Summer plateau: less DDoS attacks and small geographic shifts in Q2 2021

China became the leader in the number of devices from which SSH attacks^[1] were carried out. At the same time, China continued to lose ground in terms of the total number of DDoS attacks (10.2%). The USA remains the leader (36%) in this category for the second quarter in a row, while Poland and Brazil are new entries in the top five.

Recently, scammers have been looking for ways to amplify DDoS attacks – the number of attacks through the Session Traversal Utilities for NAT (STUN) protocol has increased. Another visible trend is the exploitation of the TsuNAME vulnerability in DNS resolvers to attack DNS servers. In particular, this led to interruptions in the work of Xbox Live, Microsoft Teams, OneDrive and other Microsoft cloud services. Internet service providers also fell victim to DDoS attacks.

The overall situation in Q2 was relatively calm. On average, the number of DDoS attacks fluctuated between 500 and 800 per day. On the quietest day, only 60 attacks were recorded, and on the most intense, this reached 1164.

The geography of DDoS attacks has also changed slightly. The USA once again became the leader for the amount of DDoS attacks (36%). At the same time, China (10.2%), which until this year was regularly in first place, continues to lose ground – its share has decreased by 6.3%. Third place was taken by a newcomer to the rating – Poland (6.3%), whose share increased by 4.3%. Brazil took fourth place, their share almost doubled, amounting to 6%. Canada (5.2%), which previously closed the top three, dropped to fifth place.

Kaspersky experts also analyzed which countries had bots and malicious servers that attack IoT devices in order to expand botnets. Results show that the majority of devices that carried out attacks were in China (31.8%), the United States (12.5%) took second place, and Germany (5.9%) came in third.

“The second quarter of 2021 was calm, as we expected. There was a slight decrease in the total number of attacks compared to the previous quarter, which is typical for this period and is observed annually. We traditionally associate these numbers with the beginning of holidays and vacations. In the third quarter of 2021, we also do not see any prerequisites for a sharp rise or fall in the DDoS attack market. The market will also continue to be highly dependent on the rate of cryptocurrencies, which has remained consistently high for a long time,” comments Alexey Kiselev, Business Development Manager on the Kaspersky DDoS Protection team.

More information about the report can be found via this link.

To stay protected against DDoS attacks, Kaspersky experts offer the following recommendations:

• Maintain web resource operations by assigning specialists who understand how to respond to DDoS attacks.
• Validate third-party agreements and contact information, including those made with internet service providers. This helps teams quickly access agreements in case of an attack.
• Implement professional solutions to safeguard your organization against DDoS attacks. For example, Kaspersky DDoS Protection combines Kaspersky’s extensive expertise in combating cyberthreats and the company’s unique in-house developments.
• It’s important to know your traffic. It’s a good option to use network and application monitoring tools to identify traffic trends and tendencies. By understanding your company's typical traffic patterns and characteristics, you can establish a baseline to more easily identify unusual activity that is symptomatic of a DDoS attack.
• Have a restrictive Plan B defensive posture ready to go. Be in a position to rapidly restore business-critical services in the face of a DDoS attack.

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 240,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

[1] SSH brute force attacks are often achieved by an attacker trying a common username and password across thousands of servers until they find a match.