Security & Fraud

Kaspersky: Gaming, Crypto Targeted In DDoS Attacks

A new report from Kaspersky Lab shows an increase in botnet-assisted DDoS attacks, including the recurrence of old vulnerabilities and the rise in gaming and cryptocurrency as targets.

The Q2 2018 DDoS Intelligence Report, based on data from Kaspersky DDoS Intelligence, revealed that for the first time, Hong Kong made the top three most attacked countries, coming in second. The most attacked resources in Hong Kong were hosting services and cloud computing platforms.

China and the U.S. remained first and third respectively, while South Korea dropped down to fourth.

The data also showed that activity by Windows-based DDoS botnets decreased almost sevenfold, while the occurrence of Linux-based botnets grew by 25 percent. Linux bots accounted for 95 percent of all DDoS attacks in Q2.

And attackers used some old vulnerabilities in their efforts, including a vulnerability in the Universal Plug-and-Play protocol that first became known in 2001. In addition, Kaspersky observed an attack using a vulnerability in the CHARGEN protocol that was described as far back as 1983.

But cybercriminals are still creating new botnets. In Japan, for example, 50,000 video surveillance cameras were used to carry out DDoS attacks in Q2.

When it comes to monetizing the attacks, one of the top methods includes DDoS attacks targeting cryptocurrencies and currency exchanges. In Q2, Verge cryptocurrency was hit with an attack on some mining pools over the course of several hours, resulting in $35 million XVGs being stolen. The same tactic was used in a hack the month before, which led to the loss of 250,000 XVGs.

Gaming platforms also continue to be a target, particularly during eSports tournaments.

“There can be different motives for DDoS attacks — political or social protest, personal revenge, competition,” said Alexey Kiselev, project manager on the Kaspersky DDoS Protection team. “However, in most cases, they are used to make money, which is why cybercriminals usually attack those companies and services where big money is made. DDoS attacks can be used as a smokescreen to steal money or to demand a ransom for calling off an attack. The sums of money gained as a result of extortion or theft can amount to tens or hundreds of thousands and even millions of dollars. In that context, protection against DDoS attacks looks like a very good investment.”



Banks, corporates and even regulators now recognize the imperative to modernize — not just digitize —the infrastructures and workflows that move money and data between businesses domestically and cross-border.

Together with Visa, PYMNTS invites you to a month-long series of livestreamed programs on these issues as they reshape B2B payments. Masters of modernization share insights and answer questions during a mix of intimate fireside chats and vibrant virtual roundtables.