In the last three months of 2016, significant progress has been made in DDoS attacks. Methods are becoming more and more complex, the array of botnets utilized is becoming more and more diverse, while the attackers are demonstrating their abilities by choosing larger and more obvious targets. All of this, and much more, is being analyzed by Kaspersky Lab specialists in their DDoS report for the fourth quarter of 2016. 
The specific interval, the system Kaspersky Lab's DDoS Intelligence reported bot-assisted DDoS attacks in 80 countries, compared to 67 countries in the previous quarter. There was also a change in the top 10 countries with the highest number of victims of such attacks, with Germany και τον Καναδά να αντικαθιστούν την Ιταλία και την Ολλανδία. Τρεις χώρες της Δυτικής Ευρώπης (Ολλανδία, Ηνωμένο Βασίλειο και Γαλλία) παρέμειναν μεταξύ των κορυφαίων δέκα χωρών με τον μεγαλύτερο αριθμό φιλοξενούμενων C&C servers για δεύτερο συνεχόμενο τρίμηνο, και ακολουθούνταν από τη Βουλγαρία και την Japan in the fourth quarter.
The longest in duration attack DDoS in the fourth quarter lasted for 292 hours (or 12,2 days), a record size for 2016. The last quarter also saw a record for the number of DDoS attacks carried out in a single day – namely 1.915 attacks on November 5.
Overall, the fourth quarter of 2016 was rich in remarkable DDoS attacks over a wide range of targets, including Dyn's Domain Name System, Deutsche Telekom and some of the largest banks in Russia. Companies were among the first victims of a new trend, namely DDoS attacks that started through huge botnets made up of vulnerable IoT devices, of which Mirai is a typical example. The approach used by Mirai creators has been the basis for many other botnets created by "infected" IoT devices.
The growing number of attacks using IoT devices was just one of the main trends in the fourth quarter. Throughout the quarter, there was a significant reduction in the number of enhanced DDοS attacks, which were popular in the first half of 2016. This size was reduced thanks to better protection against such attacks but also due to the reduced number of vulnerable servers available of digital criminals.
The position released by the enhanced attacks is covered by attack-level attacks, including WordPress Pingback attacks. Detecting application-level attacks creates a much greater challenge because they mimic the activities of real users. The fact that these attacks are more frequent use encryption serves only to increase the level of risk. Encryption dramatically increases the effectiveness of DDoS attacks, complicates the process of filtering from the "unwanted" among many legitimate requests due to the need to decrypt them.
Kaspersky Lab specialists predict that the trend towards increasingly complex DDoS attacks and a larger number of IoT botnets will continue with 2017.
«IoT devices can launch DDoS attacks of any complexity, including application-level attacks and encrypted attacks. Given the effectiveness of IoT botnets, as well as the increasing number of poorly protected IoT devices, we can reasonably anticipate an increase in the number of these attacks as well as their strength and complexity. This means that companies have to take care of their protection in advance, and thoroughly opt for the protection solution for DDoS attack filtering, "said Kirill Ilganaev, Kaspersky Lab Kaspersky Lab's head of Kaspersky DODS Protection.
