There has been a decline in the overall number of Distributed Denial of Service (DDoS) attacks from the previous year, but attackers are turning to longer, more sophisticated, mixed and HTTP flood attack techniques, a new report found.
In the last quarter of the year, the longest DDoS attack lasted 329 hours (almost 14 days) – such a long attack was last registered at the end of 2015, said the report from Kaspersky Lab.
In addition, the top three countries with the most DDoS attacks remain the same. China is in first place, although its share dropped to 50.43 percent from 77.67, the U.S. is in second and third place is Australia.
By geographical target distribution, China continues to top the list but its share declined significantly to 43.26 percent from 70.58 percent in Q3, while all other top 10 countries increased in their shares. In second place was the U.S. (29.14 percent) followed with Australia (5.91 percent) in third, according to the report.
“When cybercriminals do not achieve their goals of earning money by launching simple DDoS attacks, they have two options,” said Alexey Kiselev, business development manager on the Kaspersky DDoS Protection team in a post. “They can reconfigure the capacities required for DDoS attacks towards other sources of revenue, such as cryptomining, or malefactors who orchestrate DDoS attacks have to improve their technical skills, as their customers will look for more experienced attackers. Given this, we can anticipate that DDoS attacks will evolve in 2019 and it will become harder for companies to detect them and stay protected.”
Although the number of attacks in 2018 decreased by 13 percent, Kaspersky Lab experts found the average attack duration grew. Compared with the beginning of the year, the average length of attacks has more than doubled – from 95 minutes in Q1 to 218 minutes in Q4 2018.
Complex attacks, such as HTTP misuse, which require time and money, continue to remain lengthy. As the report revealed, the HTTP flood method and mixed attacks with HTTP component, which shares were relatively small (17 percent and 14 percent), constituted about 80 percent of DDoS attack time for the whole year.
Accounting for almost half (49 percent) of the DDoS attacks in 2018, the most common type of attack is User Datagram Protocol (UDP) flooding, but these attacks observed over the year rarely last more than five minutes.
Kaspersky Lab experts assume the decline in the duration of UDP flood attacks illustrates the market for easy-to-organize attacks is continuing to shrink. Protection from DDoS attacks of this type is becoming widely implemented, making them ineffective in most cases. The researchers propose that attackers launched numerous UDP flood attacks to test whether a targeted resource is not protected.
Kaspersky recommends the following steps to protect against DDOS attacks:
1. Train and make IT personnel aware of how to respond to DDoS incidents.
2. Ensure that the organization’s websites and web applications can handle high traffic.
3. Use professional solutions to protect against all types of DDoS attacks regardless of their complexity, strength or duration.