Linux botnets are continuing to grow – accounting for 70 percent of attacks in Q3, compared to 51 percent in Q2, a new report found.
In addition, researchers continue to see an increase in the number of countries where resources have been targeted, with 98 countries subjected to distributed denial of service (DDoS) attacks, an increase from 86 countries in Q2, according to the Kaspersky Lab Q3 2017 DDoS Intelligence Report.
The top 10 most popular host countries for botnet command servers this quarter included Italy and the United Kingdom, displacing Canada and Germany. In both cases, China, South Korea and the United States, continued to top the leaderboards as the most popular countries for hosting inexpensive data centers.
Cases of blackmail involving DDoS attacks – or rather, attempts that aren’t always very well executed–have become more frequent. While in the previous companies preferred to pay off the attackers, mass mailings with threats are now often perceived as just another wave of spam.
Cybercriminal strategies have also changed over the last quarter to attacks that are more sophisticated. For example, in the third quarter, the WireX botnet that spread via legitimate Android apps was taken down, and ‘Pulse Wave’ technology, which increases the power of DDoS attacks using a vulnerability in hybrid and cloud technologies, ended up uncovered.
Kaspersky Lab researchers also saw a growing number of attacks on gaming and new financial services.
“Entertainment and financial services – businesses that are critically dependent on their continuous availability to users – have always been a favorite target for DDoS attacks,” said Kirill Ilganaev, head of Kaspersky DDoS protection at Kaspersky Lab. “For these services, the downtime caused by an attack can result not only in significant financial losses but also reputational risks that could result in an exodus of customers to competitors. It’s not surprising that gaming services with multi-million dollar turnovers attract the attention of criminals and that new types of financial sites have come under attack.
The following are key facts from the report:
• Resources in 98 countries were attacked in Q3 2017 vs. 86 in Q2 2017.
• As in Q2, around half of all attacks (51.56 percent) originated in China.
• China, the U.S., and South Korea remained leaders in terms of number of attacks and number of targets. According to the number of reported C&C servers, the same countries are make up the TOP 3, though South Korea claimed first place this time.
• The longest DDoS attack was 215 hours, a decrease of 28 percent compared to Q2. At the same time, the share of attacks that lasted less than 50 hours remained practically unchanged (99.6 percent in Q3 vs. 99.7 percent in Q2).
• As in the previous quarter, there was a considerable drop in the proportion of attacks over TCP (down to 11.2 percent from 28.2 percent) and ICPM (down to 7.1 percent from 9.42 percent). This caused a rise in the percentage of SYN floods and HTTP attacks.
• The proportion of Linux botnets continued to grow. Such botnets were responsible for 69.62 percent of attacks in Q3 compared to 51.23 percent in Q2.