The maximum strength of DDoS attacks rose nearly four-fold over the past year, as cyber-criminals renewed their focus on the application layer in Q1, according to Kaspersky Lab.
The Russian AV vendor claimed in its DDoS Intelligence Report for the first three months of the year that it had to deal with “several times more” HTTP-based attacks in the quarter than in the whole of last year.
UDP amplification remains a favored tactic as it’s relatively easy to carry out and can have an impressive effect even with a small botnet.
However, this won’t last, according to Kaspersky Lab.
“The once daunting task of combining the efforts of internet providers and IT security companies to effectively filter the junk traffic generated by UDP attacks is almost solved,” it claimed.
“Having faced the risk of their main channels being clogged up due to large volumes of UDP packets, providers have acquired the necessary equipment and skills and cut this traffic off at the root. This means amplification attacks on a Data Link Layer are becoming less effective and, as a result, less profitable.”
Despite this, it warned that application layer attacks could become more widespread, as tools offering such capabilities become cheap and commonplace on the darknet.
DDoS attacks targeted 74 countries worldwide during the quarter – up from 69 in 2015 – with China, the US and South Korea remaining the top three targets.
The longest DDoS attack in the period lasted 197 hours (8.2 days) – far less than the previous quarter’s maximum of 13.9 days. However, attackers increased the number of multiple DDoS floods fired at the same target. One resource reported 33 separate attacks on it during the quarter.
SYN, TCP and HTTP remained the most common type of DDoS attack, while UDP attacks continued to fall from the previous quarter.
There was also a noticeable increase in the number of C&C servers hosted in the UK, Kaspersky Lab claimed.
The firm also noted, as Imperva warned last week, that DDoS-ers are increasingly focusing their attacks on the IT security vendors tasked with stopping them.