DDoS attacks -- digital’s terrorism -- have climbed to another level in intensity, motivation, goals and reach. Website crushing is no longer just about money. Now it's also political.
In fact, a number of prominent DDoS website blitzes in Q2 2017 followed political activity, cutting a wider path of influence than demands for money, Kaspersky Lab’s new Q2 2017 DDoS Intelligence Report tells us.
For example, as Kaspersky points out, the website of the Al Jazeera news network was targeted after some of the Gulf states and Egypt cut ties with Qatar and imposed a blockade. Similarly, following the French presidential election, news outlets Le Monde and Le Figaro were victimized by a DDoS attack. And another blitz occurred in seeming retaliation for some Brexit voter registration issues.
In the U.S., the public comment section of the Federal Communications Commission was targeted by a DDoS attack apparently in response to its plans to roll back net neutrality policies. At this point, it’s not clear if the opponents or supporters of net neutrality were behind the battering.
DDoS Attacks and Money
Still, Kaspersky’s report points out that “money remains the driving force of DDoS attacks. The growing interest in cryptocurrencies led to an increase in their exchange-value in the second quarter of 2017, which in turn drew the attention of cybercriminals.”
DDoS attack organizers have also made a beeline into extortion, referred to as Ransom DDoS or RDoS, the security provider said. In these cases, cyber crooks contact the victim and demand a ransom ranging from five to 200 bitcoins. If the company doesn’t comply, the criminals threaten a DDoS attack on an online resource vital to the victim’s business or actually enact a short-term assault to make their point. In other instances, spammers send out threatening messages to a large number of companies in the hope that someone will cave.
“Nowadays, it’s not just experienced teams of hi-tech cybercriminals that can be Ransom DDoS attackers,” said Kirill Ilganaev, who heads Kaspersky's DDoS protection unit. “Any fraudster who doesn’t even have the technical knowledge or skill to organize a full-scale DDoS attack can purchase a demonstrative attack for the purpose of extortion. These people are mostly picking unsavvy companies that don’t protect their resources from DDoS in any way and therefore, can be easily convinced to pay ransom with a simple demonstration.”
More DDoS Attack Report Highlights
Here are the Q2 report’s highlights:
- The resources in 86 countries were attacked in Q2 2017, 14 countries more than in Q1.
- About half of the attacks (47.42%) were aimed at the targets in China, similar to Q1.
- China, South Korea, and the U.S. remained leaders by both the number of attacks and the number of targets. According to the number of reported command and control servers, the same countries are in the top three but South Korea took the first place in Q2.
- The long-term DDoS attacks returned in Q2. The record duration was 277 hours, a 131 percent increase compared to Q1. The share of the attacks that lasted less than 50 hours remained unchanged (99.7% in Q2 vs. 99.8% in Q1).
- There was a considerable drop in the share of attacks over TCP (down to 18.2% from 26.6%) and ICPM (down to 7.3% from 8.2%). This caused a rise in the percentage of SYN floods and attacks over UDP and HTTP.
- Linux botnets were responsible for 51.2 percent of attacks in Q2 compared to 43.4 percent in Q1.