Blog        Forum        Spam        Check & Secure                      
Articles > Botnet-assisted attacks in Q1 2015

Botnet-assisted attacks in Q1 2015

Overview

Kaspersky Lab has published a report detailing botnet based distributed denial-of-service (DDoS) attacks launch by malicious actors in the first quarter of 2015.

A DDoS (Distributed Denial of Service) attack is one of the techniques mostly often used by cybercriminals. It is intended to reduce an information system, typically a website, to a state where it cannot be accessed by legitimate users. One popular DDoS scenario is a botnet-assisted attack.

The Internet continues to grow exponentially in both number of users and bandwidth capacity to those users. There is also a new type of ‘user’ on the Internet – the ‘smart device’. Thus, in the future we may see all sorts of Internet-connected devices increasingly involved in botnet-assisted DDoS attacks as PCs become less interesting to attackers. We will see DDoS attacks grow in size, compute capacity, targets and intensity – causing major disruptions to Internet access services.

Main findings

Kaspersky Lab analyzed the botnet-powered DDoS attacks using data from its DDoS Intelligence system, which focuses on commands received by botnets from command and control (C&C) servers. The system does not require the presence of a bot on a victim device, nor the command execution from the C&C server.

Thus, Kaspersky has determined that the number of DDoS attacks reported in the first quarter (Q1) of 2015 (23,095) is lower by 11% compared to the last quarter of 2014 (25,929). The number of unique victims in Q1 2015 was 12,281, which is 8% lower compared to the previous quarter.

When it comes to geographic distribution of the victims, the security firm found that DDoS attacks targeted web resources in 76 countries, the most affected being China, the United States and Canada.

In terms of length, the most prolonged DDoS attack of the first three months of 2015 lasted about 6 days, but most of the operations lasted for less than 24 hours. The most frequently attacked resource faced 21 attacks within the 3 months.

As for the type of junk data used in the attacks, it seems that SYN DDoS was the popular method of performing DDoS in Q1 2015. TCP DDoS attacks were followed by HTTP DDoS in second place.

The largest number of C&C servers was spotted by Kaspersky in the US, China and the UK, but the researchers noted that the location of these servers is not usually related to the physical location of attackers or the geographical distribution of botnets they control.

Also, Kaspersky reported that the number of attacks that originated from Linux machines was higher compared with attacks launched from Windows devices, despite the fact that Linux-based botnets are far fewer. It seems that hackers prefer to compromise Linux servers as they allow them to launch more powerful DDoS attacks.

Conclusion

From the Kaspersky report, it reveals that the number of botnet-assisted DDoS attacks has declined in Q1 2015 compared to Q4 2014 (so has the number victims of these attacks). At the same time, this type of threat has grown to target more countries (76).

Historically, most attacks target web resources located in the USA and China, as these two countries offer the cheapest prices for web hosting, and many web resources are located there. However, the 10 most frequently attacked targets also include victims from Europe and the APAC region. These statistics demonstrate that botnet-assisted DDoS attacks are relevant for most diverse web resources irrespective of their geographic location. Moreover, this threat is increasingly expanding its boundaries.

References

Regarding the security of your computer please consider the following basic rules:

  1. Check your computer for infection.
  2. Install current Service Packs and Security Updates for your system. Activate automatic updates.
  3. Check your internet browser and the embedded plugins (e.g. Java, Flash, Shockwave, Quicktime) regularly for Actuality.
  4. Install a virus scanner and update it regularly.
  5. Use a Firewall e.g. Windows built-in Firewall or a Router.

Good to know

Inform
Find out what botnets are, the damage they cause, and how they threaten the data on your computer.

Clean
Here you can find small programs and tutorials which enable you to remove a botnet infection from your computer.

Protect
In this section you will find many tips on how to protect your computer from infection.

Copyright © 2014-2015 CERT-RO. All rights reserved.