SANTA CLARA, Calif.--(BUSINESS WIRE)--NSFOCUS, a leader in holistic hybrid security solutions, today released its Behavior Analysis of IP Chain-Gangs report, a follow up to their H1 Cybersecurity Insights report, which found that of the 27 million attack sources detected by NSFOCUS, 25 percent were responsible for 40 percent of attack events. In this report, ‘IP Chain-Gangs’, formerly known as recidivists or repeat hackers, remain more threatening than other attack sources analyzed.
In the Behavior Analysis of IP Chain-Gangs report, NSFOCUS introduces the IP Chain-Gang concept, in which each chain-gang is controlled by a single threat actor or a group of related threat actors and exhibit similar behavior among the various attacks conducted by the same gang. The report analyzes the IP Chain-Gangs' attack types, volume, size of events, gang activities, and attack rates. By studying the historical behavior of the 80 gangs identified in the report, NSFOCUS built several unique gang profiles to analyze their preferred attack methodologies and how to develop a better defense system against future attacks.
Key Findings in the Behavior Analysis of IP Chain-Gangs report include:
- These gang members, though only a tiny fraction (2 percent) of all the attackers, are responsible for a much larger portion (20 percent) of all the attacks.
- Most of the gangs have fewer than 1,000 members, but NSFOCUS also sees one gang with more than 26,000 members.
- Reflection flood attacks are the dominant attack methods favored by the gangs, specifically in high-volume attacks due to their great amplification factor.
- Gangs typically do not operate at their full potential capacity. However, knowing their maximum attacking power is very important in planning the defense against them.
- The top attacker source region are European countries. Asian countries, as well as North America, also contributed a significant amount.
“Since botnet activities and DDoS attacks are usually collaboratively launched from multiple sources, it's not surprising to see that many of these recidivists are working together as a group in these attacks,” said Richard Zao, senior vice president of global threat research, NSFOCUS. “We believe that this is the first time that DDoS attacks have been studied as coordinated gang activities. Moving forward, we plan to track IP Chain-Gangs' evolving history and study the interconnections among their members. By doing this, we will be better able to detect, mitigate, forensically analyze, and even predict future DDoS attacks.”
To download a copy of the Behavior Analysis of IP Chain-Gangs report, please visit https://nsfocusglobal.com/behavior-analysis-ip-chain-gangs.
About NSFOCUS, Inc.
NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide multi-layered, unified and dynamic protection against advanced cyber attacks.
NSFOCUS works with Fortune Global 500 companies, including four of the world’s five largest financial institutions, organizations in insurance, retail, healthcare, critical infrastructure industries, as well as government agencies. NSFOCUS has technology and channel partners in more than 60 countries, and is a member of the Microsoft Active Protections Program (MAPP), StopBadware.org, and the Cloud Security Alliance (CSA).
A wholly-owned subsidiary of NSFOCUS Information Technology Co. Ltd., the company has operations in the Americas, Europe, the Middle East, and Asia Pacific.