DDoS Attacks Break Records
February 3, 2017
DDoS Intelligence report shows significant advances in DDoS
attacks in from October – December of 2016 and record breaking
numbers for the longest attack and number of attacks in one day.
Methods are becoming more and more sophisticated and the array
of devices being harnessed by botnets are increasingly diverse,
while the attackers show off their capabilities by choosing
bigger and more prominent targets.
In the fourth quarter (Q4) of 2016, Kaspersky Lab’s DDoS
Intelligence system reported the longest DDoS attack of the
year, which lasted for 292 hours (or 12.2 days), and also the
2016 record was broken for the number of DDoS attacks in one day
– with 1,915 launched on November 5, 2016.
Also in Q4, the Kaspersky Lab DDoS Intelligence system reported
bot-assisted DDoS attacks in 80 countries, compared to just 67
countries in the previous third quarter of 2016. The top 10
countries with the largest number of DDoS victims also saw a
change, with Germany and Canada replacing Italy and the
Additionally, three countries from Western Europe (the
Netherlands, the United Kingdom and France) remained among the
top 10 countries with the largest number of hosted C&C (command
and control) servers for a second quarter in a row, and they
were joined by Bulgaria and Japan in Q4.
Overall, Q4 2016 was rich in noteworthy DDoS attacks against a
broad range of targets, including Dyn’s Domain Name System,
Deutsche Telekom and some of Russia’s largest banks. These
companies were among the first victims of a new trend – DDoS
attacks launched via huge botnets made up of vulnerable IoT
(Internet of Things) devices, of which Mirai is one example. The
approach used by the creators of Mirai has provided the basis
for numerous other botnets made up of infected IoT devices.
The increasing number of attacks involving IoT devices was just
one of the major trends seen in Q4. Throughout the quarter,
there was a significant decrease in the number of amplified DDoS
attacks, which were popular in the first half of the year. This
is down as a result of improved protection against such attacks
and fewer vulnerable servers available to cybercriminals.
niche vacated by amplified attacks is being filled by
application layer attacks, including WordPress Pingback attacks.
Detection of application layer attacks poses a much greater
challenge because they imitate the activities of real users. The
fact that these attacks are making more frequent use of
encryption only serves to increase the level of risk. Encryption
dramatically increases the effectiveness of DDoS attacks,
complicating the process of filtering out "junk" from among the
many legitimate requests due to the need to decrypt them.
Kaspersky Lab’s experts predict that the trends toward
increasingly complex DDoS attacks and greater numbers of IoT
botnets will continue in 2017.
“IoT devices have the potential to launch DDoS attacks of any
complexity, including application layer and encrypted attacks,”
said Kirill Ilganaev, head of Kaspersky DDoS protection,
Kaspersky Lab. “Given the effectiveness of IoT botnets, as well
as the growing number of poorly protected IoT devices, we can
reasonably predict an increase in the number of such attacks as
well as their power and complexity. That means companies need to
take care of their protection in advance, and take a scrupulous
approach to choosing their DDoS attack filtration service.”