November 3, 2015

320 hours of continuous DDoS attacks: Kaspersky Lab observes evolution of denial-of-service attacks in the third quarter

The longest continuous attack recorded by Kaspersky Lab in the third quarter of 2015 lasted for 320 hours, or almost two weeks

The longest continuous attack recorded by Kaspersky Lab in the third quarter of 2015 lasted for 320 hours, or almost two weeks. This is one of the findings of the new quarterly DDoS report, based on constant monitoring of botnets and observing new techniques utilized by cybercriminals. Other findings include:

  • Victims in 79 countries around the world. Top 3 countries most frequently hit by DDoS attacks: China, USA and South Korea.
  • More than 90% of attacks lasted less than 24 hours but the number of attacks lasting over 150 hours grows significantly.
  • The highest number of attacks on the same victim was 22, on a server located in Hong Kong.
  • Cybercriminals go on vacation too, just like regular people, with August the quietest month of the quarter for attacks.
  • Linux-based botnets are significant, accounting for up to 45.6% of all attacks recorded by Kaspersky Lab. Main reasons include poor protection and higher bandwidth capacity.
  • Banks are frequent targets of complex attacks and ransom demands.
  • Less complex but just as dangerous attacks have become cheaper to carry out.

The Q3 report shows that DDoS attacks remain highly localized. 91.6% of victims resources are located in only 10 countries around the world, although we have recorded DDoS attacks targeting servers in 79 countries total. What is even more significant is that DDoS attacks are most likely to originate from the same countries. China, USA and South Korea occupied top positions in both ratings of the most frequent attack sources and targets. Although other cybercrime syndicates, focusing on things like credit card theft, may operate far from their country of residence, this is not the case for DDoS. More details on geographic distribution and other properties of DDoS attacks, recorded by Kaspersky Lab’s DDoS Intelligence system, can be found in the full report published today at Securelist.com.

“Based on our observations and direct measurements, we cannot pinpoint one exact direction in which the underground business of DDoS attacks is moving. Instead, the threat appears to be growing everywhere. We have recorded highly complex attacks on banks, demanding a ransom, but have also observed new, low-cost methods designed to put a company’s operations down for a significant amount of time. Attacks are growing in volume with most of them aiming to attack, disrupt and disappear, but the number of lengthy attacks, capable of bankrupting a large, unprotected business is also on the rise. These significant developments make it imperative for companies to take measures to prevent the very real threat and increased risk posed by DDoS attacks”, commented Evgeny Vigovsky, Head of Kaspersky DDoS Protection, Kaspersky Lab.

The latest quarterly DDoS report is available here. It is based on data from the DDoS Intelligence system, part of Kaspersky DDoS Protection. Learn more about the product here.

To learn more about businesses’ perception of DDoS attacks, read our recent report, available here.

Articles related to Virus News