Category Archives: Security Websies

Could a DDoS wipe out Black Friday online sales?

Don’t miss out on Black Friday sales: why retailers must prepare for DDoS threat to online shopping. The recent spate of Distributed Denial of Service (DDoS) attacks should be a call to action for online retailers to prepare their defences in the run-up to Black Friday. DDoS attacks flood a target website with redundant traffic and take it offline. This is bad news for any company with an online presence; it can damage the company’s image in the eyes of potential customers if they attempt to access support services, for example, and find that the site is not operational. But with retail, the threat is an existential one and in the case of Black Friday could make the difference between success and bankruptcy. An example of an existential DDoS was seen earlier this month when the website of bookmaker William Hill was attacked and taken offline for around 24 hours. The threat is not new to the betting industry; in 2004, the online betting industry was hit with DDoS attacks during the Cheltenham horse races. The technical team for the website worked tirelessly to restore service, but estimates of the company’s losses are in the millions of pounds. These seem significant, but one can only imagine the losses on a peak day (not to denigrate the importance of the KAA Gent vs Shakhtar Donetsk fixture that took place during the attack). Imagine if attackers had hit the betting site during a major tournament such as the World Cup or the Olympics. Black Friday is perhaps the retail equivalent of the World Cup. In 2015, consumers in the UK spent £3.3 billion during the Black Friday and Cyber Monday weekend. According to Rubikloud, a machine intelligence platform for enterprise retailers which analysed Black Friday sales in 2015, retailers acquire 40 percent more customers on Black Friday than the average shopping day. In this context, a DDoS could be lethal to a vendor. As Martin McKeay, Akamai’s Senior Security Advocate, says, “if retailers have a DDoS hit it could mean the difference between making or failing to make their figures for the year.” The Akamai Q3 2016 State of the Internet/Security report found that DDoS capacities are increasing. In the quarter Akamai found a 58 percent year-on-year increase in attacks of over 100 Gbps. Even without a DDoS, the traffic increase to a site will be huge anyway and the chances of a website crashing are there. Analysis by cloud and CDN provider Tibus suggests that websites including those of Boots, Boohoo, John Lewis and Argos suffered service outages during last year’s Black Friday. So what is to be done if retailers are to protect the November cash cow? The first step is to evaluate what a DDoS would do to an organisation, says McKeay. “Understand your exposure and what it will cost you. If you are a merchant you can’t take the chance of being knocked offline.” Visibility is the key foundation for DDoS mitigation. Having a view of the actual volume of traffic hitting your site allows decisions to be made on policy. In terms of the architecture of a DDoS prevention solution, there are three lines of defence: the basic mitigation in network equipment, dedicated customer premises equipment (CPE) devices and finally, cloud integration. A DDoS mitigation provider will be all too happy to talk a customer through the technological aspects of DDoS mitigation, but there are also important management decisions to be made. Crucially, think about the outcome you want. “Is it better for most of the people to have some service or all of them to have none? It’s about keeping the service available, because their goal is to not have it available,” Steve Mulhearn, Fortinet’s Director of Enhanced Technologies UKI & DACH, told CBR in a recent interview. Nowhere is that more true than in retail, where a vast array of factors come into play when a customer is making a transaction. Research, including a study by Baymard in July 2016, continues to show low conversion rates for online shopping: sometimes languishing around the 25 percent mark. Retailers will need to use their own data and experience of their own site to learn how to allocate resources. For example, focus on keeping online the parts of the site enabling the actual transaction rather than auxiliary services. Black Friday should be an opportunity for retailers, not a threat – which is why a DDoS prevention strategy should be on every online vendor’s shopping list. Source: http://www.cbronline.com/news/cybersecurity/breaches/ddos-wipe-black-friday-online-sales/

Visit link:
Could a DDoS wipe out Black Friday online sales?

New DDoS attack method called BlackNurse lets hackers take down firewalls and servers from a single laptop

Security researchers have discovered a new attack technique that requires less effort to launch large-scale attacks. A new DDoS attack method called BlackNurse has been discovered by security researchers, which allows hackers to launch large-scale attacks with less effort than is required for traditional DDoS attacks. BlackNurse also provides attackers with the ability to take down severs and firewalls with just a single laptop. According to researchers at TDC SOC (Security Operations Centre of the Danish telecom operator TDC), BlackNurse leverages low-volume ICMP (Internet Control Message Protocol)-based attacks to launch attacks capable of overloading firewalls and shutting them down. BlackNurse targets vulnerable firewalls made by Cisco, PaloAlto and others, in a “ping flood attack” reminiscent of those popular in the 1990s. TDC researchers said: “The BlackNurse attack attracted our attention, because in our anti-DDoS solution we experienced that even though traffic speed and packets per second were very low, this attack could keep our customers’ operations down. This even applied to customers with large internet uplinks and large enterprise firewalls in place. We had expected that professional firewall equipment would be able to handle the attack. “Based on our test, we know that a reasonable sized laptop can produce approx a 180 Mbit/s DoS attack with these commands.” Researchers at security firm Netresec, clarified how and why the new technique was dubbed BlackNurse, which according to the firm has caused “some confusion/amusement/discussion”. Netresec also cautioned about googling the term, which they claimed “might not be 100% safe-for-work, since you risk getting search results with inappropriate videos that have nothing to do with this attack”. Netresec said: “The term ‘BlackNurse’, which has been used within the TDC SOC for some time to denote the ‘ICMP 3,3? attack, is actually referring to the two guys at the SOC who noticed how surprisingly effective this attack was. One of these guys is a former blacksmith and the other a nurse, which was why a colleague of theirs jokingly came up with the name ‘BlackNurse’. However, although it was first intended as a joke, the team decided to call the attack ‘BlackNurse’ even when going public about it.” How does BlackNurse work? DDoS attacks ideally require a large volume of traffic to successfully cripple targets. Traditionally, large-scale attacks involve hoards of devices and numerous IP addresses working collectively to bombard a targeted server with massive volumes of traffic, in efforts to stop it from functioning. However, BlackNurse does not need an army of compromised devices; neither does it require high volumes of traffic. Instead, BlackNurse issues out low volume ICMP error messages to servers and firewalls, which can fairly easily overload the main processors, rendering them useless. ESET security researcher Mark James told  IBTimes UK:  “BlackNurse uses ICMP flooding to achieve its goal. ICMP is also known as Ping and is predominantly used to test the connectivity between two computers. An ICMP (ping) echo request is sent from one machine and awaits an ICMP echo reply from the receiving machine. “The time of the round trip is measured which would normally indicate how good the connection route is based on errors and or packet loss. If you take that same technology and send lots of requests without waiting for any replies, it’s possible to overload the destination server. It works two-fold, as often the receiving server will attempt to reply to the incoming requests and try to send replies thus increasing its activity and helping the initial attack. Also BlackNurse uses a different technique that is slower than traditional ICMP flood attacks utilising some firewall vulnerabilities or misconfiguration.” Mitigation for such an attack is possible. “Disabling ICMP Type 3 Code 3 on the WAN interface can mitigate the attack quite easily,” the TDC researchers said. “This is the best mitigation we know of so far.” Source: http://www.ibtimes.co.uk/new-ddos-attack-method-called-blacknurse-lets-hackers-take-down-firewalls-servers-single-laptop-1592214

Read the article:
New DDoS attack method called BlackNurse lets hackers take down firewalls and servers from a single laptop

The big data era for DDoS protection has arrived

Avi Freedman discusses the use of big data to cope with the increasingly large scale DDoS attacks. If you weren’t aware of just how “big” DDoS has gotten, the recent attack on Dyn (hopefully) serves as a wake-up call. Within the last month we’ve seen multiple 500 Gbps+ attacks launched by competing IoT botnets. DDoS is now hyperscale! So if DDoS is so big, why are defensive solutions so small? By small, I mean based on relatively limited, single server architectures, rather than on cloud-scale technology. After all, if you search today for any sort of DDoS defence solution, you’re going to be looking nearly exclusively at a set of physical appliances. Even cloud-based DDoS services are based on stacks of appliances, just operated at service provider PoPs. One reason is there’s no practical way around using ASICs and network processors to perform the variety of packet and traffic flow inspections needed to “scrub” IP traffic clean of DDoS packets at high bit rates. However, scrubbing internet traffic of the bad stuff is just one half of the DDoS defence story.  Before you scrub, first you have to find the bad stuff . And the detection layer is where the “smallness” of traditional DDoS protection approaches has reached the end of the road. Appliance-based DDoS detection has hit its ceiling In the out of band DDoS protection architectures which are most common today, a detection appliance receives traffic summaries (NetFlow, sFlow, IPFIX) and BGP routing data detects attacks based on that inbound data, then signals to mitigation layers to scrub the traffic in question. The problem with this isn’t necessarily the overall architecture, but the detection appliance’s compute and storage limitations. A multi-core CPU with NxGB of RAM and some TB of storage is a lot of power for a laptop, but not so much when dealing with huge volumes of traffic flow data. It takes most of the compute power just converting binary wire to text/numeric data. So a ton of compromises must be made in analysing the data to detect attacks, leading to fairly substantial inaccuracies. Big data helps DDoS detection sccuracy The application of big data to DDoS detection is transformative for accuracy, based on two factors. The first factor is how comprehensively the data is examined. For example, to perform any kind of baselining, it’s common for appliances to have to segment traffic flow data based on which router exported the flow records. So let’s say a host IP is being hit by a DDoS attack, but it’s coming in via multiple routers. Instead of seeing a large bump of network-wide traffic going to that host, the detection appliance will see a small bump of traffic across several routers — none of which will trigger any alert or mitigation. A big data approach doesn’t have the computing constraints, so it can always look at network-wide traffic, and so it will naturally notice attacks that would otherwise get missed. The second factor has to do with automation. With compute-constrained appliances, administrators either have to manually configure and maintain many individual IP addresses to baseline, or worse, configure cumulative baselining against a CIDR block, which severely dilutes accuracy. With big data scale, it’s possible to have an adaptive approach to baselining, where the system continuously figures out the set of IPs that are “interesting” based on how much total traffic they’re receiving within a given segment of time, then baselines and evaluates them for anomalies. Overall, big data capabilities have proven to increase DDoS detection and mitigation accuracy by 30 percent or more. Of course, just knowing that big data helps doesn’t mean it’s necessarily easy to achieve. Not all of the many big data platforms and technologies are suitable for DDoS detection, and not all IT or network teams have time and expertise to build a system. Some keys to building big data-powered DDoS detection are to ensure that the system can ingest streaming flow data at high rates; plan sufficient storage to retain data for a relatively long period of time to allow for network-wide anomaly detection; and allow for ad-hoc queries so that there is flexibility both in detection policies as well as forensic analyses to cope with both known and zero-day exploits.  Despite these challenges, the good news is that big data technology, platforms and expertise are proliferating. DDoS is hyperscale, but big data can help defensive strategies scale to meet the challenge. Source: http://www.scmagazineuk.com/the-big-data-era-for-ddos-protection-has-arrived/article/569500/

See the article here:
The big data era for DDoS protection has arrived

Insufficient security measures still hinder cloud adoption

Security and privacy of data and systems in the cloud remains a top worry for 70% of IT professionals worldwide, up from 63% in 2015, according to a new Cloud Security Survey by Netwrix. The top three cloud security concerns in 2016 are unauthorized access (69%), malware (37%) and denial of service (DoS) attacks (34%). Cloud security concerns (up to 5) Even though cloud service providers make security a top priority, cloud computing is still … More ?

More:
Insufficient security measures still hinder cloud adoption

Origin of the beasties: Mirai botnet missing link revealed as DVR player

CCTV cameras? You’ve been looking in the wrong place Security researchers have discovered a “missing link” in the Mirai botnet that may prompt a rethink in what makes up the zombie network.…

Continue reading here:
Origin of the beasties: Mirai botnet missing link revealed as DVR player

How hackers will exploit the Internet of Things in 2017

The Internet of Things (IoT) is now a major force in the weaponization of DDoS. In 2016, IoT botnets have fueled a number of attacks, including the largest-ever DDoS attack, and that role will only grow in the coming years. The tools to carry out these attacks are freely available to the public, and the IoT is expected to be 20 billion devices strong by 2020, so expect more frequent and disruptive attacks from a … More ?

Read the article:
How hackers will exploit the Internet of Things in 2017

Finns chilling as DDoS knocks out building control system

Hint: next time, buy a firewall before you’re attacked Residents in two apartment buildings in the Finnish town of Lappeenranta had a chill-out lasting more than a week after a DDoS attack battered unprotected building management systems.…

Read More:
Finns chilling as DDoS knocks out building control system

Is government regulation the way to blunt DDoS attacks?

Government regulation is a sticky issue in any industry, perhaps even more in cyber security. Every time the government creates a rule or an obligation, goes the argument, it merely opens a hole to be exploited. Exhibit number one is the call for makers of any product with encryption to create a secure back door police and intelligence agencies can use to de-crypt possibly criminal communications. Of course there’s no such thing as an absolutely secure  back door, so it will end up being used by criminals or nation states. I raise this because last week security expert Bruce Schneier again raised the issue of whether governments should step in to help give more protection against distributed denial of service DDoS attacks. It’s easy for attackers to build powerful DDoS botnets that leverage insecure Internet connected devices like consumer webcams, he argues, the most recent of which was the attack last month on U.S. domain name service provider Dyn Inc., which temporarily impaired the ability of a number of online businesses including Twitter. It doesn’t matter, Schneier argues, if DDoS attacks are state-based or not. The fact the software is so easily available to their build a botnot or buy it as a service that can pour 1 TB and more of data at a target is the threat. “The market can’t fix this because neither the buyer nor the seller cares,” he has written. One logical place to block DDoS attacks is on the Internet backbone, he says, but providers have no incentive to do it because “they don’t feel the pain when the attacks occur and they have no way of billing for the service when they provide it.” So when the market can’t provide discipline, Schneier says, government should. He offers two suggestions: –impose security regulations on manufacturers, forcing them to make their devices secure; –impose liabilities on manufacturers of insecure Internet connected devices, allowing victims to sue them. Either one of these would raise the cost of insecurity and give companies incentives to spend money making their devices secure, he argues. I’m not sure. For one thing litigation is a long and expensive process. How do I sue a company headquartered in another country (say, China) that sells devices used by a person in a third country (say, Brazil) which is part of a botnet assembled by a person in another country (say, the U.S.) used to attack me in Canada? There’s also the problem of defining secure. What can a manufacturer do if it forces creation a long password for a device, but users insist on insecure passwords (like “password123456879.”) Still, we need to discuss short-term solutions because, as Schneier points out, with the huge number of insecure Internet connected devices out there the DDoS problem is only going to get worse. Let us know what you think in the comments section below. Source: http://www.itworldcanada.com/article/is-government-regulation-the-way-to-blunt-ddos-attacks/388238

Link:
Is government regulation the way to blunt DDoS attacks?