Category Archives: DDoS News

Web attacks increase 71% in third quarter

Dubai: After a slight downturn in the second quarter of this year, the average number of Distributed Denial of Service (DDoS) attacks increased to an average of 30 attacks per target. Fact Box description starts here Fact Box description ends here This reflects that once an organisation has been attacked, there is a high probability of additional attacks, a cyber security expert said. Fact Box description starts here Fact Box description ends here “Cybercriminals have found new attack channels to disable resources as the total DDoS attacks increased by 71 per cent year over year in the third quarter. During the third quarter, we mitigated a total of 4,556 DDoS attacks, an eight per cent decrease from second quarter,” Dave Lewis, Global Security Advocate at Akamai Technologies, told Gulf News. Fact Box description starts here Fact Box description ends here DDoS attack means an attacker sends too much traffic to a server beyond it can handle and the server goes offline. Fact Box description starts here Fact Box description ends here “We are seeing more and more of short-based attacks with limited bandwidth and consequence. There were 19 mega attacks mitigated during the quarter that peaked at more than 100Gbps, matching the first quarter high point,” he said. It’s interesting that while the overall number of attacks fell by eight per cent quarter over quarter, he said the number of large attacks, as well as the size of the biggest attacks, grew significantly. Fact Box description starts here Fact Box description ends here In contrast to previous quarters, when reflection attacks generated the traffic in the largest attacks, a single family of botnets, Mirai, accounted for the traffic during these recent attacks. Rather than using reflectors, he said that Mirai uses compromised internet of Things systems and generates traffic directly from those nodes. Fact Box description starts here Fact Box description ends here The Mirai botnet was a source of the largest attacks Akamai mitigated to date, an attack that peaked at Fact Box description starts here Fact Box description ends here 623Gbps. Mirai did not come out of nowhere. What makes Mirai truly exceptional is its use of IoT devices and several capabilities that aren’t often seen in botnets. Fact Box description starts here Fact Box description ends here The two largest DDoS attacks this quarter, both leveraging the Mirai botnet, were the biggest observed by Akamai to-date — recorded at 623Gbps and 555Gbps. Fact Box description starts here Fact Box description ends here “Attackers are generally not looking for vulnerable systems in a specific location, they are scanning the entire internet for vulnerable systems. The Mirai botnet is especially noisy and aggressive while scanning for vulnerable systems,” he said. Fact Box description starts here Fact Box description ends here He said that some clients are almost always under attack. The top target organisations saw three to five attacks every day of the quarter. However, without defences in place, these attacks could have a “substantial cumulative effect” on an organisation’s’ reputation. Fact Box description starts here Fact Box description ends here “It is becoming easier for hackers to launch attacks on commoditised platforms for lesser price than a coffee cup. The internet of Things are very good at what they are good at but security is often left out. We see these devices like DVRs with default credentials with an insecure protocol,” he said. Fact Box description starts here Fact Box description ends here According to Akamai Technologies’ Third Quarter, 2016 State of the internet/Security Report, majority of web application attacks continued to take place over http (68 per cent) as opposed to https (32 per cent), which could afford attackers some modicum of protection by encrypting traffic in transit. Fact Box description starts here Fact Box description ends here The US remained the top target for web application attacks as many organisations are headquartered in the US, with the resultant infrastructure also hosted in-country, it is expected that the US will continue to be the top target for some time. Fact Box description starts here Fact Box description ends here Brazil, the top country of origin for all web application attacks in the second quarter, experienced a 79 per cent decrease in attacks this quarter. The United States (20 per cent) and Netherlands (18 per cent) were the countries with the most web application attacks. Source: http://gulfnews.com/business/sectors/technology/web-attacks-increase-71-in-third-quarter-1.1930487

See the original post:
Web attacks increase 71% in third quarter

Analyzing the latest wave of mega attacks

A new report, using data gathered from the Akamai Intelligent Platform, provides analysis of the current cloud security and threat landscape, including insight into two record?setting DDoS attacks caused by the Mirai botnet. Nineteen DDoS attacks exceeded 100 Gbps, with six exceeding 200 Gbps DDoS attacks The two largest DDoS attacks this quarter, both leveraging the Mirai botnet, were the biggest observed by Akamai to-date – recorded at 623 Gbps and 555 Gbps. Compared to … More ?

See the article here:
Analyzing the latest wave of mega attacks

BlackNurse Attack Lets Lone Computers Take Down Whole Networks

DDoS attacks generally rely on big numbers to get results. Hundreds of thousands of devices, millions of IP addresses all unleashing coordinated blasts of data at another device to bring it to its knees. A BlackNurse denial-of-service attack doesn’t need a massive army of zombies to be effective. The BlackNurse attack is much more efficient than the DDoS attacks that crippled security researcher Brian Krebs’ website and the DNS servers at Dyn. Some recent DDoS attacks have seen traffic peak at more than 1 Tbps. A BlackNurse attack has the ability to disrupt by sending just a fraction of that volume. As little as 21 Mbps can be enough to take down a firewall, according to security firm Netresec. What’s different about BlackNurse that allows it to inflict so much damage with so little effort? It’s the type of traffic it utilizes. BlackNurse directs Internet Control Message Protocol (ICMP) packets, which have been used in other DDoS attacks in the past. BlackNurse uses a specific type — ICMP type 3 code 3. An attack from a single laptop could, theoretically, knock an entire business offline, though it’s not likely to be a very  large  business. In their blog post, Netresec calls out firewalls made by Cisco, Palo Alto Networks, Sonicwall, and Zyxel as being at risk. Most of the devices Netresec reports as being vulnerable to a BlackNurse attack (like the Cisco ASA 5506 and Zyxel Zywall USG50) were designed for small office or home office use. That said, TDC, a Denmark-based company that offers DDoS protection services to businesses, has seen enterprise-grade gear impacted. “We had expected that professional firewall equipment would be able to handle the attack,” they wrote, adding that they’ve seen around 100 of these attacks launched against their customers. TDC also notes that BlackNurse has the potential to create a lot of havoc. In Denmark’s IP space alone they discovered 1.7 million devices that respond to the ICMP requests that the BlackNurse attack leverages. If even a small percentage of those 1.7 million devices are vulnerable, the effects of a coordinated, large-scale attack could be disastrous. And that’s just Denmark. Source: http://www.forbes.com/sites/leemathews/2016/11/14/blacknurse-attack-lets-lone-computers-take-down-whole-networks/#6d27bd961999

More:
BlackNurse Attack Lets Lone Computers Take Down Whole Networks

How hackers will exploit the Internet of Things in 2017

The Internet of Things (IoT) is now a major force in the weaponization of DDoS. In 2016, IoT botnets have fueled a number of attacks, including the largest-ever DDoS attack, and that role will only grow in the coming years. The tools to carry out these attacks are freely available to the public, and the IoT is expected to be 20 billion devices strong by 2020, so expect more frequent and disruptive attacks from a … More ?

Read the article:
How hackers will exploit the Internet of Things in 2017

How hackers could wreak havoc on the US election

AS VOTES are counted and polls close across America, security experts have warned that hackers could disrupt the presidential election process. “Anything that unsettles the election process would be a complete disaster,” explained Stephen Gates, chief research intelligence analyst at security specialist NSFOCUS. “Misinformation on exit polls, widespread internet and media outages, and delays in reporting could seriously impact people’s desire to vote and even worse — trust the results.” Mr Gates pointed to the mysterious cyber attacks that recently snarled East Coast Web traffic as evidence of hackers’ ability to cause disruption. A number of major sites including Twitter, Netflix, Spotify and Reddit were impacted by the October 21 distributed denial of service attacks (DDoS), on internet services company Dyn. DDoS attacks, which often occur when a hacker “floods” a network with information, are a popular method for disrupting websites and services. Mr Gates warned that, in addition to large DDoS attacks on internet infrastructure, online news and media outlets, attackers could target voter registration systems by launching smaller attacks on individual polling centres. “Many of these verification systems are likely online and need to access state databases where voter registration and verification is required to cast a vote,” he said. “Attacks against registered voter databases themselves would also be highly likely.” DDoS attacks and bogus election posts could also flood social media sites and spread misinformation, he warned, noting that so-called ‘man-in-the-middle’ attacks against polling centres as they report their final numbers to collection centres are also possible. In a man-in-the-middle attack a hacker secretly intercepts, and potentially alters, information as it is sent between two parties.  Roger Kay, president of Endpoint Technologies Associates, also sees a potential DDoS threat. “I have considered it a real possibility, not only are the cyber tools available, but the motivation is there as well, from anyone — they could be state actors, they could be malicious hackers.” Hackers, for example, could use the internet of Things, where even household devices are web-enabled, as a launch pad for their attacks, according to Mr Kay. The analyst, however, notes that major DDoS attacks are difficult for hackers to sustain, and also cites the low-tech nature of some US election infrastructure. “If you look at the safety of the democratic structure, there’s all these decentralised activities, many of which are paper[-based].” Nonetheless, a Department of Homeland Security report obtained by FoxNews.com warns that parts of America’s election infrastructure are vulnerable to cyber attack. While the risk to computer-enabled election systems varies from county to county, targeted attacks against individual voter registration databases are possible, it said. One technology being touted as a potential solution to cyber threats and voter fraud is blockchain. Blockchain, which uses a decentralised security protocol, could be used to safely record and transmit votes. Because blockchain messages are distributed and not kept in one central location, they are very difficult to tamper with, say experts. “The technology could be used to prevent voter fraud (e.g., multiple votes by a single person) through use of private keys for each voter and storage of votes on an immutable blockchain ledger,” Joe Guagliardo, chair of the Blockchain Technology Group at law firm Pepper Hamilton, in an email to FoxNews.com. “Once the vote has been cast and verified, it cannot be changed without verification by all of the nodes in the network (potentially millions or more) — fraudulent activity would require computational power to overcome the resources of the collective nodes in the net.” Source: http://www.ntnews.com.au/technology/how-hackers-could-wreak-havoc-on-the-us-election/news-story/4f732c684f8f14eeee46e82641bcd5f8

More:
How hackers could wreak havoc on the US election

Is government regulation the way to blunt DDoS attacks?

Government regulation is a sticky issue in any industry, perhaps even more in cyber security. Every time the government creates a rule or an obligation, goes the argument, it merely opens a hole to be exploited. Exhibit number one is the call for makers of any product with encryption to create a secure back door police and intelligence agencies can use to de-crypt possibly criminal communications. Of course there’s no such thing as an absolutely secure  back door, so it will end up being used by criminals or nation states. I raise this because last week security expert Bruce Schneier again raised the issue of whether governments should step in to help give more protection against distributed denial of service DDoS attacks. It’s easy for attackers to build powerful DDoS botnets that leverage insecure Internet connected devices like consumer webcams, he argues, the most recent of which was the attack last month on U.S. domain name service provider Dyn Inc., which temporarily impaired the ability of a number of online businesses including Twitter. It doesn’t matter, Schneier argues, if DDoS attacks are state-based or not. The fact the software is so easily available to their build a botnot or buy it as a service that can pour 1 TB and more of data at a target is the threat. “The market can’t fix this because neither the buyer nor the seller cares,” he has written. One logical place to block DDoS attacks is on the Internet backbone, he says, but providers have no incentive to do it because “they don’t feel the pain when the attacks occur and they have no way of billing for the service when they provide it.” So when the market can’t provide discipline, Schneier says, government should. He offers two suggestions: –impose security regulations on manufacturers, forcing them to make their devices secure; –impose liabilities on manufacturers of insecure Internet connected devices, allowing victims to sue them. Either one of these would raise the cost of insecurity and give companies incentives to spend money making their devices secure, he argues. I’m not sure. For one thing litigation is a long and expensive process. How do I sue a company headquartered in another country (say, China) that sells devices used by a person in a third country (say, Brazil) which is part of a botnet assembled by a person in another country (say, the U.S.) used to attack me in Canada? There’s also the problem of defining secure. What can a manufacturer do if it forces creation a long password for a device, but users insist on insecure passwords (like “password123456879.”) Still, we need to discuss short-term solutions because, as Schneier points out, with the huge number of insecure Internet connected devices out there the DDoS problem is only going to get worse. Let us know what you think in the comments section below. Source: http://www.itworldcanada.com/article/is-government-regulation-the-way-to-blunt-ddos-attacks/388238

Link:
Is government regulation the way to blunt DDoS attacks?

Apocalypse now: The IoT DDoS threat

One of the things you learn about humanity, if you’re paying attention, is that “gold rushes” bring out the worse in us. When there are no constraints and there is a greed motivator, people will literally trample anyone or anything to get to the goods. Over the ages, literal and financial empires have been forged on this principle, and no matter when or for what particular gain, there has always been serious collateral damage. Despite … More ?

See the article here:
Apocalypse now: The IoT DDoS threat

Massive DDoS Attacks Disable Internet Access Throughout Liberia

British security researcher Kevin Beaumont recently reported that a series of massive cyber attacks using the Mirai DDoS botnet periodically disabled all Internet access throughout the country of Liberia. “Liberia has one Internet cable, installed in 2011, which provides a single point of failure for Internet access. … The attacks are extremely worrying because they suggest a Mirai operator who has enough capacity to seriously impact systems in a nation state,” Beaumont wrote. An employee at a Liberian mobile service provider told Network Worldthat the attacks were hurting his business. “It’s killing our revenue,” he said. “Our business has been targeted frequently.” Beaumont said it appears that the attacks, which targeted Liberian telecom operators who co-own the single Internet cable, were being used to test denial of service techniques. Given the volume of traffic, more than 500 Gbps, Beaumont said it appears that the botnet is owned by the same actor who hit the managed DNS provider Dyn on October 21, disabling websites across the U.S. Mikko Hypponen, chief research officer at F-Secure, told VICE News that those actors were probably… kids. “Kids who have the capability and don’t know what to do with it,” he said. Flashpoint director of security research Allison Nixon agreed with that assessment, stating in a blog post, “The technical and social indicators of this attack align more closely with attacks from the Hackforums community than the other type of actors that may be involved, such as higher-tier criminal actors, hacktivisits, nation states, and terrorist groups.” Still, NSFOCUS chief research intelligence analyst Stephen Gates told  eSecurity Planet  by email that attacks like these could have a real impact on tomorrow’s U.S. presidential election. While U.S. polling machines aren’t connected to the Internet, Gates said, some voter identification systems may be. “In some states, the voter ID must be checked before a voter can proceed,” he said. “If those systems are connected to the Internet to gain access to a database of registered voters, and they were taken offline, then would-be voters could not be verified.” “What that would mean to the election process is anyone’s guess,” Gates added. According to Nexusguard’s Q3 2016 DDoS Threat Report, the number of reflection-based DDoS attacks fell more than 40 percent during the third quarter of the year, while IoT-based botnets reached unprecedented speeds. The U.S. saw the most attack events in the third quarter, followed by China, Russia and the United Kingdom. “Few service providers can sustain the level of malicious traffic we saw in Q3 from IoT botnets, so these DDoS outages are causing companies to completely rethink their cybersecurity strategies,” Nexusguard chief scientist Terrence Gareau said in a statement. “Hackers’ preferences for botnets over reflection attacks are typical of cyclical behavior, where attackers will switch to methods that have fallen out of popularity to test security teams with unexpected vectors,” Gareau added. Source: http://www.esecurityplanet.com/network-security/massive-ddos-attacks-disable-internet-access-throughout-liberia.html

More:
Massive DDoS Attacks Disable Internet Access Throughout Liberia

Barracuda: Outage caused by ‘large number of inbound connections’

Yet firm refuses to say the word DDoS. What are they hiding? Outage-hit security firm Barracuda appears to have been struck down by a DDoS – though the firm says it’s still investigating and refuses to confirm or deny it.…

More here:
Barracuda: Outage caused by ‘large number of inbound connections’