DDoS Attack Campaigns Increasingly Targets Bitcoin Exchanges

A recent report confirmed that Bitcoin exchanges have been much more prominent on DDoS attackers’ radar in the last year.

The cloud service provider, Imperva Incapsula, recently published their report: Q3 2017 Global DDoS Threat Landscape. This report aims to demonstrate how cryptocurrency exchange platforms have been increasingly been targeted by DDoS attacks campaigns.

A Distributed Denial of Service (DDoS) attack refers to when a single DDoS occurrence impacts the same target repeatedly. Every single attack occurrence is generally preceded by a safe period of an hour. Following the attack, another hour passes without a DDoS event. Previously, reports from Imperva defined DDoS attack by being preceded and followed by 10-minute attack-free periods. However, the longer attack-free periods of 60 minutes are often more useful to facilitate attacks.

DDoS attacks are capable of flooding the target’s network traffic by using botnets. Botnets refer to a complex network consisting of individual compromised devices that do a hacker’s bidding, most of the time without the owner’s knowledge. Hackers use their botnets to flood a target’s network by consuming too much of its available bandwidth. However, DDoS attacks can also operate by attacking the target’s application layer by using too much of its processing resources such as CPUs or RAMs.

In their report, Imperva used data gained from 1755 application layer-based DDoS attacks and 3920 network layer attacks between the period of 1 July 2017 to 30 September 2017. The data was gathered from the company’s own client base. In terms of botnets, Imperva used data from 37.4 billion DDoS attack requests that were launched during the same period.

One of the report’s main findings confirmed that DDoS attacks increasingly targeted cryptocurrency-related platforms and websites. During the third quarter of 2017, three out of every four Bitcoin-related websites experienced some form of a DDoS attack.

According to the report, DDoS attacks targeted a significantly large number of crypto-based websites and platforms compared to other industries. The report attributed this occurrence to Bitcoin’s skyrocketing price over the last year, especially during the second half of the year. Over 73% of all Bitcoin-based websites experienced a DDoS attack in the third quarter of the year alone, which renders it the most targeted industry.

Other notable targets of DDoS campaigns included online gambling platforms and service providers as well as online-based service providers.

The report noted that the US, the Philippines, China, and Hong Kong were the world’s most targeted countries when it came to network layer DDoS attacks. However, Germany also demonstrated a high number of attacks as it accounted for 12.8% of the world’s total DDoS attacks.

In comparison, Hong Kong only accounted for 5.1% of attacks but became increasingly more targeted by network layer DDoS attacks during the third quarter of the year. According to the report, most of these attacks were directed at a local hosting service platform, which was the targeted of 700 separate attacks earlier this year.

The US currently ranks as the world’s most targeted country as well as the highest number of attack, with the Netherlands coming in second. This year’s largest application layer attack was directed at a European financial services provider. Other notable targeted countries included Australia, Singapore, and Japan.

To trace the origin of DDoS is a complex process which involves creating a fraudulent source IP, known as IP spoofing. Even if this is achieved it is only applicable to network layer-based DDoS attacks. It cannot be used in application layer attacks since this requires the user to established TCP connections.

However, the report confirms that most botnet attacks came from China during the third quarter of the year. During the second quarter, China accounted for only 63% of the total botnet traffic. While India and Turkey have been ranked as its runner-ups, China remains the key player when it comes to DDoS attacks.

The report confirmed that DDoS attacks were getting bigger, more sophisticated, and more aggressive in its targeting of cryptocurrency-related websites and services. Considering the continued rise of Bitcoin, it has never been more important for all cryptocurrency service providers to review their DDoS protection policies and adjust where necessary.