Kaspersky Lab experts released statistics on trends in the development of DDoS attacks in the third quarter of 2019. For more than half of the DDoS attacks during this period are probably responsible students and schoolchildren.
As it turned out, in the third quarter of 2019, the total number of DDoS attacks increased by a third (32%) compared to the same period in 2018.September was the peak month of the quarter – for 30 days in the beginning of autumn 53% of all DDoS attacks in the reporting period were recorded. Typically, more than half of these attacks (60%) were aimed at resources related to the education sector: electronic diaries, websites of educational institutions, and so on.
Read also: Wordfence experts talked about a massive WP-VCD threat aimed at hacking WordPress
According to analysts, the reason is obvious: the students returned to school and with a high degree of probability could organize attacks of hooligan motives.
In particular, activation of such “DDoS dilettantes” in the third quarter led to a significant reduction in the number of “smart” attacks over the past three months, which are technically more complex and require more ingenuity from attackers.
“In the third quarter of 2019, for the first time in all the past months of this year, we did not observe a clear increase in “smart ”attacks, but rather, on the contrary, we saw a drop in their total number. On the one hand, the reason may be positive: the DDoS market is quite saturated and has stopped growing. However, basing on previous experience, we are likely to see growth in all indicators in the fourth quarter: the total number of attacks, and their “smart” varieties, and their total duration will increase. The end of the year is a season of holidays and a concomitant increase in commercial activity, which always leads to criminal activity”, – commented Alexei Kiselev, Business Development Manager at Kaspersky DDoS Protection, on the trend.
In general, the third quarter of 2019 was relatively calm: notable peaks and declines were observed only in July. The most active day was July of this month, when the number of DDoS attacks reached 457. By contrast, the quietest day was August 11, when Kaspersky Lab recorded only 65 attacks. The safest day from the point of view of DDoS was Sunday (a little less than 11% of attacks were made on this day). The statistical majority of attacks occurred on Monday (18%). Finally, the longest attack of the past quarter lasted 279 hours (11.6 days) and was directed against the Chinese communications provider.
The leader in the number of attacks remains China, with a practically unchanged share compared to the second quarter (62.97% instead of 63.80%). The “unexpected guest” in the TOP-10 ranking in terms of the territorial distribution of attacks was South Africa, which took fourth place (2.40%), which had never before risen to the top ten during the observation period.
The most common type of attack is still SYN flood with a share of 79.7%, in second place is UDP flood with a share of 9.4%. The least popular is ICMP flood (0.5%).