“Q4 2016 was rich in noteworthy DDoS attacks against a broad range of targets.”
Researchers at Kaspersky have found that unsecure Internet of Things could have led to a sharp increase in the strength of cyber-attacks.
The cyber security firm noticed a 292 hour-long Distributed Denial of Service (DDoS) attack during the fourth quarter of 2016, a figure which is a major increase on the longest attack of the previous quarter which lasted 184 hours.
The Kaspersky report, ‘DDoS attacks in Q4 2016’, outlines four main trends. These included the increasing use of Internet of Things (IoT) botnets to carry out DDoS attacks, examples of the use of this method are the attacks on Russian banks in fourth quarter 2016, indicating the volume and potential of this type of attack.
WordPress pingback attacks also became extremely common by the fourth quarter of 2016, especially in light of their comparative infrequency in the first quarter. Kaspersky said that they were ‘extremely rare at the start of 2016’, but ended up occupying a ‘substantial amount of the DDoS attack market’.
Kaspersky also noticed that in the instance of a WordPress pingback attack, ‘encryption greatly complicates filtering and increases the malicious potential of this type of attack’.
The research also shows an increasing interest in targeting countries resources, with the figure reaching 80 in the fourth quarter, contrasting 67 in the previous. This figure represents increasing formidability of cyber-attacks, and their ability to affect infrastructure. An example of this form of threat could be the mass power outages across the Ukraine in December 2016, which in January 2017 were found to be the result of a cyber-attack .
Speaking to SC Media, the senior vice president at Kaspersky Lab North America Michael Canavan said: “Overall, Q4 2016 was rich in noteworthy DDoS attacks against a broad range of targets, including Dyn’s Domain Name System, Deutsche Telekom and some of Russia’s largest banks”.
South Korea, China and the US remained leaders in terms of the number of targets, and the number of targets detected. The report said that 71.6% of targeted resources were located in China.
Canavan said in regard to prevention of this new threat that “companies can migrate public resources to another IP address, adjust a firewall to fight SYN flood attacks and relocate business critical applications to the cloud or a separate public subnet”.