Posted on August 4, 2017 at 12:57 PM
According to a report by Kaspersky Lab released this week, a spike of 131% has been detected in the duration of the longest attack against a Chinese telecom company launched by the DDoS. The attack was 277 hours long.
This attack that spanned over the period of more than 11 days holds the record for this year so far, as it says in the 2017 DDoS Intelligence Report, and warns us that long-lasting DDoS attacks are back.
Oleg Kupreev, lead malware and anti-botnet analyst for Kaspersky Lab says that there is no exact reason for the duration heightening since fluctuations happen often.
The Kaspersky report notes that the most powerful attack happened in the second quarter. The attack was 20GB per second, lasted about an hour and used the connectionless User Datagram Protocol (UDP). What’s interesting, as Kupreev says, is that most UDP flood attackers are not more than 4GB per second.
A Corero Network Security report states that the majority of the attacks against networks are still low-volume.
In the second quarter, DDoS attacked 86 countries, which was a rise from the 72 countries being targeted in the first quarter, the report states. The most attacked countries were US, South Korea, China, UK, Italy, Russia, Hong Kong, France, the Netherlands and Canada.
Kupreev explained that online resources in one country can be located on servers in another country, which mostly happens in China, South Korea, and the US which also explains why these countries are the most targeted ones.
The Kaspersky report also states that Italy posted a 10-fold increase in DDoS attacks while the Netherlands experienced a 1.5x increase, making Vietnam and Denmark fall off of the top 10 list.
Kupreev also said that the second quarter brought a new twist to ransom DDoS attack threats. Cybercriminals would send their ransom threats to larger companies without sending a shorter attack first with the hope that the threat would be enough to make the companies pay.
Kirill Ilganaev, head of Kaspersky DDoS Protection at Kaspersky Lab added that you need no technical knowledge of organizing a DDoS attack to buy a demo attack in order to extort money from companies. You just have to pick an unsavvy company that doesn’t protect their resources, making them easy to convince to pay ransom with just a demonstration, which is what the attackers did.
Kupreev isn’t convinced that this form of extortion will overtake normal DDoS attack in the near future, despite the rise of DDoS-lacking ransom plans.
Kupreev said that the share of ‘normal’ DDoS attacks will always outnumber RDDoS since money extortion doesn’t have to be the only reason for the DDoS attack. It could also be unfair competition, hacktivism, political struggle, smoke-screening and so on. He also added that unavailability of online resources for many companies can be even more damaging than the amount of extortion.