South Korea Is No.1 Top Source Of DDoS Attacks

 

South Korea has taken the top spot as the largest origin point for DDoS attacks in 2016.
 
Imperva has documented DDoS attacks coming out of South Korea at a rate nearly triple that of Russia, which came in second. In fact, South Korea attained a proportion of global DDoS responsibility greater than the next three countries combined.

DDoS attacks are one of the more popular tools in the hacker's toolkit. DDoS, or distributed denial of service attacks, work by essentially flooding the target with traffic. Attackers will normally employ botnets to do this, making it seem as though millions of people are all visiting the same site at exactly the same second.

Though a favourite of hacktivists, the attack is also employed by cyber-criminals, often using it as a smokescreen to distract defenders while stealing information from the parts of networks that are left undefended. The blackmail group DD4BC, for example, would relentlessly DDoS websites until the unfortunate victims coughed up a couple of bitcoins.

Ewan Lawson, a Royal United Services Institute fellow and expert in cyber-security, offered insight as to why South Korea might have reached this zenith. Lawson told SCMagazineUK.com, “It feels like it is in part a reflection of the networked nature of South Korea, but there are other countries with similar degrees of penetration or greater.”

South Korea has one of the highest internet penetration rates in the world and also enjoys one of the faster internet speeds, last year rated at an average of 23.6 Mbps. “It would therefore suggest”, said Lawson, “that there is some vulnerability in the gateways and/or servers that are being exploited by the DDoS enabling malware.”

Igal Zeifman, senior manager at Imperva, told SC, “As a rule, botnets thrive either in regions with high Internet connectivity or in emerging Internet markets with a high prevalence of unsecured connected devices.”
Zeifman added, “South Korea certainly fits the former scenario, with botnet shepherds benefiting from the organic evolution in connection speeds—something that also improves the attacking (upload) capabilities of compromised devices.”

Botnets have been growing rapidly in South Korea over the past year. The South Korean DDoS activity primarily comes from two botnets - Nitol and PCRat - both of which offer remote control over the infected devices. 
Where they differ is their attack traffic signatures, Zeifman told SC. Nitol, for example, is a Chinese botnet and will probably send out attack disguised as search engine crawlers from Baidu, an immensely popular Chinese website.

Jarno Limnell, professor of cyber-security at Aalto university in Finland, explained to SC that both of these botnets are Windows based: “A typical 'member' of a botnet is, therefore, a Windows PC. The easiest way to do it - non-updated (and possibly illegal) Windows with the appropriate vulnerability. I guess that in South Korea there a lot of these kind of PCs available to build botnets.”

Russia and Ukraine came second and third respectively. Though beaten by South Korea, Zeifman told SC that the two countries owe much of their increased activity to “the emergence of new botnets built out of Windows OS devices compromised with the Generic!BT malware”.

Zeifman added this may be indicative of poor security in those countries: “The fact that a known, and pretty outdated, type of malware is successfully being used points to inefficient security measures on the part of device owners.”

Meanwhile, and perhaps unsurprisingly, the United States was the most DDoSed country in the world over the last quarter, far outpacing the combined total of the other nine most DDoSed countries.

Some of the report's other findings included the fact that DDoS attacks, are “upping their game” when it comes to botnets. Imperva's report says this, “this was best exemplified by an increase in the number of DDoS bots with an ability to slip through standard security challenges, commonly used to filter out attack traffic.”

Over the first quarter of this year, the number of these kinds of bots “mushroomed” from 6.1 percent to 36.6 percent, as a proportion of total bots.

What makes them different is that some of these bots can hold cookies while others can spot javascript, making for a deadly combination.

DDoS attackers are also narrowing their gazes. Imperva notes that while DDoS attacks may have once been brutish and crude, the company is seeing far more finesse in the deployment. Attackers have been experimenting with new methods and vectors, which the reports says suggests “that more perpetrators are now re-prioritising and crafting attacks to take down DDoS mitigation solutions, rather than just the target.” 
SC Magazine: http://bit.ly/1VJIbDQ

 

« Driverless Trucks Are On The Way.
Fear This Man And His Hacking Empire »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Security Industry Association (SIA)

Security Industry Association (SIA)

The SIA's mission is to be a catalyst for success​ within the global security industry through information, insight and influence.

Experian

Experian

Experian provide software solutions to help organizations prevent identity fraud and crime.

NetDiligence

NetDiligence

NetDiligence is a privately-held cyber risk assessment and data breach services company.

Berwick Partners

Berwick Partners

Berwick Partners’ Cyber Security Practice is a leading recruiter of senior management positions in this field; we have an exceptional understanding of the constantly changing Cyber landscape.

LinOTP

LinOTP

LinOTP is an enterprise level, innovative, flexible and versatile OTP-platform for strong authentication.

S4x Events

S4x Events

S4x are the most advanced and largest ICS cyber security events in the world.

Brace168

Brace168

Specialising in Cyber Security incident identification and response, Brace168 is uniquely positioned to provide a vast experience in managed security services to meet the needs of all business types.

ImmuniWeb

ImmuniWeb

We Simplify, Accelerate and Reduce Costs of Security Testing, Protection and Compliance.

Cynomi

Cynomi

Cynomi is a leading strategic cybersecurity operations platform that automates cybersecurity knowledge and expertise to empower teams with little to no in-house expertise.

Imageware

Imageware

Imageware is a leader in biometric cybersecurity. Protect against costly, damaging ransomware hacks by employing biometric cybersecurity solutions.

Mr Backup (MRB)

Mr Backup (MRB)

MRB offers Data Protection as a Service for businesses looking to reduce the time, cost and complexity of securing your company data.

ID R&D

ID R&D

ID R&D is an award-winning provider of AI-based facial liveness, document liveness, and voice biometrics.

Infinavate

Infinavate

Infinavate Fort CyberVault offers end-to-end services that comprehensively responds to the organization’s information security and privacy needs.

CloudDefense.AI

CloudDefense.AI

CloudDefense.AI is an industry-leading multi-layered Cloud Native Application and Protection Platform (CNAPP) that safeguards your cloud infrastructure and cloud-native apps,

Tamnoon

Tamnoon

Tamnoon is the Managed Cloud Detection and Response platform that helps you turn CNAPP and CSPM alerts into action and fortify your cloud security posture.

PlanNet 21 Communications

PlanNet 21 Communications

PlanNet 21 Communications is Ireland most specialised technology solution provider.