Kaspersky Lab revealed that cybercriminals in Q1, 2015 carried out more than 23,000 botnet-assisted DDoS attacks on web resources located in 76 countries.
Servers in the USA, Canada and China were most frequently targeted, while the top 10 victims also included resources in Europe and the Asia-Pacific region, according to Kaspersky Lab’s latest stats.
The greatest number of attacks on a single web resource in Q1 was 21 – about two attacks a week. In Q4 2014, the equivalent figure was 16. The most protracted botnet attack in Q1 was almost six days long.
There were a total of 23,095 attacks in Q1. These affected targets in 76 countries, up 15% from the 66 countries affected in Q4, 2014. Information systems located in China, the USA and Canada in Q1 suffered most from DDoS attacks. These attacks were commanded by C&C servers predominantly located in the USA, China and the UK. China and the USA’s leading positions in both rankings can be explained by the relatively cheap prices for web hosting in these countries, so most data centers are located there.
Main findings:
- In Q1 2015, 23,095 botnet-assisted DDoS attacks were reported, which is 11% lower than the 25,929 attacks in Q4 2014.
- There were 12,281 unique victims of DDoS attacks in Q1 2015, which is 8% lower than the 13,312 victims in Q4 2014.
- China, the USA and Canada were the countries that faced the largest number of DDoS attacks.
- The most prolonged DDoS attack in Q1 2015 lasted for 140 hours (or about 6 days). The most frequently attacked resource faced 21 attacks within the 3 months.
- In Q1 2015, SYN DDoS and HTTP DDoS were the most common scenarios for botnet-assisted DDoS attacks.
“A DDoS attack is often a cross-border effort; the customer is located in one country, the executor in another, the C&C servers are hosted in a third country, and the bots involved in the DDoS attack are scattered across the world. This often makes it more complicated to investigate attacks, take down botnets and catch those responsible. Although cybercriminals do not limit their DDoS toolkits to botnets alone, this is still a widespread and dangerous tool, and it demands preventive protection measures from potential targets, i.e. web resources,” commented Evgeny Vigovsky, Head of Kaspersky DDoS Protection, Kaspersky Lab.
Kaspersky Lab said that its DDoS Intelligence is a system that analyzes the information sent from C&C servers to botnets, and aims to improve protection against DDoS attacks. Kaspersky Lab’s stats on botnet activity in Q1 was prepared based on the data collected by DDoS Intelligence.
[Download Word]– Kaspersky Lab Statistics on Botnet-assisted DDoS attacks in Q1 2015