Category Archives: DDoS Vendors

DDoS attack on Dyn costly for company: claim

A distributed denial of service attack on Dynamic Network Services, otherwise known as Dyn, in October 2016, led to the company losing a considerable amount of business, according to data from the security services company BitSight. A report at the Security Ledger website said while Internet users endured short-term pain because they were cut off from popular websites during the attack, the company, Dyn, lost the business of about 8% of the domains — about 14,500 — it was hosting shortly thereafter. This figure was based on statistics in a talk given on 24 January by Dan Dahlberg, a research scientist at BitSight Technologies in Cambridge, Massachusetts. Dyn is based in Manchester, New Hampshire. It was recently bought by Oracle Corporation. During the outage, Dyn was targeted by hackers who are said to have used digital video recorders and security cameras which were compromised by malware known as Mirai and used to form a massive botnet. The first attack, on 21 October 2016 US time, began at 7.10am EDT (10.10pm AEDT) and, once this was resolved by Dyn, further waves caused disruptions throughout the day. While major US websites like Twitter, Spotify, Netflix and Paypal were disrupted, the application performance management software company Dynatrace said that Australian websites were affected as well. Among the Australian sites that took a hit, Dynatrace listed AAMI, ANZ, BankWest, Coles, The Daily Telegraph, Dan Murphy’s, ebay, HSBC, The Herald Sun, NAB, 9News, The Age, Ticketmaster, The Australian, Woolworths, The Sydney Morning Herald, and Westpac. BitSight provides security rating services for companies. It analysed 178,000 domains that were hosted on Dyn’s managed DNS infrastructure before and after the attacks; of these 145,000 used Dyn exclusively, while the remaining 33,000 used Dyn and others too. After the attack, according to Dahlberg, 139,000 of the 145,000 domains managed exclusively by Dyn continued to use its services, a loss of 4% or 6000 domains. Among domains that used Dyn and other providers as well, there was a loss of 8000 domains, or 24%. Security Ledger said it had tried to get a comment from Dyn but was refused one. It is not clear whether any of the 14,500 domains that were found not to be using Dyn’s services in the aftermath of the attack returned to the provider. Source: http://www.itwire.com/security/76717-ddos-attack-on-dyn-costly-for-company-claim.html

View the original here:
DDoS attack on Dyn costly for company: claim

SQL Sequel: Sequel Slammer worm resurfaces after more than a decade

SQL Slammer, a fast-moving worm that generated a wave of distributed denial of service (DDoS) attacks in 2013, mysteriously resumed high levels of activity in late 2016 after more than a decade of dormancy. According to a company blog post Thursday, Check Point Software Technologies detected a “massive” surge in SQL Slammer attacks between Nov. 28 and Dec. 4, 2016. “What we’ve been seeing is not the actual worm, but its attempts to reach more servers,” said Maya Horowitz, group manager, threat Intelligence at Check Point, in an email interview with SC Media. “Therefore we cannot know for sure if any changes have been [made to] the worm or the vulnerabilities it exploits.” When it first surfaced in 2003, the worm managed to infect tens of thousands of servers and routers in a matter of minutes by exploiting a buffer overflow vulnerability (CVE-2002-0649) in Microsoft SQL Server 2000 or Microsoft SQL Server Data Engine 2000 – both of which are no longer supported. These infected, exploited machines would then bombard ransom IP addresses with an enormous stream of malicious packets that would infect other vulnerable systems, while simultaneously overloading Internet-based network devices with traffic. Microsoft patched this vulnerability in Jan. 2003 and over the years has issued multiple new versions of the affected products. This makes these latest attacks ever stranger, because unless the worm has evolved in some way, it is hard to imagine that users remain susceptible to this threat. “One theory to why it’s attempting to make a comeback is that cybercriminals are seeking easy ways to cause DoS and slow down the entire Internet, just like with the recent Mirai botnet,” said Horowitz. “And reusing old malware is the easiest way.” Source:https://www.scmagazine.com/sql-sequel-sequel-slammer-worm-resurfaces-after-more-than-a-decade/article/636156/

39% of businesses not ready to protect themselves against DDoS

Companies are not ready to protect themselves against DDoS, with four in ten (39%) businesses unclear about the most effective protection strategy to combat this type of attack, according to research from Kaspersky Lab. A lack of knowledge and protection is putting businesses at risk of grinding to a halt. DDoS attacks can quickly incapacitate a targeted business’s workflow, bringing business-critical processes to a stop. However, the research found that nearly a fifth (16%) of businesses are not protected from DDoS attacks at all, and half (49%) rely on built-in hardware for protection. This is not effective against the increasing number of large-scale attacks and ‘smart’ DDoS attacks which are hard to filter with standard methods. Large-scale cyberattacks are now commonplace, such as the recent attack on telecommunications provider StarHub, which faced a high-profile DDoS attack in October last year. Hackers are also showing a preference for DDoS attacks, with the proliferation of IoT devices today. As IoT devices have weak security protocols, they are easy targets for hackers to launch DDoS attacks from. As IoT devices are forecasted to hit 21 billion in 2020, each potential entry point into an organisation increases vulnerability to DDoS attacks. Many businesses are in fact aware that DDoS is a threat to them – of those that have anti-DDoS protection in place, a third (33%) said this was because risk assessments had identified DDoS as a potential problem, and one in five (18%) said they have been attacked in the past. For some, compliance, rather than awareness of the security threat, is the main driver, with almost half (43%) saying regulation is the reason they protect themselves. The problem for businesses is that, in many cases, they may assume they’re already protected. Almost half (40%) of the organizations surveyed fail to put measures in place because they think their Internet service provider will provide protection, and one in three (30%) think data center or infrastructure partners will protect them. This is also not always effective, because these organizations mostly protect businesses from large-scale or standard attacks, while ‘smart’ attacks, such as those using encryption or imitating user behavior, require an expert approach. Moreover, the survey found that a third (30%) fail to take action because they think they are unlikely to be targeted by DDoS attacks. Surprisingly, one in ten (12%) even admit to thinking that a small amount of downtime due to DDoS would not cause a major issue for the company. The reality is that any company can be targeted because such attacks are easy for cybercriminals to launch. What’s more, the potential cost to a victim can reach millions. “As we’ve seen with the recent attacks, DDoS is extremely disruptive, and on the rise,” says Kirill Ilganaev, Head of Kaspersky DDoS Protection at Kaspersky Lab. “When hackers launch a DDoS attack, the damage can be devastating for the business that’s being targeted because it disables a company’s online presence. As a result business workflow comes to a halt, mission-critical processes cannot be completed and reputations can be ruined. Online services and IT infrastructure are just too important to leave unguarded. That’s why specialized DDoS protection solution should be considered an essential part of any effective protection strategy in business today.” Source: http://www.networksasia.net/article/39-businesses-not-ready-protect-themselves-against-ddos.1486046674

See original article:
39% of businesses not ready to protect themselves against DDoS

The emergence of new global cybercriminal attack patterns

The findings of a new Malwarebytes report illustrate a significant shift in cybercriminal attack and malware methodology from previous years. Ransomware, ad fraud and botnets, the subject of so much unjustified hype over previous years, surged to measurable prominence in 2016 and evolved immensely. Cybercriminals migrated to these methodologies en masse, impacting nearly anyone and everyone. To better understand just how drastically the threat landscape evolved in 2016, researchers examined data taken from Windows and … More ?

Google mistakes the entire NHS for massive cyber-attacking botnet

Hospitals advised to use Bing instead Exclusive Google is blocking access to the entire NHS network, mistaking the amount of traffic it is currently receiving as a cyber attack.…

See the original article here:
Google mistakes the entire NHS for massive cyber-attacking botnet

Hong Kong securities brokers hit by cyber attacks, may face more: regulator

HONG KONG (Reuters) – Hong Kong’s securities regulator said brokers in the city had suffered cyber attacks and warned of possible further incidents across the industry. Regulators in Hong Kong have been stepping up efforts over the past year to combat the growing menace of cyber attacks on companies. A survey in November showed the average number of such attacks detected by firms in mainland China and Hong Kong grew a whopping 969 percent between 2014 and 2016. [nL4N1DU35T] In a circular to licensed firms late on Thursday, the Securities and Futures Commission (SFC) said it had been informed by the Hong Kong police that brokers had encountered so-called “distributed denial of service” (DDoS) attacks targeting their websites and received blackmails from criminals. “The DDoS attacks have caused service disruption to the brokers for a short period. It is possible that similar cyber security incidents would be observed across the securities industry,” the SFC said in the notice. Distributed denial of service (DDoS) attacks, among the most common on the Internet, involve cyber criminals using hijacked and virus-infected computers to target websites with data requests, until they are overwhelmed and unable to function. The SFC urged firms in the financial center to implement protective measures, including reviews of the IT systems and DDoS mitigation plans. Source: https://www.yahoo.com/tech/hong-kong-securities-brokers-hit-cyber-attacks-may-043353386–sector.html

See more here:
Hong Kong securities brokers hit by cyber attacks, may face more: regulator

South Korean authorities worry about DDoS attacks ahead of elections

A new report from a South Korean government agency, the country is at risk of DDoS attacks ahead of the country’s possible election. South Korean authorities are reportedly worried about ramped up attacks from the country’s hostile northern neighbour. A recently released report predicted DDoS attacks, leveraging IoT botnets, would be used to attack government ministries. Authored by the state-run Korea Internet & Security Agency (KISA), the report warns of DDoS attacks just before the country’s upcoming elections. The attacks, which leverage widely insecure IoT devices, could be launched against government ministry, national infrastructure or social bodies to destabilise South Korea. Jeon Kil-soo, from KISA told South Korean news agency, Yonhap, that “there is the possibility that huge DDoS attacks could occur by using IoT devices from both home and abroad”. Kil-soo added that such attacks could be deployed against presidential candidates. Current president Park Geun-hye is currently faced with an impeachment motion, which, if adopted by Korea’s Constitutional Court, will trigger another election. The decision is expected to be made in the next two months. According to KISA’s report, such an occasion would be ripe for exploitation by, some expect, North Korea. South Korea are not the only country bracing themselves for cyber-interference in upcoming elections. Against a backdrop of accusation of Russian interference in the American election, top government officials from Germany, France and other countries have expressed fears about such threats. North Korea’s cyber-offensive activities have long been suspected. The North Korean government was reported to be behind the attacks on Sony Pictures on the eve of the 2014 release of The Interview, a comedy which satirised the country’s leader Kim Jong Un. In November 2014, Sony Pictures Entertainment was breached by a group calling itself the “Guardians of Peace”. The hackers released a slew of emails, personal information and other data from inside the company, prompting sanctions against the country. North Korean agents are also suspected to be behind the heist on the Bangladesh Central Bank. In early 2016, hackers stole US$81 million (£65 million) by impersonating legitimate money orders. The money was then laundered through Sri Lanka and the Philippines into the coffers of, some suspect, the North Korean government. This kind of activity takes on a new light when applied to South Korea. South and North Korea have technically been at war since the middle of the twentieth century. Split in two against the backdrop of the Cold War, the countries fought a war between 1950 and 1953. The war never technically ended and the countries remain separate with a Chinese backed opaque dictatorship under the Kim Jong family in the north and a liberal democratic regime in the south. The two countries exist in a state of formal hostility, and while not effectively at war are believed to regularly meddle in each other’s societies, the cyber-realm included. James Hoare, an associate fellow at Chatham House and the man formerly charged with setting up a British embassy in North Korea, “the report is all very speculative, with nothing much in the way of hard facts.” There are many such claims about North Korean cyber-attacks, “including claims of interference with aircraft landing at Inchon airport – though having watched the behaviour of people on flights into and from Inchon, I would not be surprised if some of the alleged attacks were in reality people on their mobile devices while the planes are taking off and landing.” These kinds of claims are common but “tend to be somewhat unspecific, but on at least one recent occasion, the North Korean released information that indicated that they had been approached to stage some sort of diversion at the time of an election.” Source: https://www.scmagazine.com/south-korean-authorities-worry-about-ddos-attacks-ahead-of-elections/article/633651/

See original article:
South Korean authorities worry about DDoS attacks ahead of elections

Global concern over distributed denial-of-service attacks

Arbor Networks has released its 12th Annual Worldwide Infrastructure Security Report (WISR). The report covers a range of issues from threat detection and incident response to managed services, staffing and budgets. But the main focus is on the operational challenges internet operators face daily from network-based threats and the strategies adopted to address and mitigate them. The largest distributed denial-of-service (DDoS) attack reported this year was 800 Gbps, a 60% increase over 2015’s largest attack of 500 Gbps. According to Arbor, DDoS attacks are not only getting larger, but they are also becoming more frequent and complex. Darren Anstee, chief security technologist with Arbor Networks, says survey respondents have grown accustomed to a constantly evolving threat environment with steady increases in attack size and complexity over the past decade. “However, IoT botnets are a game changer because of the numbers involved – there are billions of these devices deployed and they are being easily weaponised to launch massive attacks,” he says. “Increasing concern over the threat environment is reflected in the survey results, which show significant improvements in the deployment of best practice technologies and response processes. The report also found that the emergence of botnets that exploit inherent security weaknesses in IoT devices and the release of the Mirai botnet source code have increased attacker ability to launch extremely large attacks. According to the company, the massive growth in attack size has been driven by increased attack activity on all reflection/amplification protocols, and by the weaponisation of IoT devices and the emergence of IoT botnets. Because of this, Arbor say the consequences of DDoD attacks are becoming clear – DDoS attacks they have successfully made many leading web properties unreachable – costing thousands, sometimes millions, of dollars in revenue. However, the company does point out that this year’s survey results indicate a better understanding of the brand damage and operational expense of successful DDoS attacks. Source: https://securitybrief.asia/story/global-concern-over-distributed-denial-service-attacks/

Original post:
Global concern over distributed denial-of-service attacks

Review: DNS Security

About the authors Allan Liska is a Consulting Systems Engineer at FireEye, and Geoffrey Stowe is an Engineering Lead at Palantir Technologies. Inside DNS Security: Defending the Domain Name System DNS security is a topic that rarely comes up, and when it does, it’s usually after an attack or breach disruptive enough to merit a mention in the news. Last year’s DDoS attack against US-based DNS provider Dyn was one of those, but it isn’t … More ?

Originally posted here:
Review: DNS Security

Innovation and exploitation fuel DDoS attack landscape

Arbor Networks released its 12th Annual Worldwide Infrastructure Security Report offering direct insights from network and security professionals at global service providers, cloud/hosting and enterprise organizations. The stakes have changed for network and security teams. The threat landscape has been transformed by the emergence of IoT botnets. As IoT devices proliferate across networks, bringing tremendous benefits to businesses and consumers, attackers are able to weaponize them due to inherent security vulnerabilities. The largest DDoS attack … More ?