DDoS attacks are down, but don’t relax
A DISTRIBUTED denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. This is often the result of multiple compromised systems (for example, a botnet) flooding the targeted system with traffic.
The Kaspersky Lab DDoS Q4 Report covering statistics of the past quarter and the whole of 2018 highlights a 13% decline in the overall number of DDoS attacks compared with the previous year. However, the duration of mixed and HTTP flood attacks is growing, which suggests that malefactors are turning to more sophisticated DDoS attack techniques.
The low cost of DDoS-as-hire makes such attacks one of the most affordable cyberweapons for evil competitors or internet trolls. Businesses, regardless of their size or industry, can face this threat and suffer revenue and reputation losses where legitimate users and customers cannot access the company’s web resources.
Despite the number of DDoS attacks falling in 2018, this does not mean a decrease in their severity. According to Kaspersky Lab researchers, as more and more organisations adopt solutions to protect themselves from simple types of DDoS attacks, 2019 will likely see attackers improve their expertise to overcome standard DDoS protection measures.
Analysis by Kaspersky Lab experts has found that, compared with the beginning of the year, the average length of attacks has more than doubled – from 95 minutes in Q1 to 218 minutes in Q4. It’s notable that UDP flood attacks (when the attacker sends a large number of UDP packets to the target’s server ports to overwhelm it and make it unresponsive for clients), which accounted for almost half (49%) of the DDoS attacks in 2018, were very short, mostly less than five minutes.
Kaspersky Lab experts assume this illustrates that the market for easier to organise attacks is shrinking. Protection from DDoS attacks of this type is becoming widely implemented, making them ineffective in most cases.
The researchers propose that attackers launch numerous UDP flood attacks to test if a targeted resource is protected. If it immediately becomes clear that attempts are not successful, malefactors stop the attack.
At the same time, more complex attacks (such as HTTP misuse) which require time and money, will remain long. HTTP flood method and mixed attacks with HTTP component, which shares were relatively small (17% and 14%), constitute about 80% of DDoS attack time of the whole year.
“When most simple DDoS attacks do not achieve their aim, those launching such attacks have two options.
“They can reconfigure the capacities required for DDoS attacks towards other sources of revenue, such as cryptomining. Alternatively, they have to improve their technical skills,” comments Alexey Kiselev, business development manager on the Kaspersky DDoS Protection team.
Kaspersky Lab recommends the following steps to protect an organisation from DDOS attacks:
◆ Train personnel to respond to such incidents in a proper way.
◆ Ensure that a company’s websites and web applications can handle high traffic.
◆ Use professional security solutions to protect against attacks. |