Somehow, Thursdays were usually quiet, reports the research team from Kaspersky.

As a global population, hackers and cybercriminals are a hardworking lot. They do not work from 9am to 5pm, nor do they observe weekends. In fact, they do their “best” work on off-peak periods when their victims are at their most unguarded.

This is what the Kaspersky Q4 2019 DDoS attacks report confirms. For Q4 last year, 28% of attacks happened on weekends, with Sundays turning out to be least popular for attacks during that quarter, and Thursdays registering the least distributed denial-of-service activity.

In that quarter, there were several large-scale DDoS attacks, including ones against financial institutions in South Africa, Singapore and Scandinavian countries. These cyberattacks were also targeted at the Labour party in the United Kingdom as an attempt to disrupt its digital systems, as well as against Minecraft servers set up in the Vatican. This demonstrates that DDoS is still a common attack method amongst cybercriminals seeking financial gain or driven by ideological motives, so organisations should be prepared for such attacks and understand how they evolve.

The report highlighted that the main trend during Q4 was increased botnet activity on Sundays. While the growth may seem relatively small (2.5%), the share of DDoS attacks on this particular day of the week had otherwise been the lowest, and consistent, throughout the rest of the year (around 11% of attacks in Q1 and Q3, and 10% in Q2). Also, Thursdays had the least DDoS activity.

In general, attacks became more evenly distributed over a week. Analysis showed that the difference between the most active and the calmest day was only about 2.5% compared to the previous quarter which had a difference of seven percentage points.

Although the number of DDoS attacks detected by Kaspersky DDoS Protection had grown significantly compared to the same period of 2018, the growth in comparison to Q3 2019 was only marginal (attacks in Q3 2019 equated to 92% of Q4 2019). There was a more notable rise in so-called smart DDoS attacks, focusing on the application layer and carried out by skilled malefactors (as attacks in Q3 2019 were 73% of those in Q4 2019). Such an increase was quite predictable, since November to December is traditionally a popular time for online business and retail activity. However, Kaspersky experts did not identify a spike on Black Friday or Christmas holiday sales days.

Commented Alexey Kiselev, Business Development Manager of the Kaspersky DDoS Protection team: “Despite the significant growth in general, the season turned out to be quieter than expected. We suggest that we didn’t see a storm of attacks on certain days because companies expand their activity to engage with customers for the entirety of the holiday period. So, there is no need for cybercriminals to launch an attack to coincide with a specific event. However, attackers can still find a way to spoil your leisure time, as cybercrime is not an ordinary nine-to-five job, so it is important to ensure that your DDoS prevention solution can automatically protect your web assets.”

Organisations are reminded to protect themselves from DDoS attacks on weekends and during popular times of year:

  • Conduct stress tests and web application audits with internal employees or with the help of outsourced specialists, to identify the weakest points in company infrastructure
  • Assign specialists responsible for maintaining web resources operations. Ensure they know how to act in case of DDoS attacks and are ready to respond outside of their scheduled working hours
  • Verify third-party agreements and contact information. This includes arrangements with an internet service provider, so that they can be quickly reached in case of an attack
  • Implement and configure DDoS-aware solutions well, to be on constant guard for attacks