According to statistics gathered from Kaspersky DDoS Protection, DDoS attacks rose 30 percentage points in the third quarter of this year as compared to the previous quarter, and also rose 32 percentage points when compared to the third quarter of last year.
The rise in DDoS attacks for the third quarter of this year was caused by a large number of rather simple types of attacks. In previous quarters this year, total growth stemmed from a surge in the number of smart attacks focusing on the application layer, usually carried out by skilled cybercriminals.
In the third quarter this year, the share of ‘smart’ attacks dropped to 28 percent from 50 percent in the second quarter of this year, and grew by only seven percentage points when compared to the third quarter of last year.
Kaspersky surmised that the attackers attempted to use another, rather exotic protocol to amplify DDoS attacks. Experts at Akamai Technologies recently registered an attack on one of their clients that was carried out by spoofing the return IP address through the WS-Discovery multicast protocol. According to other security researchers, cybercriminals started using this method only recently, but have already achieved an attack capacity of up to 350 Gbps.
The WSD protocol has limited scope and is not generally intended for connecting machines to the Internet; rather devices use it to automatically discover each other on LANs. However, it is fairly common for WSD to be used not entirely for its intended purpose in a variety of equipment — from IP cameras to network printers (about 630,000 such devices are currently hooked up to the Internet).
Given the recent rise in the number of WSD-based attacks, owners of such devices are advised to block on the server UDP port 3702, which is used by this protocol, and to take a number of additional steps to protect their routers.
Another new tool in the hands of DDoSers was detected by Trend Micro in the shape of a new payload distributed through a backdoor in the data search and analytics tool Elasticsearch. The malware is dangerous because it employs a multi-stage approach to infection, successfully avoids detection, and can be used to create botnets for launching large-scale DDoS attacks.
Trend Micro recommends all Elasticsearch users to upgrade to the latest version, since the backdoor has already been patched.
This swing can be attributed to a surge of DDoS activity at the beginning of the academic year. While the early summer months were relatively inactive, the majority of DDoS attacks (53 percent) was detected in September. Kaspersky statistics reveal that 60 percent of the attacks that were prevented during this month were conducted against schools and electronic journal sites.
With this in mind, Kaspersky experts suggest that these attacks were carried out by school-age cyber attackers who do not have a deep understanding of how to properly organize DDoS campaigns.
Like last year, the arrival of September went hand in hand with a significant rise in the number of DDoS attacks. Moreover, this month accounted for 53 percent of all third quarter attacks, and it was only because of September that any growth in general was observed. 60 percent of DDoS activity in the early fall was directed at education-related resources: electronic grade books, university websites, and the like. Against the backdrop of such attacks, most of which are short and poorly organized, the share of smart attacks in the third quarter sank by 22 percentage points.
Kaspersky observed a similar picture last year, since it is due to students returning to school and university. Most of these attacks are acts of cyber hooliganism carried out by amateurs, most likely with no expectation of financial gain.
The average duration of smart attacks has not changed substantially compared to numbers from the second quarter of last year, but it has almost doubled when compared to the third quarter of last year. Additionally, the average duration of all attacks fell slightly, which is likely due to a large number of shorter attacks in this quarter.
“Despite this spell of seasonal activity from young hooligans who appear to celebrate the beginning of the school year with a spike in DDoS attacks, the more professional market of DDoS attacks is rather stable,” said Alexey Kiselev, business development manager on the Kaspersky DDoS Protection team. “We have not seen an explosive increase in the number of smart attacks compared with the previous quarter and the average length of attack remains the same. However, this still causes serious damage to business. Our survey of IT decision makers revealed that DDoS attacks are the second most expensive type of cyber-incident that led to date breaches for SMBs, with the average cost of a breach estimated at $138,000.”
No comments:
Post a Comment