According to recent research from Kaspersky Lab and B2B International, nearly half (48 per cent) of the companies surveyed believe they know the identity and motivation of those behind recent DDoS att…
View article:
Are your competitors organizing DDoS attacks against you?
There is a real concern that many companies are being affected by the DDoS attacks commissioned by competitors, according to Kaspersky Lab Distributed denial of service (DDoS) attacks are associated with criminal activity, but not all those behind DDoS attacks are cyber criminals, research has revealed. Nearly half of more than 5,500 companies polled in 26 countries claimed to know the identity and motivation behind recent DDoS attacks, and 12% named competitors as the most likely culprits. This suspicion increases in the business services industry, with 38% of respondents in this sector believing their competitors were behind a DDoS attack, according to a survey by Kaspersky Lab and B2B International. However, 18% attributed recent DDoS attacks to criminals seeking to disrupt or distract while another attack took place; 17% to criminals seeking to disrupt their services for a ransom; 11% to political activists; and 5% to state-sponsored activities. The most popular motivation for the attacks is believed to be a ransom, cited by 27% of respondents in the manufacturing and telecoms sectors. “DDoS attacks are no longer just about cyber criminals seeking to halt a company’s operations,” said Evgeny Vigovsky, head of DDoS protection at Kaspersky Lab. “Businesses are becoming suspicious of each other, and there is a real concern that many companies – including small and medium ones – are being affected by the underhanded tactics of their competitors, which are commissioning DDoS attacks directly against them, damaging their operations and reputation,” he said. In the light of this trend, Vigovsky said all businesses should remain vigilant and fully understand the repercussions of a DDoS attack in terms of the potential financial and reputational damage. “It is wise not to pay a ransom, or to fall victim to cyber criminals or competitors. Ensure that you have the appropriate security measures in place to help manage the increased risk posed to your business from DDoS attacks,” he said. Looking ahead to 2016, security firms expect to see an increase in the tactic of using DDoS attacks to distract companies from other, more damaging malicious activity on their networks, such as data theft. The use of DDoS, or the threat of DDoS attacks, as a way of extorting money is also expected to continue and increase in the coming year. According to the study, 20% of companies with 50 employees or more reported that they have been the victim of at least one DDoS attack, with companies in the telecoms, financial services and IT sectors the most likely to be targeted. The study also revealed that 50% of DDoS attacks led to a noticeable disruption of services; 26% led to the loss of sensitive data; 24% led to services being completely unavailable; and 74% led to a noticeable disruption of service, which coincided with a different type of security incident, such as a malware attack, network intrusion or other type of attack. According to Kaspersky Lab, the average cost for recovering from a DDoS attack for companies of more than 1,500 employees is $417,000, and $53,000 for small and medium businesses (SMBs). Yet 56% of those polled thought that spending money to prevent or mitigate DDoS attacks in future would be worth the investment, 53% said their organisation knew how to mitigate or prevent DDoS attacks, and only 52% felt well-informed about DDoS attacks. Despite the cost and complexity of dealing with DDoS attacks, the Kaspersky Lab research said the average financial damage of a DDoS attack is significant, especially for SMBs, and is definitely higher than the cost of a service designed to reduce the effect of such attacks. “DDoS prevention is almost always a third-party service, and outsourcing this trouble to experts not only reduces the damage but also frees up IT personnel to deal with a probable complementary attack on a company infrastructure, which will have much worse consequences,” the report said. Source: http://www.computerweekly.com/news/4500260544/Cyber-criminals-not-to-blame-for-all-DDoS-attacks-study-shows
Taken from:
Cyber criminals not to blame for all DDoS attacks, study shows
Mysterious hackers are yet again trying to bring down the entire internet by bombarding crucial servers that support it with a gigantic, sustained distributed denial of service (DDoS) attack, which has caused webpages to load slowly in some locations. There are 13 internet root name servers in the world that run the internet, and these servers are responsible for helping your web browser to locate top-level domains such as .com, .org, .net or any country-specific top level domains like .uk, .fr, .sg, .de, .ae and .cn. The servers function as a sort of internet address book and they make up what is known as the domain name system (DNS) system. The 13 root name servers are run by independent organisations in the world, including ICANN, the US Army, the US Department of Defense, Nasa, Europe’s internet registry RIPE NCC, the University of Southern California, Japan’s Wide Project and Sweden’s Netnod. Network infrastructure solutions firm Verisign also operates two of them, namely the “A” and “J” root servers (the 13 servers are named in sequence after the alphabet from A-M). DDoS attack sent 5 million queries per second The 13 root name servers are run by independent organisations in the world, including ICANN, the US Army, the US Department of Defense, Nasa, Europe’s internet registry RIPE NCC, the University of Southern California, Japan’s Wide Project and Sweden’s Netnod. Network infrastructure solutions firm Verisign also operates two of them, namely the “A” and “J” root servers (the 13 servers are named in sequence after the alphabet from A-M). “The incident traffic saturated network connections near some DNS root name server instances. This resulted in timeouts for valid, normal queries to some DNS root name servers from some locations.” You might think that the servers would be knocked offline by that much traffic, but no, they were saved by the root server operators having enough additional servers on standby that were able to balance the load of traffic. Although the sustained cyberattack resulted in some real queries from users surfing the web timing out in some locations, there were no complaints that end-users were having severe internet problems, so the root server operators believe that the attack would have been “barely perceptible” and all anyone would have seen was a slight delay in loading webpages in some web browsers. The root name server operators also stated that since IP source addresses can be easily spoofed and the traffic flooded multiple anycast websites, it is impossible to trace the traffic back to its source, so we have no idea who was behind this. Only a government could have this much clout However, if you use logic, it would take a really powerful entity like a country’s government to have the resources to sustain a coordinated cyberattack that lasted 48 hours and was able to keep flooding the root name servers consistently with a high level of traffic at five million queries a second. This is not the first time this has happened either – on 21 October 2002 a DDoS attack campaign attacked the 13 root name servers for one hour, and on 6 February 2007 a DDoS attack was sustained for 24 hours. In the first incident, the attackers didn’t have enough traffic to fully flood the servers and take them offline, while the second incident saw two root servers suffer badly, while another two servers experienced heavy traffic. So who could it be? Is it a foreign government, a terrorist group or cybercriminals? Who knows, but they seem to be getting better at it. Source: http://www.ibtimes.co.uk/mysterious-hackers-are-trying-bring-down-entire-internet-by-ddos-ing-critical-servers-1532762
Visit link:
Mysterious hackers attempting to bring down entire internet by DDoS-ing critical servers
Unknown parties carried out a large-scale DDoS attack on the Internet’s DNS root servers, causing slight timeouts for four nodes, more exactly on the B, C, G, and H servers, RootOps reports. There were two different attacks, one launched on November 30 that lasted 160 minutes (from 06:50 to 09:30 UTC), and a second, shorter one on December 1 that lasted only one hour (from 05:10 to 06:10 UTC). RootOps, the DNS root server operators, are reporting that the attacks were valid DNS queries addressed towards one domain in the first attack, and to a different domain on the second day. Each attack blasted up to five million queries per second per DNS root name server. RootOps has no hopes to catch the culprit, since IP source addresses can be easily spoofed, and the source IP addresses used in the DDoS attack were very well spread and randomized across the entire IPv4 address space. The DDoS didn’t cause any serious damage, but a mere delay for some users making DNS queries via their browser, FTP, SSH, or other clients. DNS protocol’s design saves the day “The DNS root name server system functioned as designed, demonstrating overall robustness in the face of large-scale traffic floods observed at numerous DNS root name servers,” said the DNS root server operators, referring to the fallback system employed by DNS servers. Because of the way DNS is constructed, on a mesh-like structure like the Internet itself, if one server does not respond, other servers intervene and provide a DNS query result. The DNS root server operators did not speculate on the reasons this massive attack was carried out against their infrastructure but did say this was not the result of a reflected DDoS attack. RootOps recommended that ISPs that don’t want to allow DDoS attacks that use IP address spoofing to be carried from their network should implement Source Address Validation and the BCP-38 specification. Source: http://news.softpedia.com/news/dns-root-servers-hit-by-ddos-attack-497363.shtml
Read this article:
DNS Root Servers Hit by DDoS Attack
Cyber-crime syndicates are moving in, pushing script kiddies out of the picture, expect more large-scale attacks After the success of DDoSing outfits like DD4BC and Armada Collective, an unknown copycat that’s using the Armada Collective name but asking for astronomical payments has appeared. A report from Recorded Future, a real-time threat intelligence protection company, shows that DDoS-for-Bitcoin extortion schemes are here to stay, with more and more attacks being launched solely for this reason. DD4BC have launched a new type of extortion scheme This trend can be tracked down to an Akamai report released over the summer that documented the actions of a hacking group known as DD4BC (DDoS 4 Bitcoin). This group launched DDoS attacks on companies around the world, requesting small payments in Bitcoin for each target. The group’s scheme was a simple one. They would send threatening emails to business owners, saying they would launch powerful DDoS attacks if a ransom was not paid in due time to a specific Bitcoin wallet. To prove their point, a small 15-minute DDoS was launched to showcase their capabilities. DD4BC’s scheme proved to be extremely lucrative and allowed them to rack up Bitcoin over the past year in over 140 DDoS attacks. The group was active since late 2014 and suddenly stopped its activity after the Akamai report was released, probably to avoid getting caught by law enforcement authorities alerted to their scheme. Enter Armada Collective Soon after, the first DD4BC copycat arose, in the form of the Armada Collective hackers, carrying out DDoS attacks on small businesses in Switzerland. They then expanded to email providers, and their name became known around the world in the famous ProtonMail incident. The incident is very well documented in one of our previous stories , but we’ll give you a small summary. Basically, Armada Collective followed the DD4BC regular tactics, sending an email and launching a small 10-15 Gbps DDoS attack on ProtonMail. Armada Collective returning ransom to ProtonMail As soon as the attack ended, ProtonMail revealed what happened, and more serious attacks took place, with ProtonMail paying the ransom in the end. Armada Collective denied any involvement and even went as far as to return the ProtonMail ransom, putting the blame on a state-sponsored actor with capabilities that far exceeded its own. Enter the unknown copycat But something else happened recently that made the Recorded Future team stop and ponder about the bigger picture, and that’s the DDoS-for-Bitcoin attacks on three major Greek banks . With DD4BC and Armada Collective always launching small-scale attacks and requesting modest ransoms (the equivalent of a few thousand dollars), this new group attacking Greek banks does not fit the bill. While the attacks of DD4BC and Armada Collective seem to be the work of script kiddies, the ones that brought down ProtonMail and the three major Greek banks were massive in scale. Coupled with the fact that this new group also requests ransoms in the order of millions of dollars, there are clear signs that they are a copycat that’s trying to remain hidden by passing as Armada Collective (as stated in the email sent to the Greek banks). With the number of DDoS-for-Bitcoin attacks on the rise, this type of cyber-threat is about to evolve from the work of script kiddies to the normal MO of larger cyber-criminal syndicates.
Continue reading here:
Unknown Copycat Using Armada Collective Name for DDoS-for-Bitcoin Extortions
Access to the site was blocked for an hour due to a distributed denial-of-service (DDoS) attack carried out by unknown perpetrator(s). The website’s IT specialists managed to quickly deal with the attack and Sputnik Türkiye has already resumed operations. The resources of Rossiya Segodnya International Information Agency, including the Sputnik website and newswire, had already become a target for a major DDoS attack in October, when the agency’s websites and mailing services were unavailable to users for two hours. DDoS attacks are caused by a large number of Internet users or software programs simultaneously sending requests to a website until it exceeds its capacity to handle Internet traffic. Source: http://sputniknews.com/middleeast/20151208/1031410680/sputnik-turkey-ddos-attack.html
View article:
Sputnik Türkiey website became the target of a DDoS attack
DNS services appear to be targeted, switching may work Members of UK’s academic community from freshers to senior academics are facing more connection issues today as a persistent and continuous DDoS attack against the academic computer network Janet continues to stretch resources. Janet first came under a Distributed Denial of Service (DDoS) attack yesterday, and the same attack has continued through to today forcing much of the academic community offline. Initially, Jisc’s engineers and security teams identified the cause as a DDoS attack and worked to identify the source of the assault and implement blocks. However, after some suggestions of network stabilisation, further problems were seen. Janet reported that it would cease providing updates on its Twitter page following the attack, as the information seemed to be providing the attackers with hints about how to adjust their attacks. For those who find Janet’s DNS services sluggish to respond, it may be possible to work around the issue by switching to Google Europe’s DNS. Boffins from various field have somehow managed to take to Twitter to share their woes about the outage. Vision and Office 365 are also being reported as offline. The Register understands no ransom notice has been delivered to Jisc as of writing. DDoS-for-ransom attacks are almost always preceded by the ransom request, as an early payment saves the attackers money. Source: http://www.theregister.co.uk/2015/12/08/uk_research_network_janet_ddos/
View original post here:
UK research network Janet still being slapped by DDoS attack
DNS services appear to be targeted, switching may work Members of UK’s academic community from freshers to senior academics are facing more connection issues today as a persistent and continuous DDoS attack against the academic computer network Janet continues to stretch resources.…
Read the article:
Day 2: UK research network Janet still being slapped by DDoS attack
Attackers seem to be adjusting methods in response to Tweets Publicly-funded academic computer network Janet has come under a persistent DDoS attack today, which hobbled multiple internet connections, including the Manchester to Manchester Core Router.…
Continued here:
UK research network Janet under ongoing and persistent DDoS attack
Your four-year reign of terror is (temporarily) over Operations of the Dorkbot botnet have been disrupted following an operation that brought together law enforcement agencies led by the FBI, Interpol and Europol, and various infosec firms.…
Visit link:
White hats, FBI and cops team up for Dorkbot botnet takedown