As the new Threat Intelligence Report from A10 Networks shows, most DDoS attacks originate in the US and China. The current report provides information on the countries from which the most common reflected amplification attacks with DDoS attack tools originate and where most of the DDoS botnet agents are hosted.
The latest Threat Intelligence Report from A10 Networks shows that the USA and China are the leading countries of origin of Distributed Denial of Service attacks (DDoS). The results also make it clear that DDoS attacks continue to increase in scope, frequency and complexity and that hackers are resorting to increasingly different strategies for their own purposes. DDoS botnet tools are used more and more frequently, while modern malware serves as support to find new ways to infect IoT systems and to recruit them as attackers. Reflected amplification attacks also help hackers to increase the scale of their attacks.
The research team also evaluated systems and devices that could potentially be used as bots, reflectors or amplifiers. They also assessed the likelihood that these devices would be compromised based on their availability over the Internet and possible cybersecurity weaknesses. The report looks at around 10 million individual source IP addresses.
In summary, these are the most important results of the current A10 Threat Intelligence Report:
Portmap before SNMP and SSDP
Portmap was also considered for the first time in the study by A10 Networks. With more than 1,8 million DDoS tools recorded in Q2 2020, the service made it to the top of the Threat Intelligence Report. SNMP and SSDP follow closely behind with almost 1,7 million located DDoS tools - however, due to their high amplification factor and more difficult mitigation, these currently represent the more dangerous threat.
The full report also includes data on the prevalence of DNS resolver and TFTP DDoS tools.
Leading countries of origin of DDoS attacks - USA ahead of China and Korea
An additional look at Portmap reveals that the USA, with almost 1,6 million DDoS tools, is at the forefront of the leading countries of origin of DDoS attacks - ahead of China (1,4 million), Korea (776.000), Russia (696.000 ) and India (284.000).
These DDoS attack tools can be used to launch Portmap-based DDoS attacks that use servers with the UDP-based Portmapper protocol for use in reflected amplification attacks. This triggers a much larger number of server responses than the original requests.
Leading countries operating DDoS botnet agents
DDoS botnet agents are used to spread the malware they are infected with to other computers, servers and IoT devices and bring them under control in order to initiate further attacks. The report shows that the following countries host the most DDoS botnet agents:
- China (15 percent)
- Vietnam (12 percent)
- Taiwan (9 percent)
Understanding the origin of these attacks can help companies plan their protection against DDoS attacks more effectively.
Insights into attack tools and methods to protect against DDoS attacks
The report is based on around 10 million individual source IP addresses and enables a detailed view of the attack tools and methods as well as the countries of origin of DDoS attacks that define the current threat landscape. In the second quarter of this year, the specialists at A10 Networks analyzed the attackers who are under the control of the DDoS botnet Command and Control (C2), discovered new malware using honeypots and searched the Internet for unprotected sources of attack for reflected amplification -Attacks searched.
As the frequency, intensity, and complexity of DDoS attacks continue to grow, organizations have the opportunity to take a proactive approach to protecting against DDoS attacks. Security teams can create black lists of IP addresses suspected of running DDoS botnets and potentially compromised servers. Combined with real-time threat detection and automated signature extraction, this strategy can help companies fend off even the largest multi-vector DDoS attacks.
More on this at a10networks.com
Via A10 Networks A10 Networks (NYSE: ATEN) provides secure application services for on-premises, multi-cloud and edge-cloud environments at hyperscale speeds. The company enables service providers and companies to deliver business-critical applications that are secure, available and efficient for the transformation to multi-cloud and 5G. A10 Networks enables better business results that support investment protection, new business models and future-proof infrastructures, and enable customers to deliver a secure and accessible digital experience. A10 Networks was founded in 2004, is based in San Jose, California, and serves customers worldwide. More information is available at www.a10networks.com and @ A10Networks.