Kaspersky: Financial institutions in ANZ DDoS attack targets in Q3

Russian-based security firm, Kaspersky Lab, has found Australia and New Zealand financial institutions were amongst the first in the world to be hit with DDoS attacks in the third quarter of this year.

Financial institutions in Australia and New Zealand were amongst the first to fall victim to distributed-denial-of-service (DDoS) attacks in the third quarter of 2015, according to Kaspersky's latest DDoS Intelligence Report.

In its report [PDF], Kaspersky attributed a number of the financial sector's DDoS attacks to the cyber criminal group, DD4BC, which reportedly stands for "DDoS for Bitcoin". Kaspersky said the group had been targeting banks, media groups, and gaming companies since September, and had threatened to take down their customer websites unless a ransom was paid.

"The owner of the targeted resource is asked to pay between 25 and 200 bitcoins ($6,500 - $52,500), or have their servers disabled," Kaspersky said.

"Setting up and launching a DDoS attack no longer requires any special technical knowledge; a fairly competent criminal could easily unleash a powerful attack."

Switzerland joined Australia and New Zealand as the first DDoS victims for the quarter; the Bank of China and the Bank of East Asia reported they had been targeted by illegal activity; and a number of Russian financial institutions received notifications from cybercriminals asking for a specific sum in cryptocurrency to terminate an attack, Kaspersky said.

79 countries in total fell victim in the quarter.

Citing findings by Akamai Technologies, Kaspersky said the proportion of attacks by Linux-based bots grew from 37.6 percent in the second quarter, to 45.6 percent in the third quarter; adding that victims were mostly Asian sites belonging to educational institutions and gaming communities.

"A distinctive feature of the [Linux-based] bot is the use of XOR-encryption both in the malicious program and for communication with the C&C servers," Kaspersky said.

"At the same time, in order to self-propagate, the bot brute-forces passwords to the root account in Linux systems."

Kaspersky said such a botnet has been successfully carrying out attacks with a capacity of 109-179Gbps.

China received 35 percent of the world's DDoS attacks, the United States had 21 percent, and South Korea were third with 18 percent of attacks -- a 7.9 percentage point jump in attacks for South Korea from the previous quarter.

The longest ever DDoS attack was also recorded in the three month period, lasting 320 continuous hours -- just shy of a fortnight-long assault.

Previously, DDoS defence firm, Nexusguard, told ZDNet that DDoS defence in Australia is a grey area in cybersecurity, with cloud providers and businesses juggling the responsibility of eradicating the vulnerability.

"Our chief scientist just recently set up a honeypot project; Australia alone had over 30 targeted attacks in seven days. That's pretty significant," said Bill Barry, global strategy vice president for Nexusguard. "Australia ranks in the top 10 for targeted countries, which, based on a per capita basis, is quite extreme."

Last month, St George Bank recovered from what it called a glitch, which resulted in customers unable to access online, mobile, and telephone banking services.

At the time, St George Bank said the problem arose following a regular upgrade to the bank's computer system.

No other banks in Australia have publicly announced a breach.