The share of Linux botnets is continuing to grow—accounting for 70% of attacks in Q3, compared to 51% in Q2.
According to Kaspersky Lab’s Q3 2017 DDoS Intelligence Report, experts have continued to see an increase in the number of countries where resources have been targeted, with 98 countries subjected to DDoS attacks in the quarter—an increase from 86 countries in Q2.
Kaspersky Lab experts also saw a growing number of DDoS attacks on gaming services, including Final Fantasy, Blizzard Entertainment, American Cardroom and the UK National Lottery. Additionally, the report shows an increase in the number of DDoS attacks targeting platforms conducting next-generation financial services, such as initial coin offerings (ICOs) – an initial deployment of tokens using blockchain technology. Such DDoS attacks are aimed at either discrediting these services, or worse, serving as a distracting maneuver during ordinary theft.
"Entertainment and financial services—businesses that are critically dependent on their continuous availability to users—have always been a favorite target for DDoS attacks,” said Kirill Ilganaev, head of Kaspersky DDoS protection at Kaspersky Lab. “For these services, the downtime caused by an attack can result not only in significant financial losses but also reputational risks that could result in an exodus of customers to competitors. It’s not surprising that gaming services with multi-million-dollar turnovers attract the attention of criminals and that new types of financial sites have come under attack.”
In terms of number of targets, Russia has moved up from seventh to fourth place. Meanwhile, the top 10 most popular host countries for botnet command servers this quarter included Italy and the United Kingdom, displacing Canada and Germany. In both cases, China, South Korea and the United States continued to top the leaderboards as the most popular countries for hosting inexpensive data centers.
Cyber-criminal strategies have also changed over the last quarter to attacks that are more sophisticated. For example, in the third quarter, the WireX botnet that spread via legitimate Android apps was taken down, and ‘pulse wave’ technology, which increases the power of DDoS attacks using a vulnerability in hybrid and cloud technologies, was revealed. There has also been an increase in the number of mixed attacks, in which criminals used multiple methods simultaneously.