Author Archives: Enurrendy

Global mobile deep packet inspection market explodes

The global mobile deep packet inspection (DPI) market will grow at an impressive CAGR of almost 22% until 2020, according to Technavio. Stateful packet inspection Stateful packet inspection (SPI), also known as shallow packet inspection technology, was widely used for detecting abnormal packets by inspecting the packet headers only. SPI was not able to detect many new network attacks such as network intrusion detection systems (NIDS) evasion and distributed denial of service. Thus, DPI became … More ?

Excerpt from:
Global mobile deep packet inspection market explodes

“The amount of traffic, or bandwidth, that is able to be generated and used as a weapon is at an all-time high.,” said one expert.

The company measured threats faced by its customers during a roughly one-year time period, seeing a 211 percent year-over-year increase in attacks. More commonly known as DDoS attacks, they are designed to flood servers with artificial internet traffic that causes access interruption to websites or network systems. The firm largely attributed this apparent growth to the establishment of several botnet operations — which serve as a platform to automate and increase attack volume — and malicious actors’ ability to access greater bandwidth to help generate and use such weapons. Dark Web dealers are using these botnets, according to Imperva, to offer more effective cyber tools to would-be customers. “The amount of traffic, or bandwidth, that is able to be generated and used as a weapon is at an all-time high. This is likely the result of more compromised machines with higher bandwidth,” Imperva Vice President Tim Matthews told FedScoop. In short, hackers are able to launch denial of service attacks by manipulating a hosting provider to re-route IP addresses towards a preferred server. Those DDoS attacks recorded by Imperva — recorded between March 2015 and April 2016 — targeted a diverse range of clients. Even so, all of the attacks similarly aimed to disrupt each organization’s digital operations at one of two distinct levels: application or network. To be clear, an application-based DDoS effectively works to discontinue online access to a specific property, like a website or software service, rather than an entire network. Because app-based DDoS attacks are by nature less expansive, they typically leverage less traffic. In the past, DDoS-ing an entire network has presented a challenge for hackers due to the sheer artificial traffic required to pull it off. But Imperva’s new report suggests that botnets are significantly changing this dynamic; making it easier for individual operations to disrupt larger segments of the internet. Another worrisome trend in the DDoS arena, spotted by Imperva, is that when a target gets hit once, it should prepare for another wave. Data shows that 40 percent of affected targets were attacked more than once, while 16 percent were targeted more than five times. In the past, DDoS attacks have been used to distract an organization from a more malicious data breach, leading to the possible exfiltration of valuable data like customer finances and personal records. Here’s what a DDoS looks like via a data visualization by cybersecurity firm Norse : Source: http://fedscoop.com/ddos-attacks-up-211-percent-august-2016

Read the article:
“The amount of traffic, or bandwidth, that is able to be generated and used as a weapon is at an all-time high.,” said one expert.

Twitter-controlled Android backdoor delivers banking malware

A backdoor Trojan named Twitoor is the first instance of Android malware that receives its commands from a Twitter account. Keeping their botnet out of law enforcement’s and other criminals’ hands is imperative for botmasters if they want to keep earning. C&C servers are the norm, but they can be tracked down, seized by the authorities and, ultimately, reveal crucial information about the botnet, allowing them to shut it down or cripple it. Twitter or … More ?

Originally posted here:
Twitter-controlled Android backdoor delivers banking malware

Blizzard’s Battle.net servers hit by yet another DDoS attack

Gaming servers are a top target of DDoS assaults,’ Imperva security researcher Ofer Gayer told IBTimes UK. Developer Blizzard’s  Battle.net  servers were hit with yet another DDoS attack on Tuesday (23 August) resulting in latency and connection issues in some of its popular titles including Overwatch, World of Warcraft and Hearthstone. The company acknowledged the interruption on its Twitter support channels in both the US and Europe, indicating that it was not restricted to just one region. The company also said that its sites and forums were “experiencing issues” at the time in a separate tweet. The latest attack is the second such assault targeting the developer’s servers this month and the third since the launch of its popular hero-based shooter, Overwatch, in May. It also comes at the end of which ran from 2 August to 22 August in celebration of the Olympic Games in Rio. On 3 August, Blizzard’s  Battle.net  servers were crippled by another massive DDoS attack that caused connection, login and latency issues across some of its popular titles. The disruption also occurred on the same day Blizzard launched its Summer Games series. Hacking collective PoodleCorp claimed responsibility for the alleged attack. The same hacker group also claimed responsibility for taking down Pokémon Go’s servers in July. In June, Blizzard’s servers were hit with another alleged DDoS attack claimed by notorious hacker group Lizard Squad that prevented players from accessing their games. DDoS attacks, which are difficult to prevent and defend against, have continued to plague online companies’ networks in recent years, particularly those of major gaming companies’ servers. “Gaming servers are a top target of DDoS assaults,” Ofer Gayer, a senior security researcher at Imperva,  told  IBTimes UK. “They have been hit with some of the largest and longest attacks on recent record.” He added that mitigating DDoS attacks on game servers is a “particularly complex task”. “Since only gaming platforms are highly sensitive to latency and availability issues, they’re ideal DDoS attack targets,” Gayer said. “Gamers are very sensitive to the impact on latency, so what may be considered negligible for most services, can be very frustrating for the gaming community. This can be affected by multiple factors, most prominently the distribution of scrubbing locations and TTM (time to mitigate).” Imperva’s latest DDoS Threat Landscape Report found that DDoS attacks have increased by a massive 220% over the past year “with no signs of abating”. It also noted that the UK has become the second most popular target for DDoS attacks in the world. Blizzard’s official Customer Support Twitter account later confirmed that the “technical issues” they were experiencing earlier have been resolved. At the time of publication, no hacking group has claimed responsibility for the most recent alleged DDoS attack. Source: http://www.ibtimes.co.uk/blizzards-battle-net-servers-hit-by-yet-another-ddos-attack-1577793

More:
Blizzard’s Battle.net servers hit by yet another DDoS attack

DDoS Attacks Increase 200%; UK Now Second Most Targeted Nation

DDoS attacks have increased by over 200% in the last year, according to new research from Imperva. The uptick in attacks has been attributed to DDoS-for-hire services, the company said. DDoS attacks are now among the most common cyber threats businesses can face, according to Imperva. Between April 1, 2015 and March 31, 2016 it recorded an average of 445 attacks targeting its customers per week. More than 40% of customers affected were targeted more than once, and 16% were hit more than five times. The majority of attacks noted by Imperva targeted the application layer, making up 60% of all DDoS attacks. The remainder targeted the network layer. However, Imperva noted that the number of application layer attacks are trending downwards, dropping by 5% year over year. If that trend continues, network layer attacks could be just as common as application layer ones before too long. The most recent quarter covered by this report shows a big jump in the size of network layer attacks. The biggest recorded attack was 470 Gbps, while many others exceeded 200 Gbps. Imperva now says attacks of this size are a “regular occurrence.” These increases in DDoS attacks have been attributed to DDoS-for-hire services, where anyone can pay as little as $5 to launch a minute-long DDoS attack on a target of their choice. This means attacks can be launched by just about anyone—whether it’s because of a grudge against a particular company or just boredom. These now account for 93% of DDoS attacks, up from 63.8% in Q2 2015. Imperva says this has directly led to the increase in overall DDoS numbers. Another clue to an increase in DDoS-for-hire services and what Imperva calls “casual offenders” is a decrease in attack complexity. Starting in Q2 2015 the company recorded a decrease in multi-vector attacks; attacks using multiple vectors and payloads indicate a more sophisticated, complex attack. However, Q1 2016 saw an increase in the volume of assaults using five or more payloads. “This countertrend reminds us that—in parallel with the increased “hobbyist” activity—more capable cyber-criminals continue to improve their methods. As per the first rule of the DDoS mitigation industry, attacks continue to get larger and more sophisticated on the high-end of the scale,”  the report said . The report also examined where DDoS attacks generally emerge from. Once again, China tops the list, with a sharp increase recorded in South Korea. The excellent broadband infrastructure in the country enables attacks to easily launch effective attacks, Imperva said. The UK is now the world’s second most-attacked country, after the United States of America. Most attacks targeted small and medium businesses, but some bigger institutions, including the  BBC  and  HSBC , were hit as well. Source: http://www.infosecurity-magazine.com/news/ddos-attacks-increase-200/

More:
DDoS Attacks Increase 200%; UK Now Second Most Targeted Nation

Why smart companies don’t sweat the SSL stuff in DDoS defense

The average company suffers 15 DDoS attacks per year, with average attacks causing 17 hours of effective downtime, including slowdowns, denied customer access or crashes, according to a recent IDG Connect report based on a survey commissioned by A10 Networks. DDoS attacks have rapidly proliferated in terms of bandwidth (Gbps) and packets per second (pps). In the survey, 59% of organizations polled have experienced an attack over 40 Gbps. Average attack bandwidth are peaking at a staggering 30 to 40 Gbps and 77% of organizations expect multi-vector attacks, which include volumetric and application-layer attacks, to pose the greatest danger in the future. In recent years, multi-vector DDoS attacks have tunneled over encrypted SSL connections to evade cyber defenses. Some attacks have exploited the SSL protocol to cause denial of service by repeating ‘renegotiation’ in the same connection but stop short of creating a secure channel. Others flood SSL traffic over the created secure channel without being distinguished as a malicious connection. The reason is that while most organizations protect their websites and online services with SSL, many existing enterprise security products are either woefully blind to encrypted SSL traffic or debilitated when trying to decrypt and analyze it. From urgent threat to FYI notification Amid growing virtualization, cloud networking and mobility, SSL encryption requirements to protect data and secure commnuications will surge. In other words, organizations must rethink their SSL offload and SSL inspection strategies, especially in defending against DDoS attacks. The IDG Connect report shows that more than half of the organizations surveyed plan to increase DDoS prevention budgets in the next six months. “DDoS attacks are called ‘sudden death’ for good reason,” says Raj Jalan, CTO of A10 Networks. “If left unaddressed, the costs will include lost business, time-to-service restoration and a decline in customer satisfaction. The good news is our findings show that security teams are making DDoS prevention a top priority. With a better threat prevention system, they can turn an urgent business threat into an FYI-level notification.” To stop SSL at the data center perimeter, some organizations have deployed application delivery controllers (ADCs) equipped with crypto engines to help off-load SSL from servers and security appliances. Some ADCs also offer web application firewalls (WAFs) to inspect the traffic and detect attacks. To eliminate SSL blind spots in corporate defenses and enable security devices to regain their effectiveness, application networking and security leader A10 Networks introduced the Thunder SSL Insight (SSLi) standalone security product built on its  SSL inspection technology and 64-bit ACOS Harmony platform. The Thunder SSLi appliances decrypt SSL traffic and offer comprehensive inspection of multiple ciphers that deliver up to 48 Gbps of SSL inspection throughput. Their high density 1 GbE, 10 GbE and 40 GbE port options fulfill the highest networking bandwidth demands. Clear and ever present security The appliances are also complemented by intelligence-driven protection policies.  The A10 URL Classification Service monitors, blocks, or selectively bypasses specific websites to provide privacy for healthcare and financial Internet activity while the A10 Threat Intelligence Service blocks users from accessing known bad IP addresses. Well-known global manufacturer of consumer gadgets, Casio Computer Company, has seized the opportunity to enhance security by analyzing encrypted communications using A10 Networks’ SSL Insight technology. Having deployed the A10 Thunder ADCs to provide its employees smooth cloud access, Casio seeks the ability to differentiate between personal use and work-related cloud-bound traffic, according to Koji Kawade of Casio Information Systems Co Ltd’s User Support Group. A10 Networks’ ADCs are equipped with SSL acceleration hardware that provides near-parity performance to handle 4096-bit keys at high-quality production levels, providing highly scalable flow distribution and DDoS protection capabilities.. The A10 Thunder TPS Series, for example, leverages SSL security processors to detect and mitigate SSL-based attacks, such as the POODLE vulnerability, and offers a mitigation throughput capacity ranging from 10 Gbps to 1.2 Tbps (in a list synchronization cluster) to deal with the largest multi-vector DDoS attacks effectively. Clearly, A10 ADCs will continue ramping up L4 and L7 connections per second and SSL performance benchmarks to meet increasing performance and security needs against greater multi-vector DDoS attacks. Source: http://www.networksasia.net/article/why-smart-companies-dont-sweat-ssl-stuff-ddos-defense.1471880795

Continued here:
Why smart companies don’t sweat the SSL stuff in DDoS defense

Teen hacker walks free after carrying out DDoS attacks on bank and e-crime portal

Australian teenager who DDoSed E-crime website, Commonwealth Bank and his own school, walks free This teen did something and got away with it! Seldom do you see anyone walking away free after creating online mayhem through DDoS attacks but this teen did just that. A 15-year-old teenage hacker was sentenced to a “family conference” by a judge at the Christies Beach Youth Court in Adelaide, Australia after he targeted Australian Cybercrime Online Reporting Network (ACORN) Portal, Commonwealth Bank of Australia, and his own school servers in February 2016. In Australian law, a family conference is when the court leaves the punishment to the family and a supervising youth police officer, who must agree with the punishment in order to consider the matter closed. Family conferences may require the teen to apologize publicly, pay compensation to the victims, perform a number of hours of community service, or more. The youth, who cannot be identified under state law, pleaded guilty to four counts of unauthorised damage of computer systems related to Distributed Denial of Service (DDoS) attacks. However, the very next day, he walked free as the court ordered mediation between his family and victims rather than facing jail time. The teenager was fortunate for not having to face prison time up to 3 years in youth detention under cyber terrorism laws in Australia, as he is not an adult. “The penalty for orchestrating a DDoS attack is a maximum of 10 years imprisonment. This is found in the Cybercrime Act 2001, section 477.3 ‘unauthorised impairment of electronic communication.’” The teenager started his DDoS spree on February 26 when he first attacked CBA that left the bank and some overseas customers unable to access services for more than three hours. The attack “had the potential to cause serious disruption to our services”, says the bank, even though customer money and information was not put at risk. Later in March, he used his mobile phone in March to disrupt his high school’s information technology systems for “fun” and because he was “bored” in computing studies. Later, the teenager shifted the attacks from the school’s system to its Internet provider. On April 4, 2016, he launched another attack on the ACORN website, which is used by every Australian police force and multiple federal crime fighting agencies, was shut down for up to six minutes but abandoned later. He was arrested at his southern Adelaide home after both state and federal authorities tracked his unique internet protocol (IP) address. His school principal reported his crimes through ACORN. Magistrate Cathy Deland, herself a CBA customer, confessed that she was “making a big step” ordering a “family conference” — a move supported by police — but said the law need to concentrate on rehabilitation, reports Adelaide Now. She believed that he was unlikely to reoffend and had not demanded any “ransom”. Ms Deland said his crimes stopped classmates from learning while his attack on the CBA was “just massive”. She told him: “I don’t know that anyone would be able to put a price on repairing the disruption that you caused. I have no doubt it would have been millions of dollars. “I have no doubt that you would not have thought much about the consequences. I am in the difficult situation having to weigh up your incredible stupidity against … your rehabilitation.” The boy and his family refused to comment outside court. Source: http://www.techworm.net/2016/08/teen-hacker-walks-free-carrying-ddos-attacks-bank-e-crime-portal.html

Follow this link:
Teen hacker walks free after carrying out DDoS attacks on bank and e-crime portal

Attackers could abuse DNSSEC-secured domains for DDoS attacks: report

A majority or 80% of DNSSEC-secured domains could be used to amplify distributed denial of service (DDoS) attacks, at an average factor of 28.9 times, according to a recent report by Neustar which studied nearly 1,350 domains with DNSSEC deployed. The report points out that the domains had not properly deployed DNSSEC-signing of their domains, leaving them vulnerable to DDoS attacks. “Neustar has correctly pointed out the additional amplification factor related to misconfigured DNSSEC vs. legacy DNS, where the inclusion of the digital signature allows for a somewhat higher than a normal DNS amplification attack,” says Corero Network Security COO Dave Larson, in a statement. “However, the point that must be stressed related to this or any other DDoS amplification vectors is that operators of any network – whether they include DNS service or not – should have their networks configured not to respond to spoofed IP requests.  In addition, DNS operators should configure their DNS servers not to respond to ‘ANY’ requests in order to squelch the opportunity for the server to be leveraged for malicious use.” Larson adds that on the flip side, the impact to the receiving end of the attack can be especially problematic. The fragmented and amplified attack technique, utilizing DNS or DNSSEC can cause outages, downtime and potential security implications for Internet Service Providers if they are relying on out-of-band DDoS protection mechanisms. Furthermore, organizations relying on traditional IT and security infrastructure such as firewalls and load balancing equipment are no match for these attacks. “A comprehensive in-line and automatic mitigation method for removing DDoS attacks is the recommended approach for dealing with all types of DDoS attacks – DNS and beyond,” noted Larson. Source: http://www.networksasia.net/article/attackers-could-abuse-dnssec-secured-domains-ddos-attacks-report.1471485281

Visit link:
Attackers could abuse DNSSEC-secured domains for DDoS attacks: report

DDoS attacks on the rise in Asia Pacific

The Asia Pacific region experienced 34,000 distributed denial of service (DDoS) attacks in the second quarter of 2016, according to Nexusguard’s Q2 2016 Threat Report – Asia-Pacific. The figure represents a 43 percent increase from the previous quarter. Even though Network Time Protocol (NTP) attacks dominated the type of attacks in the region (90 percent), such attacks were less common in other parts of the world (46 percent). The report also found that attack durations were longer in the Asia Pacific region as compared to global incidents, which is likely due to many scripted attack tools with set duration values. China remains as one of the top three target countries in the region. According to Nexusguard, a Chinese target was hit 41 times over the course of about a month of constant attacks. Nexusguard researchers attributed these attacks to the malware the victim had hosted over the last two years. The largest increase was observed in Hong Kong, accounting for a 57 percent rise in attacks. With hackers are experimenting with new attack methodologies, and events happening in the Asia Pacific region, Nexusguard researchers expect to see a spike in DDoS attacks in the third quarter of this year. “We expect the upward trend in the frequency of attacks to continue this year, especially with more attention on the Summer Olympics [in Brazil] and political dispute in the APAC region,” said Terrence Gareau, Chief Scientist at Nexusguard. “And as Pokémon Go gradually launches across the Asian market, Nexusguard analysts expect attack groups will launch more public attacks. This activity increases visibility and positioning as DDoS-for-hire services, the popularity of which we noted from the consistent time durations this quarter,” he added. Source: http://www.mis-asia.com/resource/security/ddos-attacks-on-the-rise-in-asia-pacific/

More:
DDoS attacks on the rise in Asia Pacific