Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
INNOVATIVE ICT BUILDING A BETTER CONNECTED WORLD
2014 Botnets and DDoS Attacks Report
1Report Overview
Hotspot Events
On June 02, 2014, the US Department of Justice (DoJ) and FBI joined together with law enforcement and network security
companies from multiple countries to takedown the GameOver Zeus botnet and seek criminal action against the hacker responsible.
Botnet Conditions
Botnets have become more widespread and have begun to use more diverse platforms. At the same time, they have
become better disguised, and their use for seeking commercial profit has become clearer. More and more cutting-edge
botnets now feature CaaS (Crime as a Service) characteristics.
Globally, the top three countries with the most zombie hosts are the United States, Russia and China; the top three countries
with the most controlled servers are the United States, Russia and Germany, respectively.
In China, zombie hosts were most widely distributed throughout Guangdong, Zhejiang and Hong Kong.
Botnet Development Trends
Botnet variants and platforms will continue to diversify, while network behavior will become more personal.
Motivated by profit, mobile botnets will become more standardized.
Fast-flux, DGA and other evasion techniques will be likely to lead to the explosive growth of cross-platform botnets.
The deployment and spread of CaaS botnets will become increasingly apparent.
Expert Opinion
Botnet governance is a global responsibility and only by shutting down control servers or C&C servers and by pursuing legal
action against the hackers involved can we begin to contain botnets.
Compared with traditional detection, DNS-based traffic monitoring detection has higher positive predictive value and is cross-platform.
1 2014 Botnets and DDoS Attacks Report
DDoS Attack Conditions
2014 witnessed the proliferation of various UDP-based amplification attacks and large packet SYN flooding; in December,
traffic attacks hit with peak bandwidth refresh rates of up to 500 Gbit/s.
Data centers (DCs), including cloud-based DCs, are still a major target for DDoS attacks, and they are faced with both
inbound and outbound DDoS threats. Compared to conventional DCs, cloud-based DCs must also deal with cross-bound
tenant-to-tenant DDoS threats.
DC servers, free Internet proxies, various open DNS, NTP and UDP servers and low-cost cloud-based DC virtual machines (VMs)
have become pervasive hotbeds for botnet and DDoS attacks.
To effectively evade security device filtering, botnet initiated application layer DDoS attacks are often personalized.
DDoS attacks also feature CaaS characteristics. CaaS has effectively expanded the network scope and attack strength of DDoS attacks.
Development Trends of DDoS Attacks
As CT shifts to IT-oriented developments, and IT moves to the cloud, DDoS attacks and defense will become much more complicated.
Network attacks are becoming much more profit-based and the CaaS model of DDoS attack services will become
increasingly common.
A huge number of open UDP servers will lead to frequent hybrid amplification attacks in the coming years which will further
boost the peak traffic bandwidth of attacks.
Expert Opinion
Compared to conventional DCs, cloud-based DC security faces tougher odds. Given that SaaS are their only form of defense,
cloud-based DC providers have invested heavily infrastructure security. Cutting-edge cloud-based DCs have also begun to
provide tenants with anti-DDoS SaaS protection.
The prospects for DNS caching and recursive service system security are less than optimistic, and large Internet companies have
begun to consider building their own powerful anti-DDoS DNS systems to guarantee the serviceability of their Internet applications.
22014 Botnets and DDoS Attacks Report
2Hotspot Events
2.1 Hotspot Events
On June 2, 2014, the US Department of Justice (DoJ) and FBI announced that they had joined together with law
enforcement and network security companies from various countries to takedown the GameOver Zeus botnet and initiate
criminal action against the mastermind Russian national Evgeniy Mikhailovich Bogachev on charges including hacking,
phishing, bank fraud and money laundering.
GameOver Zeus is a Zeus botnet variant first seen in September 2011. To better conceal its actions, GameOver Zeus
abandoned the Zeus HTTP-based centralized control architecture for a P2P architecture. Just like Zeus, GameOver Zeus was
spread through spam or phishing websites to infect between 500 thousand to 1 million PCs across the globe. Similar to
Zeus, after hacking into a PC, GameOver Zeus searches for bank passcode information. Once given the control terminal
mandate, the bank passcode information is sent back to the attacker, and the money in the user’s account is transferred
overseas. The FBI estimates that GameOver Zeus has already caused a global loss of over 100 million US dollars and is one
of the most sophisticated botnets that the FBI and its partners have ever tracked.
2.2 Event Analysis
This crackdown on the GameOver Zeus botnet was led by the US Department of Justice (DoJ). US authorities collaborated
with the law enforcement of over 10 countries, including Australia, Germany, France, the Netherlands and Japan as well as
multiple network security companies, including Microsoft, Symantec and McAfee.
The US Department of Justice (DoJ) also announced that they have discovered which IP addresses were infected by
GameOver Zeus bots and have helped those users remove malware. This goes to show that global botnet stings require the
active participation of multiple countries and network security-related organizations. Success is only possible through joint
action.
3 2014 Botnets and DDoS Attacks Report
3Botnets
3.1 Botnet Conditions
In terms of their spread, platform usage and behavior, botnets have become much more diversified. As their network
behavior has become more personal, botnets have become increasingly profit-driven and characterized by the "Crime as a
Service" (CaaS) business model.
Major developments have mainly occurred in the following aspects of the botnet black market industry chain: the division of labor
is more precise, botnets evolve much faster, and their spread and control paths have become much more diversified. Pushdo and
Bredolab, as "loaders", are responsible for malware customization, downloading and installation, including the download of the self-
copying Cutwail malware. Cutwail, in turn, is responsible for spam-based flooding to rapidly expand the scale of the given botnet.
With the case of Zeus botnets, since the code went public in 2011, they have evolved rapidly, and there are now a wide
variety of notorious Zeus-derived botnets, such as Citadel, KINS, Ice-IX and GameOver Zeus. When the main Zeus module
was removed, it automatically updated to the latest version to continue the infection through a warranty extension.
After the botnet code went public, almost anyone could overlay the base code to launch new attacks. This led to botnet
multiplicity. For example, early Zeus botnets were only used to steal bank accounts whereas later versions also were used
for DDoS attacks. In addition to the conventional spam and phishing website-based spread and control techniques. Social
networks are also now used for attacks. For example, the TwitterNET botnet is spread and controlled through Twitter.
As the IT ecosystem has diversified, botnet platforms have tended towards multiplicity. First of all, Windows is no longer
the only OS vulnerable to botnet infections; many popular bots now opt for Linux, Mac OS X, Apple iOS, Android and
other operating systems. Secondly, the more popular and more valuable the application, the greater chance that it will
be exploited for spreading bots. For example, according to the McAfee Labs Threats Report 2014 Q1, the Apple iOS and
Android versions of Flappy Bird gained in popularity in mid-2013. By February, the developer quickly pulled his game from
the App Store and Google Play, but there were already hundreds of clones, 80% of which contained malicious code.
Again, conventional DCs are unsafe and hosted servers often lack effective regulation, which invites the deployment of
ultra-heavy DDoS attack traffic. Cloud-based DCs are just as unsafe. According to The Bad Bot Landscape Report Q1 2014,
released by Distil Networks, 79.18% of Amazon cloud traffic is malicious.
Malicious botnet behavior often does a good job of simulating typical network access behavior to block network security device
tracking and filtering. Commonly simulated features include: 1. HTTP packets for the user-agent field are disguised as browsers
or mobile terminals; 2. Web proxies to hide their true trail; 3. Fake network crawlers that look like Google or Baidu crawlers.
Today’s botnets more directly reflect their ability to seek commercial profit, even with obvious APT attributes: 1. Zeus botnets
steal online bank accounts for direct profit; 2. Ongoing DDoS attacks are targeted against competing e-commerce websites
during holiday shopping seasons; 3. DDoS attacks are used as a smokescreen to hide the theft of core data.
42014 Botnets and DDoS Attacks Report
Over the years, international law enforcement organizations have strengthened their efforts to crack down on botnets
because they directly endanger financial and Internet stability. The most effective botnet crackdown was the joint action
of multiple countries against GameOver Zeus. In June 2014, US authorities lead by the Department of Justice (DoJ) joined
together with Australian, German, French, Dutch and Japanese law enforcement as well as a number of network security
companies, including Microsoft, Symantec and McAfee to takedown the GameOver Zeus botnet.
As an underground business model, "Crime as a Service" (CaaS) has grown rapidly. To attackers, large, stable botnets are a
type of infrastructure, the deployment and maintenance of which takes investments in technology and manpower. While
ordinary attackers can’t launch such sophisticated efforts, a number of expert-level hackers have become to take advantage
of this aspect to cash in on CaaS in two different ways, namely in the form of deployment services and attack services. The
former is when bots are customized based on user needs; for example, Pushdo supports user-defined bot functionality.
As for the latter service, fee-based services (FBS) are provided through botnet deployment. For example, by controlling over
a thousand routers, international hacker organization Lizard built its own botnet to provide FBS, claiming that they can offer
DDoS attacks with traffic of up to 4T while their monthly rental costs are as low as 6 US dollars. Another example of attack
services is the Chinese IMDDOS botnet whose well-known DDoS services have already been around for several years.
3.2 Botnet Distribution
According to Huawei Cloud Security Center live network statistics, globally, the top three countries with the most zombie
hosts are the United States, Russia and China; the top three countries with the most control servers are the United States,
Russia and Germany, respectively.
Figure 3-1 Global Distribution of Zombie Hosts
Figure 3-2 Global Distribution of Botnet Controlled Servers
5 2014 Botnets and DDoS Attacks Report
Figure 3-3 Regional Distribution of Zombie Hosts in China
The distribution of zombie hosts across China shows significant geographical features in that their distribution is directly
linked to the level of Internet usage across the provinces. Specifically, zombie hosts were most widely distributed throughout
Guangdong, Zhejiang and Hong Kong.
In China, the top five botnet controllers are Boer_Family, Yoyoddos_Family, XiaoYan_DDOS_Family, Glacier and IMDDOS. Of
the controllers, Yoyoddos_Family, XiaoYan_DDOS_Family and IMDDOS specialize in DDoS attack botnets which illustrates
that China has always been a target for DDoS attacks.
Boer_Family: 47%
Yoyoddos_Family: 30%
XiaoYan_DDOS_Family: 9.0%
Glacier: 8.0%
IMDDOS: 6.0%
Figure 3-4 Top 5 Chinese Botnets
3.3 Development Trends
As the Internet ecosystem continues to become more diversified, botnet variants and platform usage will also continue to
exhibit multiplicity. Also, to evade security checks and tracking, the network behavior of cutting-edge botnets will become
more and more personalized.
Over the next few years, as more people begin to use mobile payments and as mobile network bandwidth continues to
improve, mobile botnets, driven by profit, will become ever more standardized.
DNS servers lack effective security regulations, and Fast-flux, DGA and other evasion techniques will likely lead to the
explosive growth of cross-platform botnets.
The spread and deployment of botnets as a network attack infrastructure will become increasingly characterized by CaaS.
62014 Botnets and DDoS Attacks Report
3.4 Expert Opinion
The prevention of various network attacks, especially DDoS and other such attacks that overuse network resources, has
had little success when only self-reinforced company service system security measures have been used. In a word, so long
as networks expose their service system to the open, attacks will be inevitable. Traffic filtering for various network attacks
is a passive means of defense. The most effective way to prevent network attacks is to strengthen botnet tracking and
governance, blocking botnet activity at the source. Botnet governance is a global responsibility and requires cooperation
amongst governments, operators and network security-related organizations to shut down botnet control servers and
pursue legal liability from their owners to contain them.
Among the techniques to explore botnets, the most effective one is to detect and filter a number of C&C domain name
DNS requests. DNS caching services are the first step when connecting to the Internet, and as such, the use of DNS caching
server traffic monitoring tends to have the best botnet detection rates. Given that the DNS detection technique is cross-
platform by nature, it can detect both fixed and mobile botnets.
7 2014 Botnets and DDoS Attacks Report
4.1 DDoS Attack Conditions
2014 was marked by rampant UDP-based amplification attacks and large packet SYN flooding. With over 100Gbit/s DDoS
attacks on nearly a monthly basis, attack traffic peak bandwidths were again refreshed. Bandwidths in early 2014 were up
to 400 Gbit/s, which rose to 500 Gbit/s by the end of the year (a DDoS attack was launched in December 20, 2014, targeted
at specific Chinese cloud-based DCs hosting game servers; the attack which lasted 14 hours mainly consisted of ultra large-
packet SYN and UDP flooding from outside of China and some large DCs in China). Ultra-heavy traffic DDoS attacks already
threaten operator gateways, and global Tier-1 operators have begun to seek the source of the attack to quickly filter out
attack traffic through cloud cleaning solutions.
In March 2013, The Spamhaus Project was hit by heavy DDoS attack traffic, peaking at up to 300 Gbit/s, launched using
DNS amplification. In December 2013, the hacker organization DERP launched the first NTP amplification attack. Then in
February 2014, the peak bandwidth of NTP amplification attack traffic was refreshed to 400 Gbit/s. Shortly thereafter, UDP
amplification attacks were unleashed the world over.
DC servers with a lack of effective supervision, free Internet proxies, various open UDP servers and even inexpensive cloud-
based DC virtual machines (VMs) have become pervasive hotbeds for botnet and DDoS attacks.
DDoS attacks directly impact the availability of Internet services, and commercial attacks have become more targeted. As
soon as a target is locked in, the DDoS attack will replace the targeted IP and domain name: 1. On-going DDoS attacks
are launched against e-commerce websites during holiday shopping seasons, which throttle the targeted website so that
buffer times are slow, even to the point where pages won’t open, thus ruining the shopping experience to the point where
customers will opt for shopping on other websites instead; 2. During major sporting events, such as the World Cup, various
betting websites host gambling events, and during such events, ultra-heavy traffic DDoS attacks pop up out of the blue and
last for the duration of the entire event; 3. In recent years, many e-commerce websites have launched panic buy and seckill
time-limited promotions, such as mobile phone sales on popular Chinese websites which begin at 10:08 every Monday and
Friday; whenever a promotion is set to begin, DDoS attacks are suddenly launched so netizens will lose patience waiting for
the website to load and will give up on the promotion; after enough netizens leave, the DDoS attack will screech to a halt
and before the promotion expires, "scalping" software will rush in to place orders.
In 2014, DCs were still the main target of DDoS attacks. DCs, including cloud-based DCs, have to deal with two-way
DDoS attack threats. Inbound DDoS attacks directly endanger downlink bandwidths, DC infrastructures, and online service
availability; on the other hand, outbound DDoS attacks endanger the DC access layer uplink bandwidth and the DC’s
reputation. Compared to conventional DCs, cloud-based DCs have to deal with greater DDoS threats. This is primarily
because: first, there are a huge number of cloud hosts (upwards of 100-200 thousand); services are uploaded and
downloaded quickly, and many different services are available; it’s difficult to manage traffic as it fluctuates so frequently, and
targeted protection is difficult to achieve; secondly, the average cloud-based DC will have tons of tenants that come and go
4DDoS Attacks
82014 Botnets and DDoS Attacks Report
randomly such that they cannot be physically isolated; after a cloud host is infected by a bot, not only will it threaten DC data
security, but they also often initiate outbound DDoS attacks and may even launch tenant-to-tenant cross-bound attacks.
Techniques for disguising network behavior are not isolated to the botnet communication process alone; rather, botnet
initiated application layer DDoS attacks will also use disguises. For example, HTTP Get flooding through mobile applications
can also use user-agents disguised as mobile terminals; HTTP Get flooding can also attack e-commerce websites during
holiday shopping seasons or promotions through user-agents disguised as browsers, specifically, Firefox and IE are typically
used because of their large number of users; HTTP Get flooding can also attack web servers when disguised as Baidu or
Google crawlers; many small and medium-scale web applications use CDN acceleration; attacks that target these kinds of
applications will often simulate proxy access which makes it hard for the defense system to distinguish whether or not the
behavior is malicious.
DDoS attacks also feature "Crime as a Service" characteristics, and CaaS has effectively expanded the network scope and
attack strength of DDoS attacks. The most famous CaaS DDoS botnets are none other than IMDDOS and Lizard DDoS.
According to Huawei Cloud Security Center live network monitoring data, IMDDOS has been the top fifth largest botnet
in China since 2010, and over these last few years, it has infected its fair share of high-performance DC servers. Following
its breaches of many large online gaming networks, such as Xbox Live, the Sony Playstation Network, Jagex, Blizzard, and
League of Legends (LOL), the well-known hacker organization Lizard Squad has recently begun to sell its DDoS attack
services through Twitter to offer its services at an affordable price. The actual price itself may directly determine the strength
of the purchased attack.
4.1 UDP Amplification Attacks
In March 2013, The Spamhaus Project, an international anti-spam organization based in Europe, was hit by heavy DDoS
attack traffic, peaking at up to 300 Gbit/s, launched using DNS amplification. In December 2013, hacker organization DERP
launched the first NTP amplification attack. Then in February 2014, the peak bandwidth of NTP amplification attack traffic
was refreshed to 400 Gbit/s. Shortly thereafter, UDP amplification attacks were unleashed the world over, and a variety of
amplification tools have been tapped one after another. Exploitable open UDP servers are as shown in Table 1.
Table 4-1 Open UDP Servers to Amplification
Category of Attack Amplification Exploitable Vulnerabilities
NTP Amplification Attack 556.9 monlist query
DNS Amplification Attack 28 to 54 Text query
SSDP Amplification Attack 30.8 SEARCH request
Chargen Amplification Attack 358.8 Character generation request
SNMP Amplification Attack 6.3 GetBulk request
NetBIOS Amplification Attack 3.8 Name resolution
QOTD Amplification Attack 140.3 Quote request
Quake Network Protocol Amplification Attack 63.9 Server info exchange
Steam Protocol Amplification Attack 5.5 Server info exchange
BitTorrent Amplification Attack 3.8 File search
Kad Amplification Attack 16.3 Peer list exchange
9 2014 Botnets and DDoS Attacks Report
Figure 4-1 Global Distribution of Open Chargen Servers
Figure 4-3 Global Distribution of Open NTP Servers
Figure 4-2 Global Distribution of Open DNS Servers
Based on the Huawei Cloud Security Center live network attack statistics from 2014, NTP, DNS, SSDP and Chargen servers
usage accounted for the majority of amplification attacks. The main reason for this is that these types of services offer
widespread amplification and distribution across live networks.
Since January 2015, according to Huawei Cloud Security Center research, the number of open DNS servers has risen to
13,983,210; open SSDP servers followed thereafter with up to 9,473,641; ranking third were open NTP servers, with up to
1,871,764; finally, the number of open Chargen servers has risen to 1,696,095.
102014 Botnets and DDoS Attacks Report
Figure 4-4 Global Distribution of Open SSDP Servers
Figure 4-5 Distribution of DDoS Attacks in China
4.3 Geographical Distribution of Attacks
In China, DDoS attacks were relatively concentrated in Zhejiang, Guangdong and Shandong. The reason for this is that the
majority of China’s large Internet company DCs are concentrated in these three provinces. According to statistics on nearly
100 typical DC attacks from 2014, the highest DC attack frequency was over 200 hits per month.
4.4 Distribution of Attacks by Category
According to Huawei Cloud Security Center statistics, DDoS attacks in 2014 were commonly launched in the forms of SYN,
UDP, HTTP Get and DNS flooding. The most striking feature compared to 2013 was the surge in ultra-large packet SYN
flooding and UDP-based amplification attacks, with 100Gbit/s DDoS attacks consisting of large multi-packet SYN flooding
and NTP or DNS amplification attacks. Compared to 2013, attacks targeted at DNS caching servers were still Cache Miss-
based, but the source IPs of the attacks were more limited to the same metropolitan areas as the targets. Attack traffic has
also risen. Attacks targeted at DNS authorization servers were similarly Cache Miss-based, but the source IPs were disguised
as DNS caching server IPs.
11 2014 Botnets and DDoS Attacks Report
SYN Flooding: 22.87%
UDP Flooding: 43.26%
HTTP Get/Post Flooding: 15.54%
ACK Flooding: 6.06%
DNS Flooding: 9.31%
ICMP Flooding: 1.29%
FIN/RST Flooding: 0.35%
Other: 1.32%
Figure 4-6 DDoS Attacks by Category
Gaming: 48.40%
E-commerce: 35.49%
Finance: 6.30%
Healthcare: 2.51%
Education: 1.80%
Hotel & travel: 1.40%
Other: 4.10%
Figure 4-7 DDoS Attacks by Industry
4.5 Distribution of Attacks by Industry
The top three targets of DDoS attacks are e-commerce, online gaming and online finance, especially online finance, where
attackers were primarily motivated by malicious competition. Online service systems with higher profit margins tend to be
hit more frequently, and the attacks tend to last longer.
HTTP: 89.50%
DNS: 3.63%
HTTPS: 1.64%
Other: 5.23%
Figure 4-8 DDoS Attacks by Protocol
4.6 Distribution of Attacks by Application Protocol
According to Huawei Cloud Security Center statistics on the distribution of application-targeted attacks, HTTP is still the primary
target. Statistics show that the main reason for this result is because the HTTP protocol is still the most important Internet
application protocol and e-commerce and online gaming websites that are most susceptible to DDoS attacks all use HTTP protocol.
DNS applications are the second largest target of for DDoS attacks. Since DNS applications serve as an Internet
infrastructure, the influence terrain of attacks is much more widespread. Even though DNS service providers have reinforced
the security of their DNS servers in various ways over the last few years, DNS services are still the weakest of all applications
on the Internet. Even if Internet companies comprehensively reinforce their own DNS authorization servers, the security and
serviceability of DNS caching and recursive servers, as the Internet’s largest access gateways, is still worrisome. In December
2014, a number of China Telecom’s provincial DNS caching servers were hit by a Cache Miss attack, leading to network
outages of several hours. The worrisome state of DNS server security has forced large Internet companies into considering
building their own powerful anti-DDoS attack DNS systems.
122014 Botnets and DDoS Attacks Report
4.7 Development Trends
As CT shifts to IT-oriented developments, and IT moves to the cloud, DDoS attacks and defense will become much more
complicated.
Network attacks are becoming much more profit-based and the CaaS model of DDoS attack services will become
increasingly common.
A huge number of open UDP servers will lead to frequent hybrid amplification attacks in the coming years which will further
boost the peak traffic bandwidth of attacks.
4.8 Expert Opinion
Compared to conventional DCs, the state of cloud-based DC security is worrisome, and such conditions will last for quite
some time. Security and protection will become a fundamental DC service alongside storage, computing and bandwidth for
DC tenants, and only after DCs can truly guarantee the quality of SaaS services will their infrastructure security investments
begin to pay off.
Cloud-based DCs are trending towards building closer relations with network infrastructure operators in the development
of DDoS security mechanisms. In this process, cloud-based DCs with professional DDoS protection capabilities will become
much more attractive to tenants than conventional cloud-based DCs, and as such, they will develop much more rapidly.
The prospects for DNS caching and recursive service system security are less than optimistic, and if their security cannot be
improved industry-wide, large Internet companies will have no choice but to begin to consider building their own powerful
anti-DDoS DNS systems to guarantee the serviceability of their Internet applications.
13 2014 Botnets and DDoS Attacks Report
5.1 About Huawei Security Intelligence Center
Network security is a core customer requirement. Huawei’s security product line considers the long-term construction of
Security Intelligence Center as a core technology that builds competitive edge and will continue making investments in the
security area. A wide range of network security experts came together to establish the Huawei Security Intelligence Center,
focused on building an advanced security reputation system and cloud security architecture, safeguarding information
security, and striving to continuously develop customer service.
Drawing on Huawei’s cutting-edge security capabilities, the Security Intelligence Center collects malicious samples from various
channels, summarizes the massive number of samples into the management system, rapidly analyzes and converts these samples
to compile a signature database, and releases the database to security products deployed worldwide, so customers' networks are
equipped with the latest security defense capabilities. Besides inheriting legacy security capabilities, the Security Intelligence Center
draws together cutting-edge technologies, adapts them specifically to each field, and sets up dedicated security labs with rich technical
characteristics. The research team leverages security products and solutions to provide with an active security defense system.
As the Internet evolves, cloud computing and mobile terminals become more widespread, and innovative apps emerge,
as do subsequent new threats, posing new challenges for network security personnel. To meet these ever-increasing
challenges, Huawei continues the security capability construction and provides customized products, solutions, and services
to help customers effectively defend against global security threats and risks.
5.3 Feedback
If you have any comments about this report, please send them to [email protected].
Copyright © Huawei Technologies Co., Ltd. 2015. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of
Huawei Technologies Co., Ltd. All information in this document is the internal data of Huawei Security Intelligence Center and
related labs. All information is for reference only and does not constitute a warranty of any kind, express or implied.
All trademarks, pictures, logos, and brands in this document are the property of Huawei Technologies Co., Ltd. or an authorized third party.
5.2 Data Source
The original data in this report come from Huawei Security Intelligence Center and some data come from partners.
5About
142014 Botnets and DDoS Attacks Report
Copyright © Huawei Technologies Co., Ltd. 2015. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.
General Disclaimer
The information in this document may contain predictive statements including,
without limitation, statements regarding the future financial and operating results,
future product portfolio, new technology, etc. There are a number of factors
that could cause actual results and developments to differ materially from those
expressed or implied in the predictive statements. Therefore, such information
is provided for reference purpose only and constitutes neither an offer nor an
acceptance. Huawei may change the information at any time without notice.
HUAWEI TECHNOLOGIES CO., LTD.
Huawei Industrial Base
Bantian Longgang
Shenzhen 518129, P.R. China
Tel: +86-755-28780808
Version No.: M3-032102-20150316-C-1.0
e.huawei.com
Trademark Notice
, HUAWEI, and are trademarks or registered trademarks of Huawei Technologies Co., Ltd.
Other trademarks, product, service and company names mentioned are the property of their respective owners.