DDoS attacks can leave systems down for days. But how do they actually work? DDoS attacks are one of the most common forms of cyber attack, with the number of global DDoS attacks increasing to 50 million annually, according to VeriSign. Distributed denial of service, or DDoS for short, refers to a cyber attack resulting in victims being unable to access systems and network resources, essentially disrupting internet services. The DDoS attack will attempt to make an online service or website unavailable by flooding it with unwanted traffic from multiple computers. For a DDoS attack to be successful, an attacker will spread malicious software to vulnerable computers, mainly through infected emails and attachments. This will create a network of infected machines which is called a botnet. The attacker can then instruct and control the botnet, commanding it to flood a certain site with traffic: so much that its network ceases to work, taking the site offline. There are lots of different ‘types’ of botnets, with the most recent, called Mirai, housing an estimated 380,000 bots. Mirai, which shot to fame in 2016, had the potential to infect unsecured internet of things devices, such as DVRs and IP cameras. Mirai famously shut down internet access for nearly one million Germans by exploiting security flaws in routers at OEM manufacturers Speedport and Zyxel, shutting down web access for about one million Deutsche Telekom customers for two days. Why hackers choose DDoS attacks? DDoS attacks can take down websites of all sizes, from heavy duty enterprises to smaller, more vulnerable sites. The moves for attacks can vary widely from politics to pure financial gain. DDoS attacks can be sold. So a buyer could request a certain site is taken offline, and pay a sum for its execution. Revenge is often a motive in these cases. Alternatively, attackers might want to blackmail a site for money and keep their site down for days until they pay. Finally, a popular tactic used to influence political events and block others political agendas is to overwhelm and bring down sites with different views and you. This activism is becoming an increasingly popular way of using DDoS attacks to control the media. How do I know if I’m a victim of a DDoS attack? Before your website crashes and goes offline entirely, there are a few warning signs to look out for. A common effect of DDoS attacks is an unusually slow connection to your site. Some DDoS attacks twin this with a large and sharp increase of spam emails. If your overall network performance is slow, there is no need to assume it’s a DDoS attack but if it has slowed down rapidly and you’re unable to open files or perform usually quick maintenance tasks on your website, you might have a problem. For most, the biggest (and most obvious) giveaway is that your site cannot be accessed. If you’ve checked all other possibilities, and you have no access whatsoever, it could be a DDoS attack. Source: http://www.techworld.com/security/how-does-ddos-attack-work-3659197/
See original article:
What is a DDoS attack? What happens during a DDoS attack?
What is it ? WannaCry also know as WanaCrypt 2.0 is a form of malware commonly known as “Ransom Ware”. Where did it come from ? It was originally developed by the NSA in the US called “Eternal Blue” and was a way for them to secretly access computers. It was based on a flaw in windows machines, Unfortunately the NSA did not store this weaponized malware securely enough and someone hacked in and stole it. At this point it was loose and easily findable on the Internet. If you see a screen like this, you’re machine is definitely infected. Here is a link below from Microsoft to check/scan if your PC has a virus. https://www.microsoft.com/security/scanner/en-us/default.aspx Who is responsible for this ? At this point no one knows but there are a lot of smart people working on it and they will be caught eventually…This is my opinion. Is someone making money from this ? Yes, as with all ransom ware there is a money component.These are 3 discovered bitcoin Identifiers that victims are paying the ransom to Which is hardcoded into the Malware. As of 09:15 EST May 14, 2017 The total ransom paid is a total of $15,150.00 USD. This is surprisingly low, it’s definitely going to rise. Check for yourself on its progress by clicking the 3 links below. https://blockchain.info/address/13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94 https://blockchain.info/address/12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw https://blockchain.info/address/115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn How did my computer get infected ? If you’re on a corporate network, you most likely got it from another computer on your network. If you’re at home on a cable modem you got it through email phishing or visiting a hacked or a sketchy website. How did it spread so quickly ? As you most likely know by now, millions of computers were infected in a few short days and those most affected by this are on corporate, Government and University networks. It spreads on these networks by using a windows flaw that goes from machine to machine using Microsoft’s SMB feature . Here’s a short list of victims from GITHUB NHS (uk) turning away patients, unable to perform x-rays. (list of affected hospitals) Nissan (uk) http://www.chroniclelive.co.uk/news/north-east-news/cyber-attack-nhs-latest-news-13029913 Telefonica (spain) ( https://twitter.com/SkyNews/status/863044193727389696 ) power firm Iberdrola and Gas Natural ( spain ) FedEx (us) ( https://twitter.com/jeancreed1/status/863089728253505539 ) University of Waterloo ( us ) Russia interior ministry & Megafon (russia) https://twitter.com/dabazdyrev/status/863034199460261890/photo/1 VTB (russian bank) https://twitter.com/vassgatov/status/863175506790952962 Russian Railroads (RZD) https://twitter.com/vassgatov/status/863175723846176768 Portugal Telecom ???????? – Sberbank Russia ( russia ) Shaheen Airlines (india, claimed on twitter) Train station in frankfurt ( germany ) Neustadt station ( germany ) the entire network of German Rail seems to be affected ( @farbenstau ) in China secondary schools and universities had been affected ( source ) A Library in Oman ( @99arwan1 ) China Yanshui County Public Security Bureau ( https://twitter.com/95cnsec/status/863292545278685184 ) Schools/Education (France) https://twitter.com/Damien_Bancal/status/863305670568837120 A mall in singapore https://twitter.com/nkl0x55/status/863340271391580 ATMs in china https://twitter.com/95cnsec/status/863382193615159 Renault STC telecom Norwegian soccer team ticket sales Is my website spreading this malware ? I can only say that any DOSarrest customers using our advanced WAF are not spreading this Malware as we won’t allow this type of malicious traffic to get to your server. Is it still spreading ? No, good news ! This thing had a kill switch built into its code, so if any machine can access this site www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com it won’t spread from that machine. I’m infected, What should I do ? We recommend that you wipe your machine clean and restore from back-ups….of course everyone has backups, Right ? Need more info… Try Github.com Microsoft to get the free patch if you need it. Source: https://www.dosarrest.com/ddos-blog/wannacry-faq/ 
Neustar says that the enterprise is finding it more difficult than ever to stem the financial cost of DDoS campaigns. DDoS campaigns are on the rise and the enterprise can now expect a bill of at least $2.5 million every time they become a victim. The mere threat of a distributed denial-of-service (DDoS) attack can cause businesses to sweat, and in some cases, cybercriminals earn big moneyjust by threatening a company with a future attack unless they pay protection fees. However, while some threat actors may just pretend, others use DDoS attacks to disrupt businesses by flooding a domain with illegitimate traffic. This kind of attack may also be used make a political statement or as a means of censorship. Whatever the reason, DDoS attack rates are increasing and businesses are being forced to pay out for damage control and repair, as they are losing more revenue through online service disruption than ever before. According to web analytics firm Neustar’s latest DDoS attack trends report, in addition to a survey conducted by Neustar and Harris Interactive of over 1,000 executives from enterprise firms, while the first quarter of the year is generally considered “pre-season” for these attacks, the company is already seeing “significant increases in average attack size and variety of attack vectors.” To date this year, 849 out of 1,010 enterprise companies — 84 percent — included in the research have experienced at least one DDoS attack in the last 12 months, up from 73 percent in 2016. In total, 86 percent of these businesses were struck with multiple DDoS attacks over the past 12 months, of which 63 percent said the loss of revenue at peak times caused by DDoS disruption can sometimes reach beyond $100,000 an hour. This is a significant increase from 50 percent of companies which said so much revenue was at stake in 2016, but to make matters worse, 43 percent of respondents admitted the financial loss per hour is closer to $250,000. Neustar says that the respondents to the survey have collectively lost over $2.2 billion dollars during the past 12 months, which is a minimum of $2.5 million each on average across 849 organizations. According to Neustar’s internal security data, 45 percent of DDoS attacks were of an attack strength of over 10 Gbps per second, and 15 percent of attacks reached at least 50 Gbps which is almost double the rate reported in 2016. Threat actors are utilizing a number of new techniques to disrupt businesses, including Generic Routing Encapsulation (GRE) based flood attacks and Connectionless Lightweight Directory Access Protocol (CLDAP) reflection techniques. The matter is made worse by the increased use of Internet of Things (IoT) connected devices in the enterprise, which when left unsecured, can act as pathways to penetrate business network defenses as well as become slave nodes themselves which are included in the DDoS traffic stream. Mitigating DDoS attacks is not just a challenge for businesses, but public figures and speakers, too. Back in 2016, prominent security researcher Brian Krebs found himself to be the target of a massive DDoS attack — powered by the Mirai botnet — which was close to disrupting service to his website. Web provider Akamai was able to fend off the attack, but due to the size and cost, was unable to protect him again. As a result, Google’s Project Shield, a free DDoS protection service, offered to shelter the websiteagainst future attacks. Alongside the report’s release, Neustar has revealed plans to increase the firm’s global DDoS mitigation service capacity to 3 Tbps and hopes to extend this capacity to 10 Tbps by early 2018. Source: http://www.zdnet.com/article/the-average-ddos-attack-cost-for-businesses-rises-to-over-2-5m/