In the second quarter of 2021, the total number of DDoS attacks decreased by 38.8 per cent compared to Q2 2020, and by 6.5 per cent in comparison to the previous quarter in 2021. China became the leader in the number of devices from which SSH attacks were carried out. At the same time, China continued to lose ground in terms of the total number of DDoS attacks (10.2 per cent). The USA remains the leader (36 per cent) in this category for the second quarter in a row, while Poland and Brazil are new entries in the top five.
Recently, scammers have been looking for ways to amplify DDoS attacks – the number of attacks through the Session Traversal Utilities for NAT (STUN) protocol has increased. Another visible trend is the exploitation of the TsuNAME vulnerability in DNS resolvers to attack DNS servers. In particular, this led to interruptions in the work of Xbox Live, Microsoft Teams, OneDrive and other Microsoft cloud services. Internet service providers also fell victim to DDoS attacks.
The overall situation in Q2 was relatively calm. On average, the number of DDoS attacks fluctuated between 500 and 800 per day. On the quietest day, only 60 attacks were recorded, and on the most intense, this reached 1164.
The geography of DDoS attacks has also changed slightly. The USA once again became the leader for the amount of DDoS attacks (36 per cent). At the same time, China (10.2 per cent), which until this year was regularly in first place, continues to lose ground – its share has decreased by 6.3 per cent. Third place was taken by a newcomer to the rating – Poland (6.3 per cent), whose share increased by 4.3 per cent. Brazil took fourth place, their share almost doubled, amounting to 6 per cent. Canada (5.2 per cent), which previously closed the top three, dropped to fifth place.
Kaspersky experts also analysed which countries had bots and malicious servers that attack IoT devices in order to expand botnets. Results show that the majority of devices that carried out attacks were in China (31.8 per cent), the United States (12.5 per cent) took second place, and Germany (5.9 per cent) came in third.
“The second quarter of 2021 was calm, as we expected. There was a slight decrease in the total number of attacks compared to the previous quarter, which is typical for this period and is observed annually. We traditionally associate these numbers with the beginning of holidays and vacations. In the third quarter of 2021, we also do not see any prerequisites for a sharp rise or fall in the DDoS attack market. The market will also continue to be highly dependent on the rate of cryptocurrencies, which has remained consistently high for a long time,” commented Alexey Kiselev, Business Development Manager, Kaspersky DDoS Protection team.
Chris Connell, Managing Director, Kaspersky (APAC) commented, “The decrease in the number of DDoS attacks is definitely a good sign, but it should not mean that the companies and enterprises can neglect the risks of falling prey to a DDoS attack and relax their security measures. Businesses of all sizes today are at risk of a DDoS attack and it is imperative for them to develop a denial of service response plan in advance which will prepare them against an actual attack on their network. Developing an incident response plan is the first and the most critical step to be taken while executing a robust defense strategy.”
Chris added, “Depending on the infrastructure, a response plan can be quite exhaustive, however the right security measures in place, and a thorough training with the employees can be a major help to businesses in their constant fight against such attacks.”