{"id":15141,"date":"2016-05-04T14:00:10","date_gmt":"2016-05-04T14:00:10","guid":{"rendered":"https:\/\/kasperskydaily.com\/b2b\/?p=5529"},"modified":"2020-02-27T04:03:14","modified_gmt":"2020-02-26T17:03:14","slug":"ddos-q1-2016","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.au\/blog\/ddos-q1-2016\/15141\/","title":{"rendered":"DDoS in Q1 2016: the turning of tides"},"content":{"rendered":"<p>Securelist has released <a href=\"https:\/\/securelist.com\/analysis\/quarterly-malware-reports\/74550\/kaspersky-ddos-intelligence-report-for-q1-2016\/\" target=\"_blank\" rel=\"noopener\">a new report on DDoS attacks in the first quarter of 2016<\/a>. Despite this document mostly revolving around statistics and the extreme severity of DDoS attacks, some details make it feel almost like an entertaining read.<\/p>\n<p><strong>Business security highlights of Q1<\/strong><\/p>\n<ul>\n<li>A record-breaking reflection DDoS attack took place earlier this year, reaching 602 Gbps. Although it was launched by politically motivated hacktivists, the very possibility of an attack like this for a purely monetary gain looks very real and daunting.<\/li>\n<li>The longest DDoS attack in Q1 2016 lasted 197 hours (or 8.2 days), which is far less than the previous quarter\u2019s maximum (13.9 days). Multiple attacks on the same target became more frequent (up to 33 attacks on one resource during the reporting period).<\/li>\n<li>UDP attacks keep decreasing, while other attack methods remain more or less constant from quarter to quarter. Apparently, they are on their way off the board.<\/li>\n<li>SYN DDoS attacks remain the most popular type, with TCP being a distant second. ICMP attacks suddenly increased to 9% (from 3.6%), but little this affected the overall order.<\/li>\n<li>Attackers seem to be switching from simple and cheap but long attacks to complex, sophisticated\u00a0ones, hitting the same target repeatedly. This shows sophistication and narrower targeting are the general trend in the cybercrime.<\/li>\n<li>WordPress sites were again hit with Pingback attacks. This is a problem which isn\u2019t going anywhere until the Pingback function is set inactive by default, and that looks unlikely to happen.<\/li>\n<li>Security companies, especially those offering anti-DDoS services, came under attack regularly, and it looks as though criminals are just testing their tools.<\/li>\n<\/ul>\n<p><strong>Protectors as test beds<\/strong><\/p>\n<p>\u201cAnalysis of the correspondence on underground forums suggests that the criminal fraternity uses the websites of IT security companies as a test bed, i.e. to test new methods and tools,\u201d Securelist writes.<\/p>\n<blockquote class=\"twitter-pullquote\"><p>DDoS in Q1 2016: the turning of tides<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2FjdT8&amp;text=DDoS+in+Q1+2016%3A+the+turning+of+tides\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p>Activities like this are a double-edged sword for the attackers, however, because while they test new techniques and tricks that way, security experts also look, learn, and gather analytical data to predict the next steps by the malefactors.<\/p>\n<p><strong>Application level attacks back on the rise<\/strong><\/p>\n<p>As of the present day, it looks like \u201c<em>creme de la creme<\/em>\u201d of the cyberunderground goes back to good ol\u2019 attacks on the application level: in Q1, Kaspersky Lab experts had to combat several times more HTTP(s) attacks than they did in all of 2015.<\/p>\n<blockquote><p>Interestingly, there were several application-layer attacks performed simultaneously against a number of Kaspersky Lab resources. The strength of the DDoS resources was spread between several targets, reducing the effect on each target. This is most probably because the aim was not to disrupt Kaspersky Lab\u2019s sites but to test tools and to see how we responded. The longest attack of this type lasted less than six hours.<\/p><\/blockquote>\n<p>Application-layer attacks require large botnets or several high-performance servers and a wide output channel. Gathering the proper intelligence is a tough task, too. But if these attacks are executed properly, they are extremely hard to counter without blocking access to legitimate users, since malicious requests look authentic \u2013 i.e. it really looks like there\u2019s just too many users trying to access the same server at the same time, increasing the demand sharply.<\/p>\n<blockquote class=\"twitter-pullquote\"><p>Looks like attackers are switching from simple and cheap #DDoS attacks to sophisticated and advanced ones.<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2FjdT8&amp;text=Looks+like+attackers+are+switching+from+simple+and+cheap+%23DDoS+attacks+to+sophisticated+and+advanced+ones.\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p>\u201cWe registered these sorts of attempts in the first quarter. This suggests that the DDoS market has developed so that complex, expensive attacks are becoming cost-effective, and better qualified cybercriminals are trying to make money using them,\u201d Kaspersky Lab experts said, adding that there\u2019s a real danger of these attacks going more or less mainstream.<\/p>\n<p><strong>DDoS protection<\/strong><\/p>\n<p>Statistics for the report were gathered using Kaspersky Lab\u2019s own DDoS Intelligence system (among other things) that is used to track the largest botnet activity.<\/p>\n<p>The DDoS Intelligence system is a part of <a href=\"https:\/\/www.kaspersky.com\/business-security\/ddos-protection\" target=\"_blank\" rel=\"noopener nofollow\">Kaspersky DDoS Protection<\/a> and is designed to intercept and analyze commands sent to bots from command and control (C&amp;C) servers, and it does not have to wait until user devices are infected or cybercriminal commands are executed in order to gather data.<\/p>\n<p>In general, Kaspersky DDoS Protection combines Kaspersky Lab\u2019s extensive expertise in combating cyber threats and the company\u2019s unique in-house developments. The solution protects against all types of DDoS attacks, regardless of their complexity, strength, or duration. You can learn more about the solution <a href=\"http:\/\/media.kaspersky.com\/pdf\/Kaspersky_Lab_Whitepaper_Kaspersky_DDoS_Protection_final.pdf\" target=\"_blank\" rel=\"noopener nofollow\">here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Securelist has released a new report on DDoS attacks in the first quarter of 2016. <\/p>\n","protected":false},"author":209,"featured_media":15402,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1999,2994],"tags":[1058,2198,2418],"class_list":{"0":"post-15141","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"tag-ddos","10":"tag-kaspersky-ddos-protection","11":"tag-q1"},"hreflang":[{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/ddos-q1-2016\/15141\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/ddos-q1-2016\/15042\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/ddos-q1-2016\/15141\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/ddos-q1-2016\/15141\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.au\/blog\/tag\/ddos\/","name":"ddos"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/15141","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/users\/209"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/comments?post=15141"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/15141\/revisions"}],"predecessor-version":[{"id":26874,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/15141\/revisions\/26874"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/media\/15402"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/media?parent=15141"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/categories?post=15141"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/tags?post=15141"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}