The most discussed topics in cybersecurity tend to be things like ransomware, cryptojacking, and data breaches. One topic of discussion that has faded from the forefront is distributed denial of service (DDoS) attacks. While they still occur, for many researchers there was a noticeable lull in their activity compared to a couple years ago. According to new research, however, this is no longer the case as DDoS attacks are suddenly on the upswing.
The research comes from Kaspersky Lab’s report DDoS Attacks in Q1 2019 which details numerous fascinating statistics about the well-known cyberattack method. According to the report, when compared against Q4 in 2018, DDoS attacks have seen an 84 percent increase in the first quarter of 2019. One reason for this appears to be a sudden uptick in new services/botnets that allow for massive DDoS operations.
Some of the new DDoS culprits mentioned in the report include Cayosin, which is a botnet that is “assembled from elements of Qbot, Mirai, and other publicly available malware.” Additionally there is strong evidence showing that a new variant of the infamous Mirai botnet is currently in the wild. This version of Mirai specifically is set up to attack business devices and appears to be incredibly complex.
This is only one part of the reason for the rise in DDoS attacks, however, as the Q1 report from Kaspersky also shows the following data:
The maximum attack duration decreased by more than a day against the previous quarter, although the percentage share of sustained DDoS sessions continued to rise and amounted to 21.34 percent (versus 16.66 percent in Q4 2018)... The share of SYN flooding increased to 84 percent, bringing down the share of UDP and TCP flood, while the share of HTTP and ICMP attacks rose to 3.3 percent and 0.6 percent, respectively... The share of Linux botnets decreased slightly, but still remains predominant (95.71 percent)... Most botnet C&C servers are still located in the US (34.10 percent), with the Netherlands in second place (12.72 percent), and Russia in third (10.40 percent).
According to an article that InfoSecurity’s acting editor Michael Hill wrote on the report, there is also the reality of cybercriminals adapting new strategies that caused the rise. In an interview conducted for the article, Kaspersky Lab’s Alexey Kiselev stated the following:
New DDoS services appear to have replaced ones shut down by law enforcement agencies. As organizations implement basic countermeasures, attackers target them with long-lasting attacks. It is difficult to say if the number of attacks will continue to grow, but their complexity is showing no signs of slowing down.
While it is unknown what the future holds for this cyberattack methodology, it would be foolish for security teams to ignore this data. Any increase in specific attacks should be cause for concern, and additionally, should cause blue teams in particular to prepare their defenses accordingly.
Featured image: Shutterstock