SlideShare ist ein Scribd-Unternehmen logo

Statistics on botnet-assisted DDoS attacks in Q1 2015

Kaspersky
Kaspersky

The number of botnet-assisted DDoS attacks has declined in Q1 2015 against Q4 2014; so has the number victims of these attacks. At the same time, this type of threat has grown to target more countries. Historically, most attacks target web resources located in the USA and China, as these two countries offer the cheapest prices for web hosting, and many web resources are located there. However, the 10 most frequently attacked targets also include victims from Europe and the APAC region. These statistics demonstrate that botnet-assisted DDoS attacks are relevant for most diverse web resources irrespective of their geographic location. Moreover, this threat is increasingly expanding its boundaries. The cybercriminals who use botnets to carry out DDoS attacks are willing to persevere: the longest DDoS attack reported in Q1 2015 lasted for about 6 days, and the most frequently attacked web resource survived 21 attacks within the three month period. However, study shows that even a short, one-off attack may render an unprotected web resource inoperable. One such attack may cost the victim up to $444,000, not including the reputational damage associated with the unsatisfied users who failed to receive the service they expected. Internet security companies make their contribution to combating DDoS attacks and botnets: among other things, they detect new pieces of malware and add signatures for them to the appropriate databases, protect servers from being compromised, protect computers against infections, curb C&C server activities, etc. Nevertheless, DDoS attacks remain a very popular tool with cybercriminals, so companies must take proactive care of their security. A junk traffic filtration service will allow an online resource to remain accessible for legitimate users even during a long and powerful attack.

Internet
1 von 14
Downloaden Sie, um offline zu lesen
STATISTICS ON BOTNET-ASSISTED DDOS ATTACKS IN Q1 2015 www.kaspersky.com
Botnet DDoS attacks in Q1 2015 April 20152 Methodology 3 Main findings 4 Geography of attacks 5 Time variations in the number of DDoS attacks 7 Types and duration of DDoS attacks 9 C&C servers and botnet types 10 Conclusion 11 Glossary 12 CONTENTS
Botnet DDoS attacks in Q1 2015 April 20153 A DDoS (Distributed Denial of Service) attack is one of the techniques mostly often used by cybercriminals. It is intended to reduce an information system, typically a website, to a state where it cannot be accessed by legitimate users. One popular DDoS scenario is a botnet-assisted attack. Kaspersky Lab has long-standing, recognized expertise in combatting cyberthreats, including DDoS attacks of different types and varying degrees of complexity. The company’s experts, in particular, monitor botnet activity with the help of the DDoS Intelligence system (a part of Kaspersky DDoS Protection solution), which allows them to continuously improve our DDoS attack protection technologies. The DDoS Intelligence system is based on analyzing commands that arrive to botnets from C&C servers; it does not require a bot to be present on a user device, nor commands from the C&C server to be executed. There are different approaches to analyzing DDoS activity. One of these is to focus on attacks against specific web resources, typically those belonging to clients protected against DDoS attacks by security service providers. However, the analysis of botnet activity in this report provides a different view of this problem, compared to the individual client-based approach. This report presents DDoS Intelligence statistics collected from 1 January to 31 March 2015 (or Q1 2015), which is analyzed in comparison with the equivalent data collected within the previous 3-month period (1 October to 31 December 2014, or Q4 2014). In this report, a single DDoS attack is defined as an incident during which there was no break in botnet activity lasting longer than 24 hours. Thus, if the same web resource was attacked by the same botnet after a 24-hour gap that would be regarded as two separated DDoS attacks. Attacks on the same web resource from two different botnets are also regarded as individual attacks. The geographical distribution of DDoS victims and command & control servers is determined according to their IP addresses. In this report, the number of the unique DDoS targets is defined based on the number of unique IP addresses reported in the quarterly statistics. It is important to note that DDoS Intelligence statistics are limited to those botnets that were detected and analyzed by Kaspersky Lab. It should also be borne in mind that botnets are only one of the tools for carrying out DDoS attacks; thus, the data presented in this report does not cover every last DDoS attack that has occurred within the specified time period. METHODOLOGY
Botnet DDoS attacks in Q1 2015 April 20154 • In Q1 2015, 23,095 botnet-assisted DDoS attacks were reported, which is 11% lower than the 25,929 attacks in Q4 2014. • There were 12,281 unique victims of DDoS attacks in Q1 2015, which is 8% lower than the 13,312 victims in Q4 2014. • China, the USA and Canada were the countries that faced the largest number of DDoS attacks. • The most prolonged DDoS attack in Q1 2015 lasted for 140 hours (or about 6 days). The most frequently attacked resource faced 21 attacks within the 3 months. • In Q1 2015, SYN DDoS and HTTP DDoS were the most common scenarios for botnet- assisted DDoS attacks. MAIN FINDINGS
Botnet DDoS attacks in Q1 2015 April 20155 In Q1 2015, 23,095 DDoS attacks were reported, targeting web resources in 76 countries. The number of attacks was down 11% against Q4 2014 (25,929). There was an increase (76 against 66 in Q4 2014) in the number of countries where DDoS targets were located. Most DDoS attacks targeted web resources in China, the USA and Canada – this was no change from Q4 2014. There were some changes in the order of the 10 most frequently attacked countries, but there were no new additions to that list. Figure 1. The 10 most frequently attacked countries in Q4 2014 and Q1 2015 As seen in the above diagram, there has been a significant decrease in the number of attacks against the web resources in China and the United States of America; however, there was an increase in the number of attacks against Canadian servers. There was also an increase in the number of attacks against web resources in Russia, South Korea and France. If we consider the number of DDoS attack victims in each country, the top 10 looks the same as the previous one. In Q1 2015, botnets attacked a total of 12,281 victims, which is 8% lower than the 13,312 targets in Q4 2014. GEOGRAPHY OF ATTACKS
Botnet DDoS attacks in Q1 2015 April 20156 Figure 2. TOP 10 countries with the highest numbers of unique DDoS victims in Q4 2014 and Q1 2015 In Russia, South Korea and France, the number of attacked web resources has increased compared with Q4 2014, and so did the number of attacks on all targets located in these countries. In Canada, the number of attacks has increased, but the number of targets has decreased, which suggests that cybercriminals are more actively attacking a limited number of web resources in the country. The fact that China and the USA lead the two rankings, both in terms of numbers of DDoS attacks and in numbers of victims, is explained by the relatively low web hosting prices in these two countries that encourage many companies to use hosting providers there. In in Q1 2015, the maximum number of attacks carried out on the same web resource reached 21: Number of DDoS attacks The targeted web resource 21 A Russian-language web-site (a group of investment companies) 16 A Vietnamese web-site (wedding services provider) 15 A hosting provider in the USA Figure 3. TOP 3 most frequently attacked web resources in Q1 2015 Although China, the USA and Canada sustained the highest number of DDoS attacks in Q1 2015, the top two most frequently attacked web resources were respectively a Russian and a Vietnamese web-site. Only one of the top three, a US hosting provider, is based in the most frequently attacked trio of countries.
Botnet DDoS attacks in Q1 2015 April 20157 In Q1 2015, there were substantial time variations in the numbers of DDoS attacks1 . In late January there was a peak in botnet activity and the low point came in mid-February. Figure 4. Number of DDoS attacks over time in Q1 2015 As seen in the chart below, last December saw a dramatic increase in the number of botnet-assisted DDoS attacks. The number of attacks declined steadily through January and February, but then began to rise again in March. The December peak could be linked to the Christmas / Near Year holidays, when the cybercriminals redoubled their efforts to disrupt the operation of websites and services popular with users. 1 DDoS attacks may last for several days. In this graph, the same attack may be counted several times along the timeline, i.e. one time for each day of its duration. This results in a larger total number of DDoS attacks (30,064) than if each uninterrupted attack is counted as one (23,095). TIME VARIATIONS IN THE NUMBER OF DDOS ATTACKS
Botnet DDoS attacks in Q1 2015 April 20158 Figure 5. Monthly numbers of DDoS attacks in Q4 2014 and Q1 2015. In Q1, Thursday became the most active day of the week in terms of numbers of botnet- assisted DDoS attacks, rather than Monday in Q4 2014. Sunday remains the quietest day for cybercriminals. Figure 6. Numbers of DDoS attacks performed on each day of the week in Q4 2014 and Q1 2015
Botnet DDoS attacks in Q1 2015 April 20159 The duration and the scenario of a DDoS attack are among its most important characteristics, as they define the extent of the damage inflicted on the target. Within the analyzed time period, the vast majority of attacks lasted less than 24 hours. In Q4 2014, some attacks lasted for up to two weeks; in Q1 2014, there were no attacks that would last this long. Attack duration, hours Number of targets in Q4 2014 Number of targets in Q1 2015 150+ 5 0 100-149 8 3 50-99 299 121 20-49 735 433 10-19 1679 703 5-9 2161 1426 Less than 4 8425 9594 The type of a DDoS attack is defined by the format of junk requests sent to the target web resource. SYN DDoS was the most popular method of performing a DDoS attack in Q1 2015, just like in Q4 2014. TCP DDoS attacks were overtaken by HHTP DDoS attacks in second place. Figure 8. The most frequently used types of DDoS attacks in Q4 2014 and Q1 2015 TYPES AND DURATION OF DDOS ATTACKS
Botnet DDoS attacks in Q1 2015 April 201510 The C&C servers used by cybercriminals to control botnets may be located in different countries. Their locations are not typically related to the cybercriminals’ physical location(s) or to the geographic distributions of the botnets controlled via these C&C servers. The USA, China and the UK host the largest numbers of C&C servers that were active in Q1 2015. In Q1 2015, just like in Q4 2014, bots designed to infect Linux servers were more active than those targeting Windows devices. At the same time, there was virtually no change in the number of attacks launched using Windows botnets, while the number of attacks from Linux botnets has decreased. Although there are far fewer Linux-based botnets, the number of attacks launched from them is larger than that of the attacks launched from Windows-based botnets; also, the attacks from Linux-based botnets are more powerful. This is because a successful infection of a Linux-based server provides the cybercriminals with vast opportunities to manipulate network protocols. In addition, infected servers typically have faster internet connections than individual computers, so more powerful attacks can be carried out. Besides, Linux-based botnets have much longer lives than Window-based botnets do. This is because Linux-based botnets are more difficult to detect and deactivate, since Linux servers are much less likely than Windows-based servers and devices to be equipped with dedicated security solutions. It should be also pointed out that 93.2% DDoS targets in Q1 were attacked by just one family of bots. In 6.2% cases, two families of bots simultaneously participated in an attack, and three or more participated in 0.6% cases. In such cases, either the cybercriminals simultaneously used several different bot families to perform the attack, or the clients used the services of several attackers at once. C&C SERVERS AND BOTNET TYPES Figure 9. Numbers of botnet C&C servers by country, Q1 2015 Figure 10. The number of attacks launched from Windows and Linux botnets in Q4 2014 and Q1 2015
Botnet DDoS attacks in Q1 2015 April 201511 The number of botnet-assisted DDoS attacks has declined in Q1 2015 against Q4 2014; so has the number victims of these attacks. At the same time, this type of threat has grown to target more countries. Historically, most attacks target web resources located in the USA and China, as these two countries offer the cheapest prices for web hosting, and many web resources are located there. However, the 10 most frequently attacked targets also include victims from Europe and the APAC region. These statistics demonstrate that botnet-assisted DDoS attacks are relevant for most diverse web resources irrespective of their geographic location. Moreover, this threat is increasingly expanding its boundaries. The cybercriminals who use botnets to carry out DDoS attacks are willing to persevere: the longest DDoS attack reported in Q1 2015 lasted for about 6 days, and the most frequently attacked web resource survived 21 attacks within the three month period. However, study shows that even a short, one-off attack may render an unprotected web resource inoperable. One such attack may cost the victim up to $444,000, not including the reputational damage associated with the unsatisfied users who failed to receive the service they expected. Internet security companies make their contribution to combating DDoS attacks and botnets: among other things, they detect new pieces of malware and add signatures for them to the appropriate databases, protect servers from being compromised, protect computers against infections, curb C&C server activities, etc. Nevertheless, DDoS attacks remain a very popular tool with cybercriminals, so companies must take proactive care of their security. A junk traffic filtration service will allow an online resource to remain accessible for legitimate users even during a long and powerful attack. LINKS THAT MAY BE OF INTEREST: The botnet ecosystem The economics of Botnets IT Security Risks survey 2014: DDoS Kaspersky DDoS Protection webpage Kaspersky DDoS Protection whitepaper CONCLUSION
Botnet DDoS attacks in Q1 2015 April 201512 A bot is a malicious program that performs various actions at a cybercriminal’s command. A family of bots is an aggregate of bots sharing the same source code. In other words, these are different versions of the same bot, even if they are serviced by different C&C servers. A botnet is an aggregate of devices infected with the same bot that is serviced by the same C&C server. Cybercriminals distribute special malicious programs which turn servers, computers or mobile devices into remotely managed ‘zombies’ (or bots). A C&C (command and control) server is a server used by cybercriminals to send orders to bots and to receive reports from them. In the case of a DDoS attack, cybercriminals command bots to simultaneously send requests directly to the targeted web resource or via third-party servers, and thus carry out a ‘distributed attack’. SYN DDoS is an aggregate of DDoS attack scenarios which exploit peculiarities in the implementation of the TCP (Transmission Control Protocol). A TCP connection is established in three steps, which resembles the process of a handshake. The client sends a packet with the SYN flag. The server receives the SYN packet and replies with a packet with the headers SYN and ACK. Then the client sends an ACK packet, and thus validates the connection. In a SYN flood attack, the attacker sends packets with a SYN flag but does not require a response packet with SYN+ACK flags to establish a connection; this causes the targeted server to waste resources on processing these requests and sending response packets. TCP DDoS is an aggregate of attack scenarios which, just like a SYN flood, exploit peculiarities in the implementation of the TCP protocol, but establish a connection to the targeted server. In a TCP flood-type attack, once the handshake procedure is completed successfully, the attacker side uses the established connection to send a lot of junk data, or send junk data in a very slow fashion. This overloads the attacked server, so it cannot allocate resources to legitimate users. ICMP DDoS is an aggregate of attack scenarios using the ICMP (Internet Control Message Protocol). This protocol is normally used to send messages about errors or other exceptional situations that occur while transmitting data. In the case of an attack, the attacker sends plenty of ICMP requests to the victim side, forcing it to use its computational resources to process junk requests in place of legitimate requests. UDP DDoS is an aggregate of attack scenarios that use UDP (User Datagram Protocol), which does not require a connection to be established. The attacker sends plenty of UDP packets to the victim’s side. Each packet requires processing resources from the targeted server and its communication equipment; this overloads the victim’s computational resources. GLOSSARY
Botnet DDoS attacks in Q1 2015 April 201513 HTTP DDoS includes all types of DDoS attacks which have web applications as their target. While carrying out an attack, the attacker may send simple GET/POST requests to the main page of the web application as well as non-typical requests, such as requests to search for information in the web application’s database, execute scripts on the web server side, etc. Extra headers or cookie files may be inserted in the request body; this is done to bypass the filters that determine a legitimate user by the presence of cookie files. Besides, the attacker may open the browser on an infected device in order to imitate the activities of a regular website visitor, and thus prevent the security systems on the victim side from detecting bots in the general visitor traffic.
© 2015 Kaspersky Lab. All rights reserved. Registered trademarks and service marks are the property of their respective owners. Lotus and Domino are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. Linuxis the registered trademark of Linus Torvalds in the U.S. and other countries. Google is a registered trademark of Google, Inc. Kaspersky Lab, Moscow, Russia www.kaspersky.com All about Internet security: www.securelist.com Facebook.com/ Kaspersky Twitter.com/ KasperskyLabB2B Youtube.com/ Kaspersky Find a partner near you: www.kaspersky.com/buyoffline Business.kaspersky. com Linkedin.com/company/ kaspersky-lab

Empfohlen

Business Benefits of Drupal 8: Empower Digital Innovation with the Newest Ver...
Business Benefits of Drupal 8: Empower Digital Innovation with the Newest Ver...Business Benefits of Drupal 8: Empower Digital Innovation with the Newest Ver...
Business Benefits of Drupal 8: Empower Digital Innovation with the Newest Ver...Acquia
 
Kaspersky Lab's Corporate Presentation - our Values, Business, Solutions
Kaspersky Lab's Corporate Presentation - our Values, Business, SolutionsKaspersky Lab's Corporate Presentation - our Values, Business, Solutions
Kaspersky Lab's Corporate Presentation - our Values, Business, SolutionsKaspersky
 
Syrian Malware
Syrian MalwareSyrian Malware
Syrian MalwareKaspersky
 
Supply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy SectorSupply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy SectorKaspersky
 
Kaspersky Endpoint Security for Business 2015
Kaspersky Endpoint Security for Business 2015Kaspersky Endpoint Security for Business 2015
Kaspersky Endpoint Security for Business 2015Kaspersky
 
The Motives, Means and Methods of Cyber-Adversaries
The Motives, Means and Methods of Cyber-AdversariesThe Motives, Means and Methods of Cyber-Adversaries
The Motives, Means and Methods of Cyber-AdversariesKaspersky
 
Headless Drupal, Singapore Drupal Meetup
Headless Drupal, Singapore Drupal MeetupHeadless Drupal, Singapore Drupal Meetup
Headless Drupal, Singapore Drupal MeetupPratomo Ardianto
 
Introducing Acquia Content Hub: Take Control of Your Content Chaos
Introducing Acquia Content Hub: Take Control of Your Content ChaosIntroducing Acquia Content Hub: Take Control of Your Content Chaos
Introducing Acquia Content Hub: Take Control of Your Content ChaosAcquia
 

Empfohlen

Business Benefits of Drupal 8: Empower Digital Innovation with the Newest Ver...
Business Benefits of Drupal 8: Empower Digital Innovation with the Newest Ver...Business Benefits of Drupal 8: Empower Digital Innovation with the Newest Ver...
Business Benefits of Drupal 8: Empower Digital Innovation with the Newest Ver...Acquia
 
Kaspersky Lab's Corporate Presentation - our Values, Business, Solutions
Kaspersky Lab's Corporate Presentation - our Values, Business, SolutionsKaspersky Lab's Corporate Presentation - our Values, Business, Solutions
Kaspersky Lab's Corporate Presentation - our Values, Business, SolutionsKaspersky
 
Syrian Malware
Syrian MalwareSyrian Malware
Syrian MalwareKaspersky
 
Supply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy SectorSupply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy SectorKaspersky
 
Kaspersky Endpoint Security for Business 2015
Kaspersky Endpoint Security for Business 2015Kaspersky Endpoint Security for Business 2015
Kaspersky Endpoint Security for Business 2015Kaspersky
 
The Motives, Means and Methods of Cyber-Adversaries
The Motives, Means and Methods of Cyber-AdversariesThe Motives, Means and Methods of Cyber-Adversaries
The Motives, Means and Methods of Cyber-AdversariesKaspersky
 
Headless Drupal, Singapore Drupal Meetup
Headless Drupal, Singapore Drupal MeetupHeadless Drupal, Singapore Drupal Meetup
Headless Drupal, Singapore Drupal MeetupPratomo Ardianto
 
Introducing Acquia Content Hub: Take Control of Your Content Chaos
Introducing Acquia Content Hub: Take Control of Your Content ChaosIntroducing Acquia Content Hub: Take Control of Your Content Chaos
Introducing Acquia Content Hub: Take Control of Your Content ChaosAcquia
 
Mb Portfolio 20091201
Mb Portfolio 20091201Mb Portfolio 20091201
Mb Portfolio 20091201x10architecture
 
Use Content to Enhance Your Commerce Experience
Use Content to Enhance Your Commerce ExperienceUse Content to Enhance Your Commerce Experience
Use Content to Enhance Your Commerce ExperienceAcquia
 
Responsive & Ready: Why Drupal 8 is Ideal for Building Mobile-first Experienc...
Responsive & Ready: Why Drupal 8 is Ideal for Building Mobile-first Experienc...Responsive & Ready: Why Drupal 8 is Ideal for Building Mobile-first Experienc...
Responsive & Ready: Why Drupal 8 is Ideal for Building Mobile-first Experienc...Acquia
 
Drupal 8 Deep Dive: What It Means for Developers Now that REST Is in Core
Drupal 8 Deep Dive: What It Means for Developers Now that REST Is in Core Drupal 8 Deep Dive: What It Means for Developers Now that REST Is in Core
Drupal 8 Deep Dive: What It Means for Developers Now that REST Is in Core Acquia
 
Entities 101: Understanding Data Structures in Drupal
Entities 101: Understanding Data Structures in DrupalEntities 101: Understanding Data Structures in Drupal
Entities 101: Understanding Data Structures in DrupalAcquia
 
The Empire Strikes Back
The Empire Strikes BackThe Empire Strikes Back
The Empire Strikes BackKaspersky
 
Applied progressive decoupling weather.com, angular, and drupal
Applied progressive decoupling weather.com, angular, and drupalApplied progressive decoupling weather.com, angular, and drupal
Applied progressive decoupling weather.com, angular, and drupalAcquia
 
Build Mobile Applications with Headless Drupal 8 - DrupalConAsia 2016
Build Mobile Applications with Headless Drupal 8 - DrupalConAsia 2016Build Mobile Applications with Headless Drupal 8 - DrupalConAsia 2016
Build Mobile Applications with Headless Drupal 8 - DrupalConAsia 2016Prateek Jain
 
What Is a Cloud-first Headless CMS
What Is a Cloud-first Headless CMSWhat Is a Cloud-first Headless CMS
What Is a Cloud-first Headless CMSKentico Software
 
Going Global 101: How to Manage Your Websites Worldwide Using Drupal
Going Global 101: How to Manage Your Websites Worldwide Using DrupalGoing Global 101: How to Manage Your Websites Worldwide Using Drupal
Going Global 101: How to Manage Your Websites Worldwide Using DrupalAcquia
 
The Future of a Content-Driven World: How To Prepare Your Team
The Future of a Content-Driven World: How To Prepare Your TeamThe Future of a Content-Driven World: How To Prepare Your Team
The Future of a Content-Driven World: How To Prepare Your TeamAcquia
 
Introducing Workspace Preview System: Solve Your Content Preview Problems
Introducing Workspace Preview System: Solve Your Content Preview ProblemsIntroducing Workspace Preview System: Solve Your Content Preview Problems
Introducing Workspace Preview System: Solve Your Content Preview ProblemsAcquia
 
From Stone Age-worthy Sites to Cohesive Content: How Trinity University is Us...
From Stone Age-worthy Sites to Cohesive Content: How Trinity University is Us...From Stone Age-worthy Sites to Cohesive Content: How Trinity University is Us...
From Stone Age-worthy Sites to Cohesive Content: How Trinity University is Us...Acquia
 
How Wilson Sporting Goods Is Changing the Game with Experiential Commerce
How Wilson Sporting Goods Is Changing the Game with Experiential Commerce How Wilson Sporting Goods Is Changing the Game with Experiential Commerce
How Wilson Sporting Goods Is Changing the Game with Experiential CommerceAcquia
 
Acquia Content Hub: Connect Technologies & Extend Systems to Source Content
Acquia Content Hub: Connect Technologies & Extend Systems to Source ContentAcquia Content Hub: Connect Technologies & Extend Systems to Source Content
Acquia Content Hub: Connect Technologies & Extend Systems to Source ContentAcquia
 
How to Successfully Implement Headless Drupal
How to Successfully Implement Headless DrupalHow to Successfully Implement Headless Drupal
How to Successfully Implement Headless DrupalAcquia
 
Updating the Salesforce Suite to Drupal 8: Major Changes for a Big Module
Updating the Salesforce Suite to Drupal 8: Major Changes for a Big ModuleUpdating the Salesforce Suite to Drupal 8: Major Changes for a Big Module
Updating the Salesforce Suite to Drupal 8: Major Changes for a Big ModuleAcquia
 
Open Y: One Digital Platform for all YMCAs
Open Y: One Digital Platform for all YMCAsOpen Y: One Digital Platform for all YMCAs
Open Y: One Digital Platform for all YMCAsAcquia
 
Decoupled Drupal Showcase: Using Drupal to Power Digital Signage
Decoupled Drupal Showcase: Using Drupal to Power Digital SignageDecoupled Drupal Showcase: Using Drupal to Power Digital Signage
Decoupled Drupal Showcase: Using Drupal to Power Digital SignageAcquia
 
A Future-Focused Digital Platform with Drupal 8
A Future-Focused Digital Platform with Drupal 8A Future-Focused Digital Platform with Drupal 8
A Future-Focused Digital Platform with Drupal 8Acquia
 
A look at current cyberattacks in Ukraine
A look at current cyberattacks in UkraineA look at current cyberattacks in Ukraine
A look at current cyberattacks in UkraineKaspersky
 
The Log4Shell Vulnerability – explained: how to stay secure
The Log4Shell Vulnerability – explained: how to stay secureThe Log4Shell Vulnerability – explained: how to stay secure
The Log4Shell Vulnerability – explained: how to stay secureKaspersky
 

Weitere ähnliche Inhalte

Andere mochten auch

Use Content to Enhance Your Commerce Experience
Use Content to Enhance Your Commerce ExperienceUse Content to Enhance Your Commerce Experience
Use Content to Enhance Your Commerce ExperienceAcquia
 
Responsive & Ready: Why Drupal 8 is Ideal for Building Mobile-first Experienc...
Responsive & Ready: Why Drupal 8 is Ideal for Building Mobile-first Experienc...Responsive & Ready: Why Drupal 8 is Ideal for Building Mobile-first Experienc...
Responsive & Ready: Why Drupal 8 is Ideal for Building Mobile-first Experienc...Acquia
 
Drupal 8 Deep Dive: What It Means for Developers Now that REST Is in Core
Drupal 8 Deep Dive: What It Means for Developers Now that REST Is in Core Drupal 8 Deep Dive: What It Means for Developers Now that REST Is in Core
Drupal 8 Deep Dive: What It Means for Developers Now that REST Is in Core Acquia
 
Entities 101: Understanding Data Structures in Drupal
Entities 101: Understanding Data Structures in DrupalEntities 101: Understanding Data Structures in Drupal
Entities 101: Understanding Data Structures in DrupalAcquia
 
The Empire Strikes Back
The Empire Strikes BackThe Empire Strikes Back
The Empire Strikes BackKaspersky
 
Applied progressive decoupling weather.com, angular, and drupal
Applied progressive decoupling weather.com, angular, and drupalApplied progressive decoupling weather.com, angular, and drupal
Applied progressive decoupling weather.com, angular, and drupalAcquia
 
Build Mobile Applications with Headless Drupal 8 - DrupalConAsia 2016
Build Mobile Applications with Headless Drupal 8 - DrupalConAsia 2016Build Mobile Applications with Headless Drupal 8 - DrupalConAsia 2016
Build Mobile Applications with Headless Drupal 8 - DrupalConAsia 2016Prateek Jain
 
What Is a Cloud-first Headless CMS
What Is a Cloud-first Headless CMSWhat Is a Cloud-first Headless CMS
What Is a Cloud-first Headless CMSKentico Software
 
Going Global 101: How to Manage Your Websites Worldwide Using Drupal
Going Global 101: How to Manage Your Websites Worldwide Using DrupalGoing Global 101: How to Manage Your Websites Worldwide Using Drupal
Going Global 101: How to Manage Your Websites Worldwide Using DrupalAcquia
 
The Future of a Content-Driven World: How To Prepare Your Team
The Future of a Content-Driven World: How To Prepare Your TeamThe Future of a Content-Driven World: How To Prepare Your Team
The Future of a Content-Driven World: How To Prepare Your TeamAcquia
 
Introducing Workspace Preview System: Solve Your Content Preview Problems
Introducing Workspace Preview System: Solve Your Content Preview ProblemsIntroducing Workspace Preview System: Solve Your Content Preview Problems
Introducing Workspace Preview System: Solve Your Content Preview ProblemsAcquia
 
From Stone Age-worthy Sites to Cohesive Content: How Trinity University is Us...
From Stone Age-worthy Sites to Cohesive Content: How Trinity University is Us...From Stone Age-worthy Sites to Cohesive Content: How Trinity University is Us...
From Stone Age-worthy Sites to Cohesive Content: How Trinity University is Us...Acquia
 
How Wilson Sporting Goods Is Changing the Game with Experiential Commerce
How Wilson Sporting Goods Is Changing the Game with Experiential Commerce How Wilson Sporting Goods Is Changing the Game with Experiential Commerce
How Wilson Sporting Goods Is Changing the Game with Experiential CommerceAcquia
 
Acquia Content Hub: Connect Technologies & Extend Systems to Source Content
Acquia Content Hub: Connect Technologies & Extend Systems to Source ContentAcquia Content Hub: Connect Technologies & Extend Systems to Source Content
Acquia Content Hub: Connect Technologies & Extend Systems to Source ContentAcquia
 
How to Successfully Implement Headless Drupal
How to Successfully Implement Headless DrupalHow to Successfully Implement Headless Drupal
How to Successfully Implement Headless DrupalAcquia
 
Updating the Salesforce Suite to Drupal 8: Major Changes for a Big Module
Updating the Salesforce Suite to Drupal 8: Major Changes for a Big ModuleUpdating the Salesforce Suite to Drupal 8: Major Changes for a Big Module
Updating the Salesforce Suite to Drupal 8: Major Changes for a Big ModuleAcquia
 
Open Y: One Digital Platform for all YMCAs
Open Y: One Digital Platform for all YMCAsOpen Y: One Digital Platform for all YMCAs
Open Y: One Digital Platform for all YMCAsAcquia
 
Decoupled Drupal Showcase: Using Drupal to Power Digital Signage
Decoupled Drupal Showcase: Using Drupal to Power Digital SignageDecoupled Drupal Showcase: Using Drupal to Power Digital Signage
Decoupled Drupal Showcase: Using Drupal to Power Digital SignageAcquia
 
A Future-Focused Digital Platform with Drupal 8
A Future-Focused Digital Platform with Drupal 8A Future-Focused Digital Platform with Drupal 8
A Future-Focused Digital Platform with Drupal 8Acquia
 

Andere mochten auch (20)

Mb Portfolio 20091201
Mb Portfolio 20091201Mb Portfolio 20091201
Mb Portfolio 20091201
 
Use Content to Enhance Your Commerce Experience
Use Content to Enhance Your Commerce ExperienceUse Content to Enhance Your Commerce Experience
Use Content to Enhance Your Commerce Experience
 
Responsive & Ready: Why Drupal 8 is Ideal for Building Mobile-first Experienc...
Responsive & Ready: Why Drupal 8 is Ideal for Building Mobile-first Experienc...Responsive & Ready: Why Drupal 8 is Ideal for Building Mobile-first Experienc...
Responsive & Ready: Why Drupal 8 is Ideal for Building Mobile-first Experienc...
 
Drupal 8 Deep Dive: What It Means for Developers Now that REST Is in Core
Drupal 8 Deep Dive: What It Means for Developers Now that REST Is in Core Drupal 8 Deep Dive: What It Means for Developers Now that REST Is in Core
Drupal 8 Deep Dive: What It Means for Developers Now that REST Is in Core
 
Entities 101: Understanding Data Structures in Drupal
Entities 101: Understanding Data Structures in DrupalEntities 101: Understanding Data Structures in Drupal
Entities 101: Understanding Data Structures in Drupal
 
The Empire Strikes Back
The Empire Strikes BackThe Empire Strikes Back
The Empire Strikes Back
 
Applied progressive decoupling weather.com, angular, and drupal
Applied progressive decoupling weather.com, angular, and drupalApplied progressive decoupling weather.com, angular, and drupal
Applied progressive decoupling weather.com, angular, and drupal
 
Build Mobile Applications with Headless Drupal 8 - DrupalConAsia 2016
Build Mobile Applications with Headless Drupal 8 - DrupalConAsia 2016Build Mobile Applications with Headless Drupal 8 - DrupalConAsia 2016
Build Mobile Applications with Headless Drupal 8 - DrupalConAsia 2016
 
What Is a Cloud-first Headless CMS
What Is a Cloud-first Headless CMSWhat Is a Cloud-first Headless CMS
What Is a Cloud-first Headless CMS
 
Going Global 101: How to Manage Your Websites Worldwide Using Drupal
Going Global 101: How to Manage Your Websites Worldwide Using DrupalGoing Global 101: How to Manage Your Websites Worldwide Using Drupal
Going Global 101: How to Manage Your Websites Worldwide Using Drupal
 
The Future of a Content-Driven World: How To Prepare Your Team
The Future of a Content-Driven World: How To Prepare Your TeamThe Future of a Content-Driven World: How To Prepare Your Team
The Future of a Content-Driven World: How To Prepare Your Team
 
Introducing Workspace Preview System: Solve Your Content Preview Problems
Introducing Workspace Preview System: Solve Your Content Preview ProblemsIntroducing Workspace Preview System: Solve Your Content Preview Problems
Introducing Workspace Preview System: Solve Your Content Preview Problems
 
From Stone Age-worthy Sites to Cohesive Content: How Trinity University is Us...
From Stone Age-worthy Sites to Cohesive Content: How Trinity University is Us...From Stone Age-worthy Sites to Cohesive Content: How Trinity University is Us...
From Stone Age-worthy Sites to Cohesive Content: How Trinity University is Us...
 
How Wilson Sporting Goods Is Changing the Game with Experiential Commerce
How Wilson Sporting Goods Is Changing the Game with Experiential Commerce How Wilson Sporting Goods Is Changing the Game with Experiential Commerce
How Wilson Sporting Goods Is Changing the Game with Experiential Commerce
 
Acquia Content Hub: Connect Technologies & Extend Systems to Source Content
Acquia Content Hub: Connect Technologies & Extend Systems to Source ContentAcquia Content Hub: Connect Technologies & Extend Systems to Source Content
Acquia Content Hub: Connect Technologies & Extend Systems to Source Content
 
How to Successfully Implement Headless Drupal
How to Successfully Implement Headless DrupalHow to Successfully Implement Headless Drupal
How to Successfully Implement Headless Drupal
 
Updating the Salesforce Suite to Drupal 8: Major Changes for a Big Module
Updating the Salesforce Suite to Drupal 8: Major Changes for a Big ModuleUpdating the Salesforce Suite to Drupal 8: Major Changes for a Big Module
Updating the Salesforce Suite to Drupal 8: Major Changes for a Big Module
 
Open Y: One Digital Platform for all YMCAs
Open Y: One Digital Platform for all YMCAsOpen Y: One Digital Platform for all YMCAs
Open Y: One Digital Platform for all YMCAs
 
Decoupled Drupal Showcase: Using Drupal to Power Digital Signage
Decoupled Drupal Showcase: Using Drupal to Power Digital SignageDecoupled Drupal Showcase: Using Drupal to Power Digital Signage
Decoupled Drupal Showcase: Using Drupal to Power Digital Signage
 
A Future-Focused Digital Platform with Drupal 8
A Future-Focused Digital Platform with Drupal 8A Future-Focused Digital Platform with Drupal 8
A Future-Focused Digital Platform with Drupal 8
 

Mehr von Kaspersky

A look at current cyberattacks in Ukraine
A look at current cyberattacks in UkraineA look at current cyberattacks in Ukraine
A look at current cyberattacks in UkraineKaspersky
 
The Log4Shell Vulnerability – explained: how to stay secure
The Log4Shell Vulnerability – explained: how to stay secureThe Log4Shell Vulnerability – explained: how to stay secure
The Log4Shell Vulnerability – explained: how to stay secureKaspersky
 
The Log4Shell Vulnerability – explained: how to stay secure
The Log4Shell Vulnerability – explained: how to stay secureThe Log4Shell Vulnerability – explained: how to stay secure
The Log4Shell Vulnerability – explained: how to stay secureKaspersky
 
Алексей Гуревич. Кибербезопасность систем управления современных объектов эле...
Алексей Гуревич. Кибербезопасность систем управления современных объектов эле...Алексей Гуревич. Кибербезопасность систем управления современных объектов эле...
Алексей Гуревич. Кибербезопасность систем управления современных объектов эле...Kaspersky
 
Максим Бородько. Спуфинг GNSS — новая угроза для критической инфраструктуры
Максим Бородько. Спуфинг GNSS — новая угроза для критической инфраструктурыМаксим Бородько. Спуфинг GNSS — новая угроза для критической инфраструктуры
Максим Бородько. Спуфинг GNSS — новая угроза для критической инфраструктурыKaspersky
 
Кирилл Набойщиков. Системный подход к защите КИИ
Кирилл Набойщиков. Системный подход к защите КИИКирилл Набойщиков. Системный подход к защите КИИ
Кирилл Набойщиков. Системный подход к защите КИИKaspersky
 
Вениамин Левцов. Cтратегия трансформации решений Лаборатории Касперского для ...
Вениамин Левцов. Cтратегия трансформации решений Лаборатории Касперского для ...Вениамин Левцов. Cтратегия трансформации решений Лаборатории Касперского для ...
Вениамин Левцов. Cтратегия трансформации решений Лаборатории Касперского для ...Kaspersky
 
Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...
Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...
Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...Kaspersky
 
Мария Гарнаева. Целевые атаки на промышленные компании в 2020/2021
Мария Гарнаева. Целевые атаки на промышленные компании в 2020/2021Мария Гарнаева. Целевые атаки на промышленные компании в 2020/2021
Мария Гарнаева. Целевые атаки на промышленные компании в 2020/2021Kaspersky
 
Дмитрий Правиков. Концепция информационной безопасности «роя» киберфизических...
Дмитрий Правиков. Концепция информационной безопасности «роя» киберфизических...Дмитрий Правиков. Концепция информационной безопасности «роя» киберфизических...
Дмитрий Правиков. Концепция информационной безопасности «роя» киберфизических...Kaspersky
 
Андрей Суворов, Максим Карпухин. Сенсация под микроскопом. Вивисекция первого...
Андрей Суворов, Максим Карпухин. Сенсация под микроскопом. Вивисекция первого...Андрей Суворов, Максим Карпухин. Сенсация под микроскопом. Вивисекция первого...
Андрей Суворов, Максим Карпухин. Сенсация под микроскопом. Вивисекция первого...Kaspersky
 
Глеб Дьяконов. ИИ-видеоаналитика как инструмент корпоративного риск-менеджмен...
Глеб Дьяконов. ИИ-видеоаналитика как инструмент корпоративного риск-менеджмен...Глеб Дьяконов. ИИ-видеоаналитика как инструмент корпоративного риск-менеджмен...
Глеб Дьяконов. ИИ-видеоаналитика как инструмент корпоративного риск-менеджмен...Kaspersky
 
Игорь Рыжов. Проекты по защите АСУ ТП вчера, сегодня, завтра
Игорь Рыжов. Проекты по защите АСУ ТП вчера, сегодня, завтраИгорь Рыжов. Проекты по защите АСУ ТП вчера, сегодня, завтра
Игорь Рыжов. Проекты по защите АСУ ТП вчера, сегодня, завтраKaspersky
 
Александр Карпенко. Уровни зрелости АСУ ТП как объектов защиты и подходы к ун...
Александр Карпенко. Уровни зрелости АСУ ТП как объектов защиты и подходы к ун...Александр Карпенко. Уровни зрелости АСУ ТП как объектов защиты и подходы к ун...
Александр Карпенко. Уровни зрелости АСУ ТП как объектов защиты и подходы к ун...Kaspersky
 
Марина Сорокина. Криптография для промышленных систем
Марина Сорокина. Криптография для промышленных системМарина Сорокина. Криптография для промышленных систем
Марина Сорокина. Криптография для промышленных системKaspersky
 
Александр Лифанов. Платформа граничных вычислений Siemens Industrial Edge: пе...
Александр Лифанов. Платформа граничных вычислений Siemens Industrial Edge: пе...Александр Лифанов. Платформа граничных вычислений Siemens Industrial Edge: пе...
Александр Лифанов. Платформа граничных вычислений Siemens Industrial Edge: пе...Kaspersky
 
Александр Волошин. Киберполигон "Цифровая энергетика". Исследования и разрабо...
Александр Волошин. Киберполигон "Цифровая энергетика". Исследования и разрабо...Александр Волошин. Киберполигон "Цифровая энергетика". Исследования и разрабо...
Александр Волошин. Киберполигон "Цифровая энергетика". Исследования и разрабо...Kaspersky
 
Евгений Дружинин. Как не сломать: что важно учесть перед, в ходе и после реал...
Евгений Дружинин. Как не сломать: что важно учесть перед, в ходе и после реал...Евгений Дружинин. Как не сломать: что важно учесть перед, в ходе и после реал...
Евгений Дружинин. Как не сломать: что важно учесть перед, в ходе и после реал...Kaspersky
 
Алексей Иванов. Реализация проектов АСУ ТП электрических подстанций ​в соотве...
Алексей Иванов. Реализация проектов АСУ ТП электрических подстанций ​в соотве...Алексей Иванов. Реализация проектов АСУ ТП электрических подстанций ​в соотве...
Алексей Иванов. Реализация проектов АСУ ТП электрических подстанций ​в соотве...Kaspersky
 
Олег Шакиров. Дипломатия и защита критической инфраструктуры от киберугроз
Олег Шакиров. Дипломатия и защита критической инфраструктуры от киберугрозОлег Шакиров. Дипломатия и защита критической инфраструктуры от киберугроз
Олег Шакиров. Дипломатия и защита критической инфраструктуры от киберугрозKaspersky
 

Mehr von Kaspersky (20)

A look at current cyberattacks in Ukraine
A look at current cyberattacks in UkraineA look at current cyberattacks in Ukraine
A look at current cyberattacks in Ukraine
 
The Log4Shell Vulnerability – explained: how to stay secure
The Log4Shell Vulnerability – explained: how to stay secureThe Log4Shell Vulnerability – explained: how to stay secure
The Log4Shell Vulnerability – explained: how to stay secure
 
The Log4Shell Vulnerability – explained: how to stay secure
The Log4Shell Vulnerability – explained: how to stay secureThe Log4Shell Vulnerability – explained: how to stay secure
The Log4Shell Vulnerability – explained: how to stay secure
 
Алексей Гуревич. Кибербезопасность систем управления современных объектов эле...
Алексей Гуревич. Кибербезопасность систем управления современных объектов эле...Алексей Гуревич. Кибербезопасность систем управления современных объектов эле...
Алексей Гуревич. Кибербезопасность систем управления современных объектов эле...
 
Максим Бородько. Спуфинг GNSS — новая угроза для критической инфраструктуры
Максим Бородько. Спуфинг GNSS — новая угроза для критической инфраструктурыМаксим Бородько. Спуфинг GNSS — новая угроза для критической инфраструктуры
Максим Бородько. Спуфинг GNSS — новая угроза для критической инфраструктуры
 
Кирилл Набойщиков. Системный подход к защите КИИ
Кирилл Набойщиков. Системный подход к защите КИИКирилл Набойщиков. Системный подход к защите КИИ
Кирилл Набойщиков. Системный подход к защите КИИ
 
Вениамин Левцов. Cтратегия трансформации решений Лаборатории Касперского для ...
Вениамин Левцов. Cтратегия трансформации решений Лаборатории Касперского для ...Вениамин Левцов. Cтратегия трансформации решений Лаборатории Касперского для ...
Вениамин Левцов. Cтратегия трансформации решений Лаборатории Касперского для ...
 
Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...
Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...
Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...
 
Мария Гарнаева. Целевые атаки на промышленные компании в 2020/2021
Мария Гарнаева. Целевые атаки на промышленные компании в 2020/2021Мария Гарнаева. Целевые атаки на промышленные компании в 2020/2021
Мария Гарнаева. Целевые атаки на промышленные компании в 2020/2021
 
Дмитрий Правиков. Концепция информационной безопасности «роя» киберфизических...
Дмитрий Правиков. Концепция информационной безопасности «роя» киберфизических...Дмитрий Правиков. Концепция информационной безопасности «роя» киберфизических...
Дмитрий Правиков. Концепция информационной безопасности «роя» киберфизических...
 
Андрей Суворов, Максим Карпухин. Сенсация под микроскопом. Вивисекция первого...
Андрей Суворов, Максим Карпухин. Сенсация под микроскопом. Вивисекция первого...Андрей Суворов, Максим Карпухин. Сенсация под микроскопом. Вивисекция первого...
Андрей Суворов, Максим Карпухин. Сенсация под микроскопом. Вивисекция первого...
 
Глеб Дьяконов. ИИ-видеоаналитика как инструмент корпоративного риск-менеджмен...
Глеб Дьяконов. ИИ-видеоаналитика как инструмент корпоративного риск-менеджмен...Глеб Дьяконов. ИИ-видеоаналитика как инструмент корпоративного риск-менеджмен...
Глеб Дьяконов. ИИ-видеоаналитика как инструмент корпоративного риск-менеджмен...
 
Игорь Рыжов. Проекты по защите АСУ ТП вчера, сегодня, завтра
Игорь Рыжов. Проекты по защите АСУ ТП вчера, сегодня, завтраИгорь Рыжов. Проекты по защите АСУ ТП вчера, сегодня, завтра
Игорь Рыжов. Проекты по защите АСУ ТП вчера, сегодня, завтра
 
Александр Карпенко. Уровни зрелости АСУ ТП как объектов защиты и подходы к ун...
Александр Карпенко. Уровни зрелости АСУ ТП как объектов защиты и подходы к ун...Александр Карпенко. Уровни зрелости АСУ ТП как объектов защиты и подходы к ун...
Александр Карпенко. Уровни зрелости АСУ ТП как объектов защиты и подходы к ун...
 
Марина Сорокина. Криптография для промышленных систем
Марина Сорокина. Криптография для промышленных системМарина Сорокина. Криптография для промышленных систем
Марина Сорокина. Криптография для промышленных систем
 
Александр Лифанов. Платформа граничных вычислений Siemens Industrial Edge: пе...
Александр Лифанов. Платформа граничных вычислений Siemens Industrial Edge: пе...Александр Лифанов. Платформа граничных вычислений Siemens Industrial Edge: пе...
Александр Лифанов. Платформа граничных вычислений Siemens Industrial Edge: пе...
 
Александр Волошин. Киберполигон "Цифровая энергетика". Исследования и разрабо...
Александр Волошин. Киберполигон "Цифровая энергетика". Исследования и разрабо...Александр Волошин. Киберполигон "Цифровая энергетика". Исследования и разрабо...
Александр Волошин. Киберполигон "Цифровая энергетика". Исследования и разрабо...
 
Евгений Дружинин. Как не сломать: что важно учесть перед, в ходе и после реал...
Евгений Дружинин. Как не сломать: что важно учесть перед, в ходе и после реал...Евгений Дружинин. Как не сломать: что важно учесть перед, в ходе и после реал...
Евгений Дружинин. Как не сломать: что важно учесть перед, в ходе и после реал...
 
Алексей Иванов. Реализация проектов АСУ ТП электрических подстанций ​в соотве...
Алексей Иванов. Реализация проектов АСУ ТП электрических подстанций ​в соотве...Алексей Иванов. Реализация проектов АСУ ТП электрических подстанций ​в соотве...
Алексей Иванов. Реализация проектов АСУ ТП электрических подстанций ​в соотве...
 
Олег Шакиров. Дипломатия и защита критической инфраструктуры от киберугроз
Олег Шакиров. Дипломатия и защита критической инфраструктуры от киберугрозОлег Шакиров. Дипломатия и защита критической инфраструктуры от киберугроз
Олег Шакиров. Дипломатия и защита критической инфраструктуры от киберугроз
 

Kürzlich hochgeladen

Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceDelhi Call girls
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607dollysharma2066
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Call Girls in Nagpur High Profile
 
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663Call Girls Mumbai
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)Damian Radcliffe
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Callshivangimorya083
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...Diya Sharma
 
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girlsstephieert
 
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...aditipandeya
 
Call Girls in Mayur Vihar ✔️ 9711199171 ✔️ Delhi ✔️ Enjoy Call Girls With Our...
Call Girls in Mayur Vihar ✔️ 9711199171 ✔️ Delhi ✔️ Enjoy Call Girls With Our...Call Girls in Mayur Vihar ✔️ 9711199171 ✔️ Delhi ✔️ Enjoy Call Girls With Our...
Call Girls in Mayur Vihar ✔️ 9711199171 ✔️ Delhi ✔️ Enjoy Call Girls With Our...sonatiwari757
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$kojalkojal131
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445ruhi
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girladitipandeya
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...tanu pandey
 

Kürzlich hochgeladen (20)

Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
 
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
 
Call Girls In Noida 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In Noida 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICECall Girls In Noida 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In Noida 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
 
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
 
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
 
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
 
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
 
Call Girls in Mayur Vihar ✔️ 9711199171 ✔️ Delhi ✔️ Enjoy Call Girls With Our...
Call Girls in Mayur Vihar ✔️ 9711199171 ✔️ Delhi ✔️ Enjoy Call Girls With Our...Call Girls in Mayur Vihar ✔️ 9711199171 ✔️ Delhi ✔️ Enjoy Call Girls With Our...
Call Girls in Mayur Vihar ✔️ 9711199171 ✔️ Delhi ✔️ Enjoy Call Girls With Our...
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
 

Statistics on botnet-assisted DDoS attacks in Q1 2015

  • 1. STATISTICS ON BOTNET-ASSISTED DDOS ATTACKS IN Q1 2015 www.kaspersky.com
  • 2. Botnet DDoS attacks in Q1 2015 April 20152 Methodology 3 Main findings 4 Geography of attacks 5 Time variations in the number of DDoS attacks 7 Types and duration of DDoS attacks 9 C&C servers and botnet types 10 Conclusion 11 Glossary 12 CONTENTS
  • 3. Botnet DDoS attacks in Q1 2015 April 20153 A DDoS (Distributed Denial of Service) attack is one of the techniques mostly often used by cybercriminals. It is intended to reduce an information system, typically a website, to a state where it cannot be accessed by legitimate users. One popular DDoS scenario is a botnet-assisted attack. Kaspersky Lab has long-standing, recognized expertise in combatting cyberthreats, including DDoS attacks of different types and varying degrees of complexity. The company’s experts, in particular, monitor botnet activity with the help of the DDoS Intelligence system (a part of Kaspersky DDoS Protection solution), which allows them to continuously improve our DDoS attack protection technologies. The DDoS Intelligence system is based on analyzing commands that arrive to botnets from C&C servers; it does not require a bot to be present on a user device, nor commands from the C&C server to be executed. There are different approaches to analyzing DDoS activity. One of these is to focus on attacks against specific web resources, typically those belonging to clients protected against DDoS attacks by security service providers. However, the analysis of botnet activity in this report provides a different view of this problem, compared to the individual client-based approach. This report presents DDoS Intelligence statistics collected from 1 January to 31 March 2015 (or Q1 2015), which is analyzed in comparison with the equivalent data collected within the previous 3-month period (1 October to 31 December 2014, or Q4 2014). In this report, a single DDoS attack is defined as an incident during which there was no break in botnet activity lasting longer than 24 hours. Thus, if the same web resource was attacked by the same botnet after a 24-hour gap that would be regarded as two separated DDoS attacks. Attacks on the same web resource from two different botnets are also regarded as individual attacks. The geographical distribution of DDoS victims and command & control servers is determined according to their IP addresses. In this report, the number of the unique DDoS targets is defined based on the number of unique IP addresses reported in the quarterly statistics. It is important to note that DDoS Intelligence statistics are limited to those botnets that were detected and analyzed by Kaspersky Lab. It should also be borne in mind that botnets are only one of the tools for carrying out DDoS attacks; thus, the data presented in this report does not cover every last DDoS attack that has occurred within the specified time period. METHODOLOGY
  • 4. Botnet DDoS attacks in Q1 2015 April 20154 • In Q1 2015, 23,095 botnet-assisted DDoS attacks were reported, which is 11% lower than the 25,929 attacks in Q4 2014. • There were 12,281 unique victims of DDoS attacks in Q1 2015, which is 8% lower than the 13,312 victims in Q4 2014. • China, the USA and Canada were the countries that faced the largest number of DDoS attacks. • The most prolonged DDoS attack in Q1 2015 lasted for 140 hours (or about 6 days). The most frequently attacked resource faced 21 attacks within the 3 months. • In Q1 2015, SYN DDoS and HTTP DDoS were the most common scenarios for botnet- assisted DDoS attacks. MAIN FINDINGS
  • 5. Botnet DDoS attacks in Q1 2015 April 20155 In Q1 2015, 23,095 DDoS attacks were reported, targeting web resources in 76 countries. The number of attacks was down 11% against Q4 2014 (25,929). There was an increase (76 against 66 in Q4 2014) in the number of countries where DDoS targets were located. Most DDoS attacks targeted web resources in China, the USA and Canada – this was no change from Q4 2014. There were some changes in the order of the 10 most frequently attacked countries, but there were no new additions to that list. Figure 1. The 10 most frequently attacked countries in Q4 2014 and Q1 2015 As seen in the above diagram, there has been a significant decrease in the number of attacks against the web resources in China and the United States of America; however, there was an increase in the number of attacks against Canadian servers. There was also an increase in the number of attacks against web resources in Russia, South Korea and France. If we consider the number of DDoS attack victims in each country, the top 10 looks the same as the previous one. In Q1 2015, botnets attacked a total of 12,281 victims, which is 8% lower than the 13,312 targets in Q4 2014. GEOGRAPHY OF ATTACKS
  • 6. Botnet DDoS attacks in Q1 2015 April 20156 Figure 2. TOP 10 countries with the highest numbers of unique DDoS victims in Q4 2014 and Q1 2015 In Russia, South Korea and France, the number of attacked web resources has increased compared with Q4 2014, and so did the number of attacks on all targets located in these countries. In Canada, the number of attacks has increased, but the number of targets has decreased, which suggests that cybercriminals are more actively attacking a limited number of web resources in the country. The fact that China and the USA lead the two rankings, both in terms of numbers of DDoS attacks and in numbers of victims, is explained by the relatively low web hosting prices in these two countries that encourage many companies to use hosting providers there. In in Q1 2015, the maximum number of attacks carried out on the same web resource reached 21: Number of DDoS attacks The targeted web resource 21 A Russian-language web-site (a group of investment companies) 16 A Vietnamese web-site (wedding services provider) 15 A hosting provider in the USA Figure 3. TOP 3 most frequently attacked web resources in Q1 2015 Although China, the USA and Canada sustained the highest number of DDoS attacks in Q1 2015, the top two most frequently attacked web resources were respectively a Russian and a Vietnamese web-site. Only one of the top three, a US hosting provider, is based in the most frequently attacked trio of countries.
  • 7. Botnet DDoS attacks in Q1 2015 April 20157 In Q1 2015, there were substantial time variations in the numbers of DDoS attacks1 . In late January there was a peak in botnet activity and the low point came in mid-February. Figure 4. Number of DDoS attacks over time in Q1 2015 As seen in the chart below, last December saw a dramatic increase in the number of botnet-assisted DDoS attacks. The number of attacks declined steadily through January and February, but then began to rise again in March. The December peak could be linked to the Christmas / Near Year holidays, when the cybercriminals redoubled their efforts to disrupt the operation of websites and services popular with users. 1 DDoS attacks may last for several days. In this graph, the same attack may be counted several times along the timeline, i.e. one time for each day of its duration. This results in a larger total number of DDoS attacks (30,064) than if each uninterrupted attack is counted as one (23,095). TIME VARIATIONS IN THE NUMBER OF DDOS ATTACKS
  • 8. Botnet DDoS attacks in Q1 2015 April 20158 Figure 5. Monthly numbers of DDoS attacks in Q4 2014 and Q1 2015. In Q1, Thursday became the most active day of the week in terms of numbers of botnet- assisted DDoS attacks, rather than Monday in Q4 2014. Sunday remains the quietest day for cybercriminals. Figure 6. Numbers of DDoS attacks performed on each day of the week in Q4 2014 and Q1 2015
  • 9. Botnet DDoS attacks in Q1 2015 April 20159 The duration and the scenario of a DDoS attack are among its most important characteristics, as they define the extent of the damage inflicted on the target. Within the analyzed time period, the vast majority of attacks lasted less than 24 hours. In Q4 2014, some attacks lasted for up to two weeks; in Q1 2014, there were no attacks that would last this long. Attack duration, hours Number of targets in Q4 2014 Number of targets in Q1 2015 150+ 5 0 100-149 8 3 50-99 299 121 20-49 735 433 10-19 1679 703 5-9 2161 1426 Less than 4 8425 9594 The type of a DDoS attack is defined by the format of junk requests sent to the target web resource. SYN DDoS was the most popular method of performing a DDoS attack in Q1 2015, just like in Q4 2014. TCP DDoS attacks were overtaken by HHTP DDoS attacks in second place. Figure 8. The most frequently used types of DDoS attacks in Q4 2014 and Q1 2015 TYPES AND DURATION OF DDOS ATTACKS
  • 10. Botnet DDoS attacks in Q1 2015 April 201510 The C&C servers used by cybercriminals to control botnets may be located in different countries. Their locations are not typically related to the cybercriminals’ physical location(s) or to the geographic distributions of the botnets controlled via these C&C servers. The USA, China and the UK host the largest numbers of C&C servers that were active in Q1 2015. In Q1 2015, just like in Q4 2014, bots designed to infect Linux servers were more active than those targeting Windows devices. At the same time, there was virtually no change in the number of attacks launched using Windows botnets, while the number of attacks from Linux botnets has decreased. Although there are far fewer Linux-based botnets, the number of attacks launched from them is larger than that of the attacks launched from Windows-based botnets; also, the attacks from Linux-based botnets are more powerful. This is because a successful infection of a Linux-based server provides the cybercriminals with vast opportunities to manipulate network protocols. In addition, infected servers typically have faster internet connections than individual computers, so more powerful attacks can be carried out. Besides, Linux-based botnets have much longer lives than Window-based botnets do. This is because Linux-based botnets are more difficult to detect and deactivate, since Linux servers are much less likely than Windows-based servers and devices to be equipped with dedicated security solutions. It should be also pointed out that 93.2% DDoS targets in Q1 were attacked by just one family of bots. In 6.2% cases, two families of bots simultaneously participated in an attack, and three or more participated in 0.6% cases. In such cases, either the cybercriminals simultaneously used several different bot families to perform the attack, or the clients used the services of several attackers at once. C&C SERVERS AND BOTNET TYPES Figure 9. Numbers of botnet C&C servers by country, Q1 2015 Figure 10. The number of attacks launched from Windows and Linux botnets in Q4 2014 and Q1 2015
  • 11. Botnet DDoS attacks in Q1 2015 April 201511 The number of botnet-assisted DDoS attacks has declined in Q1 2015 against Q4 2014; so has the number victims of these attacks. At the same time, this type of threat has grown to target more countries. Historically, most attacks target web resources located in the USA and China, as these two countries offer the cheapest prices for web hosting, and many web resources are located there. However, the 10 most frequently attacked targets also include victims from Europe and the APAC region. These statistics demonstrate that botnet-assisted DDoS attacks are relevant for most diverse web resources irrespective of their geographic location. Moreover, this threat is increasingly expanding its boundaries. The cybercriminals who use botnets to carry out DDoS attacks are willing to persevere: the longest DDoS attack reported in Q1 2015 lasted for about 6 days, and the most frequently attacked web resource survived 21 attacks within the three month period. However, study shows that even a short, one-off attack may render an unprotected web resource inoperable. One such attack may cost the victim up to $444,000, not including the reputational damage associated with the unsatisfied users who failed to receive the service they expected. Internet security companies make their contribution to combating DDoS attacks and botnets: among other things, they detect new pieces of malware and add signatures for them to the appropriate databases, protect servers from being compromised, protect computers against infections, curb C&C server activities, etc. Nevertheless, DDoS attacks remain a very popular tool with cybercriminals, so companies must take proactive care of their security. A junk traffic filtration service will allow an online resource to remain accessible for legitimate users even during a long and powerful attack. LINKS THAT MAY BE OF INTEREST: The botnet ecosystem The economics of Botnets IT Security Risks survey 2014: DDoS Kaspersky DDoS Protection webpage Kaspersky DDoS Protection whitepaper CONCLUSION
  • 12. Botnet DDoS attacks in Q1 2015 April 201512 A bot is a malicious program that performs various actions at a cybercriminal’s command. A family of bots is an aggregate of bots sharing the same source code. In other words, these are different versions of the same bot, even if they are serviced by different C&C servers. A botnet is an aggregate of devices infected with the same bot that is serviced by the same C&C server. Cybercriminals distribute special malicious programs which turn servers, computers or mobile devices into remotely managed ‘zombies’ (or bots). A C&C (command and control) server is a server used by cybercriminals to send orders to bots and to receive reports from them. In the case of a DDoS attack, cybercriminals command bots to simultaneously send requests directly to the targeted web resource or via third-party servers, and thus carry out a ‘distributed attack’. SYN DDoS is an aggregate of DDoS attack scenarios which exploit peculiarities in the implementation of the TCP (Transmission Control Protocol). A TCP connection is established in three steps, which resembles the process of a handshake. The client sends a packet with the SYN flag. The server receives the SYN packet and replies with a packet with the headers SYN and ACK. Then the client sends an ACK packet, and thus validates the connection. In a SYN flood attack, the attacker sends packets with a SYN flag but does not require a response packet with SYN+ACK flags to establish a connection; this causes the targeted server to waste resources on processing these requests and sending response packets. TCP DDoS is an aggregate of attack scenarios which, just like a SYN flood, exploit peculiarities in the implementation of the TCP protocol, but establish a connection to the targeted server. In a TCP flood-type attack, once the handshake procedure is completed successfully, the attacker side uses the established connection to send a lot of junk data, or send junk data in a very slow fashion. This overloads the attacked server, so it cannot allocate resources to legitimate users. ICMP DDoS is an aggregate of attack scenarios using the ICMP (Internet Control Message Protocol). This protocol is normally used to send messages about errors or other exceptional situations that occur while transmitting data. In the case of an attack, the attacker sends plenty of ICMP requests to the victim side, forcing it to use its computational resources to process junk requests in place of legitimate requests. UDP DDoS is an aggregate of attack scenarios that use UDP (User Datagram Protocol), which does not require a connection to be established. The attacker sends plenty of UDP packets to the victim’s side. Each packet requires processing resources from the targeted server and its communication equipment; this overloads the victim’s computational resources. GLOSSARY
  • 13. Botnet DDoS attacks in Q1 2015 April 201513 HTTP DDoS includes all types of DDoS attacks which have web applications as their target. While carrying out an attack, the attacker may send simple GET/POST requests to the main page of the web application as well as non-typical requests, such as requests to search for information in the web application’s database, execute scripts on the web server side, etc. Extra headers or cookie files may be inserted in the request body; this is done to bypass the filters that determine a legitimate user by the presence of cookie files. Besides, the attacker may open the browser on an infected device in order to imitate the activities of a regular website visitor, and thus prevent the security systems on the victim side from detecting bots in the general visitor traffic.
  • 14. © 2015 Kaspersky Lab. All rights reserved. Registered trademarks and service marks are the property of their respective owners. Lotus and Domino are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. Linuxis the registered trademark of Linus Torvalds in the U.S. and other countries. Google is a registered trademark of Google, Inc. Kaspersky Lab, Moscow, Russia www.kaspersky.com All about Internet security: www.securelist.com Facebook.com/ Kaspersky Twitter.com/ KasperskyLabB2B Youtube.com/ Kaspersky Find a partner near you: www.kaspersky.com/buyoffline Business.kaspersky. com Linkedin.com/company/ kaspersky-lab