Monthly Archives: January 2017

How the application landscape is impacting IT organizations

Accelerating cloud adoption is creating increased demand for security application services including WAF, DNSSEC, and DDoS protection, according to F5 Networks. As an increase in application services often requires additional resources, respondents also indicated a shift toward DevOps methodologies to gain operational efficiencies through automation and programmability. This need for scalability replaces speed to market as the prime driver of DevOps adoption. “This past year, not a week went by without some hack or vulnerability … More ?

Original post:
How the application landscape is impacting IT organizations

Someone is trying to take down the Drudge Report, and it’s a mystery who’s behind it

The Drudge Report, the highly trafficked conservative news website, has been knocked offline for extended periods during the past two weeks, succumbing to large distributed denial of service attacks, according to its founder, Matt Drudge. And it’s a mystery who’s behind it. Drudge wrote on Twitter that a December 30 attack was the “biggest DDoS since site’s inception.” A DDoS attack is executed by using hijacked computers or electronic devices to flood a website with redundant requests, aiming to overload the website’s hosting server and render it unavailable. But, according to cybersecurity experts who spoke with Business Insider, using such a method to take down the Drudge Report would not be easy. The site is already equipped to handle a high volume of visitors and scale out to accommodate spikes in traffic. Moreover, a website that generates so many page views would most likely employ strong defense measures, the cybersecurity experts said. “The Drudge Report has a massive readership,” said Ajay Arora, the CEO and cofounder of the cybersecurity firm Vera. “Generally someone that has that kind of viewership is going to have sophisticated hosting and counter defenses against DDoS attacks.” Since emerging in 1996, the Drudge Report has been a home to conservatives who feel disenfranchised by traditional media. Drudge has marketed his site as a news destination not controlled by corporate interests or politicians. And he’s had great success. SimilarWeb, an analytics firm, continually ranks the Drudge Report as one of the five most-trafficked media publishers in the US. According to analytics posted to the site, the Drudge Report has amassed about 775 million page views in the past 31 days — all with hardly any traffic coming from social-media channels. It’s a high-prized target, one that now sees itself under attack by an unknown culprit. Drudge has pointed the finger at the US government, tweeting that the traffic that downed his website had “VERY suspicious routing [and timing].” “Attacking coming from ‘thousands’ of sources,” he wrote on Twitter. “Of course none of them traceable to Fort Meade…” Drudge seemed to imply that his site was taken down in connection with punishment leveled against Russia for election-related hacking. The first attack on his site came hours after President Barack Obama announced the US would impose sanctions against Moscow, and the Drudge Report had previously been identified in a discredited Washington Post story as responsible for spreading Russian propaganda. “Maybe they think this is a proportional counterattack to Russia,” tweeted Sharyl Attkisson, a former CBS News investigative journalist. “After all they have decided @Drudge is Russian fake news, right?” Neither the White House nor the Office of the Director of National Intelligence responded to requests for comment. But cybersecurity experts who spoke with Business Insider discounted Drudge’s claim on grounds that the government attacking a US journalist’s site would be a blatant violation of the Constitution — as well as generally improbable. “If Putin wanted to take down a website, I’m sure he could order it,” said Jared DeMott, a former security engineer for the National Security Agency who is now the chief technology officer of Binary Defense Systems. “If Obama wanted to do something like that, he’d have to go to different people. It would be a hard conversation to have.” “Maybe if there was a military reason to have it,” DeMott added. “But domestically, there is no way.” DeMott, however, posited that another nation-state could be the potential culprit. “It definitely could be a nation-state,” he said. “They do stuff like that on an ongoing basis, whether they are looking for intel or trying to destabilize a political region.” Arora of the firm Vera agreed, saying that only a “small number of groups” in the world had the sophistication necessary to execute an attack to take out the Drudge Report for extended periods. “I would say it would be a group or nation-state that has pretty sophisticated methods and means,” he said. “Given the fact it’s happened a number of times and is persistent for well over a few minutes, and it’s coming from multiple sources, against a site that would have a lot of protection, it would indicate it’s someone pretty sophisticated.” Chris Weber, the cofounder of Casaba Security, agreed that because the Drudge Report was “getting so much traffic already,” a DDoS attack would need to be on a far “greater magnitude” to be effective against it. “It does seem unlikely that the Drudge Report would be easily taken down or slowed significantly by a standard DDoS attack,” he said. He surmised that the attack that took down the site was perhaps more on the scale of the massive cyberattack that temporarily knocked out Dyn, a large DNS company, in October. WikiLeaks said its supporters were behind that attack as a show of support for the group’s founder, Julian Assange. Outside nation-states, it is equally probable that the Drudge Report has come under fire from a “hacktivist” organization, perhaps unhappy with the political views espoused by the site’s founder. Drudge has always been a controversial conservative figure, but in 2016 he went all-in for President-elect Donald Trump, often igniting controversy with inflammatory headlines emblazoned on his site. But hacktivist organizations almost always take credit after a successful attack has been executed, experts said. So far, no one has claimed credit for the attacks on the Drudge Report. And without a group taking credit, it may be impossible to determine the culprit. “Attribution has always been hard in cyber,” DeMott said. “The science is just quite not mature.” Arora said any information Drudge “can provide in terms of motives” to a cybersecurity team would be helpful in identifying the responsible party. “There’s a lot of people that don’t like Matt Drudge,” he said. “He likes to push people’s buttons. Anyone who he specifically has knowledge of, who would be out to get him.” Arora added: “It’s not just a technology question. It’s also a motive question.” Source: http://www.businessinsider.com/hackers-ddos-drudge-report-2017-1

See the article here:
Someone is trying to take down the Drudge Report, and it’s a mystery who’s behind it

Biggest British Hosting Company 123-Reg Suffers Major DDoS Attack

123-Reg, the biggest hosting company in the UK, is targeted a second time in as many years with a chain of major DDoS attacks. The biggest provider of domain registrations in the UK, 123-reg, has once again been the target of a DDoS attack. The result was that users weren’t able to get into their websites or email accounts. Considering this is just the start of 2017, the company has had to deal with another major blow. The company informed of the attacks formally using Twitter, explaining that they believed the attack had just begun and they were working on options to redress the situation and were attempting to work out the impact of the attack. They promised updates would follow. They continued to explain that the company’s network teams kept scrubbing and rerouting bad traffic. Of course, apologies were made for any problems their customers were experiencing. Once again, they reiterated that their team was still rerouting traffic and that they would provide further information soon. The DDoS attack took place on Friday, with the company stating that their IT team had mitigated the DDoS attacks, as evidenced by the resumption of services at around 1 PM. However, some users are still complaining today that they can’t get into their websites. 123-Reg sent out another two tweets in which they attempted to explain that the DDoS attack had just begun and they were attempting to resolve the issue. Later that day, they issued another tweet, stating that the problem had been fixed by 1 PM and that they apologized for any issues. In 2016, 123-Reg was the target of 2 big DDoS or Distributed Denial of Service, attacks. One took place in April, while one occurred in August. The firm stated that it was possible they lost a small amount of user information after the attack that occurred in April. Customers were very displeased at the time because, even after doing their best, the firm only succeeded in bringing back online only 39 percent of their Virtual Private Servers after a week. In August, the company was once again hit by a huge 30Gbps DDoS attack, which completely brought their site down. OVH, a French hosting company, was also the target of large DDoS attacks going up to 1Tbps last year. The firm stated that the Mirai botnet malicious code had been used in the attacks against them but 123-Reg did not make any similar statements. Source: https://www.socpedia.com/biggest-british-hosting-company-123-reg-suffers-major-ddos-attack

View original post here:
Biggest British Hosting Company 123-Reg Suffers Major DDoS Attack

Google caps punch-yourself-in-the-face malicious charger hack

Another reason to avoid those DEF CON charging stations. Google has capped a dangerous but somewhat obscure boot mode vulnerability that allowed infected PCs and chargers to put top end Nexus phones into denial of service states.…

See the article here:
Google caps punch-yourself-in-the-face malicious charger hack

Many businesses are relying on others to fight DDoS attacks

With large scale cyber attacks constantly hitting the headlines, businesses ought to be aware of the need to protect themselves. But a new study by Kaspersky Lab shows that 40 percent of businesses are unclear on how to protect themselves against targeted attacks and DDoS. Many believe that someone else will protect them and therefore don’t take their own security measures. 40 percent think their ISP will provide protection and 30 percent think data center or infrastructure partners will protect them. Moreover, the survey finds that 30 percent fail to take action because they think they are unlikely to be targeted by DDoS attacks. Surprisingly, 12 percent even admit to thinking that a small amount of downtime due to DDoS would not cause a major issue for the company. The reality of course is that any company can be targeted because such attacks are easy for cybercriminals to launch and the potential cost of a single attack can be millions. “As we’ve seen with the recent attacks, DDoS is extremely disruptive, and on the rise,” says Kirill Ilganaev, head of Kaspersky DDoS protection at Kaspersky Lab. “When hackers launch a DDoS attack, the damage can be devastating for the business that’s being targeted because it disables a company’s online presence. As a result business workflow comes to a halt, mission-critical processes cannot be completed and reputations can be ruined. Online services and IT infrastructure are just too important to leave unguarded. That’s why specialized DDoS protection solution should be considered an essential part of any effective protection strategy in business today”. The findings are based on Kaspersky Lab’s annual Corporate IT Security Risks survey conducted in cooperation with B2B International. In 2016, it surveyd more than 4,000 representatives of small, medium (50 to 999 employees) and large businesses (1000+) from 25 countries to find their views on IT security and the real incidents they had to deal with. Source: http://betanews.com/2017/01/05/business-ddos-rely-others/

Read the article:
Many businesses are relying on others to fight DDoS attacks

3… 2…1… and 123-Reg hit by DDoSers. Again

Happy New Year! Updated Just days into the new year, and poor old 123-Reg is already experiencing problems, this time in the form of a DDoS attack – something it is no stranger to.…

More:
3… 2…1… and 123-Reg hit by DDoSers. Again

DDoS Attacks on the Rise—Here’s What Companies Need to Do

Distributed denial-of-service (DDoS) attacks have been going on for years. But in recent months they seem to have gained much more attention, in part because of high-profile incidents that affected millions of users. For instance, in late October 2016 a massive DDoS assault on Domain Name System (DNS) service provider Dyn temporarily shut down some of the biggest sites on the Internet. The incident affected users in much of the East Coast of the United States as well as data centers in Texas, Washington, and California. Dyn said in statements that tens of millions of IP addresses hit its infrastructure during the attack. Just how much attention DDoS is getting these days is indicated by a recent blog post by the Software Engineering Institute (SEI) at Carnegie Mellon University. The post, entitled, “Distributed Denial of Service Attacks: Four Best Practices for Prevention and Response,” became SEI’s most visited of the year after just two days, said a spokesman for the institute. To help defend against such attacks, organizations need to understand that this is not just an IT concern. “While DDoS attack prevention is partly a technical issue, it is also largely a business issue,” said Rachel Kartch, analysis team lead at the CERT Division of SEI, a federally funded research and development center sponsored by the U.S. Department of Defense and operated by CMU, and author of the DDoS post. Fortunately there are steps organizations can take to better protect themselves against DDoS attacks, and Kartch describes these in the post. In general, organizations should begin planning for attacks in advance, because it’s much more difficult to respond after an attack is already under way. “While DDoS attacks can’t be prevented, steps can be taken to make it harder for an attacker to render a network unresponsive,” Kartch noted. To fortify IT resources against a DDoS attack, it’s vital to make the architecture as resilient as possible. Fortifying network architecture is an important step not just in DDoS network defense, Kartch said, but in ensuring business continuity and protecting the organization from any kind of outage. To help disperse organizational assets and avoid presenting a single rich target to an attacker. organizations should locate servers in different data centers; ensure that data centers are located on different networks; ensure that data centers have diverse paths, and ensure that the data centers, or the networks that the data centers are connected to, have no notable bottlenecks or single points of failure. For those organizations that depend on servers and Internet presence, it’s important to make sure resources are geographically dispersed and not located in a single data center, Kartch said. “If resources are already geographically dispersed, it is important to view each data center as having more than one pipe to [the] Internet, and ensure that not all data centers are connected to the same Internet provider,” she said. While these are best practices for general business continuity and disaster recovery, they will also help ensure organizational resiliency in response to a DDoS attack. The post also describes other practices for defending against DDoS. One is to deploy appropriate hardware that can handle known attack types and use the options in the hardware that can protect network resources. While bolstering resources will not prevent a DDoS attack from happening, Kartch said, doing so will lessen the impact of an attack. Certain types of DDoS attacks have existed for a long time, and a lot of network and security hardware is capable of mitigating them. For example, many commercially available network firewalls, web application firewalls, and load balancers can defend against protocol attacks and application-layer attacks, Kartch said. Specialty DDoS mitigation appliances also can protect against these attacks. Another good practice is to scale up network bandwidth. “For volumetric attacks, the solution some organizations have adopted is simply to scale bandwidth up to be able to absorb a large volume of traffic if necessary,” Kartch said. “That said, volumetric attacks are something of an arms race, and many organizations won’t be able or willing to pay for the network bandwidth needed to handle some of the very large attacks we have recently seen. This is primarily an option for very large organizations and service providers.” It’s likely that DDoS attacks will continue to be a major issue for organizations. A 2016 study by content delivery network provider Akamai said these types of incidents are rising in number as well as in severity and duration. The company reported a 125% increase in DDoS attacks year over year and a 35% rise in the average attack duration. Cyber security executives need to make it a top priority to protect their organizations against DDoS. Source: http://www.itbestofbreed.com/sponsors/bitdefender/best-tech/ddos-attacks-rise-here-s-what-companies-need-do

Originally posted here:
DDoS Attacks on the Rise—Here’s What Companies Need to Do

Tools for DDoS attacks available for free online

Distributed Denial of service or popularly known as DDoS attacks once again came to the limelight in 2016. From the attacks on Dyn servers whose architecture translates domain names into numeric addresses, hacker group Anonymous launching a DDoS campaign against Donald Trump under the banner of #OpTrump, to DDoS-for-hire service called LizardStresser using IoT botnets launching attacks on websites related to the Rio Olympics’ to hackers using 24,000 computers from around 30 countries to launch attacks on five Russian banks in early November. A DDoS attack is perpetrated by people who try and make an organizations website or services temporarily unavailable by suddenly increasing the amount of traffic from various sources to the end server.(read computers or even IoT devices from across the world). Moreover, there are many freely available tools available online for free and many hackers even sell DDoS services on Darkweb marketplaces like Alphabay, Valhalla etc. “You do not have to be a specialized hacker. Anyone nowadays can buy these services and tools by paying a small amount of money to bring down certain websites or completely put a company’s infrastructure in disarray. You can even run the attacks for weeks,” says Rahul Tyagi,Vice President – Training at Lucideus. Some of the common methods used to launch a DDoS attack are TCP connection attacks, volume attacks, fragmented attacks and application based attacks. TCP connection attacks are used against most of the end users available connections which include servers, firewalls and even load balancers. While Fragmented attacks destroy the victims system by sending TCP fragments, app attacks take down a server by using botnets. All of these can enable by tools freely available online. Let’s look at some of them. LOIC (Low Orbit Ion Canon) LOIC or popularly known as Low orbit Ion Canon is one of the more popular tools available on internet. It is primarily used to initiate a DOS attack on servers across the world by sending TCP, UDP requests to the compromised server. Even a beginner can use this tool and all he has to do enter the IP address of the victim server. This tool was earlier used by the infamous hacker group Anonymous for some of their attacks. But before you can get any ideas, just remember, this tool does not protect the hosts IP address so agencies looking out for you can trace the attack’s origin. XOIC This is another easy to use DOS attacking tool for the beginners. You can just input the IP address of or th selected ports and can be used against websites which do not generate a huge amount of traffic. HOIC HOIC or known as High Orbit Ion Cannon is an effective tool which uses booster scripts which allow users to make lists of victim IP addresses and helps the attackers remain anonymous and difficult to tracked down. It is still used by Anonymous for DDoS attacks worldwide. The tool claims it can flood up to 256 websites at once. Slowloris Slowmoris was developed by a gray hat hacker called “RSnake” which creates a slow HTTP request by sending the requests in HTTP requests in small packets in the slowest manner possible so that the victim server is forcefully made to wait for the requests. This way if multiple requests are send to the server, it will not be able to handle genuine requests. Pyloris This uses the same Slowmoris method. This tool directly attacks the service and not the hardware. Apart from these, there are many other tools available online like OWASP Switchblade, DAVOSET, GoldenEye HTTP DoS Tool, THC-SSL-DOS, DDOSIM – Layer 7 DDoS Simulator among others. All these tools are freely available online for downloads for anyone out there. Considering how mundane most cyber secuirty agencies are in dealing with attacks of such nature, there is lots which is needed to be done to defend against such DDoS attacks. Source: http://tech.economictimes.indiatimes.com/news/technology/tools-for-ddos-attacks-available-for-free-online/56297496

More:
Tools for DDoS attacks available for free online