Majority of DDoS traffic in 2014 originated from India, says a new research from Symantec.
Of the top 50 countries that witnessed the highest volume of originating DDoS traffic, India accounted for 26 percent of all DDoS traffic, followed by the USA with 17 percent, the research said.
The results prove India has a high number of bot infected machines and a low adoption rate of filtering of spoofed packets, but may not imply that people behind the attacks are located in India because DDoS attacks are often orchestrated remotely.
However, the study indicates that India is emerging as a hotbed to launch these attacks, potentially because of the low cyber security awareness, lack of adequate security practices and infrastructure, said Tarun Kaura, director, Technology Sales at Symantec India.
The so-called “Booter” services can be hired for as little as INR 300 ($5 USD) to perform DDoS attacks for a few minutes against any target. Longer attacks can be bought for larger prices. They also offer monthly subscription services, often used by gamers to take down competitors.
As the most attacked sector globally, the gaming industry experiences nearly 46 percent of attacks, followed by the software and media sectors
While it’s not happening on a broad scale now, it’s likely we’ll see an increase in DDoS attacks originating from mobile and IoT devices in the future, Symantec said.
DDoS attacks make an online service unavailable by overwhelming it with traffic from multiple sources.
A Domain Name Server (DNS) amplification attack is a popular form of DDoS, which floods a publically available target system with DNS response traffic. Symantec’s research indicates that DNS amplification attacks have increased by 183 percent from January to August 2014.
Motivations behind DDoS Attacks include hacking and financial blackmail with the threat of taking the business offline personal grudge. It also acts as a diversion technique to distract IT security response teams while a targeted attack is conducted.
Symantec suggests five plans to prepare against DDoS attacks. They include:
- Have an incident response plan ready, know who to call
- Verify server configuration, protect your server
- Use a layered filtering approach, partner with external service providers
- Build in scalability and flexibility
- Know your normal network behavior