Skip to main content

Kaspersky Lab Report on DDoS Attacks in Q1 2017: The Lull Before the Storm

May 11, 2017

Today, Kaspersky Lab is announcing the availability of its latest Q1 2017 DDoS Intelligence Report, which confirms the forecasts about the evolution of DDoS attacks made by the company’s experts following the 2016 results.

 

Woburn, MA – May 11, 2017 – Today, Kaspersky Lab is announcing the availability of its latest Q1 2017 DDoS Intelligence Report, which confirms the forecasts about the evolution of DDoS attacks made by the company’s experts following the 2016 results.

Despite the growing popularity of complex DDoS attacks continuing into the first quarter of the year, there was a noticeable decline in the number of overall attacks and a change to how they were dispersed by country.

In the first quarter of 2017, the Kaspersky DDoS Intelligence system1 recorded DDoS attacks against resources in 72 countries, which is eight less than in the fourth quarter of 2016. The Netherlands and the UK replaced Japan and France among the top 10 countries with the most DDoS victims.

South Korea remained the leader in terms of the number of detected C&C (Command and Control) servers. The U.S. came second in this respect, followed by the Netherlands, which dislodged China from the top three for the first time since monitoring began. The latter dropped from second to seventh place. Japan, Ukraine and Bulgaria all left the top 10 ranking of countries with the highest number of C&C servers. They were replaced by Hong Kong, Romania and Germany.

Distribution by operating system also changed in Q1 2017. In the previous quarter, Linux-based IoT (Internet of Things) botnets were the most popular, but they were squeezed out by Windows-based botnets, whose share grew from 25 percent to 60 percent in the first quarter. The number of TCP, UDP and ICMP attacks increased considerably, while the share of SYN DDoS and HTTP attacks declined from 75 percent in the fourth quarter of 2016 to 48 percent in Q1.

During the reporting period, not a single amplification-type attack was registered, while the number of encryption-based attacks grew. This is in line with the company’s forecasts last year predicting a shift in DDoS from simple, powerful attacks to attacks that are difficult to identify using standard security tools.

Overall, the quarter was relatively quiet: the largest number of attacks (994) was observed on February 18, 2017. The longest DDoS attack in Q1 2017 only lasted 120 hours, which is significantly lower than the previous quarter’s maximum of 292 hours.

“There’s typically a pronounced decline in the number of DDoS attacks at the beginning of the year, and this trend has continued now for five years,” comments Kirill Ilganaev, head of Kaspersky DDoS protection at Kaspersky Lab. “This may be due to cybercriminals or their clients taking a break. However, despite this now familiar downturn, we still recorded more attacks between January and March of this year than we did in the first quarter of 2016, which confirms the conclusion that the overall number of DDoS attacks is growing. So now is not the time to let your guard down; rather, it’s better to take care of your protection before the cybercriminals get back to their usual work routine.”


1 The DDoS Intelligence system (part of Kaspersky DDoS Protection) is designed to intercept and analyze commands sent to bots from command and control (C&C) servers, and does not have to wait until user devices are infected or cybercriminal commands are executed in order to gather data. It is important to note that DDoS Intelligence statistics are limited to those botnets that were detected and analyzed by Kaspersky Lab.

About Kaspersky Lab

Kaspersky Lab is a global cybersecurity company celebrating its 20 year anniversary in 2017. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.
For the latest in-depth information on security threat issues and trends, please visit:
Securelist | Information about Viruses, Hackers and Spam
Follow @Securelist on Twitter
Threatpost | The First Stop for Security News
Follow @Threatpost on Twitter
Media Contact
Denise Bertrand
781.503.1836
denise.bertrand@kaspersky.com   

Kaspersky Lab Report on DDoS Attacks in Q1 2017: The Lull Before the Storm

Today, Kaspersky Lab is announcing the availability of its latest Q1 2017 DDoS Intelligence Report, which confirms the forecasts about the evolution of DDoS attacks made by the company’s experts following the 2016 results.
Kaspersky logo

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help over 200,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

Related Articles Press Releases