DDoS attacks experiencing major resurgence

The most discussed topics in cybersecurity tend to be things like ransomware, cryptojacking, and data breaches. One topic of discussion that has faded from the forefront is distributed denial of service (DDoS) attacks. While they still occur, for many researchers there was a noticeable lull in their activity compared to a couple years ago. According to new research, however, this is no longer the case as DDoS attacks are suddenly on the upswing.

The research comes from Kaspersky Lab’s report DDoS Attacks in Q1 2019 which details numerous fascinating statistics about the well-known cyberattack method. According to the report, when compared against Q4 in 2018, DDoS attacks have seen an 84 percent increase in the first quarter of 2019. One reason for this appears to be a sudden uptick in new services/botnets that allow for massive DDoS operations.

Some of the new DDoS culprits mentioned in the report include Cayosin, which is a botnet that is “assembled from elements of Qbot, Mirai, and other publicly available malware.” Additionally there is strong evidence showing that a new variant of the infamous Mirai botnet is currently in the wild. This version of Mirai specifically is set up to attack business devices and appears to be incredibly complex.

This is only one part of the reason for the rise in DDoS attacks, however, as the Q1 report from Kaspersky also shows the following data:

The maximum attack duration decreased by more than a day against the previous quarter, although the percentage share of sustained DDoS sessions continued to rise and amounted to 21.34 percent (versus 16.66 percent in Q4 2018)... The share of SYN flooding increased to 84 percent, bringing down the share of UDP and TCP flood, while the share of HTTP and ICMP attacks rose to 3.3 percent and 0.6 percent, respectively... The share of Linux botnets decreased slightly, but still remains predominant (95.71 percent)... Most botnet C&C servers are still located in the US (34.10 percent), with the Netherlands in second place (12.72 percent), and Russia in third (10.40 percent).

According to an article that InfoSecurity’s acting editor Michael Hill wrote on the report, there is also the reality of cybercriminals adapting new strategies that caused the rise. In an interview conducted for the article, Kaspersky Lab’s Alexey Kiselev stated the following:

New DDoS services appear to have replaced ones shut down by law enforcement agencies. As organizations implement basic countermeasures, attackers target them with long-lasting attacks. It is difficult to say if the number of attacks will continue to grow, but their complexity is showing no signs of slowing down.

While it is unknown what the future holds for this cyberattack methodology, it would be foolish for security teams to ignore this data. Any increase in specific attacks should be cause for concern, and additionally, should cause blue teams in particular to prepare their defenses accordingly.

Featured image: Shutterstock

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Published by
Derek Kortepeter

Recent Posts

What are the potential disadvantages of SSL/TLS?

There’s wide consensus on the benefits of SSL/TLS. However, not as much attention has been given to SSL/TLS disadvantages.

14 hours ago

Exploring native software inventory logging in Windows Server

Windows Server has built-software inventory logging that can be very useful. Here’s how to use this little-known feature.

19 hours ago

Passwordless authentication: Safer, better, and about time

Passwordless authentication has quickly become one of the primary means by which users access their laptops, phones, and tablets because…

22 hours ago

Automated Incident Response in Office 365 ATP simplifies cybersecurity

Microsoft has pumped up Office 365 Advanced Threat Protection with a new feature, Automated Incident Response. Here’s what you need…

2 days ago

IFA 2019: Smart TVs and even smarter wearables unveiled

What will be in your living room or on your wrist this year? It may very likely be one of…

2 days ago

Consider these SD-WAN technologies for faster, more reliable networking

As virtualization becomes a major part of organizations’ infrastructure, these SD-WAN technologies provide faster and more reliable networking solutions.

2 days ago