DDoS Attacks Up By 84% In Q1

Uploaded on 2019-06-20 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The number of DDoS attacks increased by 84% in the first quarter of 2019 compared to Q4 2018, according to new research from Kaspersky Lab

The global cybersecurity company’s findings, detailed in its DDoS Attacks in Q1 2019 report, come in the wake of dramatically falling numbers of DDoS attacks recorded throughout 2018, suggesting that cyber-criminals are once again turning to DDoS as an attack method after a sustained period of shifting their attention to other sources of income last year, such as crypto mining.

Kaspersky Lab also discovered a substantial growth in the amount of attacks that lasted more than an hour. The company suggested that the launch of newer DDoS-for-Hire services could explain the sudden rise in the number of DDoS attacks in 2019.

“The DDoS attack market is changing,” said Alexey Kiselev, business development manager on the Kaspersky DDoS Protection team. “New DDoS services appear to have replaced ones shut down by law enforcement agencies. 
As organisations implement basic countermeasures, attackers target them with long-lasting attacks. It is difficult to say if the number of attacks will continue to grow, but their complexity is showing no signs of slowing down.
“We recommend that organisations prepare themselves effectively, in order to withstand sophisticated DDoS attacks.”
Kaspersky Labs’ advice for DDoS attack defense included:

•    Ensuring that web and IT resources can handle high traffic.
•   Using professional solutions to protect the organisation against attacks.

The start of the year saw the appearance of various new tools in the arsenal of DDoS-attack masterminds. 
In early February, for instance, the new botnet Cayosin, assembled from elements of Qbot, Mirai, and other publicly available malware, swam into view. 

Cyber-security experts were intrigued less by the mosaic structure and frequent updating of its set of exploited vulnerabilities than by the fact that it was advertised (as a DDoS service) not on the dark web, but through YouTube. 
What’s more, it is up for sale on Instagram (botnetters are clearly making the most of the opportunities afforded by social media). In tracing the cybercriminals’ accounts, the researchers stumbled upon other malware and botnets as well, including the already discovered Yowai.

Mid-March turned up another find in the shape of a new version of Mirai, geared towards attacking business devices. The malware is now able to “botnetize” not only access points, routers, and network cameras, but wireless presentation and digital signage systems, too.

Despite all this, the number of observed high-profile attacks using new and not-so-new botnets was not that high. At the end of winter, the University of Albany (UAlbany) in the US came under assault: during the February 5th March 1 period, 17 attacks were made on it, downing the university servers for at least five minutes. Data belonging to students and staff was not affected, but some services were unavailable; the head of IT security at UAlbany believes that the university was specifically targeted.

In early February, the website of the National Union of Journalists of the Philippines was also hit. The site was disabled for several hours by a series of powerful attacks, peaking at 468 GB/s of traffic. The attack was part of a widespread campaign against various news resources. The targets believe themselves to be the victims of political pressure on alternative sources of information.

Also in mid-March, Facebook encountered serious problems with its services when Facebook and Instagram users were unable to log into their accounts. Many observers consider the incident to be DDoS-related. However, Facebook itself rejects this version of events, meaning that the real cause can only be guessed at. The lack of news about serious DDoS attacks coincided with a rise in the number of reports of major police operations against attack organizers, accompanied by arrests and charges.

The fight to bring down resources used for DDoS attacks continues: in early January, the US Department of Justice seized 15 Internet domains from which a series of DDoS attacks was launched last December. According to DoJ documents, those domains were used to carry out attacks on government systems, ISPs, universities, financial institutions, and gaming platforms worldwide. Later that same month, a US court handed down a 10-year jail term to a Massachusetts hacker for conducting DDoS attacks against two health facilities. 

Also in January, a hacker-for-hire was arrested in Britain for having incapacitated mobile networks in Liberia and Germany (at the peak of his criminal career in 2015, he took the whole of Liberia offline). Although his “work history” is far longer than that, no other charges were brought.

The shockwaves from last year’s operation to close down Webstresser.org, one of the most notorious sites providing DDoS attack services, continue to spread. Cyber police decided to go after not just the attack organisers, but the customers as well. At the end of January, Europol announced the arrest of more than 250 users in Britain and the Netherlands. Instead of prison, one of the convicted cyber-criminals will receive an alternative punishment under the Dutch Hack Right program, aimed at rehabilitating young hackers arrested for the first time. 

Other sources report that an investigation is underway into all 150,000 Webstresser clients resident in 20 different countries.
Yet despite the law enforcement efforts, DDoS attacks remain a real threat to business. As a Neustar International Security Council survey of 200 senior technical staff members of large companies revealed, firms today consider DDoS attacks to be a serious problem: 52% of security services have already faced them, and 75% are concerned about the issue.

Quarter Trends
Last quarter, we made two predictions about trends in the DDoS attack market: first, that the market overall would contract; second, that demand for long-term “smart” attacks, in particular HTTP flooding, would grow. The first did not happen: Kaspersky DDoS Protection statistics show that all DDoS attack indicators increased last quarter. The total number of attacks climbed by 84%, and the number of sustained (over 60 minutes) DDoS sessions precisely doubled. The average duration increased by 4.21 times, while the segment of extremely long attacks posted a massive 487% growth.

This forces a reassessment of the assumption made in last year’s Q3 and Q4 reports that the decrease in DDoS activity is linked to cybercriminals switching to the more reliable and profitable cryptocurrency mining. Clearly, this hypothesis is at least partially wrong.

There is another, more likely explanation: over the last six months of the previous year, we have been observing less the redistribution of botnet capacity for other purposes and more the emergence of a market vacuum. Most likely, the supply deficit was linked to the clamping down on DDoS attacks, the closure of sites selling related services, and the arrest of some major players over the past year. 

Now it seems the vacuum is being filled: such explosive growth in the indicators is almost certainly due to the appearance of new suppliers and clients of DDoS services. It will be interesting to observe how this trend develops in Q2. Will the indicators continue to rise, or will the market settle at the current level?

The second prediction (growing demand for smart application-level attacks) was more accurate: the share of long, harder-to-organise attacks is still growing, both qualitatively and quantitatively. We see no reason why this trend should not continue throughout Q2.

Attack Geography
China remains the leader by number of attacks. It even returned to its previous level after a drop in previous quarters: its share rose from 50.43% to 67.89%. In second place came the US, although its share was reduced from 24.90% to 17.17%. Third place belonged to Hong Kong, up from seventh, increasing its share from 1.84% to 4.81%.

Interestingly, except for China and Hong Kong, all other countries’ shares decreased. This did not prevent the US from retaining second position; meanwhile, Australia, having taken bronze at the end of 2018, dropped to last place, down 4 p.p. (from 4.57% to 0.56%).

Among other significant changes, it is worth noting Britain, which fell from fifth to seventh place having shed 1.52 p.p. (from 2.18% to 0.66%), as well as Canada and Saudi Arabia. Each of the latter two lost around 1 p.p., but that did not stop Canada (0.86%) climbing from sixth to fourth, while Saudi Arabia (0.58%) dropped down a rung towards the foot of the table.
Brazil, meanwhile, dropped out of the Top 10 altogether, making way for Singapore, which came straight in at number 5 with 0.82% of attacks (tellingly, its share too was down on the previous quarter, albeit very slightly).

South Korea, which previously juggled second and third place with the US, remains outside the Top 10 (accounting for 0.30% of attacks). 

Securelist:        Infosecurity:    

You Might Also Read: 

The Rise of AI Driven DDoS Attacks:

 

« More Than 900 Million Financial Records Exposed
The Spycraft Revolution »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Asavie

Asavie

Asavie provide solutions for Enterprise Mobility Management and secure IoT Connectivity.

Brit

Brit

Brit PLC is a market-leading global specialty insurer and reinsurer, focused on underwriting complex risks including cyber, privacy and technology.

Security Onion Solutions

Security Onion Solutions

Security Onion Solutions is the creator and maintainer of Security Onion, a free and open platform for threat hunting, network security monitoring, and log management.

Post-Quantum

Post-Quantum

Post-Quantum offer a unique, patented quantum-resistant encryption algorithm that can be applied to existing products and networks.

Bangladesh Computer Council (BCC)

Bangladesh Computer Council (BCC)

Bangladesh Computer Council (BCC) is a government body providing support for ICT related activities including formulating national ICT strategy and policy.

SecuLetter

SecuLetter

SecuLetter is able to detect unknown attacks with hybrid approaches, static and dynamic analysis.

GrrCON

GrrCON

GrrCON is an information security and hacking conference that provides the Midwest InfoSec community with a fun atmosphere to come together and engage with like minded people.

German Israeli Partnership Accelerator (GIPA)

German Israeli Partnership Accelerator (GIPA)

GIPA is based on two pillars: it is an incubator aimed at young academics and a program to transfer cybersecurity expertise to corporate partners.

Global Incubator Network Austria (GIN Austria)

Global Incubator Network Austria (GIN Austria)

GIN Austria is the connecting link between Austrian and international startups, investors, incubators and accelerators with a focus on selected hotspots in Asia.

Aware

Aware

Aware is the only comprehensive AI solution for governance, risk, compliance and insights for leading collaboration platforms.

SHI International

SHI International

SHI International deliver against your IT and business needs, helping you build strategies and solutions that will drive innovation, collaboration and security.

Three Wire Systems

Three Wire Systems

Three Wire is a leader in innovative and efficient technology solutions for government agencies and large enterprise corporations.

Apex

Apex

We aspire to make the AI revolution run faster, securely, for the benefit of all. We are purposely built for the new AI era and are creating capabilities to safely enable AI.

Vantyr

Vantyr

Vantyr's core mission is to safeguard the business-led adoption of SaaS applications by automating the lifecycle management and security of non-human identities.

NopalCyber

NopalCyber

NopalCyber makes cybersecurity manageable, affordable, reliable, and powerful for companies that need to be resilient and compliant.

Seiber

Seiber

Seiber are a UK based Cyber Security company who provide consultancy and training services. Our objective is to stop bad things happening to good people.