Long-lasting DDoS attacks make a comeback as numbers of attacks and targets rise

Long-lasting DDoS attacks made a return in the first quarter of 2018 with the longest attack seen lasting 297 hours (more than 12 days). The last time a longer attack than this occurred was at the end of 2015.

This is among the findings of Kaspersky Lab's latest DDoS intelligence report which reveals that in the first quarter of 2018, DDoS attacks were registered against targets in 79 countries.

The report sees a significant increase in both the total number and duration of DDoS attacks compared to the final quarter of 2017. The new Linux-based botnets Darkai (a Mirai clone) and AESDDoS are largely responsible for this hike. Although overall the proportion of Linux-based botnets fell to 66 percent from 71 percent.

China holds pole position for the number of attacks, its share remaining almost unchanged, up from 59.18 percent to 59.42 percent. The US share (17.83 percent), the second largest, increased by a more noticeable 1.83 percent. South Korea is third, but its share fell by more than two percent, from 10.21 percent to eight percent.

Elsewhere in the top 10, Britain (1.30 percent) moved down from fourth to fifth to be replaced by Hong Kong. Tenth place in Q1 2018 went to Russia, whose share decreased from 1.25 percent to 0.76 percent. The Netherlands and Vietnam dropped out of the top ten, but Hong Kong (with 3.67 percent against 0.67 percent in Q4 2017) and Japan (1.16 percent) came in.

The list of countries hosting C&C servers has undergone a reshuffle too. Canada, Turkey, Lithuania, and Denmark dropped out, while Italy, Hong Kong, Germany, and Britain climbed upwards. The top three, however, remain practically unchanged: South Korea (30.92 percent), the US (29.32 percent) and China (8.03 percent). Russia (2.01 percent), having shared third place with China in late 2017, slid down to ninth.

"Exploiting vulnerabilities is a favorite tool for cyber criminals whose business is the creation of DDoS botnets," says Alexey Kiselev, project manager on the Kaspersky DDoS Protection team. "However, as the first few months of the year have shown, it's not only the victims of DDoS attacks that are affected, but also those companies with infrastructure that includes vulnerable objects. The events of the first quarter reaffirm a simple truth: the platform companies use to implement multilayered online security must include regular patching of vulnerabilities and permanent protection against DDoS attacks."

You can see more details of the survey results on the Kaspersky SecureList blog.

Image Credit: timbrk / depositphotos.com