Distributed denial-of-service attacks have long been used by cybercriminals resorting to blackmail and extortion. However, DDoS attacks are increasingly being used as a form of protest against the activities of both governments and major corporations. Q2 of 2011 saw numerous DDoS attacks with a variety of motives, many of them significant enough to ensure they go down in the annals of cybercrime.
The quarter in figures
- The longest DDoS attack in Q2 lasted 60 days, 1 hour, 21 minutes and 9 seconds
- The highest number of DDoS attacks against a single site in Q2: 218
DDoS attacks by country
According to our statistics for Q2 2011, 89% of DDoS traffic was generated in 23 countries. The US and Indonesia topped the rating with each country accounting for 5% of all DDoS traffic. The US’s leading position is down to the large number of computers in the country – a highly attractive feature for botmasters. Meanwhile, the large number of infected computers in Indonesia means it also ranks highly in the DDoS traffic rating. According to data from Kaspersky Security Network, Kaspersky Lab’s globally-distributed threat monitoring network, in Q2 2011 almost every second machine (48%) in Indonesia was subjected to a local malware infection attempt.
Distribution of attacked websites by online activity
In Q2, online shopping sites, including e-stores, auctions, and buy and sell message boards, were increasingly targeted by cybercriminals – websites of this category accounted for a quarter of all attacks. This is hardly surprising: online shopping largely depends on a website’s availability, and each hour of downtime results in lost clients and lost profits. The websites of electronic trading platforms and banks occupy third and fourth places respectively.
Activity of DDoS botnets over time
Weekdays see the most active use of the Internet. It is on these days that various web resources are most in demand and that DDoS attacks are likely to inflict the maximum amount of damage on websites. Another important factor is that greater numbers of computers are switched on on weekdays, so there are more active bots. As a result, cybercriminal activity peaks from Monday to Thursday – on these days an average of 80% of all DDoS attacks take place. The most popular day is Tuesday with roughly 23% of the week’s DDoS attacks.
The most active hacker groups in the second quarter of 2011 were LulzSec and Anonymous. They organized DDoS attacks on government sites in the US, the UK, Spain, Turkey, Iran and several other countries. The hackers managed to temporarily bring down sites such as cia.gov (the US Central Intelligence Agency) and www.soca.gov.uk (the British Serious Organized Crime Agency (SOCA)).
One big corporation subjected to a major attack was Sony. At the end of March, Sony initiated legal action against several hackers accusing them of breaching the firmware of the popular PlayStation 3 console. In protest at Sony’s pursuit of the hackers, Anonymous launched a DDoS attack that crippled the company’s PlayStationnetwork.com sites for some time. But this was just the tip of the iceberg. According to Sony, during the DDoS attack the servers of the PSN service were hacked and the data of 77 million users were stolen.
In April, a court in Dusseldorf handed down a sentence to a cybercriminal who tried to blackmail six German bookmakers during the 2010 World Cup. The court sentenced the cybercriminal to nearly three years in prison – the first time in German legal history that someone had been imprisoned for organizing a DDoS attack. DDoS attacks are now classified by the country’s courts as computer sabotage and are punishable by up to 10 years in jail.
“Organizations rarely publicize the fact that they have been targeted by DDoS attacks in order to protect their reputation. Cybercriminals, meanwhile, are increasingly using DDoS attacks as a diversionary tactic when launching more sophisticated attacks such as those on online banking systems. Complex attacks of this nature are particularly damaging in that they can cause significant losses for the financial institutions as well as their clients,” explains Yury Namestnikov, Senior Malware Analyst, Global Research and Analysis Team, Kaspersky Lab.
More information is available in the full version of the article ‘DDoS attacks in Q2 2011’ by Yury Namestnikov at: www.securelist.com.