A shift from quantity to quality: 2018 saw cybercriminals dropping basic DDoS operations

The Kaspersky Lab DDoS Q4 Report covering statistics of the last quarter and the whole of 2018 highlights a 13% decline in the overall number of DDoS attacks when compared with the statistics from the previous year. However, the duration of mixed and HTTP flood attacks is growing, which suggests that malefactors are turning to more sophisticated DDoS attack techniques. According to Kaspersky Lab researchers, as more and more organizations adopt solutions to protect themselves from simple types of DDoS attacks, 2019 will likely see attackers improve their expertise to overcome standard DDoS protection measures and bring overall complexity of this type of threat to the next level.

Kaspersky Lab experts have found that the average attack duration is growing. Compared with the beginning of the year, the average length of attacks has more than doubled – from 95 minutes in Q1 to 218 minutes in Q4. It is notable that UDP flood attacks (when the attacker sends a large number of UDP packets to the target’s server ports in order to overwhelm it and make it unresponsive for clients), which are accounting for almost half (49%) of the DDoS attacks in 2018, were very short and rarely lasted more than 5 minutes.
At the same time, more complex attacks (such as HTTP misuse) which require time and money, will remain long. As the report revealed, HTTP flood method and mixed attacks with HTTP component, which shares were relatively small (17% and 14%), constitute about 80% of DDoS attack time of the whole year.

Kaspersky Lab recommends the following steps to protect an organization from DDOS attacks:
·Train personnel to respond to such incidents in a proper way
·Ensure that a company’s websites and web applications can handle high traffic;
·Use professional solutions to protect against attacks. For example, Kaspersky DDoS Protection combines Kaspersky Lab’s extensive expertise in combating cyberthreats and the company’s unique in-house developments. The solution protects against all types of DDoS attacks regardless of their complexity, strength or duration.