The longest continuous DDoS attack recorded by the IT security company Kaspersky Lab in the third quarter of 2015 lasted for 320 hours, which is almost two weeks. This finding comes from the firm’s new quarterly DDoS report, which is based on the constant monitoring of botnets and observing new techniques used by cybercriminals. Other findings include:
Victims were identified in 79 countries around the world. The top three countries most frequently hit by DDoS attacks are China, USA and South Korea.
More than 90 per cent of attacks lasted less than 24 hours, but the number of attacks lasting over 150 hours has grown significantly.
The highest number of attacks on the same victim was 22, on a server located in The Netherlands.
It is apparent that Cybercriminals go on vacation too, with August being the quietest month of the quarter.
Linux-based botnets are significant, and account for up to 45.6 per cent of all attacks recorded by Kaspersky Lab. The main reasons for this include poor protection and higher bandwidth capacity.
Banks are frequent targets for complex attacks and ransom demands.
Less complex but just as dangerous attacks have become cheaper to carry out.
The Q3 report shows that DDoS attacks remain highly localised. 91.6 per cent of the victims’ resources are located in only ten countries around the world, although Kaspersky Lab has recorded DDoS attacks targeting servers in 79 countries total. The report has also found that DDoS attacks are more likely to originate from the same countries. China, USA and South Korea occupied top positions in both ratings of the most frequent attack sources and targets. Although other cybercrime syndicates, such as card theft, may operate far from their country of residence, this is not the case for DDoS. More details on geographic distribution and other properties of DDoS attacks, recorded by Kaspersky Lab’s DDoS Intelligence system, can be found in the full report at Securelist.com.
Evgeny Vigovsky, Head of Kaspersky DDoS Protection, Kaspersky Lab “Based on our observations and direct measurements, we cannot pinpoint one exact direction in which the underground business of DDoS attacks is moving. Instead, the threat appears to be growing everywhere. We have recorded highly complex attacks on banks, demanding a ransom, but we have also observed new, low-cost methods designed to put a company’s operations down for a significant amount of time. Attacks are growing in volume with most of them aiming to attack, disrupt and disappear, but the number of lengthy attacks, capable of bankrupting a large, unprotected business is also on the rise. These significant developments make it imperative for companies to take measures to prevent the very real threat and increased risk posed by DDoS attacks.”
