Expect more DDoS attacks warns Kaspersky LabBy Staff Writer 31 August 2011 | Categories: news
Distributed denial-of-service (DDoS) attacks have long been used by cybercriminals resorting to blackmail and extortion. According to IT security firm Kaspersky Lab DDoS attacks are now increasingly being used as a form of protest against the activities of both governments and major corporations. Q2 of 2011 saw numerous DDoS attacks with a variety of motives, many of them significant enough to ensure they go down in the annals of cybercrimes.
DDoS attacks by country
According to the company’s statistics for Q2 2011, 89% of DDoS traffic was generated in 23 countries. The US and Indonesia topped the rating with each country accounting for 5% of all DDoS traffic. The US’s leading position is down to the large number of computers in the country, which makes for a highly attractive feature for botmasters.
Meanwhile, the large number of infected computers in Indonesia means it also ranks highly in the DDoS traffic rating. According to data from Kaspersky Security Network, Kaspersky Lab’s globally-distributed threat monitoring network, in Q2 2011 almost every second machine (48%) in Indonesia was subjected to a local malware infection attempt.
Distribution of attacked websites by online activity
In Q2, online shopping sites, including e-stores, auctions, and buy and sell message boards, were increasingly targeted by cybercriminals, with websites of this category accounting for a quarter of all attacks.
This is hardly surprising given that online shopping largely depends on a website’s availability, and each hour of downtime results in lost clients and lost profits. The websites of electronic trading platforms and banks occupy third and fourth places respectively.
Activity of DDoS botnets over time
Weekdays see the most active use of the internet as it is on these days that various web resources are most in demand and that DDoS attacks are likely to inflict the maximum amount of damage on websites.
Another important factor is that greater numbers of computers are switched on on weekdays, so there are more active bots. As a result, cybercriminal activity peaks from Monday to Thursday, with an average of 80% of all DDoS attacks taking place on these days. The most popular day is Tuesday with roughly 23% of the week’s DDoS attacks.
The most active hacker groups in the second quarter of 2011 were LulzSec and Anonymous. They organised DDoS attacks on government sites in the US, the UK, Spain, Turkey, Iran and several other countries. The hackers managed to temporarily bring down sites such as cia.gov (the US Central Intelligence Agency) and www.soca.gov.uk (the British Serious Organised Crime Agency (SOCA)).
One big corporation subjected to a major attack was Sony. At the end of March, Sony initiated legal action against several hackers accusing them of breaching the firmware of the popular PlayStation 3 console.
In protest at Sony’s pursuit of the hackers, Anonymous launched a DDoS attack that crippled the company’s playstationnetwork.com sites for some time. But this was just the tip of the iceberg. According to Sony, during the DDoS attack the servers of the PSN service were hacked and the data of 77 million users were stolen.
In April, a court in Dusseldorf handed down a sentence to a cybercriminal who tried to blackmail six German bookmakers during the 2010 World Cup. The court sentenced the cybercriminal to nearly three years in prison – the first time in German legal history that someone had been imprisoned for organising a DDoS attack. DDoS attacks are now classified by the country’s courts as computer sabotage and are punishable by up to 10 years in jail.
“Organisations rarely publicise the fact that they have been targeted by DDoS attacks in order to protect their reputation,” explains Yury Namestnikov, senior malware analyst, Global Research and Analysis Team at Kaspersky Lab.
“Cybercriminals, meanwhile, are increasingly using DDoS attacks as a diversionary tactic when launching more sophisticated attacks such as those on online banking systems. Complex attacks of this nature are particularly damaging in that they can cause significant losses for the financial institutions as well as their clients.”
More info is available in the full version of the article ‘DDoS attacks in Q2 2011’ by Yury Namestnikov from Kaspersky Lab’s site.
The quarter in figures:
· The longest DDoS attack in Q2 lasted 60 days, 1 hour, 21 minutes and 9 seconds
· The highest number of DDoS attacks against a single site in Q2 - 218
In related news Kaspersky Lab also recently delivered its latest monthly report (July 2011), about malicious activity on Kaspersky Lab product users’ computers and on the internet.
Most Read Articles
Have Your Say
What new tech or developments are you most anticipating this year?