The second quarter proved to be a busy one for distributed denial of service (DDoS) cybercriminals as botnets attacked online resources in 74 countries.
That’s according to Kaspersky Lab‘s Q2 2018 DDoS Intelligence Report, based on data from Kaspersky DDoS intelligence. It includes the company’s observations on botnet-assisted DDoS attacks; cybercriminals recalling old vulnerabilities, such as using cameras and printers for DDoS attacks; as well as the expansion of targets with gaming and cryptocurrency as a major focus.
Alexey Kiselev, project manager on the Kaspersky DDoS protection team, tells Channel Partners the report provides confirmation for the channel of the “relevance of DDoS attack problems with specific examples of whom, in which countries, and how often attackers target.” It identifies and provides awareness around the industries and countries in the zone of increased danger of DDoS attacks, he said.
“The resurgence of old vulnerabilities used by attackers was most surprising to us,” he said.
New botnets are causing more headaches for cybersecurity specialists, according to the report. A noteworthy case is the creation of a botnet formed from 50,000 surveillance cameras in Japan. And a serious danger is posed by a new strain of the Hide-n-Seek malware, which was the first of all known bots to withstand, under certain circumstances, a reboot of the device on which it had set up shop, it said.
Hide-n-Seek is yet to be used to carry out DDoS attacks, but experts don’t rule out such functionality being added at a later stage, since there aren’t that many options for monetizing the botnet, it said.
The United States was the third most attacked country, behind China and Hong Kong, according to Kaspersky.
The U.S. took the No. 1 spot on the list of countries hosting the most active command and control (C&C) servers, which are computers controlled by an attacker or cybercriminal and used to send commands to systems compromised by malware and receive stolen data from a target network. The U.S. accounted for nearly half of all active botnet C&C servers.
Activity by Windows-based DDoS botnets decreased while that of Linux-based botnets grew by 25 percent, according to the report. This resulted in Linux bots accounting for 95 percent of all DDoS attacks during the quarter, which also caused a sharp increase in the share of SYN flood attacks — up from 57 percent to 80 percent. Such attacks are designed to consume enough server resources to make the target system unresponsive to legitimate traffic.
During the reporting period, cybercriminal strategies evolved and delved deep into the past, according to Kaspersky. Attackers used some old vulnerabilities in their efforts; for example, experts reported DDoS attacks involving a vulnerability in the universal plug-and-play protocol known since 2001.
One of the most popular methods of monetizing DDoS attacks remains the targeting of cryptocurrencies and currency exchanges. In the second quarter, Verge cryptocurrency suffered an attack on some mining pools over the course of several hours, resulting in …