14 DAY TRIAL // The number of distributed denial-of-service (DDoS) attacks relying on networks of compromised systems in the first quarter of 2015 is lower than in the fourth quarter of 2014, and the amount of victims has also dropped, according to telemetry data from Kaspersky.
Although this can be perceived as good news, researchers warn that the attacks have spread to more countries, as the 10 targets most frequently aimed at were from Europe and the APAC region. Furthermore, crooks have become more targeted in their efforts, making the assaults more damaging.
Cheap web hosting places China and the US at the top of the list
In Q1 2015, Kaspersky received reports about 23,095 DDoS incidents carried out via botnets, which is 11% less when compared to Q4 2014.
A drop of 8% was also recorded as far as the number of victims is concerned, data from the company showing 12,281 unique victims in Q1 2015, compared to 13,312 recorded in Q4 2014.
Just like in other statistics, the location of most of the victims was China (5,411) and the US (2,091), which also lead the top ten for the largest number of DDoS events recorded, and account for the highest number of command and control servers. An explanation for this is cheap web hosting services available in the countries, which attracts companies.
In third place is Canada, with 1,073 victims, which recorded a larger number of attacks but a lower amount of victims, suggesting that perpetrators concentrate greater power on a more limited number of web resources.
Russian website hit 21 times in 3 months, most powerful bots run Linux
Kaspersky says that the victim targeted with the highest number of attacks is a website in Russia belonging to a group of investment companies. In three months, the victim sustained no less than 21 DDoS attacks.
Next was a wedding services provider in Vietnam, with 16 attacks, while a hosting provider in the US closes the top three with 15 assaults.
The researchers observed that the most active day of the week for DDoS was Thursday (5,102 attacks), most cybercriminals taking a day off on Sunday (3,781 incidents).
An analysis of the damage done by the cybercriminals shows that most of the events lasted less than 24 hours, and only one expanded over a period of almost 6 days, taking 140 hours.
“The type of a DDoS attack is defined by the format of junk requests sent to the target web resource. SYN DDoS was the most popular method of performing a DDoS attack in Q1 2015, just like in Q4 2014. TCP DDoS attacks were overtaken by HHTP DDoS attacks in second place,” Kaspersky says in a recently published report.
Regarding the type of botnets, the security company reveals that Linux-based ones, although fewer, were the most powerful and most active in Q1 2015. The reason for this is that crooks sought to infect servers, which mostly run on Linux and benefit from a faster Internet connection.
