The number of DDoS attacks launched in the last quarter of 2015 rose dramatically, and especially the ones targeting Turkey, Nexusguard, a company specialized in DDoS protection, reports.
According to the Nexusguard Q4 2015 Threat Report, the top two most targeted ISPs in the last month of 2015 were Turkcell and Turkish Telecom, who faced a barrage of DDoS attacks starting early December and until the end of the year.
Most of these were reflective DDoS attacks that leveraged the DNS protocol to amplify the number of requests directed towards a target. Furthermore, the attackers weren’t interested in selecting the biggest amplification factor for their attack but were more keen to leverage Turkish domains in order to carry them out.
For this, they selected nic.tr, a domain that had a 2x amplification factor, and turkey.com, which had a 3.9x amplification factor. Regular attacks would have used domains with a 50x amplification factor.
Russia may be behind most of these attacks
The rise in DDOS attacks targeting and using Turkey’s infrastructure makes Nexusguard speculate on the involvement of a state-powered threat actor.
“The peak of these attacks may be related to rising tensions between Russia and Turkey,” Nexusguard researchers explain. “Russia is not an amateur when it comes to executing denial of service attacks in a response to political events.”
Of course, the company also leaves room for hacktivists and says that “geopolitical events consistently change the landscape of attacks. These events can happen in a heartbeat and do not require government sponsorship.”
Anonymous also lent a hand
At the start of December, we reported on how the Anonymous hacker collective had also intervened in the Russian-Turkish cyber-conflict, and how they had almost crippled Turkey’s DNS servers with DDoS attacks for an entire week.
A few days after, an Azeri hacker also intervened in the conflict and defaced the website of Russia’s embassy in Israel, proving that regular hacktivists would also launch devastating attacks on their own, without needing to wait for nation-state groups to get involved.
Of course, anyone can say that they’re part of Anonymous, and Russia’s cyber-goons could have easily passed the blame for the huge attack against Turkey’s DNS servers on the hacktivism group.
Ranked second to Turkey on Nexusguard’s report is the US, who faced a quarter of the total number of attacks Turkey did. The rest of the top 10 is made up from China, France, the UK, Brazil, Germany, Russia, Canada, and Austria.