DDoS attacks recede in Q2 as cryptocurrency price drops

3 years ago 415
BOOK THIS SPACE FOR AD
ARTICLE AD

John Leyden 28 July 2021 at 15:57 UTC

Quiet before the storm?

Kaspersky reports a lull in DDoS activity in Q2

The second quarter of this year was accompanied by a welcome lull in Distributed Denial of Service (DDoS) attack activity.

The total number of DDoS attacks decreased by 38.8% in Q2 2021 compared to the same period last year. The volume of incidents year-on-year was also down 6.5%, according to the latest DDoS trends report by Kaspersky.

“The overall situation in Q2 was relatively calm,” according to Kaspersky. “On average, the number of DDoS attacks fluctuated between 500 and 800 per day.”

The security firm added: “On the quietest day, only 60 attacks were recorded, and on the most intense, this reached 1,164.”

Bad guys need their holidays, too

Kaspersky reckons attackers taking vacations and a fall in the value of cryptocurrencies led to the spring DDoS lull.

Despite the relatively quiet months, several high-profile organizations fell victim to attacks. For instance, Microsoft cloud services including Xbox Live, Microsoft Teams, and OneDrive were affected by a DNS flood in early April.

Several (mostly European) ISPs were targeted by DDoS attacks during Q2. And in May, the Irish Health Service Executive was hit by an assault.

Turn up the volume

Kaspersky reports that over recent months the perpetrators of DDoS attacks have looked to increase the traffic volume or amplify their attacks. This has led to an increase in the number of attacks made through the Session Traversal Utilities for NAT (STUN) protocol.

Abuse of the STUN protocol, which is normally used to map internal IP addresses and ports hidden behind NAT to external addresses, can be abused to multiply the volume of junk traffic by a factor of 32 even before other techniques are brought into play.

Catch up on the latest DDoS attack news

Abusing STUN servers in this way can disable their functionality, a concern for the 75,000 organizations that Kaspersky estimates are operating vulnerable setups.

Looking ahead, Kaspersky warns that the recently discovered TsuNAME vulnerability in DNS resolvers ought to be addressed before it gets abused by cybercriminals.

RECOMMENDED Data breaches are costing more than ever, as organizations take longer to apply patches – report

Read Entire Article