DDOS attacks grow in frequency, sophistication

The total number of distributed denial of service (DDOS) attacks increased by nearly 24% in Q3 2021 when compared to the same period last year.

During the same timeframe, the total number of smart or advanced, targeted DDOS attacks increased by 31%.

This was revealed by Kaspersky’s DDOS attacks in Q3 report, which found that some of the most popular targets were tools to fight the pandemic, government organisations, game developers, and well-known cyber security publications.

DDOS attacks attempt to overwhelm a network server with requests for services to crash the server and deny users access.

These attacks can last from a few minutes to a few days, says Kaspersky. However, 'smart' DDOS attacks take this a step further. They are more sophisticated and often targeted, and they can be used not only to disrupt services, but to make particular resources inaccessible, or to steal money, the company explains.

Both types of attacks also increased when compared to the second quarter of this year, with the largest percentage of resources attacked (40.8%) in the US, followed by Hong Kong and mainland China.

During August, Kaspersky noted a record number of DDOS attacks in a single day, with 8 825 attacks.

A few of the most prominent, large-scale DDOS attacks over the past quarter employed a new, powerful botnet dubbed Mēris, which is capable of sending out a gargantuan number of requests per second.

This scourge was seen in attacks against two of the most well-known cyber security publications, Krebs on Security and InfoSecurity Magazine.

Some other DDOS trends in Q3 that are worth mentioning include a series of politically-motivated attacks in Europe and Asia, as well as attacks against game developers.

Moreover, bad actors targeted resources to combat the pandemic across several countries, and there was a slew of ransomware attacks against telecommunications providers in Canada, the US, and the UK.

The threat actors claimed to be members of the notorious ransomware group REvil, and shut down the companies’ servers to pressure them into paying the ransom.

Researchers at Kaspersky also saw a very unusual DDOS attack at a state university that lasted several days. Although attacks against educational resources are not uncommon, this one was particularly sophisticated: the attackers targeted the online accounts of applicants to a state university, using an attack vector that made the resource completely unavailable. The attack also continued after the filtering began, which is rare, says Kaspersky.

Alexander Gutnikov, a security expert at Kaspersky, says over the past few years, the company has witnessed crypto-mining and DDOS attack groups competing for resources, since many of the same botnets are used for both.

“While we previously saw a decline in DDOS attacks as crypto-currency grew in value, we're now witnessing a redistribution of resources. DDOS resources are in demand and attacks are profitable. We expect to see the number of DDOS attacks continue to increase in Q4, especially since, historically, DDOS attacks have been particularly high at the end of the year.”

To avoid falling foul of DDOS attacks, Kaspersky recommends maintaining Web resource operations by assigning specialists who understand how to respond to DDOS attacks, and validating third-party agreements and contact information, including those made with Internet service providers. This helps teams quickly access agreements in case of an attack.

It’s also important to know the business’s traffic patterns. “It’s a good option to use network and application monitoring tools to identify traffic trends and tendencies. By understanding your company's typical traffic patterns and characteristics, you can establish a baseline to more easily identify unusual activity that is symptomatic of a DDOS attack.”

Finally, Kaspersky advises to implement professional solutions to safeguard the organisation against DDOS attacks, and to have a restrictive ‘plan B’ defensive posture ready to go.

“Be in a position to rapidly restore business-critical services in the face of a DDOS attack.”