Kaspersky Experts Find DDoS Attack Duration Increases 100-fold In Second Quarter Of The Year

JAKARTA - During the second quarter of this year, Kaspersky's report found that Distributed Denial of Service (DDoS) attacks reached new levels as the share of smart attacks and their average duration increased sharply.

Compared to last year, the average DDoS attack duration increased 100-fold, reaching 3,000 minutes. The share of smart attacks almost broke the four-year record, accounting for almost 50% of the total.

Experts also expect an increase in overall DDoS activity, especially with the recent collapse of cryptocurrencies.

Distributed Denial of Service (DDoS) attacks are designed to hinder the normal functioning of a website or damage it entirely.

During an attack (which usually targets government agencies, retail or financial companies, media or other organizations) the victim will lose customers due to the unavailable website which also affects their reputation.

Compared to figures from the second quarter of 2021 (Q2 2021), Kaspersky's solutions protect their users from about 2.5 times more DDoS attacks.

At the same time, in contrast to the start of the year (Q1 2022) with a dramatic spike in attacks due to hacktivist activity, absolute numbers declined in the second quarter of this year (Q2 2022). However, this does not mean that the DDoS market has cooled off, on the contrary, attacks have changed in quality, becoming longer and more complex.

The average attack duration in Q2 2022 was 3,000 minutes, or two days. This is 100 times longer than in Q2 2021, when attacks lasted only 30 minutes on average.

Some of the attacks in the last quarter lasted for days or even weeks. A record was set by an attack with a duration of 41,441 minutes, which was almost 29 days.

"To deploy an attack effort over a long period of time costs a lot of money. Especially if it is not effective because it is filtered by protection solutions," said Alexander Gutnikov, security expert at Kaspersky.

According to him, the extreme duration of attacks and the growing number of intelligent and targeted DDoS attacks made him wonder about the capabilities, professional affiliations and funding sources of the organizers.

Every second attack in Q2 2022 detected by Kaspersky products was a “smart attack”, meaning that the organizers made quite sophisticated preparations. The share of smart attacks hit nearly 50% this quarter, which is almost a new record.

In terms of the number of DDoS attacks, the second quarter was indeed quieter than the first. This is a common phenomenon: experts usually see a decrease in DDoS activity as summer approaches.

According to Kaspersky's DDoS Intelligence system, this year the dynamics of the number of DDoS attacks in the quarter did not match this typical pattern. After a slowdown in late Q1, botnet activity continued to grow throughout Q2, resulting in more activity in June than in April. This is consistent with the decline in cryptocurrencies, which usually stimulate the heating of the DDoS market.

“The collapse of cryptocurrencies started with the crash of Terra (Luna) and the momentum has started ever since. Various factors suggest that the trend could continue: for example, cryptominers are selling mining farms at low prices to gamers. This could lead to a spike in global DDoS activity," Gutnikov explained.