DDoS Attacks More Frequent In Q4 2016
Analysing the activity of cyber criminals in the fourth quarter of last year, experts from Kaspersky Lab identified several new trends – methods are becoming more sophisticated, botnets use increasingly diverse devices, and the attackers manifest their skills by selecting bigger and more meaningful goals.
In the fourth quarter of 2016 the system, Kaspersky Lab’s system registered botnet-based DDoS attacks in 80 countries – for comparison, in the previous quarter, the number was 67. There have been changes in the top ten countries for the largest number of victims of such attacks: Germany and Canada replaced Italy and the Netherlands on the list. Three countries of Western Europe (the Netherlands, the United Kingdom and France) kept their place in the top ten with a second consecutive quarter for the largest number of servers used by cyber criminals to coordinated malicious actions. In the fourth quarter, they were joined by Bulgaria and Japan.
The longest DDoS attack in the fourth quarter lasted 292 hours (over 12 days), which was a record in 2016. Additionally, during the analysed period, an unprecedented number of DDoS attacks in one day occurred – 915 (5th of November). The end of 2016 was full of loud DDoS attacks on a wide range of targets, which included the company Dyn (DNS service provider), Deutsche Telekom and several large banks. These companies were among the first victims of the new trend – DDoS attacks carried out through massive botnets composed of vulnerable Internet of Things devices, botnet Mirai being an example. The approach adopted by the authors of this botnet was a model for many other complex networks of infected Internet of Things devices.
The growing number of attacks against Internet of Things devices is just one of the key trends observed in the fourth quarter. In the last three months of the year, there has been a major decrease in the number of DDoS attacks that cause an increase in traffic, which were popular in the first half of the year. This was the result of improved protection against such threats and fewer vulnerable servers available for cyber criminals. The gap created by these attacks is now filled by malicious activity on the level of applications, including WordPress Pingback attacks. Detecting this type of activities poses a much bigger challenge as they imitate actions performed by real users. The danger is additionally increased by the fact that such attacks often employ encryption, which significantly raises the effectiveness of cyber criminals.
Kaspersky Lab’s experts predict that the increasing complexity of DDoS attacks and the emergence of additional Internet of Things botnets are trends that will be crucial in 2017. This is further confirmed by the Kaspersky Lab’s experts, Kirill Ilganaev and Russ Madley:
“IoT devices have the potential to launch DDoS attacks of any complexity, including application layer and encrypted attacks. Given the effectiveness of IoT botnets, as well as the growing number of poorly protected IoT devices, we can reasonably predict an increase in the number of such attacks as well as their power and complexity. That means companies need to take care of their protection in advance and take a scrupulous approach to choosing their DDoS attack filtration service,” says Kirill Ilganaev, Head of Kaspersky DDoS Protection at Kaspersky Lab.
“Though attackers are widening their focus to include ever more prominent targets, small and medium sized businesses continue to be at great risk. SMBs and the channel cannot disregard the threat faced. DDoS attacks are now more readily available, easier to procure and more disruptive than ever before. We are working to help our channel partners prepare against this threat, both as a small business themselves as well as helping them educate and prepare their customers with easy to manage solutions,” comments Russ Madley, Head of B2B at Kaspersky Lab UK.
Want to learn more about protecting your IT networks? Click here to contact i2Biz specialists and get informed all about the latest security solutions.