A cyber firm reports a 13pc decline in the overall number of DDoS attacks when compared with the statistics from the previous year. However, the duration of mixed and HTTP flood attacks is growing, which suggests that malefactors are turning to more sophisticated attack techniques, says the Kaspersky Lab DDoS Q4 Report.
The company says that the low cost of DDoS-as-hire makes such attacks one of the most affordable cyber-weapons, whether for business espionage or internet trolls. Businesses, regardless of their size or industry, can face this threat and suffer revenue and reputation losses in case legitimate users and customers cannot access a company’s web resources.
Despite the number of DDoS attacks falling in 2018, it’s too early to rejoice as the decrease of the amount of attacks does not mean a decrease in their severity, according to Kaspersky Lab. As more and more organisations adopt solutions to protect themselves from simple types of DDoS attacks, 2019 will likely see attackers improve their expertise to overcome standard DDoS protection measures and bring overall complexity of this type of threat to the next level, the firm predicts.
Although the number of attacks is decreasing, Kaspersky has found that the average attack duration is growing. Compared with the beginning of the year, the average length of attacks has more than doubled – from 95 minutes in Q1 to 218 minutes in Q4. It is notable that UDP flood attacks (when the attacker sends a large number of UDP packets to the target’s server ports to overwhelm it and make it unresponsive for clients), which are accounting for almost half (49pc) of the DDoS attacks in 2018, were very short and rarely lasted more than five minutes.
Kaspersky Lab assumes that the decline in the duration of UDP flood attacks illustrates that the market for easier to organise attacks is shrinking. Protection from DDoS attacks of this type is becoming widely implemented, making them ineffective in most cases. The researchers propose that attackers launched numerous UDP flood attacks to test whether a targeted resource is not protected. If it immediately becomes clear that attempts are not successful, malefactors stop the attack.
At the same time, more complex attacks (such as HTTP misuse) which require time and money, will remain long. As the report suggested, HTTP flood method and mixed attacks with HTTP component, which shares were relatively small (17pc and 14pc), constitute about 80pc of DDoS attack time of the whole year.
David Emm, Principal Security Researcher at Kaspersky Lab, says: “Most simple DDoS attacks don’t achieve their aim. Because of this, cybercriminals aiming to benefit financially from these attacks only have two options. The first option is that they could divert the resources required for DDoS attacks towards other sources of revenue, such as cryptomining. Their second option is to improve their technical skills. Given this, we can anticipate that DDoS attacks will evolve in 2019 and it will become harder for companies to detect them and stay protected.”
As for results, the longest DDoS attack in Q4 lasted 329 hours (almost 14 days). See more at securelist.com.
