A cyber-research group was the No.1 target of distributed-denial-of-service (DDoS) attacks for the first quarter of the year, new research has revealed, while the Middle East region also saw a sharp increase in attacks last quarter.
According to Nexusguard’s Q1 2016 Threat Report, the greatest number of attacks targeted researchers at Loryka LLC, which received 90 offensives in the quarter. That means that Loryka was hit nearly every day.
The attack type of choice against researchers was network time protocol (NTP), with victims beyond Loryka receiving attacks almost daily. The increase in attacks against researchers contributed to the spike in popularity of NTP-style attacks, taking back the No.1 spot from domain name system (DNS) vulnerabilities.
“Over the past few years there has been an evolution in the roles of prey and predator, where the game of cat and mouse has become one of seal vs. the great white shark,” the report noted. “No longer are digital enthusiasts breaking into networks to brag to their friends about their capabilities. Instead, they are launching full-scale digital operations and absconding with terabytes of data that are affecting some of the world’s largest corporations. Some of these operations are government-sponsored, where official agencies are utilizing hackers as clandestine guerrilla warfare groups. And clearly, it is very sophisticated warfare, where the No. 1 target—as we’ve seen this quarter— includes scientists and researchers. Now, no one is safe from attacks.”
Nexusguard’s security analysts also found that most attacks lasted under 10 minutes, and had a mean time of five minutes. The decrease in duration could be related to the continued rise in popularity of DDoS-for-hire services, which have led to shorter attack times. As a result, Nexusguard analysts recommend organizations implement monitoring systems that can detect events on a second- or sub-second interval.
“Researchers and their related groups are becoming high-valued targets for digital criminals. We have seen this in the past, but never as a primary target for a whole quarter, making the findings in this quarterly report all the more important,” said Terrence Gareau, chief scientist at Nexusguard. “We also found that the rise in DDoS-for-hire services is drastically changing the threat landscape, and organizations need to ensure their networks can handle new attack breeds.”
In studying the top 10 list of targets by country, the report authors found the United States and China returned to the first and second positions, suffering more than 49,000 combined attacks. Turkey fell out of the rankings, reinforcing Nexusguard’s previous speculation that the peak of these attacks in Q4 2015 was related to tensions between Russia and Turkey that occurred at the time. Additionally, Middle Eastern countries saw an 83% increase in the number of attacks in Q1, and researchers predict there will be more attacks against countries in the region as tensions continue to rise.
“With Turkey out of the Top 10, it’s now time to redirect our attention to the old standbys,” the report noted. “Not surprisingly, the US and China bore the brunt of attacks observed in the quarter. We predict the same distribution next quarter, provided that there are no geopolitical conflicts impacting DDoS-prone countries.”
Photo © Wichy