Kaspersky Lab has published report on DDoS attacks in the fourth quarter of 2015 *. The reporting period was characterized by new offensive channels, which were used by digital criminals to disable resources. Also this quarter was characterized by the longest DDoS-based botnet attack for 2015, which lasted more than two weeks.
During the fourth quarter of 2015, resources in 69 countries were targeted by botnet-assisted attacks. The vast majority of episodes (94,9%) took place in 10 countries. China, South Korea and the US remained the most affected countries.
In the same quarter, the largest DDoS attack lasted 371 hours (or 15,5 days), recording a record time for 2015. During the reporting period, digital criminals attacked using bots from different families. In the third quarter, the rate of such complex attacks was 0,7%, while in the last three months of 2015 the 2,5% was reached. The popularity of Linux bots continued to increase by touching 54.8% (from 45,6%) of all DDoS attacks recorded in the fourth quarter of 2015.
Trends observed during the same period were also the new channels for DDoS to reflect, reflecting weaknesses in third-party settings to bolster the attack. In particular, the fourth quarter identified digital criminals who they sent traffic to targeted sites via NetBIOS name servers, PRC domain controller services connected via a dynamic port, as well as to a WD Sentinel server. Also, attackers continued to use IoT devices. For example, researchers they identified about 900 closed circuit cameras (CCTV), which formed a botnet used for DDoS attacks.
Kaspersky Lab experts also identified a new type of attack on Internet resources, powered by WordPress's content management system (CMS). This included incorporating JavaScript code into the body of online resources. This code then identified the target resource for the user's browser. The power of such a DDoS attack was 400 Mbit / sec, with the duration of 10 hours. Attackers used a malicious WordPress web application, as well as an encrypted HTTPS connection, to prevent any filtering of the traffic that could be used by the resource owner.
“Unfortunately, DDoS attacks remain a convenient and accessible tool for cybercrime because there are still software vulnerabilities that attackers can use to infiltrate servers. There are also, users who are unable to protect their devices, thus increasing the chances of being "infected" by bots. We, for our part, are committed to providing businesses with information about DDoS attacks, but also to advancing the fight against them, as DDoS attacks are a threat that can and must be fought.” commented Evgeny Vigovsky, Head of Kaspersky Lab's Kaspersky DdoS Protection.
The solution Kaspersky DDoS Protection combines Kaspersky Lab's extensive experience in combating digital threats and the unique technologies developed by company internally. The solution offers security against any type of DDoS attacks, regardless of their complexity, strength and duration.
* Tο σύστημα Kaspersky DDοS Intelligence (μέρος του Kaspersky DDοS Protection) έχει σχεδιαστεί για να εμποδίζει και να αναλύει τις εντολές που στέλνονται στα bots από τους command and control (C&C) servers,while it does not need to wait until users' devices are "infected" or the cybercriminals' commands are executed to gather data. It is noted that system statistics are limited to botnets detected and analyzed by Kaspersky Lab.
