2018 saw a decline of 13 percent in the overall number of DDoS attacks when compared to the previous year, but cybercriminals are turning to longer, more sophisticated, mixed and HTTP flood attack techniques.
This is revealed in Kaspersky Lab’s DDoS Q4 2018 Intelligence Report, which also shows the average attack duration has grown. Compared with the beginning of the year, the average length of attacks has more than doubled — from 95 minutes in Q1 to 218 minutes in Q4 2018.
The most common type of attack is User Datagram Protocol (UDP) flooding (accounting for 49 percent), but these attacks observed over the year rarely last more than five minutes. More sophisticated techniques like the HTTP flood method and mixed attacks with HTTP components account for relatively small numbers of attacks (17 percent and 14 percent respectively), but they last much longer, constituting about 80 percent of DDoS attack time for the whole year.
Looking at targets geographically, China continues to top the list but its share declined significantly from 70.58 percent in Q3 to 43.26 percent while all other top 10 countries increased in their shares. In second place is the US (29.14 percent) with Australia (5.91 percent) in third.
“When cybercriminals do not achieve their goals of earning money by launching simple DDoS attacks, they have two options,” says Alexey Kiselev, business development manager on the Kaspersky DDoS Protection team. “They can reconfigure the capacities required for DDoS attacks towards other sources of revenue, such as cryptomining, or malefactors who orchestrate DDoS attacks have to improve their technical skills, as their customers will look for more experienced attackers. Given this, we can anticipate that DDoS attacks will evolve in 2019 and it will become harder for companies to detect them and stay protected.”