Report Studies and Analyzes DDoS Attacks as Coordinated Gang-Activities
SANTA CLARA, Calif., January 17, 2019 – NSFOCUS, a leader in holistic hybrid security solutions, today released its Behavior Analysis of IP Chain-Gangs report, a follow up to their H1 Cybersecurity Insights report, which found that more than 27 million attack sources detected by NSFOCUS, 25 percent were responsible for 40 percent of attack events. In this report, IP Chain-Gangs, formerly known as “recidivists” or repeat hackers remain the more threatening than other attack sources analyzed.
In the Behavior Analysis of IP Chain-Gangs report, NSFOCUS introduces the IP Chain-Gang concept, in which each “chain-gang” is controlled by a single threat actor or a group of related threat actors and exhibit similar behavior among the various attacks conducted by the same gang. The report analyzes the IP Chain-Gangs attack types, volume, size of events, gang activities and attack rates. By studying the historical behavior of the 80 gangs identified in the report, NSFOCUS built several unique gang-profiles to analyze their preferred attack methodologies and how to develop a better defense system against future attacks.
Key Findings in the Behavior Analysis of IP Chain-Gangs report include:
• These gang members, though only a tiny fraction (2 percent) of all the attackers are responsible for a much larger portion (20 percent) of all of the attacks.
• Most of the gangs have less than 1,000 members, but NSFOCUS also sees one gang with more than 26,000 members.
• Reflection flood attacks are the dominant attack methods favored by the gangs, specifically in high-volume attacks due to their great amplification factor.
• Gangs typically do not operate at their full potential capacities. However, knowing their maximum attacking power is very important in planning the defense against them.
• The top attacker source region are European countries. Asian countries, as well as countries in North America, also contributed a significant amount.
“Since botnet activities and DDoS attacks are usually collaboratively launched from multiple sources, it’s not surprising to see that many of these recidivists are working together as a group in these attacks, said Richard Zao, Senior Vice President of Global Threat Research, NSFOCUS. “We believe that this is the first time that DDoS attacks have been studied as coordinated gang-activities. Moving forward, we plan to track IP Chain-Gangs’ evolving history and study the inner-connections among their members. By doing this, we will better be able to detect, mitigate, forensically analyze, and even predict future DDoS attacks.”
To download a copy of the Behavior Analysis of IP Chain-Gangs report, please visit https://nsfocusglobal.com//behavior-analysis-ip-chain-gangs/.
About NSFOCUS, Inc.
NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide multi-layered, unified and dynamic protection against advanced cyber attacks.
NSFOCUS works with Fortune Global 500 companies, including four of the world’s five largest financial institutions, organizations in insurance, retail, healthcare, critical infrastructure industries as well as government agencies. NSFOCUS has technology and channel partners in more than 60 countries, a member of the Microsoft Active Protections Program (MAPP), StopBadware.org, and the Cloud Security Alliance (CSA).
A wholly owned subsidiary of NSFOCUS Information Technology Co. Ltd., the company has operations in the Americas, Europe, the Middle East and Asia Pacific.
Visit the website: www.nsfocusglobal.com
Read the blog: http://nsfocusglobal.com/blog
Follow on Twitter: https://twitter.com/NSFOCUS_Intl
Follow on LinkedIn: https://www.linkedin.com/company/nsfocus
Follow on Facebook: https://www.facebook.com/nsfocus/