News

Articles:

Report: Increase in botnet-assisted attacks

Report: Increase in botnet-assisted attacks, amplification attacks and multi-day DDoS attacks

A
distributed denial-of-service (DDoS) attack is an attack in which multiple
compromised computer systems attack a target, such as a server, website, system
or other network resource, causing a denial of service for users of
the targeted resource. Such attack typically floods the targeted servers,
systems or network to sabotage the victim. As the target system slows down or
even crashes, it stops legitimate users from using the system. These DDoS
attacks can be launched by a wide-range of cyber threat actors, ranging from
individual hackers, organised criminals to state actors.

Kaspersky Lab has recently
published
its report looking at botnet-assisted DDoS
attacks for the first quarter of 2018. Experts note an increase in activity by
both old and new botnets, growth in the popularity of amplification DDoS attacks
and the return of long-lasting, multi-day DDoS attacks.

The following are some of the key findings:

Asia-Pacific
is a targeted geography

In
the first quarter of 2018, DDoS botnets attacked online resources in 79
countries, with a vast majority of over 95% of these attacks occurred in the
top 10 countries. The countries experiencing the largest number of attacks were
once again China, the US and South Korea, which all continue to lead in terms
of the number of servers available to attackers. Meanwhile, Hong Kong and Japan
also replaced the Netherlands and Vietnam among the top 10 most targeted
countries.

Types and duration of DDoS attacks

The
report found that the share of SYN-DDOS attacks increased slightly from 55.6%
to 57.3%, while the share of ICMP attacks almost doubled from 3.4% to 6.1%.

Distribution of DDoS attacks by type, Q1 2018

It
was also found that after some respite at the end of 2017, sustained attacks
returned, with the longest one lasted for 297 hours, or over 12 days. The share
of all other sustained attacks of 50 hours or more increased by more than six
times to 0.63%.

At
the other end of the spectrum, the share of the shortest attacks of 9 hours or
less also grew, accounting for over 91% of all attacks in the first quarter of
2018.

Meanwhile,
the number of attacks lasting between 10 hours and three days in the latest
quarter almost halved from 14.9% to 7.8%.

Distribution of DDoS attacks by duration (hours), Q4 2017 and Q1 2018

According
to the report, in first quarter of this year saw a significant increase in both
the total number and duration of DDoS attacks against the last quarter of 2017.
The hike is largely due to the new Linux-based botnets Darkai (a Mirai clone)
and AESDDoS.

The
number of now-familiar Xor attacks also rose. Neither did Windows-based botnets
remain idle, making some headway against Linux in the total number of attacks. The
share of Linux botnets last quarter fell slightly compared to the end of 2017,
down to 66% from 71%, while the share of Windows-based botnets climbed from 29%
to 34%. The old Yoyo botnet was particularly lively, almost five times as
active.

‍Correlation between Windows- and Linux-based botnet attacks, Q1 2018

What organisations can do to boost their
DDoS defence

"Exploiting vulnerabilities is a favourite
tool for cybercriminals whose business is the creation of DDoS botnets.
However, as the first few months of the year have shown, it’s not only the
victims of DDoS attacks that are affected, but also those companies with
infrastructure that includes vulnerable objects. The events of the first
quarter reaffirm a simple truth: the platform that any company uses to
implement multi-layered online security must include regular patching of
vulnerabilities and permanent protection against DDoS attacks,” comments
Mr Alexey Kiselev, Project Manager on the Kaspersky DDoS Protection team.

As botnet attacks evolve, cybersecurity defence
must be updated too. Kaspersky
DDoS Protection
 combines Kaspersky Lab’s extensive expertise in combating
cyberthreats and the company’s unique in-house developments. The solution
protects against all types of DDoS attacks regardless of their complexity,
strength or duration. To reduce the risk of vulnerabilities being used by
cybercriminals for DDoS attacks, Kaspersky
Endpoint Security for Business
 provides a vulnerability and
patch management component. It allows businesses to automatically eliminate
vulnerabilities in infrastructure software, proactively patch them, and
download software updates.

Is your organisation getting the protection it deserves? Download white paper here to find out more.

0 Shares