Cyber criminals quit simple DDoS operations in 2018
The Kaspersky Lab 4th Quarter DDoS Report, which included statistics for the last quarter of 2018, showed that the total number of DDoS attacks decreased by 13% compared to the previous year. However, it was observed that the duration of the mixed and HTTP flood attacks increased. This means that the attackers have gone to more complex DDoS attack techniques.
There are low-cost DDoS attacks for malicious competitors and those who want to harm others on the internet. All companies, regardless of size or sector, may face this threat. When users and customers cannot access the company’s resources on the Internet, this leads to loss of revenue and reputation. Although the number of DDoS attacks has been reduced in 2018, there is no need to rejoice since the effectiveness of the attacks has not decreased. According to Kaspersky Lab researchers, the number of organizations that use solutions to protect themselves against simple DDoS attacks is increasing, and in 2019, the attackers will improve themselves to overcome the standard protection measures and take such threats to the next level.
Although the number of attacks has decreased, there is an increase in the average attack time compared to Kaspersky Lab experts. Compared to the beginning of the year, the average duration of attacks increased more than twice. In the first quarter, the average time was 95 minutes and in the fourth quarter this time reached 218 minutes. In 2018, it was observed that the UDP flood attacks (which attackers prevented customers from accessing the server ports by sending a large number of UDP packets) were very short and rarely exceeded 5 minutes.
According to Kaspersky Lab experts, this decline in UDP flood attacks shows that interest in easy attacks has been reduced. Protection against such DDoS attacks is widely used so that many cases are destroyed without any effect. Researchers, attackers by organizing UDP flood attacks to check whether the target is protected, he thinks. When the tests are found to be unsuccessful, the attack is interrupted.
At the same time, more complex attacks can take longer, requiring more time and money, such as HTTP abuse. The mixed attacks with the HTTP flood method and the HTTP component constitute 80% of the total duration of DDoS attacks throughout the year, although their share is small (17% and 14% respectively).
When simple DDoS attacks don’t reach their goal, there are two options in front of those who make money. DDoS may choose to allocate the required capacity for attacks to other sources of income, such as crypto mining. Alternatively, DDoS attackers may have to increase their technical skills because their customers will start looking for more experienced attackers. Considering all this, we can say that DDoS attacks will develop in 2019, and companies will have difficulty in identifying and protecting them.
According to the findings in the last quarter, the longest-running DDoS attack in the fourth quarter lasted 329 hours (almost 14 days). An attack of this length was last recorded at the end of 2015.
The first three countries that regulated the DDoS attack did not change. Despite the fact that China maintained its first place, it decreased from 77.67% to 50.43%. The US continues to take second place. And third is Australia.
In the target distribution, China was again in the first place but its ratio decreased to 43.26% (70.58% in the third quarter).
In the fourth quarter, there were changes in the ranking of countries hosting the most command and control servers. The United States ranked first as in the previous quarter, while England and Holland took second and third places from Russia and Greece. This is thought to be due to the significant increase in the C & C Mirai servers in the specified countries.