Compared to the third quarter of 2020, the total number of distributed denial of service (DDoS) attacks worldwide increased by almost 24 percent, while the total number of smart, targeted attacks grew by 31 percent compared to the same period last year.
In addition, the Kaspersky analysis shows that both bots and botnet servers are very active in Germany. Targets included pandemic control resources, government organizations, game developers, and well-known cybersecurity publications.
DDoS attacks - many bots and botnet servers in Germany
DDoS attacks aim to overwhelm a network server with service requests, so that it crashes and users are denied access, which leads to service disruptions. So-called “smart” DDoS attacks are more sophisticated and often more targeted; they are used not only to disrupt services, but also to make certain resources inaccessible or to steal money.
Compared to the third quarter of 2020, the total number of DDoS attacks increased by almost 24 percent and the total number of “intelligent” attacks increased by 31 percent. Both types of attacks also increased compared to Q2021 40,8, with the largest percentage of the attacked resources (8.825 percent) being in the US, followed by Hong Kong and mainland China. In fact, as of August, Kaspersky had a record XNUMX DDoS attacks in a single day.
The Mēris botnet was particularly successful
Some of the most noticeable large-scale DDoS attacks last quarter used a new, powerful botnet called Mēris, which can send a tremendous number of requests per second. This botnet was identified in attacks on two of the most popular cybersecurity publications - Krebs on Security and InfoSecurity Magazine.
Further findings for the third quarter of 2021
- There have been a number of politically motivated attacks in Europe and Asia, as well as attacks on game developers. The attackers also targeted resources related to combating the pandemic.
- Cyber criminals have also targeted telecommunications providers in Canada, the US and the UK with ransomware attacks. The attackers presented themselves as members of the ransomware group REvil and shut down the company's servers to pressure them to pay the requested ransom.
- A highly unusual, complex DDoS attack against a state university took place over a period of several days. The attackers were after university applicants' online accounts and chose an attack vector that made the resource completely inaccessible. The attack continued even after the filtering started, which is rare.
- Most of the C&C botnet servers were in the United States (43,44 percent), followed by Germany (10,75 percent) and the Netherlands (9,25 percent).
- Most of the active bots that attacked Kaspersky SSH honeypots in order to add them to their botnets operated from China (30,69 percent), the United States (12,59 percent) and Germany (5,58 percent).
"In the past few years we have seen the cryptomining and DDoS attack groups compete for resources as many botnets can be used for both," said Alexander Gutnikov, security expert at Kaspersky. “While we previously saw a decline in DDoS attacks as the value of the cryptocurrency increased, we are now seeing a reallocation of resources. DDoS resources are in demand and attacks are profitable. We assume that the number of DDoS attacks will continue to rise in the fourth quarter, especially since DDoS attacks are traditionally particularly high at the end of the year. "
More at Kaspersky.com
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/