Kaspersky report: the number of DDoS attacks in Q4 2019 attacks doubled

A recent DDoS attack report released by Kaspersky shows that the number of distributed denial of service (DDoS) attacks almost doubled from the fourth quarter of 2018 to the fourth quarter of 2019.

The report pointed out that compared with the third quarter of 2019, the number of attacks in the fourth quarter increased and the duration of the attacks was longer because the fourth quarter is usually the “retail war” period of the holiday shopping season, and the number of cybercrimes has also followed.

Researchers have found that attackers continue to use non-standard protocols for amplification attacks in the last quarter of 2019. Researchers write

cybercriminals turned to Apple Remote Management Service (ARMS), part of the Apple Remote Desktop (ARD) application for remote administration. The first attacks using ARMS were registered back in June 2019, and by early October the protocol was being used by DDoS-as-a-service providers; such attacks have since become widespread.

A number of high-profile DDoS attacks occurred in the fourth quarter of 2019, including threats to South Africa, Singapore, and financial organizations across Scandinavia.

Some attackers continue to use mature tools and strategies in DDoS attacks. In the fourth quarter of 2019, researchers saw a wave of TCP reflection attacks. “This method involves sending requests to legitimate services under the guise of the victim, who is then flooded with responses, so the IP addresses of the attackers do not light up.”

Although the duration of DDoS attacks was slightly extended between the third and fourth quarters of 2019, Imperva’s data shows that the overall trend is that the cost of DDoS attacks is continuously decreasing and the duration of attacks is also shortening. In 2019, more than 51% of attacks lasted only 15 minutes, and only 10% of attacks lasted 15 to 30 minutes.