Report: US facing four times as many DDoS attacks as China

Atlas VPN found the United States was targeted more than any other country partially because of its size and the openness of the internet.

How to stem the rising tide of massive DDoS attacks

New research from Atlas VPN has shown that the United States experienced more than 175,000 DDoS attacks in the month of March, more than double the number faced by the next highest country and four times as many as China. According to data gathered and analyzed by Atlas VPN researchers, South Korea and Brazil both suffered from more than 50,000 DDoS attacks while China came in just ahead of the United Kingdom with about 45,000 attacks.

Rachel Welsh, COO of Atlas VPN, said the US was targeted more than any other country partially because of its size and the openness of the internet within the country.  

"China is known for its harsh methods used to censor information on the internet and its ways of shutting down anything that does not please the Communist Party," said Rachel Welsh, COO of Atlas VPN. 

"Many Chinese websites are inaccessible for people from other countries, and VPN services are banned there, so VPN providers do not offer servers in China. Hence, hackers are not looking for security flaws in China and rather focusing on the US, since they have much more to target there."

SEE: Special report: A winning strategy for cybersecurity (free PDF) (TechRepublic)

Hackers and cybercriminals typically turn to Distributed Denial of Service attacks when they're trying to crash websites, using thousands of bots to overload sites. 

The US had more than 21% of all the attacks reported worldwide but also had the largest number of performed DDoS attacks globally. The report notes that cybercriminals may be using VPNs to make it look like attacks are coming from IP addresses in the US. 

Hardik Modi, NETSCOUT's AVP of engineering, threat and mitigation products, explained that the US has a larger internet footprint than any other country, which is why the country was so prevalent on both ends of the DDoS spectrum. 

"Given that many normal activities such as shopping, education, and business are taking place online, the amount of DDoS activity that the US is seeing isn't disproportionate relative to the overall dependence on the internet," Modi said.

The Atlas VPN report says cybercriminals are typically aiming to attack places like banks or credit card companies that have services hosted on high-profile web servers, with the ultimate aim being revenge, blackmail or activism.

The newfound prevalence of tools to conduct DDoS attacks was also part of the reason behind the huge number of instances, according to Etay Maor, chief security officer at cybersecurity company IntSights.

"Tools like LOIC and HOIC have been around for a while as well as other tools and DDoS service in the underground. The US has a lot of enterprises, financial institutions and other entities that can draw attention from criminals and hacktivists. Due to the political and healthcare tension, it is not all that surprising. While some DDoS attacks happen on gaming servers and to annoy people–some are politically motivated, like targeting right or left wing propaganda sites," Maor said. 

Maor's research has also shown that cyberattackers are using DDoS attacks as part of larger efforts to gain access to a company's website or server, leveraging the damage of a DDoS attack before continuing with a phishing or malware attack.

The goal, he added, was to overwhelm business with DDoS attacks and force the IT and security teams to deal with it while leaving more targeted attacks or even a phishing attack unnoticed. 

"This is likely not a cause for a spike in attacks but it is something businesses need to keep in mind. I recall several attacks a couple of years ago in which financial institutions were DDoSed and while that was happening, the attackers sent phishing emails to the institution's clients saying their website is offline and so they should use this new login page, which was a phishing page," Maor said. 

"Those victims who were vigilant and checked the real website saw that it was in fact down and continued to the phishing page."

Also see

ddos.jpg