Kaspersky researchers spotted a record setting 292 hour-long (12.2 day) DDoS attack in Q4 2016, significantly beating the previous quarter's maximum attack, which lasted 184 hours (7.7 days) days. And poorly secured internet of things (IoT) may be to blame.
The firm also found that 80 countries had their resources targeted, compared to 67 in the previous quarter, with China absorbing 71 percent of these attacks, according to the Q4 Summary report.
The top the 10 most targeted countries accounted for almost 97 percent of all attacks with China leading the pack accounting for nearly 77 percent of all the attacks, a slight uptick from the previous quarter, followed by the US which accounted for almost 13 percent of the attacks.
Researchers also spotted four main trends: the demise of amplification-type attacks, rising popularity of attacks on applications along with their increase in encryption usage, rising popularity in WordPress Pingback attacks and the use of IOT botnets to carry out DDoS attacks.
“Overall, Q4 2016 was rich in noteworthy DDoS attacks against a broad range of targets, including Dyn's Domain Name System, Deutsche Telekom and some of Russia's largest banks,” Kaspersky Lab North America senior vice president Michael Canavan told SC Media. “These companies were among the first victims of a new trend – DDoS attacks launched via huge botnets made up of vulnerable IoT devices, of which Mirai is one example.”
Canavan said it appears that cyber-criminals are testing new tools, attack scenarios, and determining how victims can withstand them and also looking for opportunities to monetise DDoS attacks whenever possible. In order to combat the threats of the changing DDoS landscape, IoT manufacturers and developers need to work to better implement a security by design approach and to work with the security industry when creating and installing new products.
“This could include, for example, the capability to prompt password resets or to patch and distribute updates for software after a bug has been detected,” Canavan said.
He said the best approach to preventing attacks is to have a reliable anti-DDoS solution in place. “ In addition, companies can migrate public resources to another IP address, adjust a firewall to fight SYN flood attacks and relocate business critical applications to the cloud or a separate public subnet,” he said.