Kaspersky Lab has published its report on botnet DDoS attacks for Q1 2016 based on statistics gathered from Kaspersky DDoS Intelligence*. The reporting period saw a shift away from cheap attacks that are easy to implement to more complex and focused ones. There was also a nearly fourfold increase in the number of DDoS attacks on Kaspersky Lab resources.
Resources in 74 countries were targeted by DDoS attacks in Q1. As in the previous quarter, the vast majority of those resources were located in just 10 countries, and once again China, South Korea and the US were the worst affected. Ukraine (fourth place), Germany (ninth) and France (tenth) were all newcomers to the Top 10 this quarter. These changes correlated with the countries hosting the most C&C servers for attack purposes – France appeared among the leaders in that rating too.
Over 70% of attacks in the first quarter lasted no longer than four hours. At the same time, there was a dramatic reduction in the maximum attack duration: the longest DDoS attack lasted just eight days (the longest registered attack in Q4 2015 lasted almost two weeks). During the reporting period the maximum number of attacks against a single target increased: 33 attacks vs. 24 in the previous quarter.
Kaspersky Lab experts also noted a fall in the number of attacks targeting communication channels, accompanied by an increase in the number of application-layer attacks. This suggests amplification attacks, which regained popularity last year, have begun to lose their appeal.
Data on DDoS attacks targeting Kaspersky Lab customers, as well as the company’s own websites, confirms the trend towards reduced duration and increased frequency combined with greater complexity. During the first three months of the year Kaspersky Lab resources countered almost as many attacks as the whole of 2015. The majority of those attacks were also short-lived application-layer attacks.
"Today, almost all telecom companies have learned to cope with the most widespread (and, as a rule, technologically ‘simple’) types of DDoS attacks. This has forced cybercriminals to turn to more complex and expensive – but more effective – methods in order to improve the efficiency of their work. Attacks at the application level are a good example. Only a highly professional anti-DDoS solution with an intelligent junk-filtering algorithm is capable of detecting genuine user requests from the general flow. That’s why companies, especially those whose business depends on the availability of online services, can no longer rely solely on the capabilities of an Internet provider,” comments Evgeny Vigovsky, Head of Kaspersky DDoS Protection, Kaspersky Lab.
Kaspersky DDoS Protection combines Kaspersky Lab’s extensive expertise in combating cyber threats and the company’s unique in-house developments. The solution protects against all types of DDoS attacks regardless of their complexity, strength, or duration. You can learn more about the solution here.
*The DDoS Intelligence system (part of Kaspersky DDoS Protection) is designed to intercept and analyze commands sent to bots from command and control (C&C) servers, and does not have to wait until user devices are infected or cybercriminal commands are executed in order to gather data. It is important to note that DDoS Intelligence statistics are limited to those botnets that were detected and analyzed by Kaspersky Lab.