The region’s largest and most-connected economies are most vulnerable to distributed denial-of-service attacks, according to CenturyLink.
Some of Asia’s largest and most connected economies are fast-becoming hotspots for botnets that have been used to launch distributed denial-of-service (DDoS) attacks across the region in 2017.
According to CenturyLink’s latest cyber threat report, China, South Korea, Japan, India and Hong Kong were the top economies in the region that hosted the most command and control (C2) servers used to amass and control botnets.
The botnets were then used to launch attacks in those places, as well as others such as United States, Germany, Russia and the United Kingdom.
Centurylink, which tracked an average of 195,000 threats per day impacting an average of 104 million unique targets due to the work of botnets, said geographies with strong or rapidly growing IT networks and infrastructure continue to be the primary source for cyber criminal activity.
“Botnets are one of the foundational tools bad actors rely on to steal sensitive data and launch DDoS attacks,” said Mike Benjamin, head of CenturyLink’s Threat Research Labs. “By analysing global botnet attack trends and methods, we’re better able to anticipate and respond to emerging threats in defence of our own network and those of our customers.”
In April 2017, a cyber crime operation led by Interpol had uncovered nearly 9,000 C2 servers in Southeast Asia that were used to compromise some 270 websites, including several government portals that could contain citizens’ personal data. The websites were infected with malware that exploited a loophole in web design applications.
“Today, almost every type of online service is at risk for cyber attacks,” said Steve Miller-Jones, senior director of product management at Limelight Networks. “At best, a DDoS attack will cause inconvenience – at worst it can bring down an entire business.”
Low and slow tactics
According to A10 Networks, tactics for DDoS attacks are moving beyond just using request floods designed to bombard and overwhelm infrastructure to include low-bandwidth attacks that target the network or application layer of service provider services and their subscribers.
These “low and slow” tactics are generally not detected until well into the attack progression and often enable threat actors to successfully disrupt the targeted service, it added.
A recent Verisign report estimated that 82% of DDoS attacks in the fourth quarter of 2017 were also multi-vector as opposed to using a single vector of attack. At the same time, volumetric attacks are becoming larger, exceeding peaks 1.7 terabits per second.
“The DDoS landscape has changed and continues to evolve in potency and sophistication,” said Jonathan Tan, A10 Networks’ regional vice president for ASEAN and Pakistan, adding that enterprises must move beyond just flow detection to be able to detect and defend against all types of attacks.