Monthly Archives: July 2013

Four steps for denying DDoS attacks

Financial institutions have been battling waves of large distributed denial of service  attacks since early 2012. Many of these attacks have been the work of a group called the Qassam Cyber Fighters, which until recently posted weekly updates on Pastebin about the reasons behind its attacks, and summarising Operation Ababil, its DDoS campaign, writes Terry Greer-King, UK managing director, Check Point ( right ). Other hacktivist groups have launched their own DDoS attacks and targeted financial services institutions with focused attacks on web forms and content.  There have also been reports of nation-state organised cyber assaults on banks and government agencies, along with complex, multi-vector efforts that have combined DDoS attacks with online account tampering and fraud. These incidents against all sizes of banks have shown that there are many kinds of DDoS attacks, including traditional SYN and DNS floods, as well as DNS amplification, application layer and content targeted methods. Denial of Service (DoS) activities that have targeted SSL encrypted webpage resources and content are an additional challenge.  In some instances, the adversaries have moved to a blended form of attack that incorporates harder-to-stop application layer methods alongside ‘cheap’, high-volume attacks that can be filtered and blocked through simpler means. To cope with this level of malicious activity, CIOs, CISOs, and their teams need to have a plan in place, and consider a set of defensive tools that combine on-premise technologies and cloud-based scrubbing services.  They should also begin to explore and ultimately implement intelligence gathering and distribution methodologies that help lead to a comprehensive DoS mitigation strategy.  Here are four steps to help in devising that strategy Have a scrubbing service or ‘cleaning provider’ to handle large volumetric attacks :  the volumes associated with DDoS activity have reached a level where 80 Gbps of DDoS traffic is a normal event.  There are even reports of attacks in the range of 300 Gbps. Few, if any organisations can maintain sufficient bandwidth to cope with attacks of this size.  When faced with DDoS incidents this large, the first thing an organisation needs to consider is the option to route their Internet traffic through a dedicated cloud-based scrubbing provider that can remove malicious packets from the stream. These providers are the first line of defense for large volumetric attacks, as they have the necessary tools and bandwidth to clean network traffic so that DDoS packets are stopped in the cloud and regular business as usual traffic is allowed. Use a dedicated DDoS mitigation appliance to isolate and remediate attacks: the complexity of DoS attacks and the tendency to combine volumetric and application methods require a combination of mitigation methods.  The most effective way to cope with the application and “low and slow” elements of these multi-vector attacks is to use an on-premise dedicated appliance.  Firewalls and intrusion prevention systems are critical to the mitigation effort, and DDoS security devices provide an additional layer of defense through specialised technologies that identify and block advanced DoS activity in real-time. Administrators can also configure their on-premise solutions to communicate with cloud scrubbing service providers to enable automated route away during attack. Tune firewalls to handle large connection rates: t he firewall will also be an important piece of networking equipment during DDoS attacks. Administrators should adjust their firewall settings in order to recognise and handle volumetric and application-layer attacks.  Depending on the capabilities of the firewall, protections can also be activated to block DDoS packets and improve firewall performance while under attack.   Develop a strategy to protect applications from DDoS attacks: a s well as using security solutions, administrators should also consider tuning their web servers, and modifying their load balancing and content delivery strategies to ensure the best possible uptime.  This should also include safeguards against multiple login attempts.  Machine-led, automated activities can also be blocked by including web pages with offer details, such as opportunities for interest rate reduction or information on new products, so that users much click on “accept” or “no thanks” buttons in order to continue deeper into website content.  Content analysis can also help – simple steps such as ensuring there are no large PDF files hosted on high-value servers can make a difference. The above methods are crucial to any DDoS mitigation strategy. Organisations must also reach out to service providers and ISPs and work with them to identify novel mitigation techniques. After all, DDoS attacks use the same Internet routes as bank customers, and ISPs carry both forms of traffic. Of increasing importance is the need to investigate and implement intelligence gathering and distribution strategies, both within company networks and across other companies operating in financial services. Getting more information about who the attacking agent is, the motivations behind the attack, and methods used, helps administrators anticipate and proactively architect around those attacks. Attack profile information can range from the protocols used in the attack (SYN, DNS, HTTP), the sources of attack packets, the command and control networks, and the times of day during which attacks began and ended.  While valuable in mitigating attacks, there is no easy way to communicate this data, and regulatory hurdles make it even more difficult to share attack information. Right now, information-sharing consists of friends talking to friends. Information sharing needs to evolve into an automated system where multiple organisations can log in to a solution and see correlated and raw log data that provide clues about current and older attacks.  Such systems could also be used to share attack intelligence and distribute protections.  An industry information sharing capability would help elevate financial services companies’ abilities to cope with DDoS activity and bring the industry as a whole to a new level of preparedness. Source: http://www.bankingtech.com/154272/four-steps-for-denying-ddos-attacks/

Excerpt from:
Four steps for denying DDoS attacks

Network Solutions restores service after DDoS attack

Network Solutions said Wednesday it has restored services after a distributed denial-of-service (DDoS) attack knocked some websites it hosts offline for a few hours. The company, which is owned by Web.com, registers domain names, offers hosting services, sells SSL certificates and provides other website-related administration services. Network Solutions wrote on Facebook around mid-day Wednesday EDT that it was under attack. About three hours later, it said most customer websites should resolve normally. Some customers commented on Facebook, however, that they were still experiencing downtime. Many suggested a problem with Network Solutions’ DNS (Domain Name System) servers, which are used to look up domain names and translate the names into an IP addresses that can be requested by a browser. DDoS attacks are a favored method to disrupt websites and involve sending large amounts of data in hopes of overwhelming servers and causing websites to not respond to requests. Focusing DDoS attacks on DNS servers has proven to be a very effective attack method. In early June, three domain name management and hosting providers — DNSimple, easyDNS and TPP Wholesale — reported DNS-related outages caused by DDoS attacks. Hosting service DNSimple said it came under a DNS reflection attack, where DNS queries are sent to one party but the response is directed to another network, exhausting the victim network’s bandwidth. Source: http://www.pcworld.com/article/2044618/network-solutions-restores-service-after-ddos-attack.html

Continue Reading:
Network Solutions restores service after DDoS attack

DDoS attacks are getting bigger, stronger and longer

Prolexic Technologies announced that the average packet-per-second (pps) rate reached 47.4 Mpps and the average bandwidth reached 49.24 Gbps based on data collected in Q2 2013 from DDoS attacks launch…

Visit site:
DDoS attacks are getting bigger, stronger and longer

Many online newspapers become DDoS victims

At 4.11 pm of July 7, when accessing Dan Tri newspaper at dantri.com.vn, readers would see the words “Ban hay thuc hien phep tinh de tiep tuc su dung bao Dan Tri” showing that the access was denied. Dan Tri was just one of the many online newspapers hacked in recent days under a large scale DDoS offensive of the hackers. The hacking made a lot of newspapers inaccessible. Some readers still could access websites, but they had to try many times and wait with patience. Internet security experts have commented that the attack might have been well prepared for a long time, because it was conducted in a very methodical way. HVAOnline, a security forum, reported that since July 4, Thanh Nien, Tuoi tre, Dan Tri, VietNamNet, Kenh 14 have been the victims of the DDoS attacks, noting that the number of hacked online newspapers is on the rise. It is estimated that each of the newspapers incur the DDoS attack capacity of 50-70 Mbps, while the capacity was up to 1.3 Gbps for some newspapers. To date, some newspapers have fixed the problems, but the access remains unstable. According to Vo Do Thang, Director of Athena, an Internet security training center in HCM City, the current attack power would be unbearable to the small online newspapers. As such, the hacking would cause serious consequences, especially if it lasts for a long time. The experts said hackers purposely attacked the server of VDC 2 (the Vietnam Data communication Company) where the servers of many online newspapers are located. As a result, not only the VDC 2’s server, but the newspapers’ servers also suffered. HVAOnline said the forum itself and many other forums, information portals in Vietnam also incurred many DDoS attacks, but at weaker intensity. In fact, experts said the attacks began in June 2013 already at low intensity, which could be the preparation for the “general offensive” in July. They believe that the hackers may belong to a big and powerful organization to be able to mobilize such large botnets and zombies for the large scale attack. The hackers reportedly timed their attacks in their way. After finishing one attack aiming to one goal, they began the attack to another goal. After that, they unexpectedly returned and attacked the first aiming point. This way of hacking might make readers and the newspapers’ administrators misunderstand that the newspapers got troubles, while they did not think of a DDoS attack. Buu Dien newspaper on July 11 quoted the Director of an Internet security firm as saying that the firm, after analyzing the attack, found out that the attack was originated from an IP in Vietnam. BKAV’s Nguyen Minh Duc said two days ago that BKAV has not received any request for help from the hacked newspapers. A Symantec’s report in 2011 said that Vietnam has become the favorite space of the world’s hackers, and that it is the biggest botnet in the world. One of the reasons behind this is that Vietnamese don’t install anti-virus software on their computers, and they have the habit of installing cracked software pieces, or downloading some software products from unreliable websites. Source: http://english.vietnamnet.vn/fms/science-it/79186/many-online-newspapers-become-ddos-victims.html

See more here:
Many online newspapers become DDoS victims

Staying Informed About DDoS Threats

Distributed-denial-of-service attacks have plagued U.S. banks since last September. But DDoS attacks pose a persistent, genuine threat to other sectors as well. Any organization with an online presence is at risk. Successful DDoS attacks can take a website offline, damaging brand image and chipping away at consumer trust. But they also can do much more. In some cases, these attacks can be used to mask fraud by distracting security and IT departments while banking accounts or confidential files are simultaneously being taken over. To provide insights on the latest DDoS threats – and effective mitigation strategies – Information Security Media Group has launched a DDoS Resource Center . The resource center, sponsored by online security firms Akamai, Fortinet, Neustar, Radware and VeriSign, includes timely interviews, in-depth features, news stories and blogs that offer insights about emerging botnets and attack techniques from those who are analyzing and battling DDoS on the frontlines. The resource center also offers expert insights on practical steps for minimizing the impact of DDoS attacks. By visiting the resource center, you’ll get the latest information on the different types of DDoS attacks, such as DNS reflection and application layer attacks, as well as the attacks’ possible links to fraud . You’ll learn about DDoS protections and mitigation services , notification and response strategies, and DDoS detection measures. Here’s a sampling of the variety of content our resource center offers: An interview with ex-FBI investigator Shawn Henry , who shares insights about cross-border and cross-industry collaboration that’s taking place behind the scenes to strengthen DDoS and cybersecurity knowledge. An analysis of a new type of DDoS strike that targeted two U.S. banks for what some say could have been a test for more attacks to come. A blog about how the botnet, known as Brobot, that’s been used in DDoS attacks against U.S. banks is being retooled to defeat common mitigation practices. And an interview with former federal banking examiner Amy McHugh about why community banks are prime targets for DDoS strikes being waged as modes of distraction to veil account takeover attempts. The DDoS Resource Center also provides research, white papers and webinars, including a session on new defense strategies for DDoS , which includes insights from Rodney Joffee of DDoS-mitigation provider Neustar and Mike Wyffels, senior vice president and chief technology officer of multibank holding company QCR Holdings Inc. Source: http://www.bankinfosecurity.com/blogs/staying-informed-about-ddos-threats-p-1506

See the original article here:
Staying Informed About DDoS Threats

Tips To Prepare For A DDoS Attack

IT security experts report that distributed denial of service (DDoS) attacks are a growing concern for 2013: this trend is proved by the countless attacks during 2012 and shown from the findings on the latest CSI Computer Crime & Security Survey, which attracts widespread media attention and is one of many online sources that provides valuable information and guidance to information security professionals. How can a business or individual decrease the likelihood of these type of threats? Fortunately, there are methods that can be used in advance to mitigate risk and infections from the amplification of such attacks. Safety First First of all, it is paramount to identify if the network is safe and protected from unauthorized access, malicious content, real-time threats and cyber intrusions. If not, network system managers should consider using traditional security products like a firewall, Intrusion Prevention and Detection Systems (IPDS) and Web application firewall devices to establish a first line of security defense. It is crucial to be responsive and implement the necessary security hardware and software tools ahead of time to defend the perimeter of the network from intrusion and before being the hacker’s target. Business and individuals alike should plan early on and not wait until they are at mercy of the attack to use proper security controls. Malicious attacks, which can be carried out from several compromised systems and from another location (IP address), can enable a rogue attacker to install a series of zombie Trojans to attack or infect (with malware) hosted computers. Whatever reason and motive the intruder has, s/he is able to take over an entire network and initiate a flood or packet attack, all while denying legitimate connections and paralyzing victims’ systems or servers (e.g., Web servers, DNS servers, application servers). The aim is to use up the network bandwidth and bring its operations or services down. Knowing how dangerous such an attack can be, it comes of utmost importance to be familiar with the different kind of DDoS attacks that could affect the network to understand what type of countermeasures should be put to use. Despite the scale and frequency of these attacks, there are ways to be prepared and avoid being vulnerable to this threat that can be so disruptive. Next is a list of tips to prepare and plan, before an attack strikes, which if made a victim of could have devastating effects on one’s business, such as costly downtime and/or lost revenue. Here are six ways to prevent a DDoS attack • Utilize packet filters on the router(s) • Setup a firewall with advanced security • Properly configure webserver with security modules • Implement logging with ACLs and have them in place to filter traffic • Exploit NetFlow for traffic monitoring and tracking down specific attacks • Rely on a third-party cloud DDoS mitigation provider for proprietary filtering technology. This is a great alternative for those that do not want to handle the security themselves and obtain a quick solution that provides on-demand, real-time protection to monitor 24/7 a business or individuals’ on-premises network infrastructure. If you’re looking for reputable provider, I would suggest getting DDoS protection from DOSarrest . Other than the tips listed, it is suggested to always have more bandwidth available, maintain anti-virus software, and deploy IPDS devices or firewalls in front of the servers just in case of a DDoS attack. It is better to spend some time (and money) preparing in advance for this network threat than dealing with a last minute crisis and trying to figure out what needs to be done. Source: http://www.examiner.com/article/tips-to-prepare-for-a-ddos-attack

See the original post:
Tips To Prepare For A DDoS Attack