Dubai: Cybercriminals have found new attack channels to disable resources in the fourth quarter of last year and during the period saw the longest botnet-based distributed denial of service (DDoS) attack in 2015, which lasted more than two weeks.
DDoS attack means an attacker sends too much traffic to a server beyond it can handle and the server goes offline.
According to Kaspersky Lab, 69 countries were targeted by botnet-assisted attacks and the vast majority of attacks (94.9 per cent) took place in just 10 countries. China, South Korea and the US remained the worst-affected countries.
The longest DDoS attack during the quarter lasted 371 hours (or 15.5 days) — a record for 2015. During the reporting period cybercriminals launched attacks using bots from different families.
In the third quarter, the proportion of such complex attacks was 0.7 per cent, while in the final three months of the year it reached 2.5 per cent. The popularity of Linux bots also continued to grow — from 45.6 per cent to 54.8 per cent of all DDoS attacks registered in the fourth quarter.
“Unfortunately, DDoS remains a convenient and affordable tool for online crime because there are still software vulnerabilities that attackers can use to penetrate servers. There are also users who fail to protect their devices, increasing the chances of those devices being infected by bots.
“For our part, we are committed to providing businesses with information about the DDoS attacks and promoting the fight against it, because DDoS is a threat that can and should be combated,” said Evgeny Vigovsky, Head of Kaspersky DDoS Protection at Kaspersky Lab.
Kaspersky Lab experts also detected a new type of attack on web resources powered by the WordPress content management system (CMS). This involved JavaScript code being injected into the body of web resources that then addressed the target resource on behalf of the user’s browser.
The power of one such DDoS attack amounted to 400 Mbit/sec and lasted 10 hours. The attackers used a compromised web application running WordPress, as well as an encrypted HTTPS connection to impede any traffic filtering that may be used by the owner of the resource.
Among other trends observed in Q4 were new channels for carrying out reflection DDoS attacks that exploit weaknesses in a third party’s configuration to amplify an attack. In particular, the fourth quarter saw cybercriminals send traffic to targeted sites via NetBIOS name servers, domain controller RPC services connected via a dynamic port, and to WD Sentinel licensing servers.
The attackers also continued to use IoT devices — for example, researchers identified about 900 CCTV cameras around the world that formed a botnet used for DDoS attacks.
