Tag Archives: article

Essential DDoS statistics for understanding attack impact

The impact of DDoS attacks extends far beyond mere inconvenience, as they can result in financial losses, compromised data, and erosion of customer trust. Understanding the nature and consequences of DDoS activity is essential for organizations and individuals alike as they strive to protect their online presence and ensure the uninterrupted flow of critical services. In this article, you will find excerpts from DDoS attack surveys we covered in 2023. This data will enable your … More ? The post Essential DDoS statistics for understanding attack impact appeared first on Help Net Security .

Link:
Essential DDoS statistics for understanding attack impact

6 steps for defending against DDoS attacks

If your business hasn’t already faced a distributed denial-of-service (DDoS) attack, brace yourself: fake traffic is coming. Your DevOps team and IT service desk need an action plan to handle these threats. This article will take you step-by-step through the process of identifying, stopping, and responding to DDoS attacks. The Task at Hand Before we discuss how to stop DDoS attacks, we need to examine their nature. No matter who launches a DDoS assault, the functional objective is the same: to take down a web service so that it denies access to legitimate end users. Hackers launch DDoS attacks for sport. Competitors do it to hurt your business. Hacktivists use them to further a cause. Extortionists even use DDoS attacks to hold web services for ransom. Whether attackers bombard your network with traffic, target a protocol, or overload application resources, the mechanics of DDoS attacks change little. Year after year though, DDoS attacks increased in size, complexity, and frequency according to research published by Arbor Networks in July 2016. The security firm recorded an average of 124,000 DDoS events  per week  over the prior 18 months. At 579 Gbps, the largest known attack of 2016 was 73 percent larger than the 2015 record holder. Mind you, 1 Gbps is enough to take down most networks. In theory, the task at hand is simple: create a system that can absorb DDoS attacks. In practice, DDoS defense is difficult because you have to distinguish between legitimate and illegitimate sources of traffic — and cybersecurity budgets don’t grow on trees. With these considerations in mind: Set Traffic Thresholds  You probably track how many users visit your site per day, per hour, and per minute. Thus, you understand your average traffic levels and, hopefully, you’ve recorded how special events (sales, big news releases, etc.) affect visits. Based on these numbers, set thresholds that automatically flag abnormal traffic for your security team. If you expect 1,000 visitors per 10 minutes, an influx of 5,000 visitors over one minute should trigger your alert. Blacklist and Whitelist Control who can access your network and APIs with whitelists and blacklists. However, do  not automatically blacklist IP addresses that trigger alerts. You will see false positives, and overreacting is a sure way to infuriate good customers. Temporarily block traffic and see how it responds. Legitimate users usually try again after a few minutes. Illegitimate traffic tends to switch IP addresses. CDNs The best defense against DDoS attacks is a content delivery network (CDN) like Prolexic (acquired by Akamai), Incapsula, Arbor Networks, or CloudFlare. They can identify illegitimate traffic and divert it to their cloud infrastructure. The problem is that CDNs are not cheap. A typical plan costs five figures per month. Or, if you pay per incident, you might get a six-figure bill for one attack. If you run a bank, a massive ecommerce company, or a social platform that makes thousands of dollars per second, that’s a small price to pay. Most companies either can’t afford a CDN or don’t have a platform that warrants such high security. If, for instance, your company has an informational website where no one makes transactions or uses services, you don’t need a CDN. You’re not a prime target. An application or network firewall might be enough to prevent abnormal traffic. If a DDoS attack takes you down, it won’t harm customers or your reputation. The cheapest way to defend against DDoS attacks is to deploy more servers when you detect suspicious activity. That is the  least  reliable method but still better than nothing. Remember, there is no end to the amount of money you can throw at security. Depending on your budget and risk tolerance, choose the right option for your service desk. Automate Communication with Customers When a DDoS attack succeeds, you don’t want your service desk buried in emails, phone calls, social media posts, and instant messages. Create a status page that automatically displays whether your service is up or down. Also, create DDoS communications templates that you can auto-send to end users who contact you. These templates should cover any interruption to service, not just DDoS attacks. Keep it vague with something like: “Thank you for contacting [your company name]. Our platform is currently down. We are working as quickly as possible to restore service. We will post updates on our status page [hyperlinked] as soon as we have more information”. Incident Report and Root Cause Analysis After you suffer an attack, you need to reestablish credibility. Draft an incident report explaining what happened, why, and how you responded. Then, discuss how you will prevent future attacks. If you contracted a CDN, for instance, discuss how it works and how it will deter future attacks. Open the report with simple,  non -technical language. You can add a technical section for CIOs, CTOs, and others who would appreciate the details. Practice for Attacks Simulate DDoS attacks to gauge how your action plan works. You could give DevOps and the service desk warning or take them by surprise to make the simulation realistic. Companies often run simulations in a planned maintenance window to spare end users further inconvenience. If you have a CDN, you can warn the provider, or not. Obviously if you pay per incident, coordinate tests with the CDN provider. Expect the Worst DDoS attacks are inevitable. Although they range from acts of digital vandalism to full-blown cyberterrorism, all DDoS attacks follow the same principles. Your action plan should address all types of DDoS attacks, no matter who perpetrates them. Whatever you do though, do not sacrifice your end users to cybersecurity paranoia. Better to suffer an attack than throttle the business you sought to defend. Source: http://betanews.com/2016/09/15/6-steps-for-defending-against-ddos-attacks/

Visit site:
6 steps for defending against DDoS attacks

What You Need to Know about the Evolution of DDoS

In an attempt to define the modern-day DDoS attack, one must understand – there is more than one type of attack. Starting with the simplest first,  network level  DDoS attacks are the easiest to launch. They are fundamentally designed to crush networks and melt down firewalls. Aimed at filling state tables and consuming the available resources of network gear, today hackers require larger and larger botnets to be successful. As organizations install bigger pipes and improve their router, firewall, and switch capacity, this type of attack is becoming less effective.  Also, due to law enforcement taking notice of the larger botnets required to be successful, attackers had to devise a better tactic. Hence, the birth of the  reflective/amplified  attack. Using open DNS, NTP, and now UPnP devices located all over the Internet, attackers have learned how to amplify their attacks, and today they’re capable of filling large numbers of 10 Gbps pipes; using botnets of only a few-thousand machines. Firewall state tables and network resources are often not consumed in this case. Instead, pipes are filled with more traffic than they can forward. Packets can only travel so fast down a wire and when they backup, outages and latency ensue. It’s not the case of more packets; it’s the case of bigger packets. As a result of the amplification factor achieved, these attacks are now being  fragmented  as well. Too many fragmented packets are often a death sentence for devices performing deep packet inspection, like next-generation firewalls and IPS. Attackers can flood them with an excessive amount of fragments, consuming vast amounts of CPU, and these devices often melt down in no time at all. Even the highest performing next-generation firewalls and IPS will feel the effects of this type of attack. From an attacker perspective, interweave repetitive  application-layer  attacks designed to consume resources on servers, and you’ve got a recipe for success. Pound the final nail in the coffin by adding  specially crafted packet  attacks designed to take advantage of weak coding, and simply put – anyone will go offline without the right defenses. Attackers today use all five categories simultaneously, making it even harder to defeat without blocking vast amounts of good traffic. However, DDoS attacks are not always about bringing organizations offline. Today’s attackers are launching short-duration, partially saturating attacks that are intended to NOT take the victim offline. Instead, they’re designed to consume time, attention, “people” resources, and log storage. If the average enterprise had to choose between suffering from a DDoS attack or a data breach – they’d likely choose a DDoS attack – taking comfort in the fact that their most valuable information would remain intact, and out of the hands of a hacker. However, DDoS is all about hiding other attacks, and your data is the true target. DDoS is a serious threat – one that has vastly evolved from the simple, easily resolved attacks of the past. Often overlooked as a nuisance, any DDoS activity should raise a red flag for IT departments. When an attack lasts for a few hours (or even a few minutes), most organizations believe the attacker got tired, gave up, or the victim’s defenses withstood the onslaught. The misconception here is a sense of invincibility. However, the real reason the DDoS attack may have subsided is because the attacker achieved their objective – access to your data. Often attackers are targeting your data the whole time, while leading many to believe they’re trying to take organizations offline. Frequently, this is not their intention at all. This is emphasized by the recent rise in Dark DDoS attacks that act as a distraction to the IT department – while a damaging hack is enacted and data is stolen. If businesses are too complacent about DDoS protection, they can be financially ruined due to brand damage and the immediate decrease in customer confidence they often experience – as a result of an attack. This leads some to the point of no return. Often hidden by the Dark DDoS attack, the losses associated with the compromise of proprietary data ends up costing more to mitigate, than the attack itself. It is quite the vicious cycle. The most targeted organizations are obviously those who thrive on Internet availability, or gain the attention of hacking groups like Anonymous. Finance, news, social networks, e-retail, hospitality, education, gaming, insurance, government services, etc. are all seriously impacted by an outage. These organizations almost always make the news when downtime occurs, which in turn leads to a loss of customer confidence. In addition, any organization that has sellable data often finds themselves in the cross hairs of a Dark DDoS attack. Remember, attackers in this case want access to your data, and will do just about anything to get it. Attackers also love notoriety. News-making attacks are often like winning a professional game of chess. Their strategies, skills, and perseverance are all tested and honed. Hacker undergrounds take notice of highly skilled attackers. Often job agreements or an offer for “a piece of the action” is the reward for those with notable skills. While all of this activity may be considered illegal in just about every country, the reward seems to outweigh the punishment. As long as that is the case, attackers will continue their activities for the foreseeable future. So, what’s the solution? Put the right defenses in place and eliminate this problem – once and for all. It begins with understanding the importance of cloud-based DDoS defenses. These defenses are designed to defeat pipe-saturating attacks closest to their source. They also reduce latency involved with DDoS mitigation, and help eliminate the needs to backhaul traffic around the globe to be cleansed or null routed. Selecting a cloud provider with the highest number of strategically located DDoS defense centers that they operate themselves, makes the absolute best sense. In addition, selecting a cloud provider who can offer  direct connectivity  to your organization where applicable is also the recommendation. Diverting incoming traffic to the cloud to be cleansed is normally done via BGP. It’s simple, fast, and effective. However, returning the “clean” traffic back to the customer represents a new set of challenges. Most cloud providers recommend GRE tunnels, but that approach is not always the best. If you can connect “directly” to your cloud provider, it will eliminate the need for GRE and the problems that accompany that approach. The result of a direct connection is quicker mitigation and more efficient traffic reinjection. Are cloud-based DDoS defenses the end-all? Not really. The industry recognizes a better method called the hybrid-approach. The thought process here is that smaller, shorter DDoS attacks are more effectively defeated by on-premises technology, while larger and longer attacks are more efficiently defeated in the cloud. The combination of the two approaches will stop all DDoS attacks in their tracks. In addition, volumetric attacks are easily defeated in the cloud, closest to the source of attack. Low-and-slow attacks are more effectively defeated closer to the devices under attack. This combined approach provides the best of both worlds. Complete visibility is another benefit of the hybrid approach. Cloud-based DDoS defense providers who have no on-premises defense technology are blind to the  attacks against their own customers . Many cloud providers attempt to monitor firewall logs and SNMP traps at the customer’s premises to help detect an attack. However, that’s comparable to using a magnifying glass to study the surface of the moon – from earth. The magnifying glass is not powerful enough, nor does it offer enough granularity to detect the subtleties of the moon’s surface. Purpose-built, on-premises DDoS defense technologies are the eyes and ears for the cloud provider. The goal here is to detect the attack  before  a customer actually knows they’re under attack. This equates to immediate DDoS detection and defense. Detection is actually the hardest part of the DDoS equation. Once an attack is detected, mitigation approaches for the most part are similar from one vendor to another. Using a set of well-defined mechanisms can eliminate nearly every attack. Most defenses are based upon a thorough understanding of the way protocols work and the behaviors of abnormal visitors. Finding a vendor who has the most tools and features in their defensive arsenal is the best practice. The final recommendation is to select a vendor who has both cloud-based and on-premises defenses, especially if those defenses use the same underlying technologies. On-premises hardware manufacturers who also offer cloud-based services are the way to go. The reasoning is simple. If the cloud defenses are quite effective, adding on-premises defenses of the same pedigree will become even more effective. In addition, the integration of the two approaches becomes streamlined when working with a single vendor. Incompatibilities will never be an issue. If the recommendations in this article are followed, DDoS will never be an issue for you again. The vulnerability is addressed, the risk is mitigated, and the network is protected. That’s what IT professionals are looking for – a complete solution. Source: http://virtual-strategy.com/2016/08/15/need-know-evolution-ddos/

Read this article:
What You Need to Know about the Evolution of DDoS

Anonymous DDoS Brazilian Government Websites Because Rio Olympics

ANONYMOUS IS CONDUCTING CYBER ATTACKS ON BRAZILIAN GOVERNMENT DOMAINS AND PORTALS AGAINST RIO OLYMPICS CLAIMING THE EVENT IS AFFECTING NATIVES ON A LARGE SCALE! The online hacktivist Anonymous Brazil is targeting Brazilian government websites to register their protest against the ongoing Olympics in Rio de Janeiro. In their recent attack yesterday when millions around the world were watching Rio Olympics opening ceremony the hacktivist were busy conducting cyber attacks on the government websites forcing several of them to go offline. The targeted websites include the official website of the federal government for the 2016 Games (brasil2016.gov.br), Portal of the State Government of Rio de Janeiro (rj.gov.br), Ministry of sports (esporte.gov.br), Brazil Olympic Committee COB (cob.org.br) and the official website of the Rio 2016 Olympics (rio2016.com). In the second phase of their attack, Anonymous leaked personal, financial and login details from domains like Brazilian Confederation of Modern Pentathlon (pentatlo.org.br), o fficial Site of the Brazilian Handball Confederation (brasilhandebol.com.br), Brazilian Confederation of Boxing (cbboxe.com.br) and Brazilian Triathlon Confederation (cbtri.org.br). The leaked CSV files also include hashed passwords of site’s registered users. That’s not all; Anonymous is also claiming to have leaked personal details of Mayor of Rio de Janeiro, Governor of Rio de Janeiro, Minister of Sport, President of the Brazilian Olympic Committee and three businessmen who Anonymous claims are involved in corruption. Also, Anonymous is urging people to use Tor onion browser and conduct DDoS attacks on Brazilian sites. Although such cyber attacks and data leaks will not stop the Olympics but the hacktivists vow to continue with their operations to unmask the elite as stated in the video below: Hello Rio de Janeiro. We know that many have realized how harmful it was (and still is) the Olympic Games in the city. The media sells the illusion that the whole city celebrates and commemorate the reception of tourists from all over the world, many of them attracted by the prostitution network and drugs at a bargain price. This false happiness hides the blood shed in the suburbs of the city, mainly in the favelas thanks to countless police raids and military under the pretext of a fake war. Poverty is spreading throughout the city, forcing entire families to leave their homes and traditional neighborhoods on account of high prices of rent and / or removals made by a corrupt city hall and serves only the wishes of the civil construction. We already manifested in other communications our repudiation to the realization of megaevents in the middle of the glaring social inequalities in this country. Still, even after so many words, so many manifestos or protests on the streets (all always fully supervised by repression, if not repressed with brutal violence) looks like the goverment will continue ignoring the voices of their own people. Therefore, we will continue with our operations to unmask the numerous arbitrary actions of those who are state and therefore its own population enemies. This is not the first time when Anonymous Brazil has protested against a mass sports event in the country, back in 2014 Anonymous conducted protests on the streets against Fifa world cup forcing the government to ban on the Guy Fawkes mask in Rio but in return hackers defaced FIFA Brazil World Cup website with a viral protest footage. At the time of publishing this article; all targeted sites were restored however if you are interested in keeping an eye on Anonymous Brazil’s cyber attacks check out their Facebook page. Source: https://www.hackread.com/anonymous-ddos-brazilian-government-websites/

Read the original post:
Anonymous DDoS Brazilian Government Websites Because Rio Olympics

Massive DDoS Attack Shut Down Several Pro-ISIS Websites

A team of attackers shut down several ISIS aka Daesh websites against terrorist attacks in Nice and Middle Eastern countries! Terrorism has no religion that’s why whenever a terrorist attack is carried out the victims are innocent people irrespective of race or religion. Hackers and DDoSers, on the other hand, are well aware of the enemy and that’s why recently an attacker going by the handle of ”Mons” conducted a series of DDoS attacks using NetStresser tool just a couple of days ago. The reason for targeting these sites was to protest against the sudden increase of terrorist attacks in France and Middle Eastern countries. In a conversation with HackRead, Mons said that he also got assistance from the owner of BangStresser , the famous DDoSing tool which was allegedly used to shut down BBC’s servers and Donald Trump’s website in one of the largest DDoS attacks ever. However, the attack on pro- ISIS websites varied from 50 Gbps to 460 Gbps. Mons further stated that ”We worked together to take down several ISIS websites. This is for obvious reasons. We want to help in any way we can to weaken their influence that threatens and, to some length, literally destroys our very democracy and human rights. Especially after the recent attacks in France and Arabic countries, our wrath has grown. This war needs to be fought on many fronts, and we try to cover one of them.” Here is a screenshot showing the list of targeted websites along with tweets that show earlier attacks on pro-ISIS sites. Upon checking the history on some targeted sites we can confirm the sites were spreading violent content along with terrorist ideology however at the time of publishing this article some sites were restored while some were listed for sale. This is not the first time when attackers have targeted pro-ISIS platforms. In the past, Anonymous did not only conduct cyber attacks but also exposed companies hosting those sites  — Anonymous had also blamed  CloudFlare for protecting terrorists’ websites  from DDoS attacks but the company had denied the allegations. Source: https://www.hackread.com/ddos-attack-on-pro-isis-websites/

See the article here:
Massive DDoS Attack Shut Down Several Pro-ISIS Websites

The average DDoS attack tripled in volume

The average packet volume for DDoS attacks increased 340 percent to 4.36 million packets per second (Mpps), and the average bit volume swelled 245 percent to 12.1 Gbps in the final quarter of 2014, ac…

Read the original post:
The average DDoS attack tripled in volume

DoJ provides update on Gameover Zeus and Cryptolocker disruption

The Justice Department filed a status report with the United States District Court for the Western District of Pennsylvania updating the court on the progress in disrupting the Gameover Zeus botnet an…

Original post:
DoJ provides update on Gameover Zeus and Cryptolocker disruption

Dispelling the myths behind DDoS attacks

Distributed Denial of Service (DDoS) attacks are quickly becoming the preferred method for cyber attackers to wreak havoc on the internet. With a recent spate of attention grabbing headlines focused o…

Continue reading here:
Dispelling the myths behind DDoS attacks

Feds charge 30-year-old suspect alleged to be lord of Gameover botnet

Arrest warrant out as recommended clean-up site staggers under demand A US indictment has been unsealed against an alleged cybercrime mastermind following an FBI-led takedown operation that disrupted the internet infrastructure upon which the Gameover ZeuS botnet and the CryptoLocker ransomware had been running.…

Read the article:
Feds charge 30-year-old suspect alleged to be lord of Gameover botnet