Woburn, MA – October 31, 2018 – Today, Kaspersky Lab is announcing the availability of its DDoS Q3 Intelligence Report, which marks a continued trend in cyberattacks aimed at educational organizations, as they’ve opened their doors after a long summer and students are back in school.
Overall, the report shows that DDoS botnets attacked targets in 82 countries in Q3 2018 – up from 74 countries in Q2 2018. China remained first in terms of the number of attacks and the U.S. returned to second after losing its place in the top three to Hong Kong in Q2 2018. However, third place is now occupied by Australia – the first time it has reached such heights since Kaspersky Lab DDoS reports began.
There are also changes in the top 10 countries with the highest number of active botnet command & control (C&C) servers. As in the previous quarter, the U.S. remained in first place, but Russia moved up to second, while Greece came third.
In addition, Kaspersky Lab experts noticed an overall decline in the number of DDoS attacks this year, which could be due to many bot owners reallocating the computing power of their bots to a more profitable and relatively safe way of making money: cryptocurrency mining. However, despite attackers moving away from DDoS attacks due to less of a financial gain, there is still the risk of DDoS attacks causing disruption to businesses and educational institutions.
Attackers were most active during Q3 2018 in August and September, proven by the number of DDoS attacks on educational institutions increasing sharply at the start of the academic year. This year, the most prominent attacks hit the websites of one of the UK’s leading universities – the University of Edinburgh – and the U.S. vendor Infinite Campus, which supports the parent portal for numerous public city schools.
The analysis and report from Kaspersky Lab experts also found that the majority of these DDoS attacks were carried out during term time and subsided during the holidays. More or less the same result was obtained by the British organization, Jisc. After collecting data about a series of attacks on universities, the organization determined that the number of attacks fell when students were on holiday. The number of attacks also decreases outside of study hours – with DDoS interference in university resources mainly occurring between the hours of 9 a.m. to 4 p.m. The research suggests that responsibility for the attacks could lie with the students.
“The top priority of any cybercriminal activity is gain,” said Alexey Kiselev, business development manager on the Kaspersky DDoS Protection team. “However, that gain doesn’t necessarily have to be financial. The example of DDoS attacks on universities, schools and testing centers presumably demonstrates attempts by young people to annoy teachers, institutions or other students, or maybe just to postpone a test. This sort of ‘initiative’ shown by students and pupils would be amusing if it didn’t cause real problems for the attacked organizations which, in turn, have to prepare to defend themselves against such attacks.”
Read the full version of the report on Securelist.com.
*The DDoS Intelligence system (part of Kaspersky DDoS Protection) is designed to intercept and analyze commands sent to bots from command and control (C&C) servers, and does not have to wait until user devices are infected or cybercriminal commands are executed in order to gather data. It is important to note that DDoS Intelligence statistics are limited to those botnets that were detected and analyzed by Kaspersky Lab.