According to Symantec’s security experts’ new research, India topped the global 50 countries that have witnessed the highest volume of ‘originating DDoS traffic’, with 26% of all DDoS traffic originating from the India, followed by US with 17%.
“The sources for DoS attacks are often countries that have a high number of bot infected machines and a low adoption rate of filtering of spoofed packets. While this does not mean that the people behind the attack are located in India, as the attacks are often orchestrated remotely; it is a reflection of India emerging as a hotbed to launch these attacks, potentially because of the low cyber security awareness, lack of adequate security practices and infrastructure,” said Tarun Kaura, Director, Technology Sales – Symantec India.
“The Continued Rise of DDoS Attacks” — the research was conducted by Symantec’s Security Response team of engineers and analysts evaluated the global data between the period of Jan to Aug 2014 based on the Symantec Global Intelligence Network, which is made up of more than 41.5 million attack sensors and records thousands of events per second in over 157 countries and territories.
Research Highlights:
Increase of Linux server hijacking for DDoS botnets: 2014 saw an rise in the compromise of Linux servers, including those from cloud providers. These high bandwidth servers are then used as part of a botnet to perform DDoS attacks.
DDoS services for hire for less than $5: So called “Booter” services can be hired for as little as Rs. 300 ($5) to perform DDoS attacks for a few minutes against any target. Longer attacks can be bought for larger prices. They also offer monthly subscription services, often used by gamers to take down competitors.
As the most attacked sector globally, the gaming industry experiences nearly 46% of attacks, followed by the software and media sectors.
While it’s not happening on a broad scale now, it’s likely there’s an increase in DDoS attacks originating from mobile and IoT devices in the future.
DDoS attacks, whilst not a new attack vector, have proven to be effective and sometimes devastating for organisations. The attacks attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. A Domain Name Server (DNS) amplification attack is a popular form of DDoS, which floods a publicly available target system with DNS response traffic.
Symantec’s research indicates that DNS amplification attacks have increased by 183% from January to August 2014. The study further highlighted the motivations behind the popularity of DDoS Attacks, indicating it has become the method of choice for hacktivists and cyber gangs.
Other motivations have been linked to: financial blackmail with the threat of taking the business offline personal grudge; and as a diversion technique to distract IT security response teams while a targeted attack is conducted.