January 28, 2016

Kaspersky Lab DDoS Intelligence Report Shows Decrease in Global Reach of Attacks, Increase in Sophistication

Kaspersky Lab DDoS Intelligence Report Shows Decrease in Global Reach of Attacks, Increase in Sophistication

Woburn, MA – January 28, 2016Kaspersky Lab has published its DDOS Intelligence Report for Q4 2015*. The reporting period was marked by a decrease in the number of countries where resources are targeted and by new attack channels used by cybercriminals to disable resources. The fourth quarter also saw the longest botnet-based DDoS attack in 2015, which lasted more than two weeks.

In Q4 2015, resources in 69 countries were targeted by botnet-assisted attacks (compared to 79 in Q3). Much like the previous quarter, the vast majority of attacks (94.9%) took place in just ten countries. There were some minor changes among the most-affected countries in Q4, but China, South Korea and the US remained in the top three.

The longest DDoS attack in Q4 lasted 371 hours (or 15.5 days) – a record for 2015. During the reporting period, cybercriminals launched attacks using bots from different families. In Q3, the proportion of such complex attacks was 0.7%, while in the final three months of the year it reached 2.5%. The popularity of Linux bots also continued to grow – from 45.6% to 54.8% of all DDoS attacks registered in Q4 2015.

Among other trends observed in Q4 were new channels for carrying out reflection DDoS attacks that exploit weaknesses in a third party’s configuration to amplify an attack. In particular, the fourth quarter saw cybercriminals send traffic to targeted sites via NetBIOS name servers, domain controller PRC services connected via a dynamic port, and to WD Sentinel licensing servers. The attackers also continued to use IoT devices – for example, researchers identified about 900 CCTV cameras around the world that formed a botnet used for DDoS attacks.

Kaspersky Lab experts also detected a new type of attack on web resources powered by the WordPress content management system (CMS). This involved JavaScript code being injected into the body of web resources that then addressed the target resource on behalf of the user's browser. The power of one such DDoS attack amounted to 400 Mbit/sec and lasted ten hours. The attackers used a compromised web application running WordPress, as well as an encrypted HTTPS connection to impede any traffic filtering that may be used by the owner of the resource.

"We can see that the complexity and the power of DDoS attacks have not diminished with time, even if the number of attacked resources has fallen. Unfortunately, DDoS remains a convenient and affordable tool for online crime because there are still software vulnerabilities that attackers can use to penetrate servers. There are also users who fail to protect their devices, increasing the chances of those devices being infected by bots. For our part, we are committed to providing businesses with information about the DDoS threat and promoting the fight against it, because DDoS is a threat that can and should be combated," said Evgeny Vigovsky, Head of Kaspersky DDoS Protection, Kaspersky Lab.

Kaspersky DDoS Protection harnesses Kaspersky Lab’s extensive experience in combating cyber threats. The solution protects against all types of DDoS attacks regardless of their complexity, power and duration. More information on the solution is available here.

*The Kaspersky DDoS Intelligence system (part of Kaspersky DDoS Protection) is designed to intercept and analyze commands sent to bots from command and control (C&C) servers, and does not have to wait until user devices are infected or cybercriminal commands are executed in order to gather data. It is important to note that DDoS Intelligence statistics are limited to those botnets that were detected and analyzed by Kaspersky Lab.


About Kaspersky Lab

Kaspersky Lab is a global cybersecurity company founded in 1997. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them.

Learn more at www.kaspersky.com.


For the latest in-depth information on security threat issues and trends, please visit:

Securelist | Information about Viruses, Hackers and Spam
Follow @Securelist on Twitter

Threatpost | The First Stop for Security News
Follow @Threatpost on Twitter

Media Contact
Stephen Russell

Articles related to Press Releases