It’s been a strong quarter for cybercriminals, as the number of distributed denial of service (DDoS) attacks grew, substantially. A new Kaspersky Lab report on cybersecurity claims that the beginning of the academic year was a strong catalyst for criminal activities on the web, which was mostly conducted by young and inexperienced criminals.
The third quarter of this year has seen a third more DDoS attacks, compared to the second quarter (30 per cent), as well as compared to the year before (32 per cent).
More than half of all of these attacks (53 per cent) occurred in September.
“This change can be explained by a boom of DDoS activity at the beginning of the academic year,” Kaspersky claims. While summer months were mostly quiet, September was relatively strong.
Looking at all of the prevented attacks, almost two thirds (60 per cent) were aimed at schools and electronic journal sites. Given that most attacks were “rather simple” in their type, and given who the targets were, Kaspersky concludes that the attackers were most likely “school-age hooligans who do not have a deep understanding of how to organise DDoS campaigns”.
Another type of DDoS attack which contributed to the surge is the so-called “smart” attack, focusing on the application layer and usually conducted by skilled criminals. In the quarter, the share of these attacks dropped from 50 per cent to 28, and grew seven per cent compared to Q3 2018.
The average duration of these attacks hasn’t changed, compared to the previous quarter, but it has almost doubled compared to the previous year. The average duration of all attacks fell slightly.
“Despite this spell of seasonal activity from young hooligans, who appear to celebrate the beginning of the school year with a spike in DDoS attacks, the more professional market of DDoS attacks is rather stable, commented Alexey Kiselev, Business Development Manager on the Kaspersky DDoS Protection team.
“We have not seen an explosive increase in the number of smart attacks compared with the previous quarter and the average length of attack remains the same. However, this still causes serious damage to business. Our survey of IT decision makers revealed that DDoS attacks are the second most expensive type of cyber-incident that led to date breaches for SMBs, with the average cost of a breach estimated at $138,000,” he concluded.