The Philippines breaks in the chart as among the 23 countries worldwide that contributed to 90 percent of all DDoS (distributed denial of service) attacks in the second half of 2011, according to a recent report by Kaspersky Lab, a leading secure content and threat management solutions developer.
Kaspersky Lab experts Maria Garnaeva and Yury Namestnikov said in a blog in Securelist, the DDoS attacks are getting more powerful and the most intense attack was 20% stronger compared to the first half of the year.
The attacks were launched from computers located in 201 countries around the world, including the Philippines that contributed 2% of the total attacks.
The number of DDoS attacks increased with a staggering 57% as cybercriminals continue to target global stock exchanges, small businesses, and even utilize political unrests. This figure may increase in the coming months of 2012, Namestnikov and Garnaeva warned.
"DDoS attacks are used as an act of protest as well as a highly effective tool for exerting pressure on competitors. It comes as no surprise therefore that online trade (online shops, auctions, message boards for sale ads etc.) was most frequently targeted, with the sites in this segment suffering 25% of all registered attacks" they added.
Namestnikov said that countries with 2% to 4% share of recorded DDoS attacks were mostly used as "zombies" or secondary locations for launching DDoS attacks. "The geographical distribution of DDoS attack sources has changed. At the end of the first half of 2011, the top positions in the ranking were occupied by the United States (11%), Indonesia (5%) and Poland (5%). The second half of the year has produced several new leaders: Russia (16%), Ukraine (12%), Thailand (7%) and Malaysia (6%)."
The experts also explained that despite the relative simplicity of these techniques, researchers have recently noted a shift away from conventional DDoS attacks using large amounts of traffic, to attacks that lead to exploiting substantial resources on the server under attack.This makes it possible to launch effective DDoS attacks with minimum effort from the attacker, i.e. without using large botnets.
Securelist defined DDoS attack as broadly similar to a DoS (denial of service) attack, which is to flood a server with more network traffic than it is able to handle. This prevents the server from carrying out its normal functions and in some circumstances crashes the server completely. A DDoS attack differs only in the fact that the attack is conducted using multiple machines.
DDoS attacks were also conducted against businesses, including travel company websites. Unknown groups conducted these attacks during the summer season when travel was at its peak, as well as Christmas and New Year holidays.
"This is a perfectly logical progression," said Namestnikov, Senior Malware Analyst at Kaspersky Lab. "Large botnets attract the attention of anti-DDoS projects and law enforcement agencies, which can make such botnets much less attractive to cybercriminals. They will have to increase the power of attacks by using several botnets targeting one resource at once.That is why we are not going to see really large DDoS botnets in 2012. Our radars will show mostly medium-size botnets, which are powerful enough to take down an average website, and such botnets are going to become more numerous."