72% of Botnet DDoS Attacks’ Victims Are Located in 10 countries, Kaspersky Lab’s Stats Shows

According to the Kaspersky DDoS Intelligence statistics for Q2 of 2015, three-quarters of resources attacked via botnets are located in just 10 countries. The undisputed leadership of the United States and China is explained by the cheap hosting in these countries. However, the changes in the other positions of the ranking and the growing number of countries affected by this type of attack prove that no territory is secured against DDoS.

In the second quarter of 2015, the number of countries where the attacked resources were located increased from 76 to 79. Meanwhile, 72% of the victims were located in just 10 countries. However, this figure decreased compared to the previous period, with 9 out of 10 victims in the Top 10 in Q1.

Q2’s Top 10 included Croatia, while the Netherlands left the ranking. China and the US kept their leading positions; South Korea pushed Canada down from third place. This was caused by a burst of activity of botnets, most of which targeted South Korea. In addition, the proportion of attacks on resources in Russia and Canada decreased compared to the previous quarter.

“The social engineering techniques, the appearance of new types of devices with Internet access, software vulnerabilities and underestimation of the importance of anti-malware protection contribute to the spread of bots and the increase in the number of DDoS attacks. Thus, completely different companies are at risk regardless of their location, size or type of activities. The list of victims protected from DDoS attacks by Kaspersky Lab in the second quarter of 2015 included government organizations, financial institutions, mass media and even educational institutions", commented Evgeny Vigovsky, Head of Kaspersky DDoS Protection, Kaspersky Lab.

The Kaspersky DDoS Intelligence statistics also showed noticeable fluctuations in the amount of botnet-based DDoS by time. For example, a sharp increase in the number of attacks fell within the first week of May, while the lowest activity occurred during the end of June. The peak quantity of attacks per day (1960) was registered on May 7. The most “quiet” day was June 25 with only 73 recorded attacks. At the same time, the longest DDoS attack of the quarter lasted for 205 hours (8.5 days).

Regarding the technology of carrying out attacks, the cybercriminals involved in developing DDoS botnets are increasingly investing in creating botnets of network devices such as routers and dsl modems. These changes threaten a growth in the number of DDoS attacks using botnets in the future.

Since nowadays few companies can do without any online resources (email, web services, a website, etc.), blocking its work by a DDoS attack may cause significant business risks and financial losses. That is why Kaspersky Lab recommends all companies ensure the safety of their services in advance. When choosing a solution to protect a company’s IT infrastructure against DDoS attacks, it is better to focus on the vendors that are well-established in the IT security market. For example, Kaspersky DDoS Protection combines the company’s many years of expertise in the field of protection against online threats and its own technological developments that help safeguard an attacked resource on any territory.

To learn more about the principles behind Kaspersky DDoS Protection, read this document. The full version of the report on the data received from the Kaspersky DDoS Intelligence monitoring system is available at Securelist.com.