Fresh insight reveals a dramatic increase in prolonged site outages

The number of distributed denial-of-service (DDoS) attacks detected worldwide increased by 84% during the first three months of the year, according to new research.

Fresh insight from Kaspersky Lab has revealed a dramatic increase in the instances of DDoS attacks during the first quarter, with the security company also noting a spike in “sustained attacks” lasting longer than an hour.

The uptake of the report is fairly unsurprising: DDoS campaigns remain a constant threat globally, with law enforcement worldwide taking steps to crackdown on those orchestrating the attacks.

As previously reported by The Daily Swig, police in Ukraine arrested two people in the city of Mariupol (Маріу́поль) in January, after they were accused of launching attacks on news and local government websites.

And in February, a man from Illinois, US, pleaded guilty to running DDoS-for-hire websites, after he reportedly earned more than $550,000 from his illegal business.

Sergiy Usatyuk, 20, admitted targeting multiple victims, including a school district in Pittsburg, Pennsylvania. This attack affected 17 organizations sharing the same web infrastructure.

But while international agencies scramble to shut down cybergangs and their botnets, the rate of attacks shows no signs of slowing.

Indicators of DDoS campaigns increased during the first quarter of 2019, and the number of sustained attacks – those lasting more than 60 minutes – almost doubled, according to Kaspersky.

However, the countries both receiving and launching the most DDoS attacks remained the same.

China led the trend again this year, receiving 67.9% of global DDoS traffic, followed by the US (17.2%), and Hong Kong (4.8%).

As can be seen from the figures, the rates of receiving and distributing these cyber-attacks largely correlate.

The highest rate of DDoS activity was observed in March – hitting 699 attacks at its peak on March 16. January 17 saw a surge of 532 assaults, though February remained fairly quiet.

Attacks lasting more than one hour almost doubled in quantity, from 0.1% to 0.2% of all recorded DDoS assaults – however, the longest recording was 12 days, as opposed to 14 days seen in Q4 of 2018.

Unexpected arrivals

While most botnets are still situated in the US (34.1%) Q1 saw changes to the top three countries overall.

The Netherlands rose to second place in Q1 with 12.7% after taking the third spot at the end of last year.

And Russia climbed to third place from seventh 10.4% of botnet share.

“In the previous three quarters, we saw some unexpected arrivals in several Top 10s – countries with no major track record as a source of DDoS threats suddenly asserted themselves.

“But Q1 2019 held no particular surprises, save for countries such as Saudi Arabia, the Netherlands, and Romania maintaining a high level of DDoS activity; in other words, their appearance in the Top 10s cannot be put down to random deviations,” researchers concluded.

They also noted that there was a decrease in botnet activity of Darkai, a Mirai clone, and Mirai itself, which suffered a threefold drop in instances.

“This factor, among others, goes someway to explaining the certain decline in the number and duration of DDoS attacks,” they wrote.