Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

China most attacked country by DDoS in Q2 2017

Adrian M. Reodique | Aug. 23, 2017
Other Asian countries including South Korea and Hong Kong were also listed among the top countries with highest number of DDoS attacks from April to June.

DDoS attack in Q2 2017
Credit: Kaspersky Lab 

China remained as the most attacked country by Distributed Denial of Service (DDoS) schemes for second quarter (Q2) of 2017, according to the botnet DDoS report by Kaspersky Lab experts.

The Digital Attack Map of Google Ideas and Arbor Networks described a DDoS attack as an attempt to make an online service unavailable by pushing traffic to it from multiple sources.

Majority of DDoS attacks (58.07 percent) recorded by Kaspersky Lab from April to June of this year were targeted at China. This indicated a 2.96 percentage point increase from 55.11 percent in the first quarter.

Besides China, other Asian countries including South Korea (14.17 percent) and Hong Kong (2.38 percent) were also listed among the top 10 countries with highest number of DDoS attacks in Q2.

The top 10 countries with highest number of DDoS attacks from April to June 2017. Screenshot from Kaspersky Lab's botnet DDoS report. (Click for larger image). 

Meanwhile, Kaspersky Lab recorded the longest DDoS attack in the quarter that lasted for 277 hours. More countries were also affected with DDoS attacks with 86 in Q2 compared to 72 in Q1.

In addition, ransom DDoS or RDoS became more prominent in the second quarter. RDoS refers to the use of DDoS attack to extort money.

Kaspersky Lab said RDoS attackers usually send a message first to their target company demanding 5 to 200 Bitcoin. If the organisation refuses to pay, the cybercriminals will threaten to launch a DDoS attack on the victim's important web resources. The threats are also accompanied with short-term DDoS attacks to demonstrate the cybercriminals' capabilities.

In other cases, cybercriminals send out a mere ransom message, without demonstrative DDoS attack, to a horde of companies, thus threatening them to launch an attack if they do not pay.

"Nowadays, it's not just experienced teams of hi-tech cybercriminals that can be Ransom DDoS-attackers. Any fraudster who doesn't even have the technical knowledge or skill to organise a full-scale DDoS attack can purchase a demonstrative attack for the purpose of extortion," said Kirill Ilganaev, Head of Kaspersky DDoS Protection at Kaspersky Lab.

A report by Kaspersky Lab last March found that DDoS service available in the black market merely cost US$5 for a 300-second attack. This can go up to US$400 for 24-hour DDoS attack.

"These people are mostly picking unsavvy companies that don't protect their resources from DDoS in any way and therefore, can be easily convinced to pay ransom with a simple demonstration," added Ilganaev.

However, the security company warned organisations that paying the ransom may only open them with other future cyberattacks.

"If a victim company decides to pay, it may bring long-term damage in addition to instant monetary losses. A 'payer' reputation spreads fast through the networks and may provoke further attacks from other cybercriminals," said Kaspersky Lab.


Sign up for CIO Asia eNewsletters.