Kaspersky: PHL among sources of DDoS cyberattacks in 2011

The Philippines was one of 23 countries linked to 90 percent of distributed denial-of-service (DDoS) attacks in the second half of 2011, computer security firm Kaspersky Lab disclosed Thursday.

 

Kaspersky Lab experts Maria Garnaeva and Yury Namestnikov said the DDoS attacks are getting more powerful, with themost intense attack 20 percent stronger than in the first half of the year.

 

A graph posted on their blog showed that of the 23 countries, the Philippines accounted for two percent of the attacks - the same as China, Bulgaria, Ireland, Peru, Indonesia, Vietnam, Serbia, Turkey, Argentina and Romania.

 

"The attacks were launched from computers located in 201 countries around the world, including the Philippines that contributed 2 percent of the total attacks," they added.

 

Namestnikov said countries with 2- to 4-percent share of recorded DDoS attacks were mostly used as “zombies” or secondary locations for launching DDoS attacks.

 

Also, they said the countries accounting for two to four percent of all DDoS attacks also changed from the first half of 2011.

 

While only three countries with high levels of computer penetration and IT security - Ireland (2%), the United States (3%) and Poland (4%) - are in the group, the remaining generators of junk traffic were "infected computers" in developing countries.

 

In developing countries, they said "the number of computers per capita is much smaller, while IT security is not particularly strong."

 

57 percent increase

 

Kaspersky noted a "staggering" 57-percent increase in the number of DDoS attacks as cybercriminals continue to target global stock exchanges, small businesses, and even utilize political unrests.

 

This figure may increase in the coming months of 2012, Namestnikov and Garnaeva warned.

 

"Given the demand for DDoS attacks, owners of this illegal business will take care to improve their technologies. The architecture of the zombie networks used for DDoS attacks will get more complicated and P2P networks will displace centralized botnets. In addition, according to current research, in 2012 cybercriminals will look for new ways of conducting DDoS attacks without using botnets," they added.

 

The two noted DDoS attacks are used as an act of protest as well as a highly effective tool for exerting pressure on competitors.

 

"It comes as no surprise therefore that online trade (online shops, auctions, message boards for sale ads etc.) was most frequently targeted, with the sites in this segment suffering 25 percent of all registered attacks" they added.

 

Shift from conventional attacks

 

Kaspersky noted that, despite the relative simplicity of these techniques, researchers have noted a recent shift away from conventional DDoS attacks using large amounts of traffic, to attacks that lead to exploiting substantial resources on the server under attack.

 

This makes it possible to launch effective DDoS attacks with minimum effort from the attacker such as using large botnets.

 

Namestnikov also said large botnets attract the attention of anti-DDoS projects and law enforcement agencies, which can make such botnets much less attractive to cybercriminals.

 

"(W)e are not going to see really large DDoS botnets in 2012. Our radars will show mostly medium-size botnets, which are powerful enough to take down an average website, and such botnets are going to become more numerous,” Namestnikov said. — TJD, GMA News