Monthly Archives: April 2014

Blockchain.info Services Down Due to DDoS Attacks

A number of users have taken to social media to report issues with their Blockchain.info wallets on Monday. The reason, according to Blockchain, relates to what has been described as “higher than usual traffic volumes due to DDoS [distributed denial of service] attacks” on the company’s servers. Upon this writing, the website presents the following message: Blockchain.info is currently down for maintenance. For status updates please see Twitter. Apologies for any inconvenience. The company took the opportunity to remind users that their wallets were safe, but made the suggestion that all users make backups upon full service restoration. Distributed denial of service attacks target one or more machines by bombarding them with information requests, slowing down services for legitimate users. DDoS attacks are almost commonplace against larger websites, often becoming a frequent occurrence. Blockchain.info serves as the internet’s most popular bitcoin-related website. Growing tremendously fast, the service recently announced the creation of their 1.5 millionth wallet. Last week, it was announced that the company, led by Nic Cary, had signed a five-year deal to hold rights to the bitcoin.com domain name. Source: http://newsbtc.com/2014/04/21/blockchain-info-services-due-ddos-attacks/

Continue Reading:
Blockchain.info Services Down Due to DDoS Attacks

Easy-to-Use NTP Amplification Emerges as Common DDoS Attack Vector

Reflection attacks using the Network Time Protocol surge in the first quarter, as attackers shift to bandwidth-clogging floods of data. In the past year, attackers have changed focus from attacking applications to overwhelming network bandwidth using brute-force reflection attacks, according to a report published April 17 by content-delivery provider Akamai. The two most popular types of reflection attacks, which bounce network traffic off intermediate servers on the Internet, have shot up in popularity, accounting for 23 percent of all infrastructure attacks in the 2014 first quarter, Akamai stated in its Prolexic Quarterly Global DDoS Attack Report. The attacks were largely unheard of in 2013, the report stated. Much of the increase is due to easy-to-use tools, including techniques for using a vulnerability in the Network Time Protocol, or NTP, not only to reflect attacks but amplify them, Matt Mosher, director security strategy for Akamai, told eWEEK. “Reflection and amplification are easier for the attackers to do,” he said. “They don’t have to build a bot army or infect a bunch of machines.” The number of distributed denial-of-service (DDoS) attacks and the average bandwidth of an attack have both climbed, increasing by 47 percent and 39 percent, respectively, according to Akamai’s report. The jump occurred even as DDoS attacks that attempt to tie up applications with bogus requests declined 21 percent. Application layer attacks have declined since the third quarter of 2013, the report stated. “There have always been two dimensions to DDoS: the large volumetric attacks including amplification, and then there’s another set of DDoS that tries to create complexity and targets applications,” Mosher said. Attackers also focused on media and entertainment companies, which were the targets of nearly 50 percent of attacks. Software and technology companies were the second most popular target, at 17 percent, while security firms faced 12 percent of all DDoS attacks, according to Akamai. The largest attack seen by Akamai targeted a European entertainment firm, and exceeded 200G bps at its peak, the firm said. The attack lasted more than 10 hours, and amplified the attack volume through vulnerable servers using a combination of NTP and the Domain Name System (DNS) reflection. The attack also employed a tactic known as a POST flood attack, according to Akamai. Reflection attacks do not just use basic Internet protocols, but can use Web application features to inundate a target. An interesting attack in the first quarter of 2014 involved using the pingback function of WordPress sites to send data at the targeted network. “The effectiveness of this attack lies in the leveraging of victim WordPress Websites that have pingback functionality enabled,” the report stated. “This attack vector typically succeeds by exhausting the number of connections to the target site, rather than by overwhelming the target with bandwidth floods.” Computers in the United States, China, Thailand, Turkey and Germany accounted for almost three-quarters of all attacks, according to the report. Indonesia and South Korea were also in the top 10. “There was a noticeable presence of Asian countries in the top 10 source countries,” Akamai’s report noted. “Growing economies and an expanding IT infrastructure, plus large online populations, fuel DDoS attack campaigns.” Source: http://www.eweek.com/security/easy-to-use-ntp-amplification-emerges-as-common-ddos-attack-vector.html/

More:
Easy-to-Use NTP Amplification Emerges as Common DDoS Attack Vector

Lookout, DDoS Attackers Are Changing Their Techniques

In the past couple of years we’ve seen a drastic increase in the number of DDoS (distributed denial-of-service) attacks taking place, many of which are being carried out as a means of protest by various groups. The attacks are attempts to make a machine or network resource such as a website totally unavailable to anyone trying to reach it. The reasons for the attacks vary, as do the means used to carry them out. A typical attack generally consists of efforts by two or more persons, and in many cases, botnets, to temporarily or indefinitely interrupt or suspend services of a specific host connected to the Internet. Such attacks usually lead to a server overload and are implemented by either forcing the targeted computer(s) to reset, or consuming enough of its resources so that it can no longer provide its intended service, or by obstructing the communication media between the intended users and the targeted victim so that they can no longer communicate. Based on a new report, now it appears that the attackers are changing their techniques in order to launch much larger scale attacks on websites. In a Global DDoS Attack Report from the 1st quarter of 2014 released Thursday, Prolexic Technology describes seeing a new trend toward “reflection and amplification techniques” which are being used more frequently in lieu of the botnet methods. The report states, “Instead of using a network of zombie computers, the newer DDoS toolkits abuse Internet protocols that are available on open or vulnerable servers and devices. We believe this approach can lead to the Internet becoming a ready-to-use botnet for malicious actors.” Prolexic mentions that these new attack tools can deliver a much more powerful punch. In this Q1 2014 report they saw a 39 percent increase in average bandwidth and also saw the largest-ever DDoS attack, one that involved multiple reflection techniques combined with a traditional botnet-based application attack. That attack generated peak traffic of more than 200 Gbps (gigabits per second) and 53.5 Mpps (million packets per second). The report also states, “Compared to the same quarter one year ago, peak attack bandwidth increased 133% compared to Q1 last year.” The full report showed that the media and entertainment industry were the targets in more than half of the attacks in the first quarter. Prolexic Technology is owned by Akamai. Unfortunately, the new techniques are becoming all too popular with some websites now providing easy access to the services for use in launching these types of attacks. Source: http://www.slyck.com/story2396_Lookout_DDoS_Attackers_Are_Changing_Their_Techniques

Link:
Lookout, DDoS Attackers Are Changing Their Techniques

Attackers use reflection techniques for larger DDoS attacks

Akamai announced a new global DDoS attack report, which shows that in Q1, DDoS attackers relied less upon traditional botnet infection in favor of reflection and amplification techniques. “Instea…

Read More:
Attackers use reflection techniques for larger DDoS attacks

Bahrain Telecom Teams Up With DOSarrest to Offer DDoS Protection Services

VANCOUVER, BRITISH COLUMBIA–(Marketwired – April 16, 2014) – Bahrain Telecom realized the threat of DDoS attacks on their customer base and set out to explore the various options available for their business customers’ enterprise websites. After evaluating the options available, BATELCO chose the fully managed DDoS Protection service offered by DOSarrest Internet Security. The service will be offered by BATELCO to its business customers as part of its cloud portfolio. Batelco Enterprise General Manager Adel Daylami said that DOSarrest came as an answer to the increased threats in cyber space, as cyber-attacks have become a major security concern for organizations of all sizes. “The DDoS Mitigation solution is designed to protect customers’ networks against any malicious attempts by containing the harm of such attacks, thus ensuring the operational status of the organisation. The introduction of this service is in line with our repeated commitments to providing our valued customers with the most advanced products and services that meet their dynamic demands,” added Mr. Daylami. “We are honored to be providing DDoS protection services for Batelco’s business customers. We have been providing DDoS protection for a number of Bahrain-based enterprises, for over 4 years now, this announcement just cements the business association,” states Mark Teolis, General Manager of DOSarrest. About Batelco: Batelco Group is headquartered in the Kingdom of Bahrain and listed on the Bahrain Bourse. Batelco has played a pivotal role in the country’s development as a major communications hub and today is the leading integrated communications’ provider, continuing to lead and shape the local consumer market and the enterprise ICT market. Batelco has been growing overseas via investing in other market-leading fixed and wireless operators. Batelco Group has evolved from being a regional Middle Eastern operation to become a major communications company with direct and indirect investments across 14 geographies, namely Bahrain, Jordan, Kuwait, Saudi Arabia, Yemen, Egypt, Guernsey, Jersey, Isle of Man, Maldives, Diego Garcia, St. Helena, Ascension Islands and Falklands. (www.batelcogroup.com) About DOSarrest Internet Security: DOSarrest, founded in 2007 in Vancouver, BC, Canada, is one of only a couple of companies worldwide to specialize in only cloud based DDoS protection services. Their global client base includes mission critical ecommerce websites in a wide range of business segments including financial, health, media, education and government. Their innovative systems, software and exceptional service have been leading edge for over 7 years now. Source: http://www.marketwired.com/press-release/bahrain-telecom-teams-up-with-dosarrest-to-offer-ddos-protection-services-1900083.htm

See the original article here:
Bahrain Telecom Teams Up With DOSarrest to Offer DDoS Protection Services

There is no place like home gateway for DDoS attackers

Home gateway routers are being targeted by cybercriminals launching denial-of-service attacks They are standard pieces of kit, without which no home or small office can connect to the internet. And millions of them harbour a security vulnerability that threatens to do untold damage to the workings of the web. Welcome to the humble home gateway – the little routers sitting on our desks are being inducted into battle by criminals launching denial-of-service (DoS) attacks to bring down websites and hold organisations to ransom. A subtle flaw in some home gateways (they act as ‘open DNS proxies’) allows attackers to use them for ‘amplification’ where very small DNS queries (50 bytes) generate very DNS large answers (4 , 000 bytes). Attackers employ another simple trick – IP address spoofing – to disguise their own identity and cover their tracks while directing waves of traffic to any target they choose, anywhere on the internet. An amplification attack can create and send a target trillions of bytes of unwanted data over a few hours. The attack on Spamhaus in 2013 generated traffic measured at an enormous 300Gb/s. Many web resources aren’t equipped to deal with such large volumes of traffic and either become unavailable, or slow down to the point where visitors notice.  There is also considerable collateral damage to the infrastructure over which these attacks are launched. These attacks are effective because the amplification effect makes the results wildly disproportionate to the effort needed to launch them. Moreover, home gateways acting as DNS proxies make queries appear legitimate to DNS resolvers and mask the ultimate targets of attacks. As such, they are becoming the weapon of choice for those who aim to damage or hold to ransom any target they wish with impunity. Nor is there any shortage of opportunity for these criminals.  Research has found there are 24 million home gateways (home routers) that can be used for amplification attacks. These exploitable routers exist across the globe and it is not a problem limited to developing nations. For online criminals, there really is no place like ‘home’ from which to launch an attack. One of the systems most impacted by DNS amplification attacks are ISP resolvers.  The fact they’re typically provisioned with ample network bandwidth and deployed on high-performance hardware to ensure they are always responsive and highly available make them ideal for attackers, as they can piggyback on someone else’s high performance infrastructure. ISPs get drawn directly into the mire when open DNS proxies on home routers forward queries received on their WAN interface to whatever DNS resolver they are configured to use.  In most cases this is an ISP ’ s resolver (consumers may also configure alternative DNS services from Google and others), and even those who go to great lengths to protect their infrastructure can become collateral damage in the path on an attack. Bandwidth taken up by DDoS traffic causes networks to suffer from congestion and lowered performance. If quality of service falls noticeably, customers will vote with their feet and walk away to another service provider. And the ultimate recipients of the traffic, the targets themselves, often legitimately enquire about what ISP have done to limit the effects of attacks. Since this vulnerability provides enormously rich pickings for criminals at little cost, fixing it should be a priority for ISPs. As with any type of online threat, denial-of-service attacks are protean in nature; they evolve and adapt to circumvent attempts to prevent them. Unfortunately, existing perimeter defences are useless against this new generation of attacks because they’re designed to deter DDoS traffic coming into a provider network instead of traffic going out. What’s called for is the applications of DNS-based security intelligence techniques; by incorporating DNS-level security tools, organisations and ISPs can effectively counter amplification attacks. Deterrence starts with monitoring DNS query data as it is generated so suspicious activity on the network can be identified quickly. Something else that’s needed is dynamic threat lists that track special purpose-built DNS domains designed and deployed specifically for these kinds of attacks. To eliminate false positives, it’s also crucial these lists are carefully vetted. Servers should be configured with highly targeted filters to manage malicious traffic, while ensuring legitimate traffic is not affected. Additional rate limits based on response size can catch malicious traffic not caught by other filters. And, following best practice, DNS data logging is also useful for forensics and reporting. DNS-based security can be used by network operators in a layered security approach. The insidiousness of malware threats requires a defence-in-depth strategy based on various layers of firewalls, packet filters, anti-virus software, intrusion detection and prevention, and many more. Owing to its strategic place in the network, DNS-based security must be added to this portfolio of protection: observing, as it does, every Internet communication, it serves as a lightweight but powerful tool in the armoury. For far too long, people have unknowingly been hosting a serious security weakness in their houses and in their offices. With DNS-level security we can finally plug this breach, and turn the home once more into a castle. Source: http://www.information-age.com/technology/security/123457905/there-no-place-home-gateway-ddos-attackers

Read More:
There is no place like home gateway for DDoS attackers

Blocking DDoS attacks with a cloud-based solution

In this interview, Jag Bains, CTO of DOSarrest, talks about various types of DDoS attacks and why a cloud-based solution is a good fit for most organizations. Despite being an old threat, DDoS atta…

See more here:
Blocking DDoS attacks with a cloud-based solution

Bot masters in cut-throat DDoS fight

DDoS reaches 300,000 connections a minute. Botnet operators in the criminal underground are launching large denial of service attacks against each other in a bid to knock out rivals in the race to compromise computers. Security researchers have discovered command and control servers owned by operators of Zeus botnets were blasted by those running a rival Cutwail botnet in a distributed denial of service attack reaching 300,000 connections a minute. The infamous Zeus malware was a trojan often used to steal banking information and install cyrptolocking software. The Zeus family was considered to be the largest botnet operating on the internet. Cutwail is also an established botnet which is typically involved in sending spam via the Pushdo trojan, at its peak pushing out millions of emails a day. University researchers said in a paper that Cutwail, known to spammers as ’0bulk Psyche Evolution’, was rented to spam affiliates who pay fees to the botmasters totalling hundreds of thousands of dollars, in order to launch spam campaigns (pdf). RSA researchers found a hit list of new dynamically generated domain names within a Cutwail botnet which served as infrastructure targets of the operator’s rivals. A senior threat researcher that runs under the handle ‘Fielder’ wrote he was surprised to find evidence of the continual fighting. “This is an incredibly interesting finding as it suggests some fierce competition within the criminal underground,” Fielder said. “This was quite literally a live action view of botmasters attacking one another.” The research team examined the attacked IP addresses and found that each was related to Zeus and Zbot (Zeus) command and control hosts. The attacker’s IP addresses were tracked since August and linked to Zeus and kryptik trojans and variants, as well as Bitcoin mining activity. These addresses were also embroiled in a “long history” of malware campaigns including those foisting the formerly infamous BlackHole exploit kit, spam campaigns and an effort to serve malware over IRC and BitTorrent. Source: http://www.itnews.com.au/News/382411,bot-masters-in-cut-throat-ddos-fight.aspx?utm_source=feed&utm_medium=rss&utm_campaign=editors_picks

More:
Bot masters in cut-throat DDoS fight

BTC-e Reports DDoS Attack Against Their Server

Having issues with BTC-e today? You’re not the only one. A number of users in the bitcoin community have reported issues with the exchange, raising fears about the service and whether or not it was operating as-should or not. The root of those issues are a distributed denial of service attack (DDoS), confirms the exchange on their official Twitter account. This isn’t the first time this has taken place (nor the last time, we reckon), and it certainly does highlight the community’s sensitivity when it comes to service disruptions. You can’t blame them, either. After the Mt. Gox debacle, it’s become difficult to trust some of these large-scale operations, particularly an exchange that has established itself as mostly secretive. That secrecy has allowed BTC-e to not require verification checks, making it a go-to spot for individuals looking to stay under the radar. As of this writing, it appears services are back to normal. Source: http://newsbtc.com/2014/04/13/btc-e-reports-ddos-attack-server/

Continue Reading:
BTC-e Reports DDoS Attack Against Their Server

DDoS attacks: Bigger, Badder and Nastier than last year

DDoS bots are evolving, developing immunity to cookie and JavaScript challenges along the way. A raft of next-generation DDoS attacks have marked the first months of 2014, says a new report from Incapsula, which notes that large-scale SYN floods attacks now account for a hefty 51.5 percent of all large-scale attacks. The research – which covers the whole of 2013 and the first two months of 2014 – says that 81 percent of DDoS attacks seen in 2014 are now multi-vectored, with almost one in every three attacks now above 20 Gbps in data volume terms. The analysis – entitled the `2013-2014 DDoS Threat Landscape Report’ – says that application (Layer 7) DDoS attacks are becoming a major headache for IT professionals as this year progresses, with DDoS bot traffic up by 240 percent in the three months to the end of February this year. Interestingly, Incapsula says that 29 per cent of botnets have been seen attacking more than 50 targets a month. The analysis – which is based on 237 network DDoS attacks that exceeded 5 Gbps and targeting Web sites on Incapsula’s network – concludes that DDoS bots are evolving, developing immunity to cookie and JavaScript challenges along the way. In fact, says Incapsula, during the final quarter of 2013, the firm’s research team reported the first encounter with browser-based DDoS bots that were able to bypass both JavaScript and Cookie challenges – the two most common methods of bot filtering. The problem, concludes the report, is that the DDoS attack perpetrators are now looking to raise the stakes even higher by introducing new capabilities, many of which are specifically designed to abuse the weaknesses of traditional anti-DDoS solutions. As a result, in 2014, the research predicts, many IT organisations will need to re-think their security strategies to respond to latest Layer 3-4 and Layer 7 DDoS threats. According to Barry Shteiman, Director of Security Strategy with Imperva, the report exposes advancements in both network and application layers. The most interesting take-out from the report, he says, is that the application DDoS attacks are now originating in botnets. “Last year we wrote extensively about the trend on CMS hacking for industrialised cybercrime where attackers use botnets in order to turn onboard infected machines into botnets and then use those as platforms for network and application attacks,” he said. “For DDoS attacks, it just makes sense. When a hacker has the power of masses with a large botnet, there are great opportunities to disrupt service. When servers are being infected rather than user’s computers, it’s even worse, just because of the bandwidth and computing power that becomes available to the hacker,” he added. Ashley Stephenson, CEO of Corero Network Security, said that it is essential that the governments take a more active role in encouraging private sector organisations to address the issue of DDoS attacks – and to put in place the appropriate plans to deal with these unavoidable security risks to their business and the nation’s financial infrastructure. “As consumers saw in late 2012 and early 2013, in both the US and UK, banks and financial institutions were successfully targeted by attacks which compromised their online services,” he told SCMagazineUK.com . The Corero CEO went on to say that his company believes that mandated controls – like those recently proposed by the Federal Financial Institutions Examination Council (FFIEC) – will drive organisations to take pro-active steps to regaining control of their online presence. “These mandates, at a minimum, offer guidance for financial institutions for appropriate DDoS activity monitoring and adequate incident response planning, this will ultimately lead to the deployment of more effective DDoS defence solutions,” he explained. Source: http://www.scmagazineuk.com/ddos-attacks-bigger-badder-and-nastier-than-last-year/article/342078/

Read More:
DDoS attacks: Bigger, Badder and Nastier than last year