South Korea Is No.1 Top Source Of DDoS Attacks

 

South Korea has taken the top spot as the largest origin point for DDoS attacks in 2016.
 
Imperva has documented DDoS attacks coming out of South Korea at a rate nearly triple that of Russia, which came in second. In fact, South Korea attained a proportion of global DDoS responsibility greater than the next three countries combined.

DDoS attacks are one of the more popular tools in the hacker's toolkit. DDoS, or distributed denial of service attacks, work by essentially flooding the target with traffic. Attackers will normally employ botnets to do this, making it seem as though millions of people are all visiting the same site at exactly the same second.

Though a favourite of hacktivists, the attack is also employed by cyber-criminals, often using it as a smokescreen to distract defenders while stealing information from the parts of networks that are left undefended. The blackmail group DD4BC, for example, would relentlessly DDoS websites until the unfortunate victims coughed up a couple of bitcoins.

Ewan Lawson, a Royal United Services Institute fellow and expert in cyber-security, offered insight as to why South Korea might have reached this zenith. Lawson told SCMagazineUK.com, “It feels like it is in part a reflection of the networked nature of South Korea, but there are other countries with similar degrees of penetration or greater.”

South Korea has one of the highest internet penetration rates in the world and also enjoys one of the faster internet speeds, last year rated at an average of 23.6 Mbps. “It would therefore suggest”, said Lawson, “that there is some vulnerability in the gateways and/or servers that are being exploited by the DDoS enabling malware.”

Igal Zeifman, senior manager at Imperva, told SC, “As a rule, botnets thrive either in regions with high Internet connectivity or in emerging Internet markets with a high prevalence of unsecured connected devices.”
Zeifman added, “South Korea certainly fits the former scenario, with botnet shepherds benefiting from the organic evolution in connection speeds—something that also improves the attacking (upload) capabilities of compromised devices.”

Botnets have been growing rapidly in South Korea over the past year. The South Korean DDoS activity primarily comes from two botnets - Nitol and PCRat - both of which offer remote control over the infected devices. 
Where they differ is their attack traffic signatures, Zeifman told SC. Nitol, for example, is a Chinese botnet and will probably send out attack disguised as search engine crawlers from Baidu, an immensely popular Chinese website.

Jarno Limnell, professor of cyber-security at Aalto university in Finland, explained to SC that both of these botnets are Windows based: “A typical 'member' of a botnet is, therefore, a Windows PC. The easiest way to do it - non-updated (and possibly illegal) Windows with the appropriate vulnerability. I guess that in South Korea there a lot of these kind of PCs available to build botnets.”

Russia and Ukraine came second and third respectively. Though beaten by South Korea, Zeifman told SC that the two countries owe much of their increased activity to “the emergence of new botnets built out of Windows OS devices compromised with the Generic!BT malware”.

Zeifman added this may be indicative of poor security in those countries: “The fact that a known, and pretty outdated, type of malware is successfully being used points to inefficient security measures on the part of device owners.”

Meanwhile, and perhaps unsurprisingly, the United States was the most DDoSed country in the world over the last quarter, far outpacing the combined total of the other nine most DDoSed countries.

Some of the report's other findings included the fact that DDoS attacks, are “upping their game” when it comes to botnets. Imperva's report says this, “this was best exemplified by an increase in the number of DDoS bots with an ability to slip through standard security challenges, commonly used to filter out attack traffic.”

Over the first quarter of this year, the number of these kinds of bots “mushroomed” from 6.1 percent to 36.6 percent, as a proportion of total bots.

What makes them different is that some of these bots can hold cookies while others can spot javascript, making for a deadly combination.

DDoS attackers are also narrowing their gazes. Imperva notes that while DDoS attacks may have once been brutish and crude, the company is seeing far more finesse in the deployment. Attackers have been experimenting with new methods and vectors, which the reports says suggests “that more perpetrators are now re-prioritising and crafting attacks to take down DDoS mitigation solutions, rather than just the target.” 
SC Magazine: http://bit.ly/1VJIbDQ

 

« Driverless Trucks Are On The Way.
Fear This Man And His Hacking Empire »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CloudEndure

CloudEndure

CloudEndure offers Disaster Recovery and Continuous Replication for the Cloud.

IronScales

IronScales

IronScales combines human intelligence with machine learning to automatically prevent, detect and respond to email phishing attacks.

RedShield Security

RedShield Security

RedShield is the world's first web application shielding-with-a-service company.

GrrCON

GrrCON

GrrCON is an information security and hacking conference that provides the Midwest InfoSec community with a fun atmosphere to come together and engage with like minded people.

Atlantic Security Conference (AtlSecCon)

Atlantic Security Conference (AtlSecCon)

Atlantic Security Conference is a non-profit, annual, information security conference located in Halifax, Nova Scotia, Canada.

DarkOwl

DarkOwl

DarkOwl provides the world’s largest index of darknet content and the tools to efficiently find leaked or otherwise compromised sensitive data.

Calyptix Security

Calyptix Security

Calyptix Security helps small and medium offices secure their networks so they can raise profits, protect investments, and control technology.

Stealth-ISS Group

Stealth-ISS Group

Stealth–ISS Group is your extended IT, cyber security, risk and compliance team, providing strategic guidance, engineering and audit services, along with technical remediation and security operations.

Dhound

Dhound

Dhound is a cybersecurity company providing web application penetration testing.

Fortified Health Security

Fortified Health Security

Fortified’s team of cybersecurity specialists is dedicated to helping healthcare providers, payers and business associates protect their patient data across the Fortified Healthcare Ecosystem.

Trusted Cyber Solutions

Trusted Cyber Solutions

Trusted Cyber Solutions is an independent Cyber Security and Risk Management consultancy.

CrossCountry Consulting

CrossCountry Consulting

CrossCountry Consulting is a trusted business advisory firm that provides customized finance, accounting, human capital management, risk, operations and technology consulting services.

e-Xpert Solutions

e-Xpert Solutions

e-Xpert Solutions is a company specialized in the Information Security field since 2001. Our skills are strong technical expertise and the development of tailor-made solutions.

NormCyber

NormCyber

NormCyber provide award-winning cyber security and data protection as a service for midsize organisations.

Seedcamp

Seedcamp

Seedcamp identify and invest early in world-class founders attacking large and global markets through disruptive technology in areas including AI, cybersecurity, and Fintech.

Geobridge

Geobridge

Geobridge was one of the first information security solutions providers to support cryptography and payment applications for payment processors, financial institutions and retail organizations.