Kaspersky has recently published its report in the first quarter of 2018 which further revealed that DDoS botnets have attacked online resources in 81 countries. The cybersecurity company noticed a particularly long DDoS attack that lasted 297 hours — more than 12 days. That was the longest cyberattack the company recorded since the end of 2015.
The countries experiencing the largest number of attacks were once again China, the US, and South Korea meanwhile, Hong Kong and Japan replaced the Netherlands and Vietnam among the top 10 most targeted countries.
Kaspersky’s report also noted changes in the 10 countries the most C&C (command & control) services: Italy, Hong Kong, Germany and the United Kingdom replaced Canada, Turkey, Lithuania and Denmark in that ranking. The changes were likely the result of more active C&C servers of the Darkai, more AESDDoS bots and the return of the Xor and Yoyo botnets. While most of these botnets use Linux, the proportion of Linux-based botnets decreased from 71 percent in the last quarter of 2017 to 66 percent in the first quarter of 2018.
Kaspersky also noted that amplification attacks gained momentum in the first quarter of 2018. In particular, the company noticed a rare type of attack in which the LDAP service was used as an amplifier. Along with Memcached, NTP and DNS, this service has one of the biggest amplification rates.
“Exploiting vulnerabilities is a favorite tool for cybercriminals whose business is the creation of DDoS botnets. However, as the first few months of the year have shown, it’s not only the victims of DDoS attacks that are affected, but also those companies with infrastructure that includes vulnerable objects. The events of the first quarter reaffirm a simple truth: the platform that any company uses to implement multilayered online security must include regular patching of vulnerabilities and permanent protection against DDoS attacks,” commented Alexey Kiselev, Project Manager on the Kaspersky DDoS Protection team.
Web for Kaspersky: Click here