Kaspersky report reveals 18 percent rise in DDoS attacks for the second quarter of this year

According to Kaspersky research, in the second quarter of 2019 the total number of DDoS attacks grew by 18 percent compared to the same period in 2018. Application-layer attacks, which are more difficult to organize and protect against, showed significant growth increasing by a third (32 percent) compared to Q2 2018. As a result, these attacks now constitute almost half (46 percent) of all attacks prevented by Kaspersky DDoS Protection.

According to Kaspersky’s DDoS Q2 2019 report, the number of attacks in the second quarter of 2019 is 44 percent less than in the first quarter, which is not unexpected as such attacks usually reduce in activity in the spring and summer months. However, compared with the same period last year, the quantity of DDoS attacks in the second quarter increased by 18 percent in 2018, and by 25 percent when compared to Q2 2017.

Kaspersky’s deep threat intelligence and security expertise is constantly transforming into security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 270,000 corporate clients protect what matters most to them.

Notably, the seasonal decrease only had a minimal effect on the number of attacks on the application layer, reducing by just 4 percent compared to the previous quarter. These type of attacks target certain functions or APIs of applications in order to consume not only the network, but server resources as well. They are also more difficult to detect and protect from as they include processing legitimate requests. 

When compared to the second quarter of 2018, the quantity of these attacks has increased by nearly a third (32 percent) and the share of such attacks in the second quarter of this year rose to 46 percent. This is a nine percent increase in share than the first quarter of the year, and 15 percent more than the same period in 2018.

Most of the DDoS campaigns that attracted media attention appeared to be politically, rather than commercially, motivated — and that despite the fact that some security experts discern a clear fall in hacktivism in recent years.

The initial attack is technically outside the chronological framework of this report, as it took place on March 5 (but was reported in early May). It was targeted against a computer system regulating the supply of electricity to various districts of Los Angeles and Salt Lake City. Power supply systems in California and Wyoming also experienced problems. This is a relatively rare case of an attack on a power grid in a densely populated area. 

The attack was large-scale, but relatively primitive. It did not cause any power outages, but there were “disruptions in the normal operation of the systems,” as the US Department of Energy described the incident. As to the purpose and perpetrators of the attack, no information was forthcoming.

In the second half of April, there were also numerous DDoS attacks against Ecuador. As stated by the country’s deputy minister for information and communications, the websites of public institutions experienced 40 million cyber attacks of various kinds, including DDoS. The web pages of the Central Bank, the Ministry of Foreign Affairs, and the Presidential Office suffered the most. 

The wave of attacks was hacktivist in nature: the attackers were protesting the new government’s decision to strip Julian Assange of political asylum. To cope with the onslaught of digital indignation, Ecuador had to seek help from Israeli experts.

In early June, a powerful DDoS attack hit Telegram. The attack was carried out primarily from Chinese IP addresses, which gave founder Pavel Durov reason to link it to the demonstrations in Hong Kong; in his words, the political opposition there uses Telegram to organize protests, which Beijing takes a very dim view of.

The only headline attack this quarter seemingly driven by commercial considerations targeted video game developer Ubisoft on June 18 — just before the release of its new Operation Phantom Sight expansion for the game Rainbow Six Siege. It caused connection problems for many players, and even provoked calls on Reddit for better DDoS protection.

The largest would-be DDoS attack in the second quarter turned out to be a false alarm. In late June, some segments of the Internet experienced operational issues worthy of a major DDoS offensive, but the actual cause lay elsewhere. As it turned out, a small ISP in Pennsylvania had made a configuration error, turning itself into a priority route for some Cloudflare traffic. The provider could not handle the load, and thousands of websites serviced by Cloudflare went down as a result. The WhatsApp and Instagram malfunctions were also attributed to this. It is worth noting that such Internet outages happen quite often; in this case, the scale of the problem and the involvement of Cloudflare led to speculation about a potential DDoS attack.

Meanwhile, law enforcement agencies continue to work on reducing the number of DDoS attacks within their zone of responsibility. For instance, late March saw the arrest of 19-year-old Englishman Liam Reece Watts, accused of two attacks against the websites of Greater Manchester and Cheshire police.

“Traditionally, cyber groups who conduct DDoS attacks go on holiday during the summer season and give up their hacking activity until September. However, the statistics for this quarter show that professional attackers who perform complex DDoS attacks are working hard even over the summer months,” said Alexey Kiselev, business development manager on the Kaspersky DDoS Protection team. “This trend is a cause for concern for businesses. Many are well protected against high volumes of junk traffic, but DDoS attacks on the application layer require identifying illegitimate activity even if its volume is low. We recommend that businesses ensure their DDoS protection solutions are consistently ready to withstand these complex attacks.”

The analysis of commands received by bots from command and control (C&C) servers revealed that the longest DDoS attack of Q2 2019 lasted 509 hours for a total of nearly 21 days. This is the lengthiest attack since Kaspersky started to monitor botnet activity in 2015. Previously, the longest attack lasted 329 hours and was registered in the fourth quarter of 2018.


IoT Innovator Newsletter

Get the latest updates and industry news in your inbox! Enter your email address and name below to be the first to know.

Name