May 15, 2017 by Canadian Underwriter
Russian cybersecurity company Kaspersky Lab has found a “noticeable decline” in the number of overall distributed denial of service (DDoS) attacks and a change to how they were dispersed by country.
Kaspersky released late last week its Q1 2017 DDoS Intelligence Report, which confirms forecasts about the evolution of DDoS attacks made by the company’s experts following the company’s 2016 results. Despite the growing popularity of complex DDoS attacks continuing into the first quarter of the year, there were some major changes, Kaspersky noted in a statement.
In the first quarter of 2017, the Kaspersky DDoS intelligence system recorded attacks against resources in 72 countries, eight less than in the fourth quarter of 2016, the statement pointed out. By country, the Netherlands and the United Kingdom replaced Japan and France among the top 10 countries with the most DDoS victims.
South Korea remained the leader in terms of the number of detected C&C (Command and Control) servers (66.49%) – computers that issue commands to members of infected machines. The United States came in second, followed by the Netherlands, which dislodged China from the top three for the first time since monitoring began (to number seven). As well, Japan, Ukraine and Bulgaria all left the top 10 ranking of countries with the highest number of C&C servers; replaced by Hong Kong, Romania and Germany.
Nearly half (47.78%) of targeted resources were located in China, significantly lower than the previous quarter (71.60%). Canada saw 0.67% of unique DDoS targets, down from 0.77% in Q1 2016.
Distribution by operating system also changed in the first quarter of this year. In the previous quarter, Linux-based IoT (Internet of Things) botnets were the most popular, but they were squeezed out by Windows-based botnets, whose share grew from 25% to 60% in the first quarter.
During the reporting period, not a single amplification-type attack was registered, while the number of encryption-based attacks grew. “This is in line with the company’s forecasts last year predicting a shift in DDoS from simple, powerful attacks to attacks that are difficult to identify using standard security tools,” the statement suggested.
Overall, the quarter was relatively quiet: the largest number of attacks (994) was observed on Feb. 18. The longest DDoS attack in Q1 2017 only lasted 120 hours, which is significantly lower than the previous quarter’s maximum of 292 hours.
“There’s typically a pronounced decline in the number of DDoS attacks at the beginning of the year, and this trend has continued now for five years,” said Kirill Ilganaev, head of Kaspersky DDoS protection at Kaspersky Lab. “This may be due to cybercriminals or their clients taking a break. However, despite this now familiar downturn, we still recorded more attacks between January and March of this year than we did in the first quarter of 2016, which confirms the conclusion that the overall number of DDoS attacks is growing. So now is not the time to let your guard down; rather, it’s better to take care of your protection before the cybercriminals get back to their usual work routine.”