Distributed denial-of-service (DDoS) attack events are on the rise in the first quarter of 2018. That’s the word from a recent Kaspersky Lab study, which found “a significant increase in both the total number and duration of DDoS attacks against Q4 2017.”

Synchronized (SYN) attacks remain the most popular vector, accounting for 57.3 percent of the total volume of incidents. In addition, over 95 percent of all DDoS attack reports came from the top 10 countries, out of 79 total.

DDoS Attacks Increase in Length and Breadth

It’s not all bad news: The share of Linux botnets fell from 71 percent last year to 66 percent in Q1 2018. But the growth of specific botnet classes, such as Darkai, prompted a return to multiday DDoS attacks. The Kaspersky report noted that one attack lasted 297 hours — more than 12 days — which is the longest attack since 2015.

While these multiday events aren’t common, the report revealed a sixfold increase in sustained attacks, or those lasting longer than 50 hours. At the same time, short-term attacks are on the rise, up to 91.47 percent of all attacks from 85.5 percent last year.

Kaspersky also noted that amplification attacks are ramping up again, this time using Memcached and Lightweight Directory Access Protocol (LDAP) vectors rather than network time protocol (NTP) and Domain Name System (DNS)-based boosting. The authors warned that, as the year goes on, this could prove troublesome on the Dark Web because it “has one of the biggest amplification factors.”

Progress on the DDoS Attack Front

In addition to the sheer number of attacks, companies must contend with cost. A survey by Corero Network Security found that organizations spend up to $50,000 dealing with a single attack.

Reputational damage is also an issue. According to Security Boulevard, after an online poker site fell victim to multiple DDoS attack events in late April, many users became frustrated, arguing that the company’s “technical and management expertise is zilch” and calling for it to “make it right.”

There is some progress on the DDoS attack front. According to Forbes, European law enforcement recently shut down a website that sold DDoS attacks and helped launch them for millions of paying customers. The agency warned companies and individuals to stop using DDoS “stresser” services or face legal repercussions.

Taking Out the Garbage Traffic

According to Kaspersky, attacks in early March against code sharing site GitHub hit record volumes of “garbage” traffic at more than 1 TB per second using Memcached.

The security firm said it expects this traffic trend to continue this year. It predicted that “server owners will quickly spot the abundance of garbage traffic and patch up vulnerabilities, which will dent the popularity of attacks of this type.”

As noted above, however, amplification attacks may shift to LDAP services as threat actors look for ways to improve DDoS throughput.

More from

New Attack Targets Online Customer Service Channels

An unknown attacker group is targeting customer service agents at gambling and gaming companies with a new malware effort.Known as IceBreaker, the code is capable of stealing passwords and cookies, exfiltrating files, taking screenshots and running custom VBS scripts. While these are fairly standard functions, what sets IceBreaker apart is its infection vector. Malicious actors are leveraging the helpful nature of customer service agents to deliver their payload and drive the infection process. Here’s a look at how IceBreaker is cracking…

Operational Technology: The evolving threats that might shift regulatory policy

Listen to this podcast on Apple Podcasts, Spotify or wherever you find your favorite audio content. Attacks on Operational Technology (OT) and Industrial Control Systems (ICS) grabbed the headlines more often in 2022 — a direct result of Russia’s invasion of Ukraine sparking a growing willingness on behalf of criminals to target the ICS of critical infrastructure. Conversations about what could happen if these kinds of systems were compromised were once relegated to “what ifs” and disaster movie scripts. But those days are…

Cybersecurity 101: What is Attack Surface Management?

There were over 4,100 publicly disclosed data breaches in 2022, exposing about 22 billion records. Criminals can use stolen data for identity theft, financial fraud or to launch ransomware attacks. While these threats loom large on the horizon, attack surface management (ASM) seeks to combat them.ASM is a cybersecurity approach that continuously monitors an organization’s IT infrastructure to identify and remediate potential points of attack. Here’s how it can give your organization an edge.Understanding Attack Surface ManagementHere are some key…

Six Ways to Secure Your Organization on a Smaller Budget

My LinkedIn feed has been filled with connections announcing they have been laid off and are looking for work. While it seems that no industry has been spared from uncertainty, my feed suggests tech has been hit the hardest. Headlines confirm my anecdotal experience. Many companies must now protect their systems from more sophisticated threats with fewer resources — both human and technical. Cobalt’s 2022 The State of Pentesting Report found that 90% of short-staffed teams are struggling to monitor for…