Kaspersky Lab has published report on DDoS attacks in the fourth quarter of 2015 *. The reporting period was characterized by new offensive channels, which were used by digital criminals to disable resources. Also this quarter was characterized by the longest DDoS-based botnet attack for 2015, which lasted more than two weeks.
During the fourth quarter of 2015, resources in 69 countries αποτέλεσαν στόχο υποβοηθούμενων από botnet attacks. The vast majority of episodes (94,9%) took place in 10 countries. China, South Korea and the US remained the most affected countries.
In the same quarter, the largest DDoS attack lasted 371 hours (or 15,5 days), recording a record time for 2015. During the reporting period, digital criminals attacked using bots from different families. In the third quarter, the rate of such complex attacks was 0,7%, while in the last three months of 2015 the 2,5% was reached. The popularity of Linux bots continued to increase by touching 54.8% (from 45,6%) of all DDoS attacks recorded in the fourth quarter of 2015.
Trends observed during the same period were also the new channels for DDoS to reflect, reflecting weaknesses in third-party settings to bolster the attack. In particular, the fourth quarter identified digital criminals who they sent traffic to targeted sites via NetBIOS name server, PRC domain controller services connected via a dynamic port, and to a WD Sentinel server. Also, the attackers continued to use IoT devices. For example, researchers found about 900 closed circuit cameras (CCTV), which formed a botnet used for DDoS attacks.
Kaspersky Lab experts also detected a new type of attack on online resources, which was powered by the content management system (CMS) of WordPress. This included embedding JavaScript code into the body of online resources. This code then locates the target resource on behalf of the user's browser. The power of such a DDoS attack reached 400 Mbit/sec, while its duration reached 10 hours. The attackers were using a compromised internet application that was "running" WordPress, as well as an encrypted HTTPS connection, to prevent any traffic filtering that could be used by the resource owner.
“Unfortunately, DDoS attacks remain a convenient and accessible tool for cybercrime because there are still software vulnerabilities that attackers can use to infiltrate servers. There are also users who fail to protect their devices, thus increasing the chances of being "infected" by bots. We, on our part, are committed to providing the businesses information about DDoS attacks, but also to promote the fight against them, as DDoS attacks are a threat that can and must be fought." commented Evgeny Vigovsky, Head of Kaspersky Lab's Kaspersky DdoS Protection.
The solution Kaspersky DDoS Protection combines Kaspersky Lab's extensive experience in combating digital threats and the unique technologies that the company has developed in-house. The solution offers better safety against any type of DDoS attacks, regardless of their complexity, strength and duration.
* The Kaspersky DDοS Intelligence system (part of Kaspersky DDοS Protection) is designed to block and analyze commands sent to bots by command and control (C&C) servers, and there is no need to wait until their devices are "infected" users or execute the orders of digital criminals to collect data. It is noted that the system statistics are limited to botnets that were detected and analyzed by Kaspersky Lab.
