Linux Botnets Dominate the DDoS Landscape

Datetime:2016-08-22 21:40:38          Topic: DDOS           Share

Linux botnets accounted for 70.2 percent of all DDoS attacks initiated in Q2 2016, according to statistics released by Kaspersky Lab's most recent edition of its DDoS Intelligence Report .

This is not a surprising fact, taking into account that in the previous three months, security researchers have unearthed a DDoS-capable botnet of over 25,000 DVR s running Linux-based firmware, another Linux-based botnet that leverages home routers, and over 100 different botnets based on LizardStresser , a tool developed by the infamous Lizard Squad, also targeting Linux-based IoT equipment.

IoT botnets to continue to grow

"It is possible that by the end of this year the world will have heard about some even more 'exotic' botnets, including vulnerable IoT devices," Kaspersky's team writes in its report.

Nevertheless, the number is a little higher than previously expected, Linux botnets accounting for 44.5 percent in Q1 2016, 54.8 percent in Q4 2015 , and 45.6 percent in Q3 2015.

Besides the proliferation of insecure IoT devices that have simplified the task of searching and building a botnet, Linux bots are also the most appropriate tool for launching damaging SYN DDoS attacks, which was this quarter's most popular method of DDoS attacks overall, followed by TCP, HTTP, ICMP and UDP floods.

77.4% of all DDoS attacks targeted China

As for the source of the attacks, 77.4 percent of all the targeted resources were based in China. In fact, 97.3 percent of all attacks targeted only ten countries, such as China, South Korea, the US, the Ukraine, Vietnam, Russia, Hong Kong, France, Japan, and the Netherlands.

When it comes to the countries where most botnet C&C servers were located, South Korea led the way, hosting 69.6 percent of all command and control infrastructure. South Korea was followed at a huge distance by China (8.1 percent), the US (7.1 percent), Russia (4.5 percent), and Brazil (2.3 percent).

In Q2, the timeline of DDoS attacks was uneven, with a slow April and May, and a very busy June, with one day in June when Kaspersky detected 1,676 different DDoS attacks.

The longest attack lasted for 291 hours, which beat Q1's record of 197 hours. That's just about 12 days of constant DDoS attacks, which most likely caused a huge downtime and lots of financial losses to the company that received all the junk traffic.

Distribution of DDoS attacks by country, Q1 2016 vs. Q2 2016





About List