CONFERENCE On Demand: Cyber AI & Automation Summit - Watch Now
Connect with us

Hi, what are you looking for?


Network Security

Linux Machines Powered Nearly Half of DDoS Attacks in Q3: Kaspersky

Linux-based botnets are being increasingly used by cybercriminals to launch distributed denial of service (DDoS) attacks, according to a new report released Wednesday by Kaspersky Lab.

Linux-based botnets are being increasingly used by cybercriminals to launch distributed denial of service (DDoS) attacks, according to a new report released Wednesday by Kaspersky Lab.

According to the Moscow-based security firm’s DDoS Intelligence Report for Q3 2015, DDoS attacks from Linux-based botnets accounted for 45.6 percent of the total number of DDoS attacks. The most notable of the group is the XOR DDoS botnet, which was used to launch 150+ gigabit-per-second (Gbps) DDoS attacks, as discovered by security researchers from Akamai Technologies.

The largest number of C&C servers used to carry out attacks was located in South Korea during the third quarter, at 56.6 percent. The United States came in second with 12.4 percent, followed by China with 6.9 percent, and the UK with 4.8 percent.

The increase in Linux-based bots is mainly due to low protection of systems and higher bandwidth capacity, Kaspersky says.

DDoS Attacks From Linux BotnetsThe botnet used SYN and DNS floods to carry out attacks, and Kaspersky Lab data reveals that Linux systems infected with the XOR DDoS Trojan were used to actively target resources located in China. According to the security firm, 34.5 percent of all DDoS attacks in Q3 were aimed at targets in this country, with the USA on the second position, being targeted by 20.8 percent of attacks.

The report also shows that 17.7 percent of the DDoS attacks in the timeframe were targeting South Korea, and that 91.6 percent of all attacks were targeting resources in only 10 countries, although the targets were located in 79 countries around the world. Also noteworthy is the fact that the number of attacks targeting the top three countries has increased compared to the second quarter.

The security firm also reveals that 99.3 percent of the attacks came from bots belonging to one family, and that only few attempts were made using bots from two or three different families (0.7 and 0.2 percent, respectively). SYN DDoS remained the most popular attack method, being used in 51.7 percent of incidents, followed by TCP DDoS with 16.4 percent, and HTTP DDOS with 14.9 percent share.

As for duration, most attacks lasted less than 24 hours during the quarter, yet the security firm observed an increase in the number of attacks lasting longer than one week. The longest DDoS attack registered in the timeframe lasted 320 hours (13.3 days), a major increase in duration compared to the 205 hours (8.5 days) long attack registered in Q2, the security firm notes.

According to Kaspersky’s report, the software used to launch DDoS attacks is becoming more complicated, but the tools for launching attacks are more freely available and easier to use, meaning that even perpetrators lacking advanced technical skills can take advantage of them. This also results in a wider range of targets these attacks are hitting.

Advertisement. Scroll to continue reading.

“For the owners of web resources, effective protection from DDoS attacks originating from server botnets is strongly recommended,” Kaspersky Lab advised.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...