In the last three months of 2016, significant progress has been made in DDoS attacks. Methods are becoming more and more complex, the array of botnets utilized is becoming more and more diverse, while the attackers are demonstrating their abilities by choosing larger and more obvious targets. All of this, and much more, is being analyzed by Kaspersky Lab specialists in their DDoS report for the fourth quarter of 2016.
During that time, Kaspersky Lab's DDoS Intelligence system reported bots-assisted DDoS attacks in 80 countries, up from 67 in the previous quarter. A change was also made in the top 10 countries with the highest number of victims of such attacks, with Germany and Canada replacing Italy and the Netherlands. Three Western European countries (Netherlands, United Kingdom and France) remained in the top ten countries with the largest number of hosted C&C servers for the second consecutive quarter, followed by Bulgaria and Japan in the fourth quarter.
The longest-running DDoS attack in the fourth quarter lasted 292 hours (or 12,2 days), a record size for 2016. The last quarter also saw a record number of DDoS attacks in a single day - 1.915 attacks on November 5. .
Overall, the fourth quarter of 2016 was rich in remarkable DDoS attacks over a wide range of targets, including Dyn's Domain Name System, Deutsche Telekom and some of the largest banks in Russia. Companies were among the first victims of a new trend, namely DDoS attacks that started through huge botnets made up of vulnerable IoT devices, of which Mirai is a typical example. The approach used by Mirai creators has been the basis for many other botnets created by "infected" IoT devices.
The growing number of attacks using IoT devices was just one of the main trends in the fourth quarter. Throughout the quarter, there was a significant reduction in the number of enhanced DDοS attacks, which were popular in the first half of 2016. This size was reduced thanks to better protection against such attacks but also due to the reduced number of vulnerable servers available of digital criminals.
The position released by the enhanced attacks is covered by attack-level attacks, including WordPress Pingback attacks. Detecting application-level attacks creates a much greater challenge because they mimic the activities of real users. The fact that these attacks are more frequent use encryption serves only to increase the level of risk. Encryption dramatically increases the effectiveness of DDoS attacks, complicates the process of filtering from the "unwanted" among many legitimate requests due to the need to decrypt them.
Kaspersky Lab specialists predict that the trend towards increasingly complex DDoS attacks and a larger number of IoT botnets will continue with 2017.
«IoT devices can launch DDoS attacks of any complexity, including application-level attacks and encrypted attacks. Given the effectiveness of IoT botnets, as well as the increasing number of poorly protected IoT devices, we can reasonably anticipate an increase in the number of these attacks as well as their strength and complexity. This means that companies have to take care of their protection in advance, and thoroughly opt for the protection solution for DDoS attack filtering, "said Kirill Ilganaev, Kaspersky Lab Kaspersky Lab's head of Kaspersky DODS Protection.
Follow us on Google News