Category Archives: DDoS News

Everything old is new again: Experts predict a flood of denial-of-service attacks

As IoT goes mainstream Mirai-style denial-of-service botnet attacks are escalating, and hackers are targeting health care companies, financial services, and the government. The hottest trend in cyberattacks is an archaic and simplistic hacker tool. Propelled by the rise of IoT, the popularity of denial-of-service attacks rebounded in late 2016 and early 2017. Accompanying the rapid acceleration of the IoT and connected device market, warn cybersecurity experts, will be a zombie botnet swarm of network-crippling attacks. Denial-of-service attacks are simple but effective weapons that bring down websites and services by flooding networks with junk traffic from commandeered botnets. Digital fallout will often cripple the target and ripple across the web to knock out unaffiliated but connected services and sites. “After an attack [clients] often feel angry and violated,” said Matthew Prince, CEO of denial-of-service mitigation service CloudFlare in an interview with TechRepublic. “A distributed denial-of-service (DDoS) attack is not a sophisticated attack. It’s the functional equivalent of a caveman with a club. But a caveman with a club can do a lot of damage.” “DDoS outages are causing companies to completely rethink their cybersecurity strategies,” said cyber-defence strategist Terrence Gareau in a report by threat identification firm Nexusguard. Nexusguard examines network data to identify threat vector trends like duration, source, and variation of denial-of-service attacks.”Hackers’ preferences for botnets over reflection attacks are typical of cyclical behavior, where attackers will switch to methods that have fallen out of popularity to test security teams with unexpected vectors.” Denial-of-service attacks are a broad umbrella used to describe a number of technological sub-tactics. Denial-of-service attacks are common and relatively easy to pull off because these attacks simply crowdsource web IP addresses. The hacker group Anonymous made DDoS attacks famous by championing a tool nicknamed the “Low Orbit Ion Cannon” that made denial-of-service accessible and easy. The downside, of course, is that all cyberattacks are illegal, and unsophisticated DDoS attacks are easy for law enforcement to pursue. The Nexusguard report shows that hackers are switching from DDoS to IoT botnet-based attacks like last year’s devastating Mirai hack. “Distributed denial-of-service attacks fell more than 40 percent to 97,700 attacks in the second quarter of the year,” Gareau said. IoT attacks targeted at French data provider OVH broke records for speed and size, the report said, and were so severe that France broke into Nexusguard’s Top 3 [cyberattack] victim countries. “The preferred programming language for the Mirai botnet helped to better handle a massive number of nodes compared to other typical languages for DDoS attacks,” Gareau said. “Researchers attribute the [DDoS] attack dip and these massive attacks to hackers favoring Mirai-style botnets of hijacked connected devices, demonstrating the power IoT has to threaten major organizations.” Hackers are also diversifying attacks against large organizations in financial services, healthcare, and government sectors, Gareau said in the Nexusguard report. “Hackers favored blended attacks, which target four or more vectors, in attempts to overload targeted monitoring, detection, and logging systems.” To fend off attacks, experts like Prince, Gareau, and Cyberbit’s chief technology officer Oren Aspir agree enterprise companies need to develop a response plan. “Attacks on an endpoint device will always leave some sort of trail or evidence to analyze,” Aspir said. “Since the speed of detection is vital, analysts need tools that will allow them to quickly detect behavior at the endpoint, validate the threat, and perform an automated forensic investigation in real time on that endpoint.” Aspir also suggested companies prepare for DDoS and other hacks by reviewing previous attack metrics, conduct vulnerability assessment and penetration testing exercises, and simulate attacks to help evaluate team preparedness. “It’s important for organizations to build a baseline that consists of what ‘good behavior’ should look like on an endpoint. This allows for organizations to take unknown threats and validate them quickly.” Though IoT botnet denial-of-service attacks are relatively new enterprise organizations have learned from previous attacks and already shifted defense tactics. “Researchers predict the attention from recent botnet attacks will cause companies to strengthen their cybersecurity… and ensure business continuity despite supersized attacks,” Gareau said. Source: http://www.techrepublic.com/article/everything-old-is-new-again-experts-predict-a-flood-of-denial-of-service-attacks/

Original post:
Everything old is new again: Experts predict a flood of denial-of-service attacks

DDoS Attack Takes Down Austrian Parliament Website

The DDoS attack, one of the most common cyber threats, is being investigated by authorities The Austrian parliament’s website was hit by a suspected cyber attack over the weekend which took the site down for 20 minutes. Hackers are believed to have used a Distributed Denial of Service (DDoS) attack to flood the website with digital service requests and, although no data was lost, authorities are now investigating the attack. “The hacker attack was most likely a so-called DDoS-attack; a similar attack took place last November targeting the websites of the Foreign Affairs and Defence Ministries,” the parliament said in a statement. Cyber attack One of the most common cyber threats around, DDoS attacks have been growing in size and prevalence in recent times, with Corero Network Security predicting that such threats will become the top security priority for businesses and the new norm in 2017. “While the Mirai botnet is certainly fearsome in terms of its size, its capacity to wreak havoc is also dictated by the various attack vectors it employs, said Dave Larson, CTO/COO at Corero Network Security. “If a variety of new and complex techniques were added to its arsenal next year, we may see a substantial escalation in the already dangerous DDoS landscape, with the potential for frequent, Terabit-scale DDoS events which significantly disrupt our Internet availability.” In January, a DDoS attack was responsible for an outage at Lloyds Banking Group that left customers unable to access online banking services for three days, after web security firm Imperva had earlier that month issued a warning to businesses after fending off the largest DDoS attack ever recorded on its network. But the most high-profile attack in recent months affected domain name service provider Dyn and resulted in a slew major sites – including Twitter, Spotify and Reddit – being taken offline. Source: http://www.silicon.co.uk/security/ddos-attack-austrian-parliament-website-204381

View the original here:
DDoS Attack Takes Down Austrian Parliament Website

DDoS attack on Dyn costly for company: claim

A distributed denial of service attack on Dynamic Network Services, otherwise known as Dyn, in October 2016, led to the company losing a considerable amount of business, according to data from the security services company BitSight. A report at the Security Ledger website said while Internet users endured short-term pain because they were cut off from popular websites during the attack, the company, Dyn, lost the business of about 8% of the domains — about 14,500 — it was hosting shortly thereafter. This figure was based on statistics in a talk given on 24 January by Dan Dahlberg, a research scientist at BitSight Technologies in Cambridge, Massachusetts. Dyn is based in Manchester, New Hampshire. It was recently bought by Oracle Corporation. During the outage, Dyn was targeted by hackers who are said to have used digital video recorders and security cameras which were compromised by malware known as Mirai and used to form a massive botnet. The first attack, on 21 October 2016 US time, began at 7.10am EDT (10.10pm AEDT) and, once this was resolved by Dyn, further waves caused disruptions throughout the day. While major US websites like Twitter, Spotify, Netflix and Paypal were disrupted, the application performance management software company Dynatrace said that Australian websites were affected as well. Among the Australian sites that took a hit, Dynatrace listed AAMI, ANZ, BankWest, Coles, The Daily Telegraph, Dan Murphy’s, ebay, HSBC, The Herald Sun, NAB, 9News, The Age, Ticketmaster, The Australian, Woolworths, The Sydney Morning Herald, and Westpac. BitSight provides security rating services for companies. It analysed 178,000 domains that were hosted on Dyn’s managed DNS infrastructure before and after the attacks; of these 145,000 used Dyn exclusively, while the remaining 33,000 used Dyn and others too. After the attack, according to Dahlberg, 139,000 of the 145,000 domains managed exclusively by Dyn continued to use its services, a loss of 4% or 6000 domains. Among domains that used Dyn and other providers as well, there was a loss of 8000 domains, or 24%. Security Ledger said it had tried to get a comment from Dyn but was refused one. It is not clear whether any of the 14,500 domains that were found not to be using Dyn’s services in the aftermath of the attack returned to the provider. Source: http://www.itwire.com/security/76717-ddos-attack-on-dyn-costly-for-company-claim.html

View the original here:
DDoS attack on Dyn costly for company: claim

How to Identify a DDoS Attack

DDoS stands for Distributed-Denial-of-Service. It basically means that a surge of information cuts you off from your network i.e. your server or your web host, disallowing access to web services. In recent times, a series of DDoS attacks have taken place, which is proven but the statistics put together by Arbor Networks’ 12th Annual Worldwide Infrastructure Security Report (WISR). The report indicates that incidences of DDoS attacks have risen 44% compared to last year. In fact, 53% of the service providers that were surveyed mentioned that 53 percent they are seeing more than 21 DDoS attacks per month, up from 44 percent last year. It is important to know if your network is under an attack, and take the necessary correction steps. Especially if you are an online business, a DDoS attack can wreak havoc, stopping your operations completely. An attack is initiated by sending a flood of traffic to your server or web host, thereby, eating into your available bandwidth and server resources. In effect, the original user, which is you, are left without access to web services. In extreme situations, the server may crash too. In fact, the attack is not launched from one source, making it difficult to track down a single IP in computer and data logs. The attacker generally infects user networks, including personal computers, mobiles, and IoT devices and so on, through his or her malware-infected machines. That is where the complexity of identifying a DDoS attack arises- it can quickly spiral into large proportions. Also, a DDoS attack can strike without warning, most hackers do not believe in sending threats before carrying out the hack. It may look like your website server or hosting domain is down, while in reality it may be a DDoS attack. Even elaborate server tests may just indicate a high traffic, which may appear normal. Hence it is important to be on the vigil and consider that you may indeed, be under a DDoS attack: Here are the key clues to look out for: An IP address makes x requests over y seconds, many times consistently, or IP addresses may repeat frequently: If you spot this behaviour for specific IPs, you can direct traffic from those IPs to specific NULL routes. This will bypass your servers. At the same time, make it a point to whitelist some of the valid IPs. Your server responds with a 503 error citing a service outage: Windows allows you to schedule alerts when a specific event happens in Event Viewer. Allocate a task to an event (such as errors or warnings). Similarly, allocate a task to a 503 event by opening Event Viewer, right clicking on the event, and set up a configuration to send an email to an administrator or to a team of people. Loggly can help you with this in case of multiple servers. Ping requests time out: Move beyond manually pinging servers to test response. A number of web pinging services are available, such as, UpTimeRobot, Pingdom, Mon.itor.us, InternetSeer, Uptrends and others. You can configure the frequency at which you want your site to ping from world-over. If a time out occurs, it is reported back to you or your team. Logs show a huge spike in traffic: Loggly can be used as a lookout for DDoS attacks. It not only shows traffic spikes but also their occurrence date and time, their originating servers and user errors. The logs and alerts can be designed to be more specific, for example, base your alerts on a combination of events and traffic spikes, so as to do away with false alerts. It is not practically possible for any human to keep looking out for these signs. One must automate notification systems. Loggly is a useful tool that can send these alerts to external messaging platforms too, such as Slack, or Hipchat. Of course, it is important that you learn how to perfectly configure an alert, to catch the right indicators, at the same time avoiding an overload of alerts. Source: http://www.readitquik.com/articles/networking-2/a-guide-to-identify-ddos-attack/

View article:
How to Identify a DDoS Attack

Google mistakes the entire NHS for massive cyber-attacking botnet

Hospitals advised to use Bing instead Exclusive Google is blocking access to the entire NHS network, mistaking the amount of traffic it is currently receiving as a cyber attack.…

See the original article here:
Google mistakes the entire NHS for massive cyber-attacking botnet

53% of service providers are seeing over 21 DDoS attacks per month

More than half (53 percent) of service providers indicated they are seeing more than 21 DDoS attacks per month, up from 44 percent last year. New research from Arbor Networks’ 12th Annual Worldwide Infrastructure Security Report (WISR) focuses on the operational challenges internet operators face daily from network-based threats and the strategies adopted to address and mitigate them. The survey polled 356 respondents that included services providers, hosting, mobile, enterprise and other types of network operators around the world. Since the WISR began in 2005, DDoS attack size has grown 7900 percent. Attacks increased by 60 percent in 2016. Twenty-one percent of data centre respondents saw more than 50 attacks per month, as opposed to only eight percent last year. More than 10 attacks per month were experienced by 45 percent of enterprise, government and education (EGE) respondents. Two-thirds (67 percent) of service providers and 40 percent of EGE respondents reported seeing multi-vector attacks on their networks. Sixty-one percent of data centre operators reported attacks totally saturating data centre bandwidth. A quarter of data centre and cloud providers saw the cost of a major DDoS attack rise above £79,000, and five percent cited costs of over £793,000. Forty-one percent of EGE organisations reported reportedDDoS attacks exceeding their total internet capacity. Nearly 55 percent of EGE respondents now carry out DDoS defence simulations, with about 40 percent carrying them out at least on a quarterly basis. Data centre and cloud provider respondents using firewalls for DDoS defence has fallen from 71 percent to 40 percent. “The survey respondents have grown accustomed to a constantly evolving threat environment with steady increases in attack size and complexity over the past decade. However, IoT botnets are a game changer because of the numbers involved. There are billions of these devices deployed, and they are being easily weaponised to launch massive attacks. Increasing concern over the threat environment is reflected in the survey results, which show significant improvements in the deployment of best practice technologies and response processes,” said Darren Anstee, chief security technologist at Arbor Networks. Source: https://www.scmagazineuk.com/53-of-service-providers-are-seeing-over-21-ddos-attacks-per-month/article/633962/

Originally posted here:
53% of service providers are seeing over 21 DDoS attacks per month

Global concern over distributed denial-of-service attacks

Arbor Networks has released its 12th Annual Worldwide Infrastructure Security Report (WISR). The report covers a range of issues from threat detection and incident response to managed services, staffing and budgets. But the main focus is on the operational challenges internet operators face daily from network-based threats and the strategies adopted to address and mitigate them. The largest distributed denial-of-service (DDoS) attack reported this year was 800 Gbps, a 60% increase over 2015’s largest attack of 500 Gbps. According to Arbor, DDoS attacks are not only getting larger, but they are also becoming more frequent and complex. Darren Anstee, chief security technologist with Arbor Networks, says survey respondents have grown accustomed to a constantly evolving threat environment with steady increases in attack size and complexity over the past decade. “However, IoT botnets are a game changer because of the numbers involved – there are billions of these devices deployed and they are being easily weaponised to launch massive attacks,” he says. “Increasing concern over the threat environment is reflected in the survey results, which show significant improvements in the deployment of best practice technologies and response processes. The report also found that the emergence of botnets that exploit inherent security weaknesses in IoT devices and the release of the Mirai botnet source code have increased attacker ability to launch extremely large attacks. According to the company, the massive growth in attack size has been driven by increased attack activity on all reflection/amplification protocols, and by the weaponisation of IoT devices and the emergence of IoT botnets. Because of this, Arbor say the consequences of DDoD attacks are becoming clear – DDoS attacks they have successfully made many leading web properties unreachable – costing thousands, sometimes millions, of dollars in revenue. However, the company does point out that this year’s survey results indicate a better understanding of the brand damage and operational expense of successful DDoS attacks. Source: https://securitybrief.asia/story/global-concern-over-distributed-denial-service-attacks/

Original post:
Global concern over distributed denial-of-service attacks

Review: DNS Security

About the authors Allan Liska is a Consulting Systems Engineer at FireEye, and Geoffrey Stowe is an Engineering Lead at Palantir Technologies. Inside DNS Security: Defending the Domain Name System DNS security is a topic that rarely comes up, and when it does, it’s usually after an attack or breach disruptive enough to merit a mention in the news. Last year’s DDoS attack against US-based DNS provider Dyn was one of those, but it isn’t … More ?

Originally posted here:
Review: DNS Security

Defeating DDoS attacks in the Cloud: Why hosting providers need to take action

DDoS attacks have become such a significant threat that hosting providers need to actively protect against them or risk their own reputations. In the first few days of the New Year, hosting provider 123-reg was once again hit by a distributed denial of service (DDoS) attack, leaving customers unable to access their websites and email accounts. Even though the magnitude and strength of the attack weren’t as immense as the 30Gbps attack on the website in August last year, it still raises availability and security concerns and emphasises the importance of using effective DDoS mitigation systems. 123-reg reacted with remediation procedures and was able to get services back up and running within a couple of hours, but not after customers experienced service outages and latency issues. Successful DDoS attacks hit more than just network infrastructure, brand reputation and bottom line suffer greatly. For many providers, just a handful of customers make up a significant portion of their revenue stream. Losing one or more of these key accounts would be detrimental to the business. With no shortage of DDoS attacks hitting the news headlines, many businesses that operate in the cloud or plan to move their business applications to the cloud, are beginning to review their DDoS protection options, and the capabilities of their providers. Hosting Providers and DDoS Threats The sheer size and scale of hosting provider network infrastructures and their massive customer base presents an incredibly attractive attack surface due to the multiple entry points and significant aggregate bandwidth that acts as a conduit for a damaging and disruptive DDoS attack. As enterprises increasingly rely on hosted critical infrastructure or services, they are placing themselves at even greater risk from these devastating cyber threats – even as an indirect target. The Domino Effect The multi-tenant nature of cloud-based data centres can be less than forgiving for unsuspecting tenants. For example, a DDoS attack that targets one organisation within the data centre can have disastrous repercussions for other tenants, causing a domino effect of latency issues, service degradation and potentially damaging and long-lasting service outages. The collateral damage associated with successful DDoS attacks can be exponential. When providers lack proper protection mechanisms to defeat attacks in real-time, the costs associated with the outages are wide ranging and the impact to downstream or co-located customers can be devastating. Therefore, if hosting providers are not protected and do not provide effective DDoS mitigation as a part of their service offering, they may inadvertently send useless and potentially harmful traffic across their customers’ networks. Traditional Defences Do Not Work Traditional techniques of defence such as black-hole routing are a crude response to DDoS attacks. Using this method, a hosting provider blocks all packets of website traffic destined for a domain by advertising a null route for the IP address under attack. The most notable issue with this approach, is when multiple tenants share a public IP address. In this situation, all customers associated with the address under attack will lose all service, regardless of whether they were a specific target of the attack. In effect, by using this method, the data centre operator is carrying out the wishes of the attacker, by taking their customers offline. Black-hole routing is not an approach that most operators prefer – since it completely took their customers offline. A more sophisticated approach was then introduced; instead of injecting a null route when an operator observed a large spike, they would inject a new route instead. That action redirected all good and bad traffic through an appliance or bank of appliances that inspected traffic and attempted to remove the attack traffic from the good traffic flows. This approach spawned the existence of DDoS scrubbing-centers with DDoS scrubbing-lanes commonly deployed today. However this approach still required a considerable amount of human intervention. A DDoS attack would have to be detected (again by analyzing NetFlow records) then an operator would have to determine the victim’s destination IP address(s). Once the victim was identified, a BGP route update would have to take place to inject a new route to “turn” the victim’s incoming traffic to where a scrubbing lane was deployed. The appliances in the scrubbing lane would attempt to remove the DDoS traffic from the good traffic and forward it to the downstream customer. Effective DDoS Defence The weaknesses of old methods – being slow to react, expensive to maintain and unable to keep up with shifting and progressive threats – tell us that solutions appropriate for today need to be always-on and remove the attack traffic in real-time, without damaging other customers, or dropping good user traffic. It’s clear they also need to be adaptable and scalable so that defences can be quickly and affordably updated to respond to the future face of DDoS threats – whatever those may be. The increasingly popular method of fulfilling these aims is through real-time DDoS mitigation tools installed directly at the peering point, meaning customer traffic can be protected as it travels across an organisation’s entire network. Such innovations mean providers are better positioned than ever before to offer effective protection to their customers, so that websites and applications can stay up and running, uninterrupted and unobstructed. Hosting providers are starting to deploy this technology as part of their service package to protect their customers. This maximises efficiency due to the fact that defences can be constantly on, with no need for human intervention. Providers can tune these systems so that customers only get good traffic, helping their sites run far more efficiently. It’s a win-win for both sides, as providers’ services become more streamlined and reliable, protecting their reputation, and attracting more customers in the process. Hosting providers have a golden opportunity to modernise their services in this way, and generate new channels for revenue – or else, they risk a slow shrinking of their customer base. Source: http://www.itproportal.com/features/defeating-ddos-attacks-in-the-cloud-why-hosting-providers-need-to-take-action/

More:
Defeating DDoS attacks in the Cloud: Why hosting providers need to take action

DDoSing has evolved in the vacuum left by IoT’s total absence of security

Botnets’ power level over 9,000 thanks to gaping vulnerabilities IoT botnets have transformed the threat landscape, resulting in a big increase in the size of DDoS attacks from 500Gbps in 2015 up to 800Gbps last year.…

See the original article here:
DDoSing has evolved in the vacuum left by IoT’s total absence of security