The number and duration of distributed denial-of-service (DDoS) attacks fell in the fourth quarter of 2017, according to a report from Russian antivirus software company Kaspersky Lab.
Key findings from the Kaspersky "DDoS Intelligence Report" for 4Q17 included:
- DDoS attacks were registered against targets in 84 countries, down from 98 countries in 3Q17.
- China (52 percent) was the most-targeted country for DDoS attacks, followed by the United States (16 percent) and South Korea (10 percent).
- SYN attacks (60 percent) ranked first in terms of DDoS attack types, followed by UDP (15 percent) and TCP (13 percent).
- The longest DDoS attack of 4Q17 lasted 146 hours; comparatively, the longest DDoS attack of 3Q17 lasted 215 hours.
- There was an increase in activity on dummy Linux servers (honeypot traps) in the days before and after Black Friday and Cyber Monday; this increase lasted until the beginning of December.
DDoS attacks remain problematic for organizations around the globe, Head of Kaspersky DDoS Protection Kirill Ilganaev said in a prepared statement. As such, organizations should deploy DDoS protection solutions, Ilganaev noted, to limit the impact of DDoS attacks.
Are IT Security Teams Responsible for DDoS Attacks?
Sixty percent of IT security professionals blame their own teams for DDoS attacks, according to a recent survey conducted by DDoS protection solutions provider Corero Network Security. Meanwhile, 46 percent of survey respondents said they expect to be targeted by a DDoS-related ransom demand, and 62 percent believe it is likely or possible that their leadership team would pay the ransom.
In addition, internet service providers (ISPs) may play key roles in helping organizations stop DDoS attacks.
Twenty-five percent of IT security professionals said they believe their ISP is to blame for not mitigating DDoS attacks, Corero indicated. Also, 73 percent of survey respondents noted they expect regulatory pressure to be applied against ISPs that are perceived to be not protecting their customers against DDoS attacks.
How to Safeguard Networks Against DDoS Attacks
Corero offered the following recommendations to help organizations protect their networks against DDoS attacks:
- Create a DDoS resiliency plan. Craft a plan that outlines how to continue business operations under the stress of a DDoS attack.
- Identify DDoS attack activity. Test networks regularly to discover security vulnerabilities.
- Keep an eye out for big and small DDoS attacks. Watch for large, volumetric DDoS attacks, as well as small, quick attacks.
Furthermore, MSSPs can provide protection services to help organizations quickly identify and address DDoS attacks. MSSPs also can offer security event analytics and reporting and automatic mitigation capabilities to ensure organizations can bolster DDoS attack response and remediation.