A matter of profit: DDoS attacks in Q4 2020 dropped by a third compared to Q3, as cryptomining is on the rise
February 2021 by Kaspersky
The number of DDoS attacks detected by Kaspersky DDoS Prevention in Q4 2020 increased slightly in comparison to the same period of 2019. However, it is 31% less compared to Q3 2020. This drop can be connected to the growing interest in cryptocurrency mining.
As people began to spend more time online in 2020, it resulted in a boom of DDoS attacks. And in the fourth quarter, attacks on educational institutions continued: several schools in Massachusetts and Laurentian University in Canada experienced such incidents. Online gaming services also suffered DDoS attacks.
However, in Q4 2020 there were only 10% more attacks than in Q4 2019. And compared to Q3 2020, the number of attacks in Q4 2020 fell by 31%, while Q3 2020 also saw a drop compared to Q2.
Experts suggest that this can be caused by a surge in cryptocurrency costs. As a result, cybercriminals may have had to ‘re-profile’ some botnets so that C&C servers, that are typically used in DDoS attacks, could repurpose infected devices and use their computing power to mine cryptocurrencies instead. This is further proved by KSN statistics. Throughout 2019, as well as in the beginning of 2020, the number of cryptominers was dropping. However, from August 2020 the trend changed, with the amount of this form of malware increasing slightly and reaching a plateau in Q4.
“The DDoS attack market is currently affected by two opposite trends. On the one hand, people still highly rely on stable work of online resources, which can make DDoS attacks a common choice for malefactors. However, with a spike in cryptocurrency prices, it may be more profitable for them to infect some devices with miners. As a result, we see that the total number of DDoS attacks in Q4 remained quite stable. And we can predict that this trend will continue in 2021,” comments Alexey Kiselev, Business Development Manager on the Kaspersky DDoS Protection team.
To stay protected against DDoS attacks, Kaspersky experts offer the following recommendations:
• Maintain web resource operations by assigning specialists who understand how to respond to DDoS attacks
• Validate third-party agreements and contact information, including those made with internet service providers. This helps teams quickly access agreements in case of an attack _• Implement professional solutions to safeguard your organisation against DDoS attacks. For example, Kaspersky DDoS Protection combines Kaspersky’s extensive expertise in combating cyberthreats and the company’s unique in-house developments
 Kaspersky Security Network (KSN) is a distributed infrastructure that works with various anti-malware protection components. The statistics consist of depersonalised metadata which is voluntarily provided by KSN participants among Kaspersky’s customers.