Turkey Feels the DDoS Heat with Big Attack Spike

Written by

A notable spike in distributed denial of service (DDoS) attacks, likely in relation to geopolitical events, has been spotted taking aim at targets in Turkey.

According to Nexusguard’s Q4 2015 threat report [PDF], attacks on Turkish victims at the end of the year skyrocketed ten-fold to more than 30,000 events per day, surpassing the thousands of attacks on popular targets China and the US.

 The large amount of brutal attacks targeting Turkish IP addresses contributed to a big increase in DNS attacks, outweighing other popular NTP and CHARGEN methods by 183 percent. The peak of these attacks may be related to rising tensions between Russia and Turkey.

“Russia is not an amateur when it comes to executing denial of service attacks in a response to political events,” the report noted. “In these attacks it appears that statements were being made.”

The quarter started out with very typical numbers on the DDoS front, with a few thousand events per day being logged. But then, attack volume skyrocketed to more than 30,000 events per day, with attacks targeting Turkey with DNS attacks. Turkcell and Turkish Telecom thus claimed the Nos. 1 and 2 spots as top targets of the quarter, with 68,000 and 42,500 respective attacks.

Not only were Turkish IPs being targeted with DDoS attacks, Turkish domains were used as the records being reflected at the target. These domains had very low amplification factors. The top domain used was nic.tr, not an excellent choice, the report pointed out, considering that it provided only about a 2x amplification factor. The second highest count of domains used in the attacks was Turkey.com, which only has a 3.9x amplification factor. It’s curious because in theory, these attacks typically yield about 50x amplification factor.   

“Geopolitical events consistently change the landscape of attacks,” the report explained. “These events can happen in a heartbeat and do not require government sponsorship. Whether countries officially support or turn a blind eye to the attacker, these types of campaigns happen regularly. No country is innocent for these types of attacks—for example, Iran targeting financial institutions, Russia attacking Estonia or Georgia, and the US turning a blind eye to political activist, the Jester.”

What’s hot on Infosecurity Magazine?