fact allows Kaspersky to anticipate a DDoS attack revolution in 2019, making it more difficult for organizations to detect these attacks or even remain protected.
More Findings & Recommendations
The longest DDoS attack reported in the fourth quarter lasted a total of 14 days (329 hours).
As per Kaspersky, the top three nations where most DDoS attacks were noted remain unchanged. China took the top spot once more (50.43 percent although dropping from the previous 77.67 percent), with the U.S. and Australia capping off the list.
Surprisingly, China also comes out top when it comes to target distribution at 43.26 percent in the third quarter (although it is a massive decrease from the previous 70.58 percent.
The fourth quarter has also seen some changes mainly in the nations that host the most C&C servers. The U.S., just like was the case in the previous quarter, remained top, with the U.K. and Netherlands coming second and third, respectively, to replace both Russia and Greece in that order.
Kaspersky stated that this occurrence is perhaps due to the increase in the total number of active C&C Mirai servers in the mentioned nations.
In light of this discovery, herein are some useful steps for companies to safeguard against DDoS attacks as recommended by Kaspersky:
- Proper personnel training to help them effectively respond to such cases.
- Ensure that the web applications and websites of an organization can handle high traffic.
- Only use recommended professional techniques to safeguard an organization against such attacks.