Virtual number service for registering accounts on suspicious sites, keep your mobile phone safe and save yourself from unnecessary SMS advertising messages!
New statistics show that in the fourth quarter of 2018, distributed denial of service attacks combine a lot of good and bad news. According to the latest available data, the number of attacks has decreased significantly, but over what period of time ...
The figures are taken from the Kaspersky Lab's DDoS quarterly report. Here is a summary of some of the most interesting data.
Kaspersky said that in general, in 2018 the number of DDoS attacks decreased by 13 percent compared to the previous year. The largest drop occurred in the 4th quarter of 2018, when DDoS activity decreased by 30 percent compared to the 4th quarter of last year.
But this good news was offset by a record increase in the duration of the DDoS attack. “The average duration of attacks in the second half of 2018 grew steadily throughout the year: from 95 minutes in the 1st quarter to 218 in the 4th quarter,” the report said. These lengthy attacks were floods of HTTP and mixed attacks with the HTTP element. An HTTP stream attack is a type of bulk attack designed to suppress the target server with HTTP requests.
Types of DDoS Attacks
Distribution of attack duration by type, 2018
While attacks using the HTTP stream broke records, the most common type of DDoS attack in Q4 was the data stream over the User Datagram Protocol (UDP). UDP Flood is a type of denial of service attack in which a large number of UDP packets are sent to the target server to suppress the ability of this device to process and respond, as described by Cloudflare.
“All this suggests that the market for simple, easy-to-organize attacks continues to decline,” the researchers write. “Standard DDoS attacks have become almost meaningless due to improved flood protection via UDP, and also due to the fact that the involved technical resources are almost always more profitable to use for other purposes, such as cryptocurrency mining."
On the other hand, Kaspersky warned that more complex attacks, such as HTTP floods, which take time and effort to organize, “remain popular and their duration is on an upward curve ... These trends seem to be developing in 2019 ".
Researchers have also honed their botnets. Botnets are typically a network of private endpoint computers and IoT devices infected with malware and controlled by a third party. Many of these botnets were not Mirai clones - breaking a long-standing trend.
DDoS botnet attack
While some of the new malware samples use fragments of Mirai code and mimic the same preservation methods, they are mostly unique, the researchers said.
“[Q2] saw increased activity from the Chalubo bot, whose first attacks were recorded at the end of August,” the researchers write. Chalubo is a botnet designed for poorly protected Internet of Things devices. “Researchers have discovered versions created for different architectures (32-bit and 64-bit ARM, x86, x86_64, MIPS, MIPSEL, PowerPC), which convincingly indicates the end of the testing period.”
Another bot, nicknamed DemonBot, caught the attention of the researcher because it targeted Hadoop clusters through a vulnerability in executing remote YARN commands. Yarn is a package manager for code that supports limited code execution. Kaspersky cites the Radware study, which "currently tracks 70 active servers that carry up to 1 million infections per day."
“This bot is not very complicated from a technical point of view, but it is dangerous in choosing a target: Hadoop clusters provide significant computing power, as they are designed to process big data. “Cloud-integrated, they can significantly enhance DDoS attacks,” Kaspersky said.
In September, researchers determined the activity of a new botnet called Torii, which targets a wide range of IoT devices. The code differs sharply from Mirai in that it is better hidden and has a higher level of stability on devices, which makes it "much more dangerous." So far, researchers have not seen Torii-based DDoS attacks, suggesting that the botnet is still being tested.
Distribution of C&C botnet servers by country, fourth quarter of 2018
"The United States continues to lead in terms of hosting C&C servers in botnets, and even increases its leadership from 37.31% to 43.48%," the researchers write. Britain unceremoniously takes the second place in popularity among host countries (7.88%), then the Netherlands (6.79%) and so on. Russia occupies (4.08%), which is encouraging, although it is far from ideal. The best indicator in the 4th quarter was shown by China with its own (2.72%).
“For the third consecutive quarter, the ranking of the Top 10 countries in terms of the number of attacks, targets and C&C botnet servers continues to fluctuate. DDoS activity growth is the strongest, where previously it was relatively low, while in countries where it once dominated, there was a decrease. This may well be the result of successful actions by law enforcement agencies and other initiatives to combat botnets, ”the researchers write.