Crypto-collapse and rising smart attacks: Kaspersky reports on DDoS in Q2

News Desk -

Share

During Q2 2022, Distributed Denial of Service (DDoS) attacks reached a new high as the proportion of smart attacks and average duration increased dramatically. The average duration of a DDoS attack increased 100 times over the previous year, reaching 3,000 minutes. Smart attacks nearly broke the four-year record, accounting for nearly half of all attacks. Experts predict an increase in overall DDoS activity, particularly in light of the recent collapse of cryptocurrency. These and other findings are included in Kaspersky’s quarterly DDoS report.

A Distributed Denial of Service (DDoS) attack is intended to disrupt or completely shut down a website. During an attack (which usually targets government institutions, retail or financial companies, media or other organizations), the victim loses customers as a result of their website being unavailable, and their reputation suffers.

From quantity to quality 

In comparison to Q2 2021 figures, Kaspersky’s solutions defended its users against approximately 2.5 times as many DDoS attacks. At the same time, in contrast to the start of the year, when there was a dramatic increase in attacks due to hacktivist activity, absolute numbers fell in Q2 2022. However, this does not imply that the DDoS market has slowed; rather, attacks have improved in quality, becoming longer and more complex.

A comparative number of DDoS attacks: Q2 2022 and Q2 2021 as well as Q1 2022.

Data for Q2 2021 is taken as 100%

Average DDoS session lasted 100 times longer 

The average duration of an attack in Q2 2022 was 3,000 minutes, or two days. It’s 100 times longer than an attack in Q2 2021, when it lasted an average of 30 minutes. In comparison to Q1 2022, which saw unprecedented DDoS session durations as a result of hacktivist activity, the Q2 figure has tripled.

Some of the recent attacks lasted for days or even weeks. An attack with a duration of 41,441 minutes, or slightly less than 29 days, set a record.

A comparative duration of DDoS attacks: Q2 2022 and Q2 2021 as well as Q1 2022.

Data for Q2 2021 is taken as 100%

“It is extremely expensive to continue an attack for such a long time, especially if it is ineffective due to being filtered by protection solutions. When bots are constantly active, the risk of botnet wear-off, node failure or control center detection increases. The extreme duration of these attacks and the growth in the number of smart and targeted DDoS attacks makes us wonder about the capabilities, professional affiliation and funding sources of the organizers,” comments Alexander Gutnikov, a security expert at Kaspersky.

Smart attacks strive for records

Every second attack in Q2 2022 detected by Kaspersky’s products was smart, meaning its organizers conducted rather sophisticated preparation. The share of smart attacks reached almost 50% in this quarter, which was nearly a new record. The all-time highest share was set four years ago when the DDoS market was in a slump, and it’s unexpected to observe figures that high during a “heated” year in terms of DDoS activity. 

The share of the smart DDoS attacks: Q2 2022, Q2 2021 and Q1 2022

What does the DDoS market have to do with cryptocurrency?

The second quarter saw a decrease in the number of DDoS attacks compared to the first. This is a common occurrence: as summer approaches, DDoS activity usually decreases. According to the Kaspersky DDoS Intelligence system, the dynamics of the number of DDoS attacks within the quarter this year did not follow the usual pattern. Following a slowdown at the end of Q1, botnet activity increased steadily throughout Q2, with more activity in June than in April. This is consistent with the decline of cryptocurrency, which usually causes the DDoS market to heat up.

“The collapse of cryptocurrencies began with the plummet of the Terra (Luna) and has only been gaining momentum since. Various factors indicate that the tendency may continue: for example, cryptominers are selling off farms at low prices to gamers. This can lead to a surge in global DDoS activity,” Gutnikov explains.

To stay protected against DDoS attacks, Kaspersky’s experts recommend implementing the following measures:

  • Maintain web resource operations by assigning specialists who understand how to respond to DDoS attacks.
  • Validate third-party agreements and contact information, including those made with internet service providers. This helps teams quickly access agreements in case of an attack.
  • Implement professional solutions to safeguard your organization against DDoS attacks. For example, Kaspersky DDoS Protection combines Kaspersky’s extensive expertise in combating cyberthreats and the company’s unique in-house solutions.
  • Know your traffic. Use network and application monitoring tools to identify traffic trends and tendencies. By understanding your company’s typical traffic patterns and characteristics, you can establish a baseline to more easily identify unusual activity that is symptomatic of a DDoS attack.
  • Have a restrictive Plan B defensive posture ready to go. Be in a position to rapidly restore business-critical services in the face of a DDoS attack.