In a few months, Kimwolf went from a shadow proxy service to a tool for custom attacks.
In early March, Russian companies were subjected to massive DDoS attacks involving more than 4 million unique IP addresses. StormWall specialists detected and repelled attacks organized using the Kimwolf botnet.
The maximum attack power was 700 thousand requests per second. The sources of requests were distributed throughout the world, with the highest concentration in Brazil, the USA and India. Russia ranked 5th in terms of the number of infected devices. At the same time, bots mimic the behavior of real users
The attacks were carried out at the L7 application level, which makes them especially dangerous for online resources. According to experts, such attacks may be custom-made and carried out by organized groups. To protect against such threats, it is recommended to use a multi-level protection system that can recognize abnormal activity based on behavior, and not only by IP addresses or geolocation. Ramil Khantimirov, director and co-founder of StormWall, noted:
The DDoS services market has reached a new level. The Kimwolf botnet is a prime example: in a few months, it has transformed from a shadow proxy service into a tool for custom attacks. This is especially dangerous for many companies - even short-term delays in the functioning of resources often lead to loss of revenue and customers. We expect that the number and power of attacks using the most powerful botnets in Russia will grow.
