According to an analysis by Kaspersky, DDoS attacks were observed to be reducing in late-2020. One of the main reasons behind this drop is that cybercriminals are now repurposing their botnets towards cryptomining.
DDoS attack trends in Q4 2020
According to the researchers, a surge in cryptocurrency values is probably the key factor inspiring cybercriminals to use their botnets to mine cryptocurrencies.
- In Q4, multiple schools in Sandwich and Tyngsboro (Mass.), Laurentian University in Canada, and Telenor Norway were targeted by DDoS attacks.
- Cybercriminals employed the names of well-known APT groups to scare victims, and demanded ransoms in cryptocurrency along with demonstration attacks to back up their threats.
- In addition, the perpetrators behind DDoS leveraged Citrix application delivery controller (ADC) devices to communicate with Datagram Transport Layer Security (DTLS) protocol enabled devices, eventually spoofing victims’ IP addresses.
- The total volume of DDoS attacks was down by 31% in Q4.
- However, the number of DDoS attacks was 10% higher than in the same period in the previous year.
- The top countries targeted by DDoS attacks include China (44.49%), the US (23.57%), and Hong Kong (7.20%).
- December 31 was the most active day for DDoS attacks, with 1,349 attacks.
What to expect in 2021?
Throughout 2021, a period of stability is expected with no major growth or decline, according to the researcher’s assessment. At present, the DDoS market is influenced by two opposite trends - people still rely on online resources for work and the other is a spike in cryptocurrency prices.
The cryptomining surge could be continued this year and it heavily depends on the cryptocurrency market. Therefore, experts suggest staying protected by using a CDN to protect websites. In addition, it is recommended to add filters to drop packets from identified sources of attack and timeout half-open connections.