DDoS attacks were more frequent and longer in Q2

The length of DDoS attacks increased in the second quarter, research from Kaspersky Lab indicates, with the longest attack during the quarter lasting for 12 days.

The proportion of attacks lasting less than four hours fell to 60% during the quarter from 68% in Q1, while the proportion of attacks lasting for 20–49 hours grew by five percentage points to 9% and those lasting for 50–99 hours grew to 4% from just 1%.

During the period, Kaspersky recorded DDoS attacks in 70 countries, with China accounting for 77% of all attacks. South Korea meanwhile lead in terms of the number of active command and control (C&C) servers, with its share amounting to 70%.

The number of active C&C servers hosted in Brazil, Italy and Israel meanwhile nearly tripled, with each of these countries making it into the top 10 ranking.

Kaspersky’s research shows that the number of DDoS attacks continued to grow steadily for the second consecutive quarter. Attacks from Linux botnets nearly doubled to 70%. The company noted that this is the first time it has recorded such an imbalance between the proportion of Linux and Windows-based DDoS botnets.

“Linux servers often contain common vulnerabilities but no protection from a reliable security solution, making them prone to bot infections,” Kasperksy Lab lead malware analyst Oleg Kupreev explained.

“These factors make them a convenient tool for botnet owners. Attacks carried out by Linux-based bots are simple but effective; they can last for weeks, while the owner of the server has no idea it is the source of an attack.”

He added that using a single Linux server, cybercriminals can mount an attack equal in strength to hundreds of individual computers.

Image courtesy of Linux Screenshots under CC