There was a sharp surge in DDoS attacks in the quarter ended September 30, 2022, said a report by Kaspersky. Distributed Denial of Service (DDoS) attacks, which are aimed at denying the users access to the targeted websites, have gone up by 48 per cent over the comparable period last year.

The number of sophisticated and professionally conducted attacks, too, have doubled in the quarter.

Interestingly, the drop in non-professional attacks continued this quarter.

Although hacktivists were quite passionate and prolific in their DDoS attempts during the first half of 2022, in the July-September quarter they switched to other malicious activity. By September, the number of hacktivist DDoS attacks was tending towards zero, the report has said.

However, the number of high-quality professional attacks remained high. “The targets have not changed either: mainly in the financial and government sectors,” it said.

A DDoS attack is aimed at maiming a website so that it is not accessible to its visitors, causing huge losses to service providers and inconvenience to the users.

Attack duration

On an average, attacks lasted about eight hours, the longest being for four days.

In the September quarter last year, the duration of DDoS attacks was measured in minutes, not hours, the report said.

“During this period, we observed plenty of sophisticated attacks aimed at reaching clearly defined goals. For example, to cut media outlets off, or even suspend general operations of government organisations,” Alexander Gutnikov, a security expert at Kaspersky, said.

How to stay safe

The cyber security firm has asked companies and organisations to deploy people who can respond to DDoS attacks.

“You need to validate third-party agreements and contact information, including those made with internet service providers. This helps teams quickly access agreements in case of an attack,” he said.

It also wanted organisations to have an understanding about the traffic coming to their sites. “This will help more easily identify unusual activity that is symptomatic of a DDoS attack,” he said.