When compared to Q3 2020, the total number of Distributed Denial of Service (DDoS) attacks increased by nearly 24%, while the total number of smart attacks (advanced DDoS attacks that are often targeted) increased by 31% when compared to the same period last year. Some of the most notable targets were tools to fight the pandemic, government organizations, game developers, and well-known cybersecurity publications.
DDoS, or Distributed Denial of Service, attacks are aimed at overwhelming a network server with requests for services so that the server crashes—denying users access. This can cause huge disruptions for organizations and businesses. Such attacks can last for several minutes or even a few days. So-called “smart” DDoS attacks go one step further. These attacks are more sophisticated and often targeted, and they can be used not just to disrupt services but also to make certain resources inaccessible or steal money. Both types of attacks were on the rise in Q3 2021.
When compared with Q3 2020, the total number of DDoS attacks increased by nearly 24%, and the total number of “smart” attacks increased by 31%. Both types of attacks also increased when compared to Q2 2021, with the largest percentage of resources attacked (40.8%) located in the US, followed by Hong Kong and mainland China. In fact, in August, Kaspersky noted a record number of DDoS attacks in a single day: 8,825.
Comparative number of DDoS attacks, Q2 and Q3 2021, and Q3 2020. Q3 2020 data is taken as 100%
Some of the most notable, large-scale DDoS attacks over the past quarter involved a new, powerful botnet called Mēris, which is capable of sending out a massive number of requests per second. This botnet was seen in attacks against two of the most well-known cybersecurity publications—Krebs on Security and InfoSecurity Magazine.
Other notable DDoS trends in Q3 included a series of politically-motivated attacks in Europe and Asia, as well as attacks against game developers. In addition, attackers targeted resources to combat the pandemic across several countries, and there was a series of ransomware attacks against telecommunications providers in Canada, the USA, and the UK. The attackers presented themselves as members of the infamous ransomware group REvil and shut down the companies’ servers to pressure them into paying the ransom.
Kaspersky researchers also witnessed a highly unusual DDoS attack at a state university that lasted several days. While attacks against educational resources are not uncommon, this one was particularly sophisticated. The attackers were after the online accounts of applicants to a state university, and they chose an attack vector that made the resource completely unavailable. The attack also continued after the filtering began, which is rare.
“Over the past couple of years, we’ve seen the cryptomining and DDoS attack groups competing for resources, since many of the same botnets used for DDoS attacks can be used for cryptomining. While we were previously seeing a decline in DDoS attacks as cryptocurrency gained in value, we’re now witnessing a redistribution of resources. DDoS resources are in demand and attacks are profitable. We expect to see the number of DDoS attacks continue to increase in Q4, especially since, historically, DDoS attacks have been particularly high at the end of the year,” comments Alexander Gutnikov, security expert at Kaspersky.
To stay protected against DDoS attacks, Kaspersky experts offer the following recommendations:
- Maintain web resource operations by assigning specialists who understand how to respond to DDoS attacks.
- Validate third-party agreements and contact information, including those made with internet service providers. This helps teams quickly access agreements in case of an attack.
- Implement professional solutions to safeguard your organization against DDoS attacks. For example, Kaspersky DDoS Protection combines Kaspersky’s extensive expertise in combating cyberthreats and the company’s unique in-house developments.
- It’s important to know your traffic. It’s a good option to use network and application monitoring tools to identify traffic trends and tendencies. By understanding your company’s typical traffic patterns and characteristics, you can establish a baseline to more easily identify unusual activity that is symptomatic of a DDoS attack.
- Have a restrictive Plan B defensive posture ready to go. Be in a position to rapidly restore business-critical services in the face of a DDoS attack.