Massive DDoS attack lasts for 277 hours, highlighting growth of extended attacks on businesses

In 2017, Q2 saw a DDoS attack that lasted 277 hours, according to a new report from Kaspersky Lab. Here's how to keep your company safe.

Video: Get ready for RDoS, the next big cybercrime trend TechRepublic's Alison DeNisco explains what happens when companies and organizations are attacked by ransomware chained to massive denial of service attacks.

Extended DDoS attacks are back in business: Q2's longest attack was active for 277 hours, or more than 11 days, according to a new report from Kaspersky Lab. This represents a 131% increase compared to Q1, and a current record for the year.

Further, the geography of these attacks changed from Q1 to Q2, Kaspersky Lab found, with organizations with online resources located in 86 countries targeted, compared to 72 countries prior. The top 10 countries most affected by DDoS attacks this quarter were China, South Korea, the US, Hong Kong, the UK, Russia, Italy, the Netherlands, Canada, and France.

Targets of DDoS attacks in Q2 included news agencies Al Jazeera, Le Monde, and Figaro, as well as Skype servers, reportedly. Increasing cryptocurrency rates also led to cybercriminals attempting to manipulate prices via DDoS. For example, Bitfinex—the largest Bitcoin trading exchange—was attacked at the same time a new cryptocurrency called IOTA token was launched. The BTC-E exchange also reported a slowdown due to a large scale DDoS attack, Kaspersky Lab noted.

Ransom DDoS (RDoS) attacks are also on the rise, Kaspersky Lab reported, as this method allows cybercriminals to extort money from their victims. In these attacks, the criminal will usually send a message to the victim demanding a ransom, often ranging from five to 200 bitcoins. If the victim refuses to pay, the attackers threaten to organize a DDoS attack on one of the victim's important online resources. In June, hacker group Armada Collective carried out a large-scale RDoS attack and demanded $315,000 from seven banks in South Korea.

SEE: Complete WiFi and Network Ethical Hacking Course 2017 (TechRepublic Academy)

This method also allows hackers to threaten companies with a DDoS attack and hope that one will pay, rather than actually carry out an attack, Kaspersky lab noted. If even one company decides to pay, the cybercriminals have made a profit with minimal effort.

"Nowadays, it's not just experienced teams of hi-tech cybercriminals that can be Ransom DDoS-attackers," said Kirill Ilganaev, head of Kaspersky DDoS Protection at Kaspersky Lab, in a press release. "Any fraudster who doesn't even have the technical knowledge or skill to organize a full-scale DDoS attack can purchase a demonstrative attack for the purpose of extortion. These people are mostly picking unsavvy companies that don't protect their resources from DDoS in any way and therefore, can be easily convinced to pay ransom with a simple demonstration."

Kaspersky Lab experts warn companies not to pay the ransom, because if they do, it may brand them in hacker communities as a "payer," and cause them to become victims of future attacks.

For tips on how to fight cyberthreats, click here.

The 3 big takeaways for TechRepublic readers

1. Extended DDoS attacks are on the rise, as are ransomware DDoS attacks, according to a new report from Kaspersky Lab.

2. The top 10 countries most affected by DDoS attacks in Q2 were China, South Korea, the US, Hong Kong, the UK, Russia, Italy, the Netherlands, Canada, and France.

3. Companies should avoid paying a ransom even when cybercriminals are threatening a DDoS attack, because it may make them more likely to be victims again in the future.


Image: iStockphoto/DaLiu

Also see

By Alison DeNisco Rayome

Alison DeNisco Rayome is a Senior Editor for TechRepublic. She covers CXO, cybersecurity, and the convergence of tech and the workplace.