Ignorer le contenu principal

Botnet DDoS Attacks in Q3: More Sophisticated, More Europe-Centric

31 octobre 2016

Kaspersky Lab has released a report on botnet-assisted DDoS attacks for the third quarter of 2016 based on data received from Kaspersky DDoS Intelligence

Kaspersky Lab has released areporton botnet-assisted DDoS attacks for the third quarter of 2016 based on data received from Kaspersky DDoS Intelligence*. Activity by attack servers located in Western Europe and the number of the resources attacked in the region have both increased. The number of sophisticated DDoS attacks emanating from encrypted traffic has also grown.

Over the reporting period, resources in 67 countries were targeted by botnet-assisted DDoS attacks. The number of attacks on resources located in Japan, the US and Russia increased noticeably, while the number of victims in China and South Korea fell considerably. This quarter also saw three Western European entries – Italy, France and Germany – among the top 10 countries most affected by botnet DDoS attacks for the first time in a year. These statistics correlate with the growing number of active C&C servers in Western Europe, particularly in the UK, France and the Netherlands.

Despite a decrease in the total number of attacks registered in China, the most targeted resources were Chinese – the largest number of attacks (19) was launched against a popular Chinese search engine, and a Chinese provider was subjected to the longest attack in the third quarter (184 hours). Meanwhile, the most active day for DDoS attacks registered over the last four quarters was 3 August. There were 1,746 botnet attacks on that day, with many of them targeting the servers of a single service provider located in the US.

Also worth noting is the fact that in Q3 2016 the number of SYN-DDoS attacks continued to grow and accounted for 81% of all registered attacks, while the share of TCP-DDoS and ICMP-DDoS attacks fell once again. The percentage of attacks by Linux-based DDoS bots also continued to grow, reaching 79% – a record for the last year. This can be explained by the growing popularity of Linux-based IoT devices used for DDoS attacks, and will most probably be boosted further after the leakage of Mirai.

Kaspersky Lab experts also registered growth in the number of "smart" attacks using encryption of transmitted data. A typical example of such an attack is a relatively small number of queries being sent to the "load-heavy" parts of websites (such as search forms) via an encrypted connection. By residing in encrypted traffic and due to their low intensity, these attacks are very difficult for many specialized protection solutions to filter out.

"This method is growing in popularity because amplification attacks are becoming more complicated and inefficient for cybercriminals: the number of vulnerable servers is decreasing and security solutions have learnt to easily identify and filter out the majority of amplification attacks. Secondly, the Internet is seeing a steady migration away from classic HTTP to encrypted interaction between users and web resources. All this suggests that the number of encryption-based attacks will only grow, meaning developers have to immediately start revising their anti-DDoS protection measures, and owners of web resources need to take a responsible approach to choosing a security solution," comments Kirill Ilganaev, Head of Kaspersky DDoS Protection.

Kaspersky DDoS Protection combines Kaspersky Lab’s extensive expertise in combating cyber threats and the company’s unique in-house developments. The solution protects against all types of DDoS attacks regardless of their complexity, strength, or duration.


*The DDoS Intelligence system (part of Kaspersky DDoS Protection) is designed to intercept and analyze commands sent to bots from command and control (C&C) servers, and does not have to wait until user devices are infected or cybercriminal commands are executed in order to gather data. It is important to note that DDoS Intelligence statistics are limited to those botnets detected and analyzed by Kaspersky Lab.

Botnet DDoS Attacks in Q3: More Sophisticated, More Europe-Centric

Kaspersky Lab has released a report on botnet-assisted DDoS attacks for the third quarter of 2016 based on data received from Kaspersky DDoS Intelligence
Kaspersky logo

À propos de Kaspersky

Kaspersky est une entreprise mondiale de cybersécurité et de confidentialité numérique fondée en 1997. Avec plus d’un milliard d’appareils protégés à ce jour contre les cybermenaces émergentes et les attaques ciblées, l’expertise de Kaspersky en matière de sécurité et de veille sur les menaces prend la forme de solutions et services innovants améliorées en continu et visant à protéger les entreprises, les infrastructures critiques, les gouvernements et les consommateurs du monde entier. Le portefeuille de sécurité complet de l’entreprise comprend une protection de pointe des terminaux, des produits et services de sécurité spécialisés, ainsi que des solutions de cyberimmunité pour lutter contre les menaces numériques sophistiquées qui ne cessent d’évoluer. Nous aidons plus de 200 000 entreprises clientes à protéger ce qui compte le plus pour elles. Plus d'informations sur : www.kaspersky.fr.

Articles connexes Communiqués de presse