ake78 (3D & photo) - Fotolia
The number of distributed denial of service (DDoS) attacks grew by 18% in the second quarter of the year compared with a year ago, the latest report from security firm Kaspersky reveals.
The data shows that although there was still a seasonal dip of 44% compared with the previous quarter, the volume of DDoS attacks was higher and the taper off was less pronounced than in the second quarter of the previous two years.
Further underlining the importance of taking DDoS attacks into account, the latest threat intelligence report from Netscout shows that the frequency of DDoS attacks grew by 39% in the first half of 2019 compared with the first half of 2018.
The Kaspersky report highlights the fact that application-layer attacks, which are more difficult to organise and protect against, showed significant growth in the second quarter of 32%, accounting for almost half (46%) of all attacks.
Notably, the report said the seasonal decrease had only a negligible effect on the number of attacks on the application layer, reducing by just 4% compared with the previous quarter. But the second quarter saw the proportion of application layer DDoS attacks increase by 9% from the first quarter and 15% compared with the equivalent period in 2018.
This type of DDoS attack targets certain functions or APIs (application programming interfaces) of applications to consume not only the network, but server resources as well, said the report. They are also harder to detect and protect from, because they include the performing of legitimate requests.
Alexey Kiselev, business development manager for the Kaspersky DDoS protection team, said: “Traditionally, troublemakers who conduct DDoS attacks for fun go on holiday during the summer and give up their activity until September, but the statistics for this quarter show that professional attackers, who perform complex DDoS attacks, are working hard even over the summer months.
“This trend is rather worrying for businesses. Many are well protected against high volumes of junk traffic, but DDoS attacks on the application layer require the targets to identify illegitimate activity even if its volume is low. We therefore recommend that businesses ensure their DDoS protection solutions are ready to withstand these complex attacks.”
The analysis of commands received by bots from command and control (C&C) servers revealed that the longest DDoS attack in the quarter lasted a record 509 hours, or almost 21 days, which is 180 hours longer than the previous record set in the last quarter of 2018.
To defend against DDoS attacks, Kaspersky recommends that businesses:
- Ensure that web and IT resources can handle high traffic.
- Use professional solutions to protect against attacks.
According to the Netscout report, attackers focused on the middle range of attack sizes in the first half of the year, resulting in a 776% growth in attacks between 100Gbps and 400Gbps.
The report also notes that attackers increasingly targeted wireless and satellite communications.
The exception to the overall trend toward growth, the report said, came at the top end of the attack range, where Netscout saw a 32% decrease in attacks of more than 500Gbps compared with the first half of 2018, which saw the arrival of Memcached attacks. Through collective action, attacks of this magnitude using this vector have been “essentially snuffed out”, said the report.
A trend to watch is that DDoS attackers are increasingly targeting satellite and wireless communications, the report said. DDoS attacks on satellite communications were up 193% in the first half of the year compared with the same period in 2018, while attacks on wireless communications increased by 255%, said Netscout.
Read more about DDoS attacks
- UK National Crime Agency investigates hundreds of suspected users of a DDoS-for hire site that was taken down by an international law enforcement operation.
- Europe in the firing line of evolving DDoS attacks.
- Malicious insiders and DDoS attacks cost UK businesses the most.
- Criminal activity has become the top motivation for DDoS attacks, so taking no action is not an option.