Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

Chinese Telecom DDoS Attack Breaks Record

A distributed denial of service siege spanning more than 11 days broke a DDoS record for the year, according to a report from Kaspersky Lab.

DDoS attackers launched a 277-hour attack against a Chinese telecom company in the second quarter of 2017, registering a 131% hourly increase compared to the longest attack recorded earlier this year, according to a report released this week by Kaspersky Lab.

The 2017 DDoS Intelligence Report, which culls data from botnets detected and analyzed by Kaspersky Lab, says that the Chinese telecom siege that spanned more than 11 days is also, so far, a record for the year, demonstrating that long-lasting DDoS attacks have re-emerged.

But pinpointing the reason for this rise is difficult. "There is no explanation why the length grew – such fluctuation happens from time to time," says Oleg Kupreev, lead malware and anti-botnet analyst for Kaspersky Lab.

The most powerful attack that the Kaspersky report notes occurred in the second quarter. It was 20GB per second, Kupreev says, adding that it lasted about an hour and used the connectionless User Datagram Protocol (UDP). Usually, most UDP flood attackers are not more than 4GB per second, he says.

According to a Corero Network Security report, low-volume DDoS attacks still represent a majority of the sieges against networks.

DDoS Attack Footprint Expands

During the second quarter, the number of countries facing DDoS attacks jumped to 86 countries verses 72 in the first quarter, according to the report. The top 10 countries hit with attacks include the US, China, South Korea, Hong Kong, UK, Russia, Italy, France, Canada, and the Netherlands.  

"Online resources in one country can often be located on servers in another country – mostly in China, US, South Korea, and this is why these countries are always among the most targeted," Kupreev says.

Italy posted a 10-fold increase in DDoS attacks while the Netherlands experienced a 1.5x increase, which pushed Vietnam and Denmark off the top 10 list, according to the Kaspersky report.

Ransom Without DDoS Attacks Rise

A popular twist to ransom DDoS attack threats emerged in the second quarter, says Kupreev. Cybercrimminals would distribute their ransom threats to pay up or face a DDoS attack to a large group of companies, he says. But rather than send a short-term DDoS attack to show they mean business, no demo is sent with the hope that the company will pay the ransom on the threat alone, he explains.

"Any fraudster who doesn’t even have the technical knowledge or skill to organize a full-scale DDoS attack can purchase a demonstrative attack for the purpose of extortion," adds Kirill Ilganaev, head of Kaspersky DDoS Protection at Kaspersky Lab. "These people are mostly picking unsavvy companies that don’t protect their resources from DDoS in any way and therefore, can be easily convinced to pay ransom with a simple demonstration."

Despite a growing interest by cyberthieves to conduct a DDoS-less ransom scheme or a full-fledge DDoS Ransom attack, Kupreev says he does not expect this form of extortion to overtake normal DDoS attacks anytime soon.

"The share of 'normal' DDoS attacks will always outnumber RDDoS, as there are many other reasons behind DDoS attacks in addition to money extortion: unfair competition, political struggle, hacktivism, smokescreening etc.," Kupreev says. "Moreover, unavailability of online resources for many companies can be even more damaging than [the] amount of extortion."

Related Content:

 

 

Dawn Kawamoto is an Associate Editor for Dark Reading, where she covers cybersecurity news and trends. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET's ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
jklingel296
50%
50%
jklingel296,
User Rank: Apprentice
10/4/2017 | 11:40:07 AM
More facts about the Chinese telecom company?
Hello,

Does anybody have more facts about the unnamed Chinese telecom company, the damage done by the DDoS attack, and the attackers? I searched the Internet and found nothing.

Best regards

Jan Klingel

 
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
Firms Improve Threat Detection but Face Increasingly Disruptive Attacks
Robert Lemos, Contributing Writer,  2/20/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9351
PUBLISHED: 2020-02-23
An issue was discovered in SmartClient 12.0. If an unauthenticated attacker makes a POST request to /tools/developerConsoleOperations.jsp or /isomorphic/IDACall with malformed XML data in the _transaction parameter, the server replies with a verbose error showing where the application resides (the a...
CVE-2020-9352
PUBLISHED: 2020-02-23
An issue was discovered in SmartClient 12.0. Unauthenticated exploitation of blind XXE can occur in the downloadWSDL feature by sending a POST request to /tools/developerConsoleOperations.jsp with a valid payload in the _transaction parameter.
CVE-2020-9353
PUBLISHED: 2020-02-23
An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) loadFile provided by the console functionality on the /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall) URL is affected by unauthenticated Local File Inclusion via directory-traversal sequences in the elem XML ...
CVE-2020-9354
PUBLISHED: 2020-02-23
An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) saveFile provided by the console functionality on the /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall) URL allows an unauthenticated attacker to overwrite files via vectors involving an XML comment and /.. pat...
CVE-2020-9355
PUBLISHED: 2020-02-23
danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalation because extra options are mishandled.