Linux botnets, number of countries facing DDoS attacks up in Q3: Kaspersky

The share of Linux botnets is continuing to grow, accounting for 70% of attacks in the third quarter of the year from 51% in Q2, according to cybersecurity company Kaspersky’s Q3 2017 DDoS Intelligence Report.

Experts also continue to see an increase in the number of countries where resources have been targetted, with 98 countries subjected to DDoS – distributed denial of service – attacks, an increase from 86 countries in the second quarter, Kaspersky said in a press release last week, when the report was released.

According to Kaspersky’s website, DDoS attacks take advantage of the specific capacity limits that apply to any network resources, such as the infrastructure that enables a company’s website. The DDoS attack will send multiple requests to the attacked web resource, with the aim of exceeding the website’s capacity to handle multiple requests and prevent the site from functioning correctly. Kaspersky reports that botnets involve cybercriminals using special Trojan viruses to breach the security of several users’ computers, take control of each computer and organize all of the infected machines into a network of ‘bots’ that the criminal can remotely manage.

In terms of number of targets, Russia moved from seventh of top 10 countries attacked to fourth place. The top 10 most popular host countries for botnet command servers this quarter included Italy and the United Kingdom, displacing Canada and Germany. In both cases, China, South Korea and the United States continued to top the leaderboards as the most popular countries for hosting inexpensive data centres, with about half (51.56%) of all attacks originating in China.

Cybercriminal strategies have also changed over the last quarter to more sophisticated attacks, Kaspersky noted in the release. For example, in the third quarter, the WireX botnet that spread via legitimate Android apps was taken down, and ‘Pulse Wave’ technology, which increases the power of DDoS attacks using a vulnerability in hybrid and cloud technologies, was revealed. Also noted in the report is an increase in the number of mixed attacks, in which criminals used multiple methods simultaneously.

Kaspersky Lab experts saw a growing number of attacks on gaming and new financial services, the latter of which included initial coin offerings – an initial deployment of tokens using blockchain technology. Such DDoS attacks are aimed at either discrediting these services, or worse, serving as a distracting maneuver during ordinary theft, the release said.

“Entertainment and financial services – businesses that are critically dependent on their continuous availability to users – have always been a favorite target for DDoS attacks,” said Kirill Ilganaev, head of Kaspersky DDoS protection at Kaspersky Lab. “For these services, the downtime caused by an attack can result not only in significant financial losses but also reputational risks that could result in an exodus of customers to competitors. It’s not surprising that gaming services with multi-million dollar turnovers attract the attention of criminals and that new types of financial sites have come under attack. What is surprising, however, is that many companies still don’t pay enough attention to professional protection against DDoS attacks.”

Ilganaev said that the recommended approach for these companies is to delegate protection from DDoS attacks to a reliable supplier with deep knowledge of cyberthreats and the methods of combating them, and to reassign the IT resources that are freed up to the development of the business.