Because it’s big business and business is good even though some reports say that DDoS attacks are on the decline. For the first quarter of 2017 nearly 55% of targeted sources are in China. This is quite a drop from the previous quarter which was at 77%. The number of countries involved dropped to 72 countries. China accounts for the 55% and had the vast majority of the attacks. With the exception of South Korea and the USA, most countries have had very little significant change in the number of DDoS attacks.
The two countries with a fairly large increase in DDoS attacks was South Korea and USA. Both countries had an increase from 7% to 22% and 7% to 11% respectively.
It is also important to note, however, how many computers, in general, are actually online, connected to the internet. Even though Vietnam is ranked as the 6th largest targeted country it is probably safe to surmise that Vietnam is not as well technologically saturated as Honk Kong for example with a much denser and built-up urban population.
DDoS protection services report the longest DDoS attack in Q1 2017 lasted just 120 hours. This is a whopping 59% shorter than the previous quarter. Most all other attacks lasted just under 50 hours. An even larger majority were no more than just four hours. Even those attacks that lasted 5-9 hours declined over 10%. SYN DDoS also declined from 75% to 48%. Windows-based botnets have now also exceeded Linux botnets, increasing from 25% to nearly 60% for the first quarter in 2017.
Are DDoS Attacks Truly on the Decline?
So why the decline in DDoS activity and why should companies continue to put aside large amounts of their budget towards DDoS protection services and mitigation. Isn’t DDoS simply declining in large numbers? There could be a few explanations for this.
The first is that DDoS prevention services are simply improving and are able to stop these attacks much more efficiently, quickly and for longer periods of time. The other is just because DDoS attacks may seem to be on the decline you may still be in a high-risk industry that is leaning towards an opposite trend of current DDoS attack statistics. In addition, lowering your defenses provides an easier opportunity for cyber attacks. In addition, a higher level of damage from an actual DDoS attack should it happen. The same report by securelist.com shows a considerable increase in attacks using TCP, UDP and ICMP even though SYN floods declined.
Another third reason is the increase in ransomware attacks. They, unfortunately, seem to be gaining in popularity and proving to be more effective. There is a much more attractive financial opportunity with ransomware. With the use of Bitcoin to easily hide the hackers tracks this holds especially true. On top of that, cyber criminals still receive easy and nearly guaranteed payment (no chargebacks etc.)
As Kaspersky notes, complex attacks are becoming more frequent that can actually only be combated with sophisticated DDoS protection.
However, due to the decline in DDoS attacks in general, (noting no recordings of a single amplification attack in Q1 2017) they conclude that DDoS effectiveness is steadily declining. It may even become a thing of the past. As mentioned earlier encryption based attacks do not seem to be having a large enough impact. Yet.
For more info on DDoS protection services and statistics, please visit: https://securelist.com/ddos-attacks-in-q1-2017/78285/