Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Number of Botnet-Powered DDoS Attacks Dropped in Q1: Kaspersky

Kaspersky Lab has published a report detailing the botnet-assisted distributed denial-of-service (DDoS) attacks launched by malicious actors in the first quarter of 2015.

Kaspersky Lab has published a report detailing the botnet-assisted distributed denial-of-service (DDoS) attacks launched by malicious actors in the first quarter of 2015.

A report published by IBM in March revealed that DDoS attacks were among the most common types of cyberattacks last year. These incidents are closely monitored by companies that provide DDoS protection services, such as Akamai’s Prolexic and Corero. The reports from such companies detail DDoS trends based on the attacks launched against their customers.

Kaspersky Lab has taken a different approach. The security firm has analyzed botnet-powered attacks by using data from its DDoS Intelligence system, which focuses on the commands that arrive to botnets from command and control (C&C) servers. The system doesn’t require the presence of a bot on a victim device, or the execution of commands from the C&C server.

Kaspersky has determined that the number of DDoS attacks reported in the first quarter of 2015 (23,095) is lower by 11 percent compared to the fourth quarter of 2014 (25,929). The number of unique victims was 12,281 in Q1, which is 8 percent lower compared to the previous quarter.

It’s worth noting that Kaspersky classifies a single attack as an incident in which a web resource was targeted with botnet activity breaks lasting less than 24 hours. The same botnet attacking the same resource after a 24-hour break is viewed as a separate attack. Two botnets targeting the same resource are regarded as individual attacks.

When it comes to the geographical distribution of victims, the security firm found that DDoS attacks targeted resources located in 76 countries, the most affected being China, the United States, and Canada.

“Historically, most attacks target web resources located in the USA and China, as these two countries offer the cheapest prices for web hosting, and many web resources are located there. However, the 10 most frequently attacked targets also include victims from Europe and the APAC region,” Kaspersky said in its report. “These statistics demonstrate that botnet-assisted DDoS attacks are relevant for most diverse web resources irrespective of their geographic location. Moreover, this threat is increasingly expanding its boundaries.”

As for duration, the longest attack in the first three months of 2015 lasted for roughly 6 days, but most of the operations lasted for less than 24 hours. In comparison, in the fourth quarter of 2014, some attacks lasted as much as two weeks, Kaspersky said.

Advertisement. Scroll to continue reading.

The largest number of C&C servers were spotted by Kaspersky in the US, China and the UK, but researchers noted that the location of these servers is not usually related to the physical location of the attackers, or the geographical distribution of the botnets they control.

The security firm also reported that the number of attacks from Linux machines was higher compared to attacks from Windows devices, despite the fact that Linux-based botnets are far fewer. Malicious actors often abuse Linux servers for DDoS because they allow them to launch more powerful attacks.

“Besides, Linux-based botnets have much longer lives than Window-based botnets do. This is because Linux-based botnets are more difficult to detect and deactivate, since Linux servers are much less likely than Windows-based servers and devices to be equipped with dedicated security solutions,” researchers explained.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Defense contractor Nightwing has appointed Tricia Fitzmaurice as Chief Growth Officer.

Xage Security has appointed Russell McGuire as CRO and Ashraf Daqqa as VP of the META region.

Mario Duarte, formerly head of security at Snowflake, has joined Aembit as CISO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.