Botnet DDoS Attacks More Sophisticated Than Ever



A new report by security firm Kaspersky Lab has revealed that as many as 67 countries’ resources and installations have been targeted by botnet-based DDoS attacks, in Q3 2016 alone.

The world received a rude jolt of the increasing threat of cyberattacks when DNS provider Dyn was targeted in an unprecedented DDoS attack in October 2016. That cyberattack was caused from a botnet that included IoT (Internet of Things) devices like surveillance cameras and routers. Suffice to say, the DNS blackout was undoubtedly the most notable DDoS-induced disruption in a growing trend of botnet-assisted DDoS attacks.

A new report by Kaspersky Lab has now revealed that servers used for such attacks have seen a considerable increase. So too, has the number of sophisticated DDoS attacks emanating from encrypted traffic.

A staggering majority of the targeted resources (62.6%) by botnet DDoS attacks were located in China, in a continuing trend. China, the United States and South Korea, in that order, see the unfortunate distinction of leading the charts in both – the number of DDoS attacks and the number of targets. While China and South Korea saw the number of victims decrease, the number of attacks on resources located in the U.S., Russia and Japan has increased.

Still, despite the decrease in the total number of attacks registered, China remains the country with the most targeted sources. One particularly popular Chinese search engine saw 19 mammoth botnet-DDoS attacks while one Chinese internet provider bore the brunt of the longest attack in the entire quarter, clocking a total of 184 long hours. That’s over a week of one sustained DDoS attack!

The report also revealed another notable takeaway, with Linux botnets increasing even further, with 78.9% of all detected attacks in Q3 2016 stemming from Linux botnets.

“Smart” Attacks on the Rise

Attacks using encryption of transmitted data, typically known as “smart” attacks have also grown in number. A smart-attack usually targets parts of the website that are heavy on scripts, leading to an increased load when compared to other parts of the website. For instance, a smart attack would typically target a relatively small number of queries toward a search form, with an encrypted connection. Since the attack uses low intensity encrypted traffic, they usually escape the mitigation filters employed by specialized DDoS protection providers.

Elaborating on these attacks, Kirill IIganaev, head of Kaspersky DDoS protection stated:

This method is growing in popularity because amplification attacks are becoming more complicated and inefficient for cybercriminals.

Furthermore, IIGanaev points to the concentrated effort in moving websites away from the traditional HTTP protocol to a more secure, encrypted connection standard like HTTPS.

He added:

All this suggests that the number of encryption-based attacks will only grow, meaning developers have to immediately start revising their anti-DDoS protection measures, and owners of web resources need to take a responsible approach to choosing a security solution.

Image from Shutterstock.

Samburaj is the contributing editor at Hacked and keeps tabs on science, technology and cyber security.