ake78 (3D & photo) - Fotolia
Some of Asia’s largest and most connected economies are fast becoming hotspots for botnets that were used to launch distributed denial-of-service (DDoS) attacks across the region in 2017.
According to CenturyLink’s latest cyber threat report, China, South Korea, Japan, India and Hong Kong were the top economies in the region that hosted the most command and control (C2) servers used to amass and control botnets.
The botnets were then used to launch attacks in those countries, as well as others such as US, Germany, Russia and the UK.
CenturyLink, which tracked an average of 195,000 threats per day impacting an average of 104 million unique targets due to the work of botnets, said geographies with strong or rapidly growing IT networks and infrastructure continue to be the primary source for cyber criminal activity.
“Botnets are one of the foundational tools that bad actors rely on to steal sensitive data and launch DDoS attacks,” said Mike Benjamin, head of CenturyLink’s Threat Research Labs. “By analysing global botnet attack trends and methods, we are better able to anticipate and respond to emerging threats in defence of our own network and those of our customers.”
In April 2017, a cyber crime operation led by Interpol uncovered nearly 9,000 C2 servers in Southeast Asia that were used to compromise 270 websites, including several government portals that could contain citizens’ personal data. The websites were infected with malware that exploited a loophole in web design applications.
“Today, almost every type of online service is at risk of cyber attacks,” said Steve Miller-Jones, senior director of product management at Limelight Networks. “At best, a DDoS attack will cause inconvenience; at worst, it can bring down an entire business.”
Read more about cyber security in APAC
- The Malaysian Communications and Multimedia Commission (MCMC) and a local firm have been sued for the massive data breach involving the personal data of more than 46 million mobile phone users in the country.
- Cyber resilience remains low across Southeast Asia, a regional economic powerhouse that is increasingly susceptible to cyber threats as its digital economy grows.
- Singapore’s Ministry of Defence is getting white hat hackers to identify loopholes in its internet-facing IT systems in the country’s first government-led bug bounty programme.
- The key to improving the cyber security posture of organisations is to keep complexity at bay, according to a senior Microsoft APAC executive.
According to A10 Networks, tactics for DDoS attacks are moving beyond just using request floods to bombard and overwhelm infrastructure to include low-bandwidth attacks that target the network or application layer of service provider services and their subscribers.
These “low and slow” tactics are generally not detected until well into the attack progression and often enable threat actors to successfully disrupt the targeted service, it said.
A recent Verisign report estimated that 82% of DDoS attacks in the fourth quarter of 2017 were also multi-vector as opposed to using a single vector of attack. At the same time, volumetric attacks are becoming larger, exceeding peaks of 1.7 terabits per second.
“The DDoS landscape has changed and continues to evolve in potency and sophistication,” said Jonathan Tan, A10 Networks’ regional vice-president for ASEAN and Pakistan, adding that enterprises must move beyond just flow detection to be able to detect and defend against all types of attack.