Mumbai: According to a new global research from security experts at Symantec, India topped the global top 50 ranking of countries that have witnessed the highest volume of ‘originating DDoS traffic’, with 26 percent of all DDoS traffic originating from the country, followed by the USA with 17 percent.
“The sources for DoS attacks are often countries that have a high number of bot infected machines and a low adoption rate of filtering of spoofed packets. While this does not mean that the people behind the attack are located in India, as the attacks are often orchestrated remotely; it is a reflection of India emerging as a hotbed to launch these attacks, potentially because of the low cyber security awareness, lack of adequate security practices and infrastructure” said Tarun Kaura, Director, Technology Sales at Symantec India.
The research titled, “The Continued Rise of DDoS Attacks,” was conducted by Symantec’s Security Response team of engineers and analysts who evaluated the global data between the period of January to August 2014 based on the Symantec™ Global Intelligence Network, which is made up of more than 41.5 million attack sensors and records thousands of events per second in over 157 countries and territories.
- Increase of Linux server hijacking for DDoS botnets: 2014 saw an increase in the compromise of Linux servers, including those from cloud providers. These high bandwidth servers are then used as part of a botnet to perform DDoS attacks.
- DDoS services for hire for less than $5 USD: So called “Booter” services can be hired for as little as INR 300 ($5 USD) to perform DDoS attacks for a few minutes against any target. Longer attacks can be bought for larger prices. They also offer monthly subscription services, often used by gamers to take down competitors.
- As the most attacked sector globally, the gaming industry experiences nearly 46 percent of attacks, followed by the software and media sectors
- While it’s not happening on a broad scale now, it’s likely we’ll see an increase in DDoS attacks originating from mobile and IoT devices in the future
DDoS attacks, whilst not a new attack vector, have proven to be effective and sometimes devastating for organizations. The attacks attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. A Domain Name Server (DNS) amplification attack is a popular form of DDoS, which floods a publically available target system with DNS response traffic. Symantec’s research indicates that DNS amplification attacks have increased by 183 percent from January to August 2014.
Symantec’s research further highlighted the motivations behind the popularity of DDoS Attacks, indicating it has become the method of choice for hacktivists and cyber gangs. Other motivations have been linked to: financial blackmail with the threat of taking the business offline personal grudge; and as a diversion technique to distract IT security response teams while a targeted attack is conducted.
Best practices include:
- Have an incident response plan ready, know who to call
- Verify server configuration, protect your server
- Use a layered filtering approach, partner with external service providers
- Build in scalability and flexibility
- Know your normal network behavior