Nexusguard: China held its lead as source of DDoS attacks

China DDoS attacks

The FBI closed 15 of the world’s largest distributed denial-of-service websites in December, resulting in an 85% reduction in global DDoS attacks. Nexusguard, a network security company released a report today that in the FBI’s DDoS special crackdown on December 20 last year, it investigated a large number of websites that sold high-bandwidth Internet attack services under the guise of “stress testing”.

The most famous of these DDoS-for-hire sites is Lizard Stresser, a criminal service provided by Lizard Squad, a hacker group that launched an attack on the Xbox Live and PlayStation networks in Christmas 2014. Nexusguard said that the website represented by Lizard Stresser allows users to pay for purchases to launch a tsunami-like cyber attack on a specific service and take it down for a while.

These attack services often exploit vulnerabilities found in Internet devices such as Internet cameras, wireless routers, smart products, and even cloud services, using zombies to generate useless network traffic to attack services and websites.

Nexusguard’s research shows that the DDoS cyber attack has dropped by 24% after the FBI banned these illegal websites. The company also believes that the 15 service sites banned by the FBI account for 11% of global DDoS attack services.

Below is the summary report

  • HTTPS attacks ranked third highest in attack popularity, compared to user datagram protocol (UDP) and simple service discovery protocol (SSDP) attacks. An unusual pattern of frequently repeated HTTPS attacks was observed against one customer, occurring nearly every day in December and up to 13 times in one day, demonstrating the attacker’s commitment to disrupting the target’s network for all of December, the busiest time of year for retail and entertainment businesses
  • Attack durations increased more than 175 percent to more than 450 minutes on average compared to last year. Attacks in the quarter were routinely targeted to occur during peak service hours for maximum disruption.
  • China held its lead as source of DDoS attacks, with 23 percent of attacks originating in the country and 18 percent originating in the United States.