In the third quarter of 2019, the number of DDoS attacks rose by a third compared to the previous period (30 percentage points) and Q3 2018 (32 percentage points) according to statistics gathered from Kaspersky DDoS Protection. This growth was primarily due to a spike in malicious activity in autumn. In fact, 53% of the quarter’s DDoS attacks were carried out in September.
The rise is caused by a large number of rather simple types of attacks. In previous quarters of this year, the total growth stemmed from a surge in the number of smart attacks, focusing on the application layer — usually carried out by skilled cybercriminals. In Q3 2019, the share of “smart” attacks dropped to 28% of all DDoS attacks, from 50% in Q2, and grew by only seven percentage points in the Q3 2018 results.
This change can be explained by a boom of DDoS activity at the beginning of the academic year. While the first months of the quarter were rather quiet, the majority of DDoS attacks (53%) was detected in September. Kaspersky statistics reveal 60% of the attacks that were prevented during this month were conducted against schools and electronic journal sites. Based on this, Kaspersky experts suggest that these attacks were carried out by school-age troublemakers who do not have a deep understanding of how to organize DDoS campaigns.
The average duration of smart attacks has not changed substantially compared with Q2 2019, but it has almost doubled compared to statistics gathered from Q3 2018. Furthermore, the average duration of all attacks fell slightly and this can be contributed to a large number of short attacks in this quarter.
“Despite this spell of seasonal activity from young troublemakers, who appear to celebrate the beginning of the school year with a spike in DDoS attacks, the more professional market of DDoS attacks is rather stable. We have not seen an explosive increase in the number of smart attacks compared with the previous quarter and the average length of attack remains the same. However, this still causes serious damage to the business. Our survey of IT decision-makers revealed that DDoS attacks are the second most expensive type of cyber-incident that led to date breaches for SMBs, with the average cost of a breach estimated at $138,000” said Alexey Kiselev, manager, Business Development, Kaspersky DDoS Protection team.
To help organizations protect themselves from DDoS attacks, Kaspersky recommends taking the following steps:
- Ensure that web and IT resources can handle high traffic;
- Learn in advance how to contact your internet service provider in case your organization is under a DDoS attack;
- Implement professional solutions to protect the organization against attacks.