The second quarter of 2017 was proof that the long-running DDoS attacks were back in action. The largest attack of the quarter was active for 277 hours (more than 11 days) – a size increased by 131% from the first quarter. This is a record size for the year so far, as reported by the report of Kaspersky Lab experts on DDoS botnet attacks for the second quarter of 2017.
Duration was not the only characteristic of DDoS attacks between April and June. There is also a dramatic change in the geography of incidents, with organizations with electronic resources attacked in 86 countries in the second quarter. countries (compared to 72 countries in the first quarter). The top 10 most attacked countries were China, South Korea, the US, Hong Kong, the UK, Italy, the Netherlands, Canada and France – with Italy and the Netherlands replacing Vietnam and Denmark.
The targets of the DDoS attacks included one of the largest news agencies, Al Jazeera, the websites of Le Monde and Figaro newspapers and, according to claims, Skype servers. During the second quarter of 2017, the rise in the proportions of cryptocurrencies also led to digital criminals trying to manipulate prices through DDoS. Bitfinex, the largest Bitcoin trading exchange, was attacked at the same time it started trading with a new one cryptocurrency, the so-called IOTA token. Earlier, the BTC-E exchange reported a slowdown due to a strong DDoS attack.
The interest of organizers of DDoS attacks in cash goes beyond the handling of proportions of cryptocurrencies. The use of this type of attack to distribute money may be beneficial, as shown by the Ransom DDoS or RDoS trend. Digital criminals usually send a message to the victim asking for a ransom ranging from 5 to 200 bitcoins. If the company refuses to pay, the attackers threaten to organize a DDoS attack on a critical and important online resource of the victim. Such messages can be accompanied by short-term DDoS attacks to confirm that the threats are actually real. At the end of June, a long-standing RDoS attack was carried out by the Armada Group, which claimed around 315.000 dollars from seven South Korean banks.
However, there is always another way that has become more popular in the last three months - Ransom DDoS without any DDoS. Fraudsters send threatening messages to a large number of companies in the hope that someone will decide to be safe rather than regret it later. Attack demonstrations may never happen, but if only one company decides to pay, it will bring profit to digital criminals with little effort.
"Today, it's not just experienced hi-tech digital criminals who can attack with Ransom DDoS. Any fraudster who has neither the technical knowledge nor the ability to organize a full-scale DDoS attack can buy an attack demonstration for blackmail purposes. These people mostly choose companies that do not protect their resources from DDoS in any way and therefore can easily be persuaded to pay ransom with a simple demonstration, "comments Kirill Ilganaev, Head of Kaspersky DDoS Protection her Kaspersky Lab.
Kaspersky Lab experts warn that if a victim company decides to pay, it can cause long-term damage other than direct monetary losses. The reputation of the payer quickly spreads through the networks and can cause further attacks by other digital criminals.
Kaspersky DDoS Protection combines Kaspersky Lab's extensive expertise in combating digital threats with the unique developments within the company. The solution protects from all types attacks DDoS, regardless of their complexity, strength or duration.
*The DDoS Intelligence system (part of Kaspersky DDoS Protection) is designed to monitor and analyze commands sent to bots by command and control servers (C & C) και δεν χρειάζεται να περιμένει μέχρι να «μολυνθούν» οι συσκευές του χρήστη ή μέχρι να εκτελεστούν οι εντολές collections data of digital criminals. It is important to note that DDoS Intelligence statistics are limited to botnets detected and analyzed by Kaspersky Lab.
