Average Duration of a DDoS Attack Rose 100 Times, Says Kaspersky


DDoS attacks hit a new level in Q2 2022 as the percentage of clever attacks and the average length both sharply increased. The average length of a DDoS attack increased 100 times in comparison to the previous year, reaching 3,000 minutes, according to a quarterly DDoS report issued by Kaspersky.

With smart DDoS (Distributed Denial of Service) attacks making up about half of all attacks, the percentage nearly shattered the four-year record. Experts predict a rise in DDoS activity in general, particularly in light of the recent crash of cryptocurrencies. A quarterly DDoS report from Kaspersky includes these and other results.

A distributed denial of service (DDoS) attack aims to stop a website from operating normally or bring it to a full stop. When an attack occurs (which typically targets media outlets, retail or financial businesses, government agencies, or other organizations), the victim loses clients because their website is unavailable, and their reputation may take a hit.

Kaspersky’s solutions protected its users against around 2.5 times as many DDoS attacks in Q2 2021 compared to Q2 2021 statistics. At the same time, absolute numbers fell in Q2 2022 as opposed to the first quarter, which saw a major increase in assaults as a result of hacktivist activities. The DDoS industry has not, however, dropped down; rather, attacks have evolved in quality, growing longer and more intricate.

Smart DDoS Attacks Strive for Records

Alexander Gutnikov, a security expert at Kaspersky
“It is extremely expensive to continue a DDoS attack for such a long time, especially if it is ineffective due to being filtered by protection solutions,” said Alexander Gutnikov, a security expert at Kaspersky.

In Q2 2022, an attack typically lasted 3,000 minutes, or two days, according to Kaspersky’s report. Compared to Q2 2021, when an attack typically lasted 30 minutes, it is 100 times longer now. In comparison to Q1 2022, which was characterized by DDoS sessions lasting longer than ever before due to hacktivist activities, the Q2 number likewise demonstrates an increase – by a factor of three.

In the most recent quarter, several attacks persisted for days or even weeks. A record was established with an attack that lasted 41,441 minutes, or little under 29 days.

“It is extremely expensive to continue a DDoS attack for such a long time, especially if it is ineffective due to being filtered by protection solutions,” said Alexander Gutnikov, a security expert at Kaspersky. “When bots are constantly active, the risk of botnet wear-off, node failure or control center detection increases. The extreme duration of these attacks and the growth in the number of smart and targeted DDoS attacks make us wonder about the capabilities, professional affiliation, and funding sources of the organizers.”

In Q2 2022, every second assault that Kaspersky’s tools discovered was intelligent, indicating that its planners had done a lot of careful planning. This quarter saw an almost record-high level of smart assaults – nearly 50 percent of all attacks. It’s surprising to see data so high in a year that has been ‘hot’ in terms of DDoS activity because the record-high share was established four years ago when the DDoS business was in a depression.

The second quarter saw a decrease in DDoS attacks compared to the first. This is a typical occurrence: as summer approaches, DDoS activity often declines, according to experts. The dynamics of the number of DDoS attacks within the quarter this year didn’t follow this regular trend, according to the Kaspersky DDoS Intelligence system. Following a lull at the end of Q1, botnet activity increased gradually during Q2, peaking in June compared to April. This is consistent with the declining value of cryptocurrencies, which often encourages the DDoS market to heat up.

“The collapse of cryptocurrencies began with the plummet of the Terra (Luna) and has only been gaining momentum since,” added Mr. Gutnikov. “Various factors indicate that the tendency may continue: for example, cryptominers are selling off farms at low prices to gamers. This can lead to a surge in global DDoS activity.”

The following steps are advised by Kaspersky’s specialists to take in order to protect yourself from DDoS attacks:

  • Maintain online resource operations by delegating experts who are knowledgeable about how to counter DDoS attacks.
  • Verify all contacts and agreements with other parties, including those with internet service providers. In the event of an assault, this enables teams to swiftly access agreements.
  • Put in place expert solutions to protect your business against DDoS attacks. For instance, Kaspersky DDoS Protection blends the company’s distinctive in-house technologies with Kaspersky’s significant experience battling cyberthreats.
  • Understand the traffic. To spot patterns and trends in traffic, use tools for network and application monitoring. Understanding the regular traffic patterns and features of your business can help you build a baseline and make it easier to spot any odd behavior that may be a sign of a DDoS assault.
  • Prepare a constrictive Plan B defensive stance. In the event of a DDoS attack, be able to quickly restore business-critical services.