The latest report from Kaspersky Lab showed that while there was a decline in the number of DDoS attacks in the fourth quarter, their duration and severity went higher. This trend is expected to continue this year, the researcher said. The number of attacks in the quarter fell 13 percent from the year before but the duration more than doubled, to 218 from 95 minutes.
Kaspersky noted that the market can now better defend itself to “simple” type attacks, such as UDP flood attacks, when the attacker sends a large number of UDP packets to the target’s server ports in order to overwhelm it and make it unresponsive for clients. These accounted for almost half (49%) of the DDoS attacks in 2018, but rarely lasted more than 5 minutes. More complex attacks, such as HTTP flood method and mixed attacks with HTTP (17% and 14%), made up a smaller percentage of attacks but took up about 80 percent of attack time for the whole year.
“When most simple DDoS attacks do not achieve their aim, those people earning money by launching such attacks have two options. They can reconfigure the capacities required for DDoS attacks towards other sources of revenue, such as cryptomining. Alternatively, malefactors who orchestrate DDoS attacks have to improve their technical skills, as their customers will look for more experienced attackers,” Kaspersky said.
The longest DDoS attack in Q4 lasted 329 hours (almost 14 days). The top three counties which had the most conducted DDoS attack remain the same. China is again in first place but its share fell to 50.43 percent from 77.67 percent, The US and Australia remained second and third place. By target distribution, China still tops the list, but its share declined to 43.26 percent from 70.58 percent in the third quartrer. Regarding countries hosting the most C&C servers, the US remained the leader, but the UK and the Netherlands came second and third, replacing Russia and Greece respectively.