Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Number of Botnet-Powered DDoS Attacks Dropped in Q1: Kaspersky

Kaspersky Lab has published a report detailing the botnet-assisted distributed denial-of-service (DDoS) attacks launched by malicious actors in the first quarter of 2015.

Kaspersky Lab has published a report detailing the botnet-assisted distributed denial-of-service (DDoS) attacks launched by malicious actors in the first quarter of 2015.

A report published by IBM in March revealed that DDoS attacks were among the most common types of cyberattacks last year. These incidents are closely monitored by companies that provide DDoS protection services, such as Akamai’s Prolexic and Corero. The reports from such companies detail DDoS trends based on the attacks launched against their customers.

Kaspersky Lab has taken a different approach. The security firm has analyzed botnet-powered attacks by using data from its DDoS Intelligence system, which focuses on the commands that arrive to botnets from command and control (C&C) servers. The system doesn’t require the presence of a bot on a victim device, or the execution of commands from the C&C server.

Kaspersky has determined that the number of DDoS attacks reported in the first quarter of 2015 (23,095) is lower by 11 percent compared to the fourth quarter of 2014 (25,929). The number of unique victims was 12,281 in Q1, which is 8 percent lower compared to the previous quarter.

It’s worth noting that Kaspersky classifies a single attack as an incident in which a web resource was targeted with botnet activity breaks lasting less than 24 hours. The same botnet attacking the same resource after a 24-hour break is viewed as a separate attack. Two botnets targeting the same resource are regarded as individual attacks.

When it comes to the geographical distribution of victims, the security firm found that DDoS attacks targeted resources located in 76 countries, the most affected being China, the United States, and Canada.

“Historically, most attacks target web resources located in the USA and China, as these two countries offer the cheapest prices for web hosting, and many web resources are located there. However, the 10 most frequently attacked targets also include victims from Europe and the APAC region,” Kaspersky said in its report. “These statistics demonstrate that botnet-assisted DDoS attacks are relevant for most diverse web resources irrespective of their geographic location. Moreover, this threat is increasingly expanding its boundaries.”

As for duration, the longest attack in the first three months of 2015 lasted for roughly 6 days, but most of the operations lasted for less than 24 hours. In comparison, in the fourth quarter of 2014, some attacks lasted as much as two weeks, Kaspersky said.

Advertisement. Scroll to continue reading.

The largest number of C&C servers were spotted by Kaspersky in the US, China and the UK, but researchers noted that the location of these servers is not usually related to the physical location of the attackers, or the geographical distribution of the botnets they control.

The security firm also reported that the number of attacks from Linux machines was higher compared to attacks from Windows devices, despite the fact that Linux-based botnets are far fewer. Malicious actors often abuse Linux servers for DDoS because they allow them to launch more powerful attacks.

“Besides, Linux-based botnets have much longer lives than Window-based botnets do. This is because Linux-based botnets are more difficult to detect and deactivate, since Linux servers are much less likely than Windows-based servers and devices to be equipped with dedicated security solutions,” researchers explained.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.