Botnets Causing More Headaches For Security Specialists

The United States was the third most attacked country, behind China and Hong Kong.

Edward Gately, Senior News Editor

July 25, 2018

4 Min Read
Botnet

The second quarter proved to be a busy one for distributed denial of service (DDoS) cybercriminals as botnets attacked online resources in 74 countries.

That’s according to Kaspersky Lab‘s Q2 2018 DDoS Intelligence Report, based on data from Kaspersky DDoS intelligence. It includes the company’s observations on botnet-assisted DDoS attacks; cybercriminals recalling old vulnerabilities, such as using cameras and printers for DDoS attacks; as well as the expansion of targets with gaming and cryptocurrency as a major focus.

Kiselev-Alexey_Kaspersky.jpg

Kaspersky’s Alexey Kiselev

Alexey Kiselev, project manager on the Kaspersky DDoS protection team, tells Channel Partners the report provides confirmation for the channel of the “relevance of DDoS attack problems with specific examples of whom, in which countries, and how often attackers target.” It identifies and provides awareness around the industries and countries in the zone of increased danger of DDoS attacks, he said.

“The resurgence of old vulnerabilities used by attackers was most surprising to us,” he said.

New botnets are causing more headaches for cybersecurity specialists, according to the report. A noteworthy case is the creation of a botnet formed from 50,000 surveillance cameras in Japan. And a serious danger is posed by a new strain of the Hide-n-Seek malware, which was the first of all known bots to withstand, under certain circumstances, a reboot of the device on which it had set up shop, it said.

Hide-n-Seek is yet to be used to carry out DDoS attacks, but experts don’t rule out such functionality being added at a later stage, since there aren’t that many options for monetizing the botnet, it said.

The United States was the third most attacked country, behind China and Hong Kong, according to Kaspersky.

The U.S. took the No. 1 spot on the list of countries hosting the most active command and control (C&C) servers, which are computers controlled by an attacker or cybercriminal and used to send commands to systems compromised by malware and receive stolen data from a target network. The U.S. accounted for nearly half of all active botnet C&C servers.

Activity by Windows-based DDoS botnets decreased while that of Linux-based botnets grew by 25 percent, according to the report. This resulted in Linux bots accounting for 95 percent of all DDoS attacks during the quarter, which also caused a sharp increase in the share of SYN flood attacks — up from 57 percent to 80 percent. Such attacks are designed to consume enough server resources to make the target system unresponsive to legitimate traffic.

During the reporting period, cybercriminal strategies evolved and delved deep into the past, according to Kaspersky. Attackers used some old vulnerabilities in their efforts; for example, experts reported DDoS attacks involving a vulnerability in the universal plug-and-play protocol known since 2001.

One of the most popular methods of monetizing DDoS attacks remains the targeting of cryptocurrencies and currency exchanges. In the second quarter, Verge cryptocurrency suffered an attack on some mining pools over the course of several hours, resulting in …

… $35 million being stolen in the ensuing confusion.

Along with cryptocurrency, gaming platforms continue to be a target as well, particularly during eSports tournaments. DDoS attacks affect not only game servers, which is often done to extort a ransom in return for not disrupting the competition, but also the gamers themselves who connect from their own platforms.

“There can be different motives for DDoS attacks – political or social protest, personal revenge, competition,” Kiselev said. “However, in most cases, they are used to make money, which is why cybercriminals usually attack those companies and services where big money is made. DDoS attacks can be used as a smokescreen to steal money or to demand a ransom for calling off an attack. The sums of money gained as a result of extortion or theft can amount to tens or hundreds of thousands and even millions of dollars. In that context, protection against DDoS attacks looks like a very good investment.”

Last month, a report by cloud delivery platform Akamai showed a 16 percent increase in total DDoS attacks this summer compared to last summer. The use of bots to abuse stolen credentials continues to be a major risk for internet-driven businesses, but the hospitality industry experiences many more credential abuse attacks than other sectors, it said.

Read more about:

Agents

About the Author

Edward Gately

Senior News Editor, Channel Futures

As senior news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like