The second quarter of 2017 was proof that long-running DDoS attacks are back in business. The longest attack in the quarter was active for 277 hours (more than 11 days), an increase of 131 percent compared to the first quarter. This is so far a record for the year, says the Q2 2017 botnet DDoS expert report from Kaspersky Lab.
Duration was not the only distinguishing feature of DDoS attacks between April and June. The geography of the incidents has also undergone a dramatic change with organizations with online resources located in 86 countries in the second quarter (compared to 72 in the first quarter). The 10 countries most affected were China, South Korea, the United States, Hong Kong, the United Kingdom, Italy, the Netherlands, Canada and France. Italy and the Netherlands replaced Vietnam and Denmark which were among the main targets in the first quarter.
The targets of the DDoS attacks included one of the largest news agencies, Al Jazeera, Le Monde and the Figaro newspaper websites and reportedly Skype servers. In the second quarter of 2017, an increase in cryptocurrences rates also led to cybercriminals trying to manipulate prices through DDoS. Bitfinex, Bitcoin’s largest commercial exchange, was attacked simultaneously with the launch of a new cryptography trade called the IOTA token. Previously, the BTC-E reported a slowdown due to a powerful DDoS attack.
The interest of organizers of DDoS attack cash goes beyond manipulation of cryptogenicity rates. Using this type of attack to extort money can be beneficial as demonstrated by trends in Ransom DDoS or RDoS. Cybercriminals often send a message to the victim demanding a bailout ranging from 5 to 200 bitcoins. If the company refuses to pay, the attackers threaten to organize a DDoS attack against a critical victim resource online. Such messages can be accompanied by short-term DDoS attacks to confirm that the threats are very real. At the end of June, a large-scale RDoS attempt was made by the group called Armada Collective, which sued about $ 315,000 from seven South Korean banks.
However, there is always another way that has become more popular in the last quarter: Ransom DDoS without DDoS at all. Scammers send threatening messages to a large number of companies in the hope that someone will decide better than to repent. Demonstrations of the attacks can never happen, but if only one company decides to pay, it brings benefits with the minimum effort of cybercriminals.
Kaspersky Lab experts warn that if a victim company decides to pay, it can bring long-term damage in addition to instant monetary losses. A reputation as a “payer” spreads rapidly across networks and can trigger further attacks by other cybercriminals.
Kaspersky DDoS Protection combines the extensive experience of Kaspersky Lab in combating cyber threats and the company’s unique internal developments. The solution protects against all types of DDoS attacks, regardless of complexity, intensity or duration.
