Kaspersky DDoS Attacks in Q4 2018 Report: DDoS attack activity decreased by 13% in 2018

DDoS Attacks report

According to a recent DDoS Attacks in the Q4 2018 report released by Kaspersky Lab, DDoS activity in 2018 is 13% lower than last year. In addition to the year-on-year growth in the third quarter due to the unusually active September, the number of attacks detected in the other three quarters in 2018 has declined. Attacks in the fourth quarter were the least active, down 30% year-on-year.

Although the number of attacks may have decreased, the duration of attacks is increasing. According to data from Kaspersky Lab, the average attack time climbed from 95 minutes in the first quarter to 218 minutes in the fourth quarter.

Kaspersky said UDP flooding is the most common type of attack. But if you look at the duration of the attack, HTTP floods and mixed attacks with HTTP elements account for about 80% of all DDoS attacks. By the improvement of defense measures, the traditional DDoS attack has basically failed.

The Highline report is below

  • China still tops the leaderboard by number of DDoS attacks, but its share fell quite significantly, from 77.67% to 50.43%. The US retained second position (24.90%), and Australia came third (4.5%). The Top 10 waved goodbye to Russia and Singapore, but welcomed Brazil (2.89%) and Saudi Arabia (1.57%).
  • By geographical distribution of targets, the leaders remain China (43.26%), the US (29.14%), and Australia (5.91%). That said, China’s share fell significantly, while all other Top 10 countries increased theirs.
  • Most of the botnet-based attacks last quarter occurred in October; holiday and pre-holiday periods were calmer. In terms of weekly dynamics, attack activity rose mid-week and decreased towards the end.
  • Q4 witnessed the longest attack seen in recent years, lasting almost 16 days (329 hours). In general, the share of short attacks decreased slightly, but the fluctuations were minor.
  • The share of UDP floods increased significantly to almost a third (31.1%) of all attacks. However, SYN flooding is still leading (58.2%).
  • In connection with the rising number of Mirai C&C servers, the shares of the US (43.48%), Britain (7.88%), and the Netherlands (6.79%) increased.