Criminals scale back DDoS attacks after 'abnormal' spike in Q2
Lockdowns worldwide produced a major shift towards working and communicating online, and sure enough, cybercriminals saw the perfect opportunity to disrupt this 'new normal', with security firm Kaspersky noting a spike in distributed denial of service (DDoS) attacks in Q2 2020.
However, that spike seems to have been short-lived as DDoS activity returns to 'normal' levels over Q3, with 73% fewer attacks than seen in the previous quarter.
Q3 averaged 106 attacks per day were detected, while there were 10 more in the previous quarter. On July 2, the firm counted 323 attacks - the highest number seen in a single day this year.
And despite DDoS attacks on a swathe of institutions including New Zealand's Stock Exchange, Kaspersky describes the quarter as 'not that eventful'.
The substantial drop in attacks during Q3 can 'mostly' be explained by the abnormal spike in attacks seen in Q2, Kaspersky notes. Other factors included global market stabilisation amid the COVID-19 pandemic and a rise in cryptocurrency market growth.
The top three countries by the number of attacks and targets are China (71.20 and 72.83%), the US (15.30 and 15.75%), and the Hong Kong Special Administrative Region (4.47 and 4.27%).
Linux botnets also dominate over their Windows counterparts, accounting for 95.39% of attacks.
Kaspersky warns that it is no time to be complacent, as overall the number of DDoS attacks in 2020 is 150% higher than observed in 2019.
"Many companies were not prepared for remote working or didn't consider their web assets as critical. For instance, we had several requests from organisations, such as mask manufacturers, that fell victim to DDoS attacks. Previously, these businesses did not even think about DDoS protection," comments Kaspersky DDoS Protection business development manager Alexey Kiselev.
"The situation is improving as more businesses have managed to strengthen their cyber defences to mitigate this security weakness. As a result, less DDoS attacks have been effective in Q3. Nonetheless, attackers remain quite active, so we advise those who are yet to adopt appropriate measures not to put this issue on the back burner.
Kaspersky recommends that organisations:
- Maintain web resources operations by assigning specialists who understand how to respond to DDoS attacks.
- Validate third-party agreements and contact information, including those made with internet service providers. This helps teams quickly access agreements in case of an attack.
- Implement professional solutions to safeguard your organization against DDoS attacks.
"If nothing else extraordinary happens in this more-than-extraordinary year, we see no reason for the DDoS market to experience a significant swing in either direction in Q4," Kaspersky concludes.