Significant drop in DDoS attacks last year as cybercriminals direct their efforts towards crypto mining

With everyone doing everything online last year thanks to Covid-19, there was an understandable increase in cyber criminal activity. In particular, cyber security group Kaspersky reported a “boom of DDoS attacks” in 2020. Kaspersky reports that they detected 31% percent fewer of these attacks in fiscal quarter 4 than in fiscal quarter 3, an incredibly steep decline. Kaspersky speculates that this may be due to the rise in cryptocurrency value, and cybercriminals devoting devices infected by their botnets to mining cryptocurrency rather than carrying out DDoS attacks.

DDoS? What’s that?

Some quick explaining for the confused. DDoS stands for “Distributed Denial of Service”. To carry out a DDoS attack, several things need to happen. First, the attacker has to use malware to infect a group of computers with a software that allows them to control them. This network of infected systems is called a botnet. The attacker then uses the botnet to spam a targeted server or system (one that provides its users with a service) with requests for data, effectively flooding it. This causes the server or system to be unable to deliver the service it does, and can even crash it.

The result: a loss in productivity and therefore income. Customers cannot get onto a web page offering a service and so the company who runs the page will lose whatever income they may have gained by it. DDoS attackers generally don’t make money off of these attacks. They carry them out for a range of reasons, from infantile pranks to activism.

So what happened last year?

As mentioned above, with many businesses going entirely online last year, there was a rise in DDoS attacks. But, even though there were still 10% more attacks in Q4 2020 than in Q4 2019, the number of attacks in Q4 2020 dropped from the previous quarter by 30%, says Kaspersky.

Kaspersky experts theorize that this could be because cybercriminals are turning their attention to where the money is: cryptocurrency. Cryptocurrencies like Bitcoin have been on the rise in the past few months, with Bitcoin jumping 305% in price over the course of last year, and hitting an all time high earlier this year. Cybercriminals could be devoting the computing power of their fleets of infected systems to mine cryptocurrency instead carrying out DDoS attacks.

Kaspersky explains that this makes sense when backed up with its statistics regarding cryptomining. Over the course of 2019 and the beginning of last year, the number of cryptominers was declining. However, in August of last year, this trend changed, jumping over August and September, then plateauing for the rest of the year.

“The DDoS attack market is currently affected by two opposite trends,” says Alexey Kiselev, Business Development Manager on the Kaspersky DDoS Protection team. “…people still highly rely on stable work of online resources, which can make DDoS attacks a common choice for malefactors. However, with a spike in cryptocurrency prices, it may be more profitable for them to infect some devices with miners. As a result, we see that the total number of DDoS attacks in Q4 remained quite stable.”

What happens next?

Whether or not this trend will continue remains to be seen, though Kiselev says Kaspersky predicts that it will carry on into 2021. Kaspersky experts comment that they would like to see how these statistics for the DDoS market quarter to quarter may have looked in a 2020 sans pandemic or cryptocurrency boom. They go on to remark on how the two factors “[blew] half of our predictions [for the DDoS market] off course”.

“We see no preconditions for major growth or decline, both in Q1 and throughout 2021,” they go on to say. Whatever happens, Kaspersky continues to urge caution against potential cyber attacks. We asked Ross Saunders, a South African data protection and information security specialist, what his take on Kaspersky’s report is.

“I think we’re going to see an interesting cat-and-mouse kind of game here. Even more recently than the Kasperky trend analysis, the pendulum has swung. Through January, it seems the trend held, but then in early February when Bitcoin skyrocketed, there were reports of DDoS ransoms on the rise again as it became more lucrative to ask for ransoms at the higher price.”

However, Saunders went on to say, “many ransoms asked for [can become] too expensive for even the boldest of companies to pay, thus making this approach less lucrative.” He finished off his statement by saying, “Something as simple as a tweet can set Bitcoin skyrocketing or plummeting, so it is hard to predict how this will play out. I do not, however, feel we will see either one [cybercriminals mining cryptocurrencies themselves, and cybercriminals DDoS attacking companies for cryptocurrency ransoms] fall out of practice in the foreseeable future.”

To stay protected against DDoS attacks, the company recommends:

Assigning specialists who know how to respond to DDoS attacks to maintaining your web resource operations.
Validating agreements and contact information for third-parties, particularly ISPs, to ensure swift access to agreements in case of an attack.7
Using professional solutions and resources, like those provided by a cybersecurity company, to protect your organization from DDoS attacks.