Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

5/10/2021
03:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Kaspersky Research Finds DDoS Sttacks in Q1 2021 Return to Pre-Pandemic Numbers

Woburn, MA – May 10, 2021 — According to data from Kaspersky DDoS Prevention, in Q1 2021, the number of DDoS attacks dropped by 29% compared to the same period in 2020, but increased by 47% compared to Q4 2020. This growth is explained by an unusual spike in January which accounted for 43% of all attacks in the quarter.

In early 2021, many people were still working remotely and spending their leisure time at home. Therefore, cybercriminals conducted DDoS attacks against entities that users need more, like telecom providers, so that their clients experienced issues with their internet connection or online gaming sites. Despite the remaining attention on such resources, statistics show the overall DDoS situation is becoming stable.

Kaspersky experts explain the drop in attacks compared to the same quarter last year by the abnormal activity at the beginning of 2020. Due to a sudden shift to remote work, corporate VPN gateways and web resources, such as mail or corporate knowledge bases that were previously available only inside an organization, became a target for DDoS attacks. Within the year, businesses mostly implemented protection for these parts of IT infrastructure. Given this, attacks against these web assets may have become less effective, and the number of DDoS attacks dropped, so by February and March 2021, the number of attacks returned back to a pre-lockdown benchmark.

 

Comparison of number of DDoS attacks by months. Data for 2019 is taken as 100%

January 2021 stands out in terms of the number of DDoS attacks. Statistics from Kaspersky DDoS Intelligence system that intercepts and analyzes commands received by bots from command and control servers highlighted this spike. For instance, on January 10 and 11, the number of registered attacks exceeded 1,800 and for several days in the month it reached more than 1,500.

“In general, the first quarter of 2021 was rather quiet, apart from surge in DDoS activity in January,” comments Alexey Kiselev, business development manager on the Kaspersky DDoS Protection team. “That surge may have been caused by a fall in cryptocurrency prices that made some malefactors repurpose infected devices in botnets to send junk traffic instead of mining currency. So, despite an overall decline in Q1, we recommend protecting web resources from DDoS attacks. Because, as we can see, cybercriminals driven by financial motives can easily change their tactics depending on the circumstances.”

To stay protected against DDoS attacks, Kaspersky experts offer the following recommendations:

  • Maintain web resource operations by assigning specialists who understand how to respond to DDoS attacks
  • Validate third-party agreements and contact information, including those made with internet service providers. This helps teams quickly access agreements in case of an attack
  • Implement professional solutions to safeguard your organization against DDoS attacks. For example, Kaspersky DDoS Protection combines Kaspersky’s extensive expertise in combating cyberthreats and the company’s unique in-house developments

Read the full report on Securelist.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Sharat099
50%
50%
Sharat099,
User Rank: Apprentice
5/22/2021 | 12:18:40 PM
DDoS Attack Recovery is really much harder
DDoS Attack Recovery is really much harder than people describe. I have a suggestion for you to get the best DDoS protection from Mazeebolt. Also I am open to suggestions from you. Looking forward to it.
Commentary
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
Edge-DRsplash-10-edge-articles
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
News
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-2322
PUBLISHED: 2021-06-23
Vulnerability in OpenGrok (component: Web App). Versions that are affected are 1.6.7 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise OpenGrok. Successful attacks of this vulnerability can result in takeover of OpenGrok. CVSS 3.1 ...
CVE-2021-20019
PUBLISHED: 2021-06-23
A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potentially lead to an internal sensitive data disclosure vulnerability.
CVE-2021-21809
PUBLISHED: 2021-06-23
A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities.
CVE-2021-34067
PUBLISHED: 2021-06-23
Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file.
CVE-2021-34068
PUBLISHED: 2021-06-23
Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file.