A new report from Kaspersky Lab shows an increase in botnet-assisted DDoS attacks, including the recurrence of old vulnerabilities and the rise in gaming and cryptocurrency as targets.
The Q2 2018 DDoS Intelligence Report, based on data from Kaspersky DDoS Intelligence, revealed that for the first time, Hong Kong made the top three most attacked countries, coming in second. The most attacked resources in Hong Kong were hosting services and cloud computing platforms.
China and the U.S. remained first and third respectively, while South Korea dropped down to fourth.
The data also showed that activity by Windows-based DDoS botnets decreased almost sevenfold, while the occurrence of Linux-based botnets grew by 25 percent. Linux bots accounted for 95 percent of all DDoS attacks in Q2.
And attackers used some old vulnerabilities in their efforts, including a vulnerability in the Universal Plug-and-Play protocol that first became known in 2001. In addition, Kaspersky observed an attack using a vulnerability in the CHARGEN protocol that was described as far back as 1983.
But cybercriminals are still creating new botnets. In Japan, for example, 50,000 video surveillance cameras were used to carry out DDoS attacks in Q2.
When it comes to monetizing the attacks, one of the top methods includes DDoS attacks targeting cryptocurrencies and currency exchanges. In Q2, Verge cryptocurrency was hit with an attack on some mining pools over the course of several hours, resulting in $35 million XVGs being stolen. The same tactic was used in a hack the month before, which led to the loss of 250,000 XVGs.
Gaming platforms also continue to be a target, particularly during eSports tournaments.
“There can be different motives for DDoS attacks — political or social protest, personal revenge, competition,” said Alexey Kiselev, project manager on the Kaspersky DDoS Protection team. “However, in most cases, they are used to make money, which is why cybercriminals usually attack those companies and services where big money is made. DDoS attacks can be used as a smokescreen to steal money or to demand a ransom for calling off an attack. The sums of money gained as a result of extortion or theft can amount to tens or hundreds of thousands and even millions of dollars. In that context, protection against DDoS attacks looks like a very good investment.”