Countries around the world from Estonian and Ukraine to China, Russia, and the US have been the target of DDoS attacks, many of which are politically motivated. Criminals aren't necessarily looking to steal data or other assets as much as they are intending to make a very powerful statement.
According to Nexusguard’s Q4 2015 threat report, attacks on Turkey skyrocketed ten-fold to more than 30,000 events per day, surpassing the thousands of attacks on other popular targets like China and the U.S. The attacks, targeting Turkish IP addresses, contributed to a big increase in DNS attacks, outweighing other popular NTP and CHARGEN methods by 183 percent.
In its analysis of the fourth quarter results, the report said, "This last quarter...started out very typical with a few thousand events per day then skyrocketed to over 30,000 events per day...targeting Turkey with DNS attacks. This can be seen with Turkcell and Turkish Telecom both the number 1 and number 2 top targets of the quarter. In these attacks it appears that statements were being made."
While the source of the attacks cannot be confirmed, Nexusguard and other security analysts can make very educated guesses as to where the attacks are coming from. The relationship between Turkey and Russia turned tense and highly political over downed planes and missiles in Syria as 2015 came to a close, which suggests this spike in DDoS attacks might have been more than an anomaly.
"It's interesting to watch the news and look behind the scenes and see these attacks occurring. They have trickled down a little bit, but it’s never slowed down. Even when we first started this project, Russia was a top target and Crimea was just flaring up," said Terrence Gareau, chief scientist at Nexusguard.
Though Gareau said there’s never really a fine line of evidence, he explained, "When you look at targets, you start to build a story. A lot of the geopolitical story can be understood because they are different in how they are attacked."
Trends exist in the dark net just as they do in the technology of the modern enterprise. "You start to see trends that are more meaningful—they are filled with rage or hate or patriotic pride. There is a difference in the style of attacks, in how hard they will try or the domains they will use," explained Gareau.
The recent results of Nexusguard's Q1 2016 research show that attackers have reverted back to using NTP methods more frequently than DNS, though the top three methods of attack remain NTP, DNS, and CHARGEN. The US returned to the top of the target list.
"The US is always in the top 5, usually top 3 in targets," said Gareau. Experts expect that the US will continue to see more of these exercises in political dissidence as the 2016 Presidential election continues to unfold.
Sign up for Computerworld eNewsletters.