The 2016 Q3 DDoS Intelligence Report from Kaspersky Labs shows, “the number of ‘smart’ HTTPS-based DDoS attacks on applications increased,” meaning that a successful attack is more likely.
"This method is growing in popularity because amplification attacks are becoming more complicated and inefficient for cybercriminals: the number of vulnerable servers is decreasing and security solutions have learnt to easily identify and filter out the majority of amplification attacks,” Kirill Ilganaev, head of Kaspersky DDoS protection, said in a press release.
If users are being forced to attack with a lower intensity, they need to hit harder. Criminals are increasingly DDoSing through encrypted channels with a smaller number of hits directed to where they will have the most impact. The result is a lot more work for protection services who are trying to keep people off of a server.
As attacks become more sophisticated, they are also becoming more targeted in different parts of the globe, specifically Western Europe, where command and control servers are growing.
The top 10 countries experiencing the most DDoS attacks included three Western European countries (Italy, France, and Germany) for the first time in a year. Even though the first EU cybersecurity mandates were adopted this July (organizations have until May 2018 to fulfill their compliances), Western Europe experienced more DDoS attacks this quarter.
It may seem like the number of DDoS attacks in the U.S. is spiraling out of control, they only account for 12.81% (up from 6.75% in Q2) of total attacks globally. Even though America is second on the list of most targeted countries, China leads the pack with a whopping 72.62% of DDoS attacks happening within its borders.
The beginning of August saw the highest volume of attacks (August 3rd alone experienced 1,746 attacks), with the lowest number occurring on September 3rd with just 22 attacks. Ironically, while the number of attacks was hitting a lull in September, the two largest DDoS attacks ever occurred that same month when security researcher Brian Krebs’ website was taken down with a 620 Gbps attack, and France’s OVH was taken down days later with a 1 Tbps attack.
While attack size is increasing, the overall down time for sites is decreasing. Q2 saw a DDoS attack lasting 291 hours, while the longest in Q3 was 184 hours against a Chinese site. A Chinese search engine also had the unfortunate pleasure of holding Q3’s record for most attacks occurring - with 19 separate attacks.
According to research from the Ponemon Institute, a single DDoS attack can cost businesses anywhere from $14,000 to a high of $2.35 million per incident.
If the technology behind these attacks is becoming increasingly more sophisticated, how much more money can companies stand to lose?