Kaspersky Lab has published its DDoS Intelligence* report for the third quarter of 2017. In addition to the development of trends observed in previous reporting periods, such as botnets shifting from computers to other form factors, the preference for complex DDoS attacks instead of large-scale onslaughts, the increasing role of Linux botnets and so on, Q3 also saw an increase in the number of countries where resources are targeted, as well as a growing number of attacks on gaming and new financial services (such as ICOs).
Resources in 98 countries were subjected to DDoS attacks in the third quarter, according to Kaspersky Lab experts, whereas the geography of attacks was limited to 86 countries in the previous reporting period. There were also changes to the top 10 countries in terms of number of targets: Russia moved up from seventh to fourth place, while France and Germany replaced Australia and Italy. Meanwhile, the top 10 most popular host countries for botnet command servers this quarter included Italy and the United Kingdom, displacing Canada and Germany. In both cases, China, South Korea and the United States, as the most popular countries for hosting inexpensive data centers, continued to top the leaderboards.
The share of Linux botnets is still growing: they accounted for 70% of attacks in the last quarter (vs. 51% in the preceding quarter). The percentage of complex attacks such as SYN and HTTP-DDoS is also increasing, while the proportion of other methods is falling accordingly. In addition, Q3 saw a significant increase in the number of mixed attacks, in which criminals used multiple methods simultaneously.
The transition by cybercriminals to more sophisticated attacks has also been observed in their chosen methods: for example, in the third quarter, the WireX botnet that spread via legitimate Android apps was taken down, and ‘Pulse Wave’ technology, which increases the power of DDoS attacks using a vulnerability in hybrid and cloud technologies, was laid bare.
Also of interest is the variety of DDoS attack victims during the reporting period. In particular, many gaming services, such as Final Fantasy, Blizzard Entertainment, American Cardroom and the UK National Lottery were affected. Kaspersky Lab experts noted an increase in the number of DDoS attacks targeting platforms conducting initial coin offerings (ICOs) – an initial deployment of tokens using blockchain technology. Such DDoS attacks are aimed at either discrediting these services or, worse, serving as a distracting maneuver during ordinary theft.
"Entertainment and financial services – businesses that are critically dependent on their continuous availability to users – have always been a favorite target for DDoS attacks. For them, the downtime caused by an attack can result not only in significant financial losses but also reputational risks that could result in an exodus of customers to competitors. It’s not surprising that gaming services with multi-million turnovers attract the attention of criminals and that new types of financial sites have come under attack. What is surprising, however, is that many companies still don’t pay enough attention to professional protection against DDoS attacks. The recommended approach for these companies is to delegate protection from DDoS attacks to a reliable supplier with deep knowledge of cyberthreats and the methods of combating them, and to reassign the IT resources that are freed up to the development of the business,” commented Kirill Ilganaev, Head of Kaspersky DDoS Protection at Kaspersky Lab.
Kaspersky DDoS Protection combines Kaspersky Lab’s extensive expertise in combating cyber threats and the company’s unique in-house developments. The solution protects against all types of DDoS attacks regardless of their complexity, strength or duration.
*The DDoS Intelligence system (part of Kaspersky DDoS Protection) is designed to intercept and analyze commands sent to bots from command and control (C&C) servers, and does not have to wait until user devices are infected or cybercriminal commands are executed in order to gather data. It is important to note that DDoS Intelligence statistics are limited to those botnets that were detected and analyzed by Kaspersky Lab.