SSL-Based DDoS Attacks ‘Trend of Q3’, says Kaspersky Lab

According to the latest threat intelligence report from Kaspersky Lab, cybercrime-as-a-service has proliferated in recent months and the cybercrime trend of the quarter is SSL-based DDoS attacks.

Ransomware may still be a major issue, but the biggest threat facing businesses is SSL-based DDoS attacks. This is backed up by the 2016 Internet Organized Crime Threat Assessment (IOCTA) from Europol. The Europol report contains a stark warning to all Internet facing organizations – Regardless of the area of business that a company operates in, it is now a target for cybercriminals.

Over the past few weeks, cybercriminals have launched a series of DDoS attacks on a wide range of targets on a scale never before seen. Brian Krebs was targeted and was subjected to a massive 620 Gbps DDoS attack, although that was just a fraction of the size of the attack on OVH which followed. That attack was reportedly 1 Tbps. Kaspersky Lab explains that since the release of the Mirai source code, massive DDoS attacks are likely to be conducted with increasing regularity.

Many of the recent DDoS attacks have been political, although cybercriminals have been increasingly targeting companies that rely on the Internet to do business. They have been threatened with DDoS attacks unless sizable Bitcoin payments are received. When payment is not made, the organizations are subjected to a series of large DDoS attacks. The cost of mitigating those attacks is considerable.

In Q3, the majority of DDoS attacks were conducted in China as was the case in Q2. In Q3, 62.64% of attacks were conducted in China, the USA was in second place with 17.73% of attacks, with South Korea in third with 8.73% of attacks.

Kaspersky notes that while accounting for just 1.11% of attacks, Italy has now made it into the top ten most attacked countries for the first time, with France and Germany also making the top ten list. In Q3, the majority of attacks lasted less than 4 hours. Sustained attacks over a period of days are still occurring, although these long attacks have decreased in Q3. Attacks lasting between 100 and 149 hours fell from 2.7% in Q2 to 0.1% in Q3.

South Korea still tops the list of countries with the most C&C servers, with China in second place and the USA in third, although Kaspersky notes that the number of C&C servers in Western Europe is increasing steadily. Kaspersky Lab detected a large increase in SSL-based DDoS attacks on applications in quarter 3, 2016 and the trend is likely to continue into Q4 and beyond.

While traditional defenses have been effective against DDoS attacks using malware tools such as Pandora, cybercriminals are now using increasingly sophisticated methods to attack organizations. Kaspersky Lab has urged companies to revise their strategies for combating DDoS attacks and suggests many of the DDoS mitigation strategies that have been effective in the past are unlikely to continue to be effective against the latest smart SSL-based DDoS attacks.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of