Kaspersky Finds DDoS Attacks in Q3 Grow by 24%, Become More Sophisticated

The total number of smart attacks (advanced DDoS attacks that are often targeted) increased by 31% when compared to the same period last year.

November 8, 2021

3 Min Read


Woburn, MA — November 8, 2021 Kaspersky today publishes its Distributed Denial of Service (DDoS) Q3 2021 report, which found when compared to Q3 2020, the total number of DDoS attacks increased by nearly 24%, while the total number of smart attacks (advanced DDoS attacks that are often targeted) increased by 31% when compared to the same period last year. Some of the most notable targets were tools to fight the pandemic, government organizations, game developers, and well-known cybersecurity publications.

DDoS attacks are aimed at overwhelming a network server with requests for services so that the server crashes, denying users access. This can cause huge disruptions for organizations and businesses. Such attacks can last for several minutes or even a few days. So-called “smart” DDoS attacks go one step further. These attacks are more sophisticated, often targeted, and can be used not just to disrupt services, but also to make certain resources inaccessible or steal money. Both types of attacks were on the rise in Q3 2021.

Both types of attacks increased when compared to Q2 2021, with the largest percentage of resources attacked (40.8%) located in the US, followed by Hong Kong and mainland China. In fact, in August, Kaspersky noted a record number of DDoS attacks in a single day: 8,825.

Some of the most notable, large-scale DDoS attacks over the past quarter involved a new, powerful botnet called Mēris, which is capable of sending out a massive number of requests per second. This botnet was seen in attacks against two of the most well-known cybersecurity publications including Krebs on Security and InfoSecurity Magazine.

Other notable DDoS trends in Q3 included a series of politically-motivated attacks in Europe and Asia, as well as attacks against game developers. In addition, attackers targeted resources to combat the pandemic across several countries, and there was a series of ransomware attacks against telecommunications providers in Canada, the USA, and the UK. The attackers presented themselves as members of the infamous ransomware group REvil and shut down the companies’ servers to pressure them into paying the ransom.

Kaspersky researchers also witnessed a highly unusual DDoS attack at a state university that lasted several days. While attacks against educational resources are not uncommon, this one was particularly sophisticated. The attackers were after the online accounts of applicants to a state university, and they chose an attack vector that made the resource completely unavailable. The attack also continued after the filtering began, which is rare.

“Over the past couple of years, we’ve seen the cryptomining and DDoS attack groups competing for resources, since many of the same botnets used for DDoS attacks can be used for cryptomining,” comments Alexander Gutnikov, security expert at Kaspersky. “While we were previously seeing a decline in DDoS attacks as cryptocurrency gained in value, we’re now witnessing a redistribution of resources. DDoS resources are in demand and attacks are profitable. We expect to see the number of DDoS attacks continue to increase in Q4, especially since, historically, DDoS attacks have been particularly high at the end of the year.”

Read more about DDoS attacks in Q3 2021 on Securelist.

To stay protected against DDoS attacks, Kaspersky experts offer the following recommendations:

  • Maintain web resource operations by assigning specialists who understand how to respond to DDoS attacks.

  • Validate third-party agreements and contact information, including those made with internet service providers. This helps teams quickly access agreements in case of an attack.

  • Implement professional solutions to safeguard your organization against DDoS attacks. For example, Kaspersky DDoS Protection combines Kaspersky’s extensive expertise in combating cyberthreats and the company’s unique in-house developments.

  • Know your traffic. It’s a good option to use network and application monitoring tools to identify traffic trends and tendencies. By understanding your company's typical traffic patterns and characteristics, you can establish a baseline to more easily identify unusual activity that is symptomatic of a DDoS attack.

  • Have a restrictive Plan B defensive posture ready to go. Be in a position to rapidly restore business-critical services in the face of a DDoS attack.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights