The second quarter of 2017 was evidence that the long-running DDoS attacks are back in action. The largest attack of the quarter was active for 277 hours (more than 11 days) – a size increased by 131% from the first quarter. This is a record size for the year so far, according to Kaspersky Lab's report on DDoS botnet attacks for the second quarter of 2017.
Duration was not the only characteristic of DDoS attacks between April and June. There is also a dramatic shift in the geography of incidents, with organizations with electronic resources in 86 countries attacked in the second quarter (compared to 72 countries in the first quarter). The top 10 most attacked countries were China, South Korea, the US, Hong Kong, the UK, Italy, the Netherlands, the Canada and France – with Italy and the Netherlands replacing Vietnam and Denmark.
DDoS targets included one of the largest news agencies, Al Jazeera, the Le Monde and Figaro newspaper websites and allegedly the Skype servers. In the second quarter of 2017, the increase in the proportions of cryptocurrencies has also led digital criminals to try to manipulate prices through DDoS. Bitfinex, Bitcoin's largest trading exchange, was attacked simultaneously with the start of trading with a new cryptocurrency, the so-called IOTA token. Earlier, the BTC-E exchange reported a slowdown due to a strong DDoS attack.
The interest of the organizers of cash DDoS attacks goes beyond manipulating the proportions of cryptocurrencies. Using this type of attack to extort money can be beneficial, as the Ransom DDoS or RDoS trend shows. Digital criminals usually send one message στο θύμα ζητώντας του λύτρα που κυμαίνονται από 5 έως 200 bitcoins. Εάν η εταιρεία αρνείται να πληρώσει, οι επιτιθέμενοι απειλούν να οργανώσουν μια επίθεση DDοS σε έναν κρίσιμο και σημαντικό διαδικτυακό πόρο του θύματος. Τέτοια messages they can be accompanied by short-lived DDoS attacks to confirm that the threats are indeed real. In late June, a long-running RDoS attack was carried out by the Armada Collective group, which demanded approximately $315.000 from seven South Korean banks.
However, there is always another way that has become more popular in the last three months - Ransom DDoS without any DDoS. Fraudsters send threatening messages to a large number of companies in the hope that someone will decide to be safe rather than regret it later. Attack demonstrations may never happen, but if only one company decides to pay, it will bring profit to digital criminals with little effort.
"Today, it's not just experienced hi-tech digital criminals who can attack with Ransom DDoS. Any fraudster who has neither the technical knowledge nor the ability to organize a full-scale DDoS attack can buy an attack demonstration for blackmail purposes. These people mostly choose companies that do not protect their resources from DDoS in any way and therefore can easily be persuaded to pay ransom with a simple demonstration, "comments Kirill Ilganaev, Head of Kaspersky DDoS Protection her Kaspersky Lab.
Kaspersky Lab experts warn that if a victim company decides to pay, it can cause long-term damage other than direct monetary losses. The reputation of the payer quickly spreads through the networks and can cause further attacks by other digital criminals.
Kaspersky DDoS Protection combines Kaspersky Lab's extensive expertise in combating digital threats with the unique developments within the company. The solution protects from all types attacks DDoS, regardless of their complexity, strength or duration.
* The DDoS Intelligence system (part of Kaspersky DDοS Protection) is designed to monitor and analyze commands sent to bots by command and control servers (C & C) and does not have to wait until the user's devices are "infected" or until execute digital criminals' data collection orders. It is important to note that DDoS Intelligence statistics are limited to botnets detected and analyzed by Kaspersky Lab.
