DDoS attacks Growing in number and they are getting smarter
DDoS Attacks growing in Q12 016: Number Increases; Length Decreases, growing by almost fourfold according to Kaspersky Lab resources.
Kaspersky Lab has published its report on botnet DDoS attacks for Q1 2016 based on statistics gathered from Kaspersky DDoS Intelligence*. The reporting period saw a shift away from low-cost attacks that are easy to implement to more complex and focused ones.
Resources in 74 countries were targeted by DDoS attacks growing in Q1 2016. The vast majority of those resources were located in just 10 countries- China, South Korea and the U.S. top 3. Ukraine (4), Germany (9) and France (10) were all newcomers to the Top 10 this quarter. These changes correlated with the countries hosting the most Command and Control (C&C) servers for attack purposes – France appeared among the leaders in that rating too.
Over 70% of attacks in the first quarter lasted no longer than four hours. At the same time, there was a dramatic reduction in the maximum attack duration: the longest DDoS attack lasted just eight days (the longest registered attack in Q4 2015 lasted almost two weeks). During the reporting period the maximum number of attacks against a single target increased: 33 attacks versus 24 in the previous quarter.
Kaspersky Lab experts also noted a fall in the number of attacks targeting communication channels, accompanied by an increase in the number of application-layer attacks. This suggests amplification attacks, which regained popularity last year, have begun to lose their appeal.
Data on DDoS attacks targeting Kaspersky Lab customers, as well as the company’s own websites, confirms the trend towards reduced duration and increased frequency combined with greater complexity. During the first three months of the year Kaspersky Lab resources countered almost as many attacks as the whole of 2015. The majority of those attacks were also short-lived application-layer attacks.
An additional report was published by Neustar – it shows that DDoS attacks growing and intensities are stronger than ever. The study showed that 73% of global brands reported a DDoS attack in 2015, and over eight in 10 corporations were struck by multiple DDoS attacks. In fact, 45% of organizations said they were hit by DDoS attacks six or more times last year.
The study found that 42% of companies took three or more hours to detect a DDoS attack on their infrastructure and about half of organizations reported that an hour of outages related to DDoS racked up $100,000 in revenue loss.
But outages are now just a small piece of the puzzle, the report relates. Approximately 57% of all incidents involving DDoS attacks resulted in some sort of theft, be it of customer data, intellectual property, or direct financial theft.
Neustar’s researchers say that while the early goals of DDoS were to simply to take a website offline, these days attackers are increasingly using them as an important way to diversify their infiltration tactics. Attackers carry out a series of coordinated DDoS strikes to “keep the IT departments guessing where and when the next attack will take place,” and use them to hide other attack techniques with the goal of a cyber heist.
*The DDoS Intelligence system (part of Kaspersky DDoS Protection) is designed to intercept and analyze commands sent to bots from command and control (C&C) servers, and does not have to wait until user devices are infected or cybercriminal commands are executed in order to gather data. It is important to note that DDoS Intelligence statistics are limited to those botnets that were detected and analyzed by Kaspersky Lab.