The last three months of 2016 saw significant progress in DDoS attacks. The methods are becoming more and more complex, the array of devices utilized by botnets is becoming more and more diverse, while the attackers show off their skills, choosing larger and more obvious targets. All this, and much more, is analyzed by its experts Kaspersky Lab in their report on DDoS attacks for the fourth quarter of 2016. 
That particular space, το σύστημα DDoS Intelligence της Kaspersky Lab ανέφερε επιθέσεις DDoS υποβοηθούμενες από bots σε 80 χώρες, σε σύγκριση με 67 χώρες το προηγούμενο τρίμηνο. Αλλαγή επίσης παρουσιάστηκε και στις 10 κορυφαίες χώρες με τον μεγαλύτερο αριθμό θυμάτων τέτοιου είδους επιθέσεων, με τη Germany and Canada to replace Italy and the Netherlands. Three Western European countries (Netherlands, United Kingdom and France) remained among the top ten countries with the largest number of hosted C&C servers for the second consecutive quarter, followed by Bulgaria and Japan in the fourth quarter.
The longest-running DDoS attack in the fourth quarter lasted 292 hours (or 12,2 days), a record size for 2016. The last quarter also saw a record number of DDoS attacks in a single day - 1.915 attacks on November 5. .
Overall, the fourth quarter of 2016 was rich in remarkable DDoS attacks over a wide range of targets, including Dyn's Domain Name System, Deutsche Telekom and some of the largest banks in Russia. Companies were among the first victims of a new trend, namely DDoS attacks that started through huge botnets made up of vulnerable IoT devices, of which Mirai is a typical example. The approach used by the creators of Mirai has been the base for many other botnets created by "infected" IoT devices.
The growing number of attacks using IoT devices was just one of the main trends in the fourth quarter. Throughout the quarter, there was a significant reduction in the number of enhanced DDοS attacks, which were popular in the first half of 2016. This size was reduced thanks to better protection against such attacks but also due to the reduced number of vulnerable servers available of digital criminals.
The position released by the enhanced attacks is covered by attack-level attacks, including WordPress Pingback attacks. Detecting application-level attacks creates a much greater challenge because they mimic the activities of real users. The fact that these attacks are more frequent use encryption serves only to increase the level of risk. Encryption dramatically increases the effectiveness of DDoS attacks, complicates the process of filtering from the "unwanted" among many legitimate requests due to the need to decrypt them.
Kaspersky Lab specialists predict that the trend towards increasingly complex DDoS attacks and a larger number of IoT botnets will continue with 2017.
«IoT devices can launch DDoS attacks of any complexity, including application-level attacks and encrypted attacks. Given the effectiveness of IoT botnets, as well as the increasing number of poorly protected IoT devices, we can reasonably anticipate an increase in the number of these attacks as well as their strength and complexity. This means that companies have to take care of their protection in advance, and thoroughly opt for the protection solution for DDoS attack filtering, "said Kirill Ilganaev, Kaspersky Lab Kaspersky Lab's head of Kaspersky DODS Protection.
