According to Kaspersky Labs, Distributed Denial of Service attacks are increasingly being used as a form of protest against governments and large corporations. Furthermore, hackers will continue to use these types of attacks in the future.
Distributed denial-of-service attacks have longnbeen used by cybercriminals resorting to blackmail and extortion. However, DDoSnattacks are increasingly being used as a form of protest against the activitiesnof both governments and major corporations. Q2 of 2011 saw numerous DDoSnattacks with a variety of motives, many of them significant enough to ensurenthey go down in the annals of cybercrime.
The quarter in figures
· Thenlongest DDoS attack in Q2 lasted 60 days, 1 hour, 21 minutes and 9 seconds
· Thenhighest number of DDoS attacks against a single site in Q2 – 218
DDoS attacks by country
According to our statistics for Q2 2011, 89% ofnDDoS traffic was generated in 23 countries. The US and Indonesia topped thenrating with each country accounting for 5% of all DDoS traffic. The US’snleading position is down to the large number of computers in the country – anhighly attractive feature for botmasters. Meanwhile, the large number ofninfected computers in Indonesia means it also ranks highly in the DDoS trafficnrating. According to data from Kaspersky Security Network, Kaspersky Lab’snglobally-distributed threat monitoring network, in Q2 2011 almost every secondnmachine (48%) in Indonesia was subjected to a local malware infection attempt.
Distribution of attacked websites by onlinenactivity
In Q2, online shopping sites, includingne-stores, auctions, and buy and sell message boards, were increasingly targetednby cybercriminals – websites of this category accounted for a quarter of allnattacks. This is hardly surprising given that online shopping largely dependsnon a website’s availability, and each hour of downtime results in lost clientsnand lost profits. The websites of electronic trading platforms and banks occupynthird and fourth places respectively.
Activity of DDoS botnets over time
Weekdays see the most active use of thenInternet. It is on these days that various web resources are most in demand andnthat DDoS attacks are likely to inflict the maximum amount of damage onnwebsites. Another important factor is that greater numbers of computers are switchednon on weekdays, so there are more active bots. As a result, cybercriminalnactivity peaks from Monday to Thursday – on these days an average of 80% of allnDDoS attacks take place. The most popular day is Tuesday with roughly 23% ofnthe week’s DDoS attacks.
Q2 highlights
The most active hacker groups in the secondnquarter of 2011 were LulzSec and Anonymous. They organised DDoS attacks onngovernment sites in the US, the UK, Spain, Turkey, Iran and several otherncountries. The hackers managed to temporarily bring down sites such as cia.gov (thenUS Central Intelligence Agency) and www.soca.gov.uk (the British SeriousnOrganized Crime Agency (SOCA)).
One big corporation subjected to a major attacknwas Sony. At the end of March, Sony initiated legal action against severalnhackers accusing them of breaching the firmware of the popular PlayStation 3nconsole. In protest at Sony’s pursuit of the hackers, Anonymous launched a DDoSnattack that crippled the company’s PlayStationnetwork.com sites for some time.nBut this was just the tip of the iceberg. According to Sony, during the DDoSnattack the servers of the PSN service were hacked and the data of 77 millionnusers were stolen.
In April, a court in Dusseldorf handed down ansentence to a cybercriminal who tried to blackmail six German bookmakers duringnthe 2010 World Cup. The court sentenced the cybercriminal to nearly three yearsnin prison – the first time in German legal history that someone had beennimprisoned for organising a DDoS attack. DDoS attacks are now classified by thencountry’s courts as computer sabotage and are punishable by up to 10 years innjail.
“Organisations rarely publicise the fact thatnthey have been targeted by DDoS attacks in order to protect their reputation.nCybercriminals, meanwhile, are increasingly using DDoS attacks as andiversionary tactic when launching more sophisticated attacks such as those onnonline banking systems. Complex attacks of this nature are particularlyndamaging in that they can cause significant losses for the financialninstitutions as well as their clients,” explains Yury Namestnikov, SeniornMalware Analyst, Global Research and Analysis Team, Kaspersky Lab.
More information is available in the fullnversion of the article ‘DDoS attacks in Q2 2011’ by Yury Namestnikov at: www.securelist.com.
* Follow Gadget on Twitter on @gadgetza