DDoS attacks increasingly formed blended attacks of four or more vulnerabilities over the course of the fourth quarter of 2016, with an intent to overload targeted monitoring, detection and logging systems, according to Nexusguard. Hybrid attacks were a common attack pattern against financial and government institutions.
DDoS botnet activity: Top attacking countries
The supersized Mirai attack from Q3 set the stage for Q4 challenges, resulting in a ripple of botnets from connected devices and the IoT. At the close of 2016, Nexusguard researchers observed more than 426,700 bots executed since IoT botnet monitoring began in October.
Attacks skyrocketed 150 percent between November and December, which researchers also attributed to the outbreak of the Mirai botnet source code. The growth of sophisticated DDoS attacks quickly overloaded systems and impeded the identification of hacking activities in Q4.
Nexusguard analysts found China and the U.S. were the predominant countries vulnerable to IoT botnets, with 116,000 and 41,200 IoT botnets recorded respectively.
While attackers continue to switch tactics to confuse cybersecurity teams, 97.5 percent of DDoS attacks used NTP methods, which continued to be the most popular DDoS attack method during the second half of 2016.
Researchers predict IoT botnets will continue to pose major cybersecurity challenges in 2017, causing more volumetric attacks at higher frequencies.