The last quarter of 2018 saw the longest DDoS attack since 2015, lasting 329 hours–almost 2 weeks–according to a Kaspersky Lab report released on Thursday. But the top three countries with the most DDoS attacks are still the same: China in first place (43%), the US in second (29%), and Australia in third (6%).

SEE: IoT security: A guide for IT leaders (Tech Pro Research)

While the number of DDoS attacks decreased in 2018, the average attack duration increased, the report found. The average length of attacks more than doubled from the beginning of 2018 to the end–from 95 minutes to 218 minutes. These attacks increased in length because they have become more complex and difficult to stop or mitigate, the report added.

The most common complex attack executed included an HTTP component, which requires both time and money to launch, the report said. Both the HTTP flood method and mixed attacks involving an HTTP factor made up approximately 80% of all DDoS attacks for 2018, revealing the success of this strategy.

“When cybercriminals do not achieve their goals of earning money by launching simple DDoS attacks, they have two options,” Alexey Kiselev, business development manager on the Kaspersky DDoS Protection team, said in a press release. “They can reconfigure the capacities required for DDoS attacks towards other sources of revenue, such as cryptomining, or malefactors who orchestrate DDoS attacks have to improve their technical skills, as their customers will look for more experienced attackers. Given this, we can anticipate that DDoS attacks will evolve in 2019 and it will become harder for companies to detect them and stay protected.”

Since attacks are predicted to become even more specialized in 2019, the report recommended the following three steps to help protect organizations from DDoS attacks:

  • Train and increase IT employees’ awareness of how to respond to DDoS attacks.
  • Prepare the organization’s websites and web applications to handle high traffic volume.
  • Use professional solutions to protect systems against all varieties of DDoS attacks.

The big takeaways for tech leaders:

  • While DDoS attacks decreased in 2018, the complexity of the attacks increased. — Kaspersky Lab, 2019
  • DDoS attacks will only become more complex and specialized in 2019, meaning the enterprise needs to properly prepare. — Kaspersky Lab, 2019