Building a slide deck, pitch, or presentation? Here are the big takeaways:
- In Q1 2018, the longest DDoS attack lasted 297 hours, or more than 12 days. — Kaspersky Lab, 2018
- DDoS botnets attacked online resources in 79 countries in Q1 2018. — Kaspersky Lab, 2018
Multi-day DDoS attacks are back again: In Q1 2018, one attack lasted 297 hours, or more than 12 days, making it one of the longest in recent years, according to a Thursday report from Kaspersky Lab.
Q1 2018 saw a significant increase in both the total number of DDoS attacks, and the duration of those attacks, compared to Q4 2017, the report found. This rise is due in large part to a growing number of botnet attacks. The Linux-based botnets Darkai (a Mirai botnet clone) and AESDDoS were largely responsible for the hike, the report noted.
However, the share of Linux botnets actually fell from 71% in 2017 to 66% in 2018, according to the report. Meanwhile, the share of Windows-based botnets rose from 29% to 34% this year.
SEE: Intrusion detection policy (Tech Pro Research)
In terms of geography, in Q1 2018, DDoS botnets attacked online resources in 79 countries, the report found. Those that experienced the largest number of attacks were, by far, China (59% of all attacks), the US (18%), and South Korea (8%). These three nations also host the largest number of servers, and sites and services hosted on them, leaving them more open to attacks, the report noted. Hong Kong (4%), Great Britain (1%), and Canada (1%) rounded out the top six most targeted countries.
Amplification attacks, which were previously on the decline, also regained popularity this year, the report found. While NTP and DNS-based boosting have largely disappeared as vulnerable services have been patched, new, nontraditional amplification methods like Memcached and LDAP attacks were detected in Q1. The latter in particular, in which LDAP services are used as an amplifier, could become a larger issue on the DarkNet in the coming months, as it has one of the biggest amplification factors, the report stated.
"Exploiting vulnerabilities is a favorite tool for cybercriminals whose business is the creation of DDoS botnets," Alexey Kiselev, project manager on the Kaspersky DDoS Protection team, said in a press release. "However, as the first few months of the year have shown, it's not only the victims of DDoS attacks that are affected, but also those companies with infrastructure that includes vulnerable objects."
DDoS attacks can be costly for businesses, a recent Corero Network Security report found: 91% of cybersecurity professional surveyed said that individual DDoS attacks can cost their organization up to $50,000 per attack, when accounting for lost business, the cost of mitigation, and lost worker productivity. And 69% said their enterprise experiences between 20-50 DDoS attack attempts per month—roughly one per day.
For tips on how to fight cyberthreats like DDoS attacks, click here.
- Special report: Cybersecurity in an IoT and mobile world (free PDF) (TechRepublic)
- Memcached DDoS: The biggest, baddest denial of service attacker yet (ZDNet)
- Cheat sheet: How to become a cybersecurity pro (TechRepublic)
- Brazil hit by 30 DDoS attacks per hour in 2017 (ZDNet)
- Massive DDoS attack lasts for 277 hours, highlighting growth of extended attacks on businesses (TechRepublic)
Alison DeNisco Rayome is a Staff Writer for TechRepublic. She covers CXO, cybersecurity, and the convergence of tech and the workplace.