August 1, 2016

Botnet DDoS Attacks in Q2: Linux Botnets on the Rise, Length of Attacks Increase

Kaspersky Lab has published its report on botnet-assisted DDoS attacks for Q2 2016 based on data provided by Kaspersky DDoS Intelligence.

Woburn, MA – August 1, 2016 –Kaspersky Lab has published its report on botnet-assisted DDoS attacks for Q2 2016 based on data provided by Kaspersky DDoS Intelligence*. The new data shows that the number of attacks on resources located on Chinese servers grew considerably, while Brazil, Italy and Israel all appeared among the leading countries hosting Command and Control (C&C) servers.

During the reporting period, DDoS attacks affected resources in 70 countries, with targets in China suffering the most (77 percent of all attacks). Germany and Canada both dropped out of the top 10 rating of the most targeted countries, replaced by France and the Netherlands.

South Korea remained the clear leader in terms of the number of C&C servers located on its territory, with its share amounting to 70 percent. This top 10 ranking also included Brazil, Italy and Israel: the amount of active C&C servers hosted in these countries nearly tripled.

The reporting period also saw an increase in the duration of DDoS attacks. While the proportion of attacks that lasted up to four hours fell from 68 percent in Q1 to 60 percent in Q2, the proportion of longer attacks grew considerably – those lasting 20-49 hours accounted for nine percent (four percent in Q1) and those lasting 50-99 hours accounted for four percent (one percent in Q1). The longest DDoS attack in Q2 2016 lasted 291 hours (12 days), a significant increase on the Q1 maximum of eight days.

The number of DDoS attacks has continued to grow steadily in the second quarter of this year. Although SYN DDoS, TCP DDoS and HTTP DDoS remained the most common attack scenarios, the proportion of attacks using the SYN DDoS method increased 1.4 times compared to the previous quarter and accounted for 76 percent. This was largely down to the fact that the share of attacks from Linux botnets almost doubled (to 70 percent) – namely Linux bots are the most effective tool for SYN-DDoS. This was the first time Kaspersky DDoS Intelligence registered such an imbalance between the activities of Linux- and Windows-based DDoS bots.

“Linux servers often contain common vulnerabilities but no protection from a reliable security solution, making them prone to bot infections,” said Oleg Kupreev, Lead Malware Analyst at Kaspersky Lab. “These factors make them a convenient tool for botnet owners. Attacks carried out by Linux-based bots are simple but effective; they can last for weeks, while the owner of the server has no idea it is the source of an attack. Moreover, by using a single server, cybercriminals can carry out an attack equal in strength to hundreds of individual computers. That’s why companies need to be prepared in advance for such a scenario, ensuring reliable protection against DDoS attacks of any complexity and duration.”

Kaspersky DDoS Protection combines Kaspersky Lab’s extensive expertise in combating cyber threats and the company’s unique in-house developments. The solution protects against all types of DDoS attacks regardless of their complexity, strength, or duration. You can learn more about the solution here.

*The DDoS Intelligence system (part of Kaspersky DDoS Protection) is designed to intercept and analyze commands sent to bots from command and control (C&C) servers, and does not have to wait until user devices are infected or cybercriminal commands are executed in order to gather data. It is important to note that DDoS Intelligence statistics are limited to those botnets that were detected and analyzed by Kaspersky Lab.

About Kaspersky Lab

Kaspersky Lab is a global cybersecurity company founded in 1997. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them.

Learn more at www.kaspersky.com.

For the latest in-depth information on security threat issues and trends, please visit:
Securelist | Information about Viruses, Hackers and Spam
Follow @Securelist on Twitter

Threatpost | The First Stop for Security News
Follow @Threatpost on Twitter

Media Contact:
Denise Bertrand
781.503.1836
denise.bertrand@kaspersky.com