• The Kaspersky Lab DDoS Q3 report marked a continued trend in attacks aimed at educational organizations, as they open their doors after a long summer and students head back to school.
Kaspersky Lab experts noticed an overall decline in the number of DDoS attacks this year, which may be due to many bot owners reallocating the computing power of their bots to a more profitable and relatively safe way of making money: cryptocurrency mining. However, there is still a risk of DDoS attacks causing disruption, despite attackers not seeking financial gain. The Kaspersky Lab DDoS Q3 report marked a continued trend in attacks aimed at educational organizations, as they open their doors after a long summer and students head back to school.
Attackers were most active during the third quarter in August and September, proven by the number of DDoS attacks on educational institutions increasing sharply at the start of the academic year. This year, the most prominent attacks hit the websites of one of the UK’s leading universities – the University of Edinburgh – and the US vendor Infinite Campus, which supports the parent portal for numerous city public schools.
Analysis from Kaspersky Lab experts has found that the majority of these DDoS attacks were carried out during term time and subsided during the holidays. More or less the same result was obtained by the British organization Jisc. After collecting data about a series of attacks on universities, it determined that the number of attacks fell when students were on holiday. The number of attacks also decreases outside of study hours, with DDoS interference in university resources mainly occurring between 9am and 4pm. All this suggests that responsibility for the attacks lies with students.
Overall, between July and September, DDoS botnets attacked targets in 82 countries. China was once again first in terms of the number of attacks. The US returned to second after losing its place in the top three to Hong Kong in Q2. However, third place has now been occupied by Australia – the first time it’s reached such heights since Kaspersky Lab DDoS reports began.
There have also been changes in the top 10 countries with the highest number of active botnet C&C servers. As in the previous quarter, the US remained in first place, but Russia moved up to second, while Greece came third.
“The top priority of any cyber criminal activity is gain. However, that gain doesn’t necessarily have to be financial. The example of DDoS attacks on universities, schools and testing centers presumably demonstrates attempts by young people to annoy teachers, institutions or other students, or maybe just to postpone a test. At the same time, these attacks are often carried out without the use of botnets, which are, as a rule, only available to professional cyber criminals, who now seem to be more concerned with mining and conducting only well-paid attacks. This sort of ‘initiative’ shown by students and pupils would be amusing if it didn’t cause real problems for the attacked organizations which, in turn, have to prepare to defend themselves against such attacks,” comments Alexey Kiselev, Business Development Manager on the Kaspersky DDoS Protection team.