Cybercriminals can use old vulnerabilities even for new technology. The last report of Kaspersky Lab on DDoS (distributed denial of service) show that, in the past three months, the attacks are using botnets (a botnet is a number of internet-connected devices) such as video cameras and printers. After the attacks, cybercriminals are trying to monetize with the help of cryptocurrencies.
In the second quarter of 2018, DDoS botnets attacked online resources from 74 countries. For the first time in the history of DDoS reports, Hong Kong has ranked among the top three most attacked countries in second place: its percentage has increased fivefold and accounted for 17 percent of all DDoS attacks with botnets. China and the US remained first and third, while North Korea fell to fourth place.
The most attacked resources in Hong Kong were hosting services and cloud computing platforms. Interestingly, in the second quarter, Hong Kong was replaced by Vietnam in the top 10 countries hosting the most active command and control servers. The US ranks first in this top, with nearly half (45 percent) of all C&C servers with active botnets in the period considered.
Windows botnet activity has dropped almost seven times, while Linux botnet activity has increased by 25 percent. Thus, Linux bits represent 95 percent of all DDoS attacks this quarter, which has caused a sharp increase in SYN flood attacks – from 57 percent to 80 percent.
During the period under review, cybercriminals began to use some very old vulnerabilities in their attacks. For example, experts have reported DDoS attacks that rely on a vulnerability in the Universal Plug-and-Play protocol, known since 2001, and the Kaspersky DDoS Protection team noticed an organized attack based on a vulnerability in the CHARGEN protocol, which was still described since 1983. Despite the considerable length of service and its limited use, there are still many CHARGEN servers on the Internet. These are, in most cases, printers and copiers.
Mastering old techniques has not prevented cybercriminals from creating new botnets. For example, 50,000 surveillance cameras for DDoS attacks have been used in Japan. One of the most popular methods to monetize DDoS attacks remains targeting cryptocurrencies and cryptocurrencies exchange offices.
A typical case is cryptocurrency Verge – hackers attacked some mining pools and stole 35 million XVG (USD 1.7 million) in confusion. And game platforms continue to be targeted, especially during eSport championships. In addition, according to Kaspersky Lab, DDoS attacks affect not only game servers (often in order to get a ransom, under the threat of otherwise spoiling the game).
An organized DDoS attack on key players may affect the team and lead to elimination from the competition. Cybercriminals use similar tactics to monetize attacks on streaming channels and video games. Competition on this segment is intense and, using DDoS attacks, offenders can influence online broadcasts and, implicitly, the earnings of a video creator.
“There may be different reasons behind DDoS attacks – political or social protests, personal revenge, competition,” says Alexey Kiselev, project manager, Kaspersky DDoS Protection team. “In most cases, however, they are used to make money, so cybercriminals usually attack those companies and services that can bring them big gains. DDoS attacks can also be used as a diversion to hide theft, or a ransom may be required to prevent an attack. The money earned as a result of blackmail or theft can reach tens or hundreds of thousands, even millions of dollars. In this context, protection against DDoS attacks seems a good investment.”
Kaspersky DDoS Protection combines Kaspersky Lab’s extensive experience in combating cyber threats and unique company in-house developments. The solution protects against all DDoS attacks, regardless of their complexity, magnitude or duration.