Kaspersky states in its report: DDoS attacks have decreased by more than a third, compared to an increase in the same period of the previous year. Many botnet attacks come from Germany.
In the second quarter of 2021, the total number of DDoS attacks decreased by 38,8 percent compared to the same period of the previous year and by 2021 percent compared to the previous quarter of 6,5. Kaspersky does not expect any significant changes for the third quarter, even if the increase or decrease in DDoS attacks is likely to depend on the cryptocurrency market. These results come from the latest DDoS report from Kaspersky.
Cyber criminals are looking for new opportunities
Cyber criminals looked for new ways to carry out DDoS attacks in the first quarter of 2021. For example, the number of attacks via the Session Traversal Utilities for NAT (STUN) network protocol has increased. Furthermore, the TsuNAME vulnerability in DNS resolvers was increasingly used to attack DNS servers. In particular, this caused disruptions to Xbox Live, Microsoft Teams, OneDrive, and other Microsoft cloud services. However, Internet service providers also fell victim to DDoS attacks.
Fewer DDoS attacks, changed geography, powerful botnet servers in Ireland and Panama
In general, the second quarter of 2021 was calm in terms of DDoS attacks. On average, the number of daily DDoS attacks fluctuated between 500 and 800. However, the geography has changed slightly. In terms of the number of DDoS attacks, the USA again led the way (36 percent), China, on the other hand, rose by 6,3 percent to 10,2 percent and Poland came third as a newcomer with 6,3 percent of attacks.
The Kaspersky experts analyze the countries in which bots and malicious servers were located that attack IoT devices in order to expand botnets. For this purpose, statistics on attacks on IoT honeypots set up by Kaspersky with the Telnet and SSH protocols were examined. The majority of the devices that carried out attacks were in China (31,8 percent), the United States (12,5 percent) and Germany (5,9 percent). At the same time, the majority of SSH attacks came from Ireland (70,1 percent) and Panama (15,8 percent), which had a relatively small number of bots. This may indicate that among the attacking devices in these countries were powerful servers that could infect multiple devices around the world at the same time.
USA has the largest C&C presence
Furthermore, it was examined in which countries bots and malicious servers were present that attack IoT devices in order to expand botnets. Of the botnet C&C servers, 90 percent were in ten countries in the second quarter. The USA had the largest C&C presence (48 percent), followed by Germany (12,3 percent) and the Netherlands (9,3 percent).
"The second quarter of 2021 was - as expected - quiet," says Alexey Kiselev, Business Development Manager Kaspersky DDoS Protection. “The total number of attacks decreased slightly compared to the previous quarter, which is typical for this period and is observed every year. We traditionally associate this with the start of the holiday and the holiday season in general. For the third quarter of 2021, we do not see any prerequisites for a sharp increase or decrease in DDoS attack occurrences. The market will continue to be heavily dependent on cryptocurrency's long-consistently high price.”
More at Kaspersky.com
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/