Despite the media’s love-affair with Anonymous style cyber-anarchy and vigilante-hacktivism, the vast majority of DDoS attacks are carried out by criminals seeking financial gain, not activists, according to a new research report.
The top four targets of DDoS attacks in the second quarter were online shopping, gaming, stock exchange and banking sites, in that order, accounting for 69 percent of all DDoS attacks, according to the report on botnet activity from Kaspersky Lab. As for the “hacktivism” that’s gotten a lot of coverage lately, the bottom four spots on the list (excluding the one percent designated ‘other’) are transport, other business related and government sites respectively, accounting for a mere seven percent of attacks.
That said, the new report only accounts for botnet-driven attacks. Those popularized by Anonymous, which use the Low Orbit Ion Cannon (LOIC) DDoS tool, are not accounted for in this report.
Alarmingly, attacks on ‘blogs and forums’ and the ‘mass media’ accounted for eight percent and seven percent respectively, perhaps evidence of individuals and groups launching DDoS attacks in order to silence media channels, or more broadly, opinions with which they disagree.
On an interesting note, the analysis found that Tuesday is the most popular day of the week to launch a DDoS attack (closely followed by Wednesday, Monday and Thursday, in that order). Sunday is the least popular day to launch such attacks, Friday the second least and Saturday the third least popular. Also interesting is the author’s belief that as the summer holiday season comes to an end, more zombie machines will come back into use, making DDoS attacks all the more potent.
Seventy-two percent of attacks were aimed at IP addresses rather than specific domains.
HTTP flood attacks where massive amounts of HTTP requests are sent to targeted site in a short period of time, crippling the site, remain, by far, the most popular method of DDoSing.