Printers, eSport and cryptocurrencies: new Kaspersky Lab DDoS Intelligence quarterly report combines them all
Kaspersky Lab has published its report on botnet-assisted DDoS attacks for the second quarter of 2018. Over the last three months, the company’s experts have observed cybercriminals recall old vulnerabilities, make use of cameras and printers for DDoS attacks, expand their list of victims and monetize their efforts using cryptocurrency.
In the second quarter of 2018, DDoS botnets attacked online resources in 74 countries. For the first time in the history of DDoS Intelligence reports, Hong Kong found itself among the top three most attacked countries, coming second: its share increased fivefold and accounted for 17% of all botnet-assisted DDoS attacks. China and the US remained first and third respectively, while South Korea slid down to fourth. The most attacked resources in Hong Kong were hosting services and cloud computing platforms. Interestingly, the second quarter saw Hong Kong replaced by Vietnam in the top 10 rating of countries hosting the most active C&C servers. The US, meanwhile, became the leader of this rating, accounting for almost half (45%) of all active botnet C&C servers during the reporting period. Activity by Windows-based DDoS botnets decreased almost sevenfold, while the activity of Linux-based botnets grew by 25%. This resulted in Linux bots accounting for 95% of all DDoS attacks in the quarter, which also caused a sharp increase in the share of SYN flood attacks – up from 57% to 80%.
During the reporting period, cybercriminals delved deep into the past and started using some very old vulnerabilities in their attacks. For example, experts reported DDoS attacks involving a vulnerability in the Universal Plug-and-Play protocol known since 2001, while the Kaspersky DDoS Protection team observed an attack organized using a vulnerability in the CHARGEN protocol that was described as far back as 1983. However, the mastering of old techniques has not prevented cybercriminals from creating new botnets. For example, in Japan 50,000 video surveillance cameras were used to carry out DDoS attacks. Gaming platforms continue to be targeted as well, particularly during eSports tournaments.