Tag Archives: ddos-attacks

Homeland Security Wants To End The Scourge Of DDoS Attacks

In 2017, Homeland Security has as much to do with securing digital borders as it does geographical ones. One push the DHS is leading to make cyberspace safe for Americans is the DDoSD project. The first four letters — DDoS — should be familiar enough by now. We’ve numerous distributed denial-of-service attacks in the recent past, with targets ranging from African wireless carriers to cybercrime bloggers to one of the largest DNS providers in the world. It’s the last letter in DDoSD that makes all the difference. That D stands for defense, and the Department of Homeland Security’s Cyber Security Division (CSD) is funding multiple systems that have the potential to stem the rising tide of DDoS attacks. In a post published last week, the DHS stated that its goal is to “build effective and easily implemented network defenses and promote adoption of best practices by the private sector.” With the right tools and the public’s cooperation, the DHS hopes “to bring about an end to the scourge of DDoS attacks.” The DHS post points to a best practices document that was shared by The Internet Society way back in the year 2000. That document describes “a simple, effective, and straightforward method for using[…]traffic filtering to prohibit DoS attacks.” It’s a good starting point, but the DHS post notes that no one defense system can repel every attack. That’s why the DHS has multiple teams working on multiple solutions. One is a peer-to-peer system that would allow Internet providers around the globe to collaborate on the automated detection and mitigation of DDoS attacks. Others are focused on neutralizing high-powered attacks. There’s still work to do, but it’s great to see the DHS leading a coordinated effort because something needs to be done. Last year, DDoS protection provider Imperva Incapsula reported helping its customers fend off an average of 445 attacks every week. Their intensity increased dramatically, too, up from around 200Gbps in 2015 to 470Gbps in 2016. Add in a report from Verizon that named the three biggest targets of DDoS attacks as cloud and IT service providers (49% of all attacks), the public sector (32%), and banks (9%), and it becomes very clear why we need the DDoSD project to succeed. Source: http://www.forbes.com/sites/leemathews/2017/02/20/homeland-security-wants-to-end-the-scourge-of-ddos-attacks/#527bd1556c0f

Follow this link:
Homeland Security Wants To End The Scourge Of DDoS Attacks

Majority of DDoS Attacks in October-December 2016 Conducted From Germany, UK, US

According to reports, United States, the United Kingdom and Germany became the top three source countries for DDoS attacks in October-December 2016. MOSCOW (Sputnik) – The United States, the United Kingdom and Germany became the top three source countries for DDoS attacks in October-December 2016, an Internet company dubbed Akamai said in report Wednesday, adding that the overall number of attacks in 2016 increased by 4 percent compared to previous year. “The top three source countries for DDoS attacks were the U.S. (24%), the U.K. (10%), and Germany (7%). In the past year, China dominated the top 10 list of source countries. In Q4 2016, China dropped to the fourth position overall, with 6% of traffic,” the State of the Internet / Security Report said. Russia became the fifth country in the list, with 4.4 percent of attacks. “The average number of DDoS attacks remained steady this quarter [October-December 2016] at 30 per target, indicating that after the first attack, an organization has a high likelihood of experiencing another,” the report said. The study notes that the number of IP addresses, used for DDoS attacks, significantly increased in the last quarter of 2016. The report also provides data regarding attacks in January- September 2016, with China, the United States, Turkey and the United Kingdom being the top source countries for attacks. Source: https://sputniknews.com/world/201702151050711562-ddos-atacks-internet/

Visit link:
Majority of DDoS Attacks in October-December 2016 Conducted From Germany, UK, US

The next generation of cyber attacks — PDoS, TDoS, and others

2016 was a landmark year in cyber security. The cyber landscape was rocked as Internet of Things (IoT) threats became a reality and unleashed the first 1TB DDoS attacks — the largest in history. Security experts had long warned of the potential of IoT attacks, and a number of other predictions also came true; Advanced Persistent Denial of Service (APDoS) attacks became standard, ransom attacks continued to grow and evolve and data protection agreements dominated privacy debates. So what’s coming in 2017? Well, for years there have been theories about how a cyber attack could cripple society in some way. So what would this look like, and how could it come to fruition in 2017? An attack type that has been largely ignored that could prove to be key in a major cyber attack is the Permanent Denial of Service (PDoS) attack. This attack type is unique as rather than collecting data or providing some on-going nefarious function its only aim is to completely prevent its target’s device from functioning. PDoS, or Phlashing PDoS, also known as “phlashing”, often damages its target to such an extent that replacement or reinstallation of hardware is usually required. Although the attack type itself has been around for some time now, but it’s easy to imagine how much damage they could do it today’s connected world, and therefore it could quickly gain momentum in 2017. For example, one method PDoS leverages to accomplish its damage is remote or physical administration on the management interface of the victim’s hardware, such as routers, printers, or other networking hardware. In the case of firmware attacks, the attacker may use vulnerabilities to replace a device’s basic software with a modified, corrupt, or defective firmware image. This “bricks” the device, rendering it unusable for its original purpose until it can be repaired or replaced. Other attacks include overloading the battery or power systems. We’ve already seen the potential harm that a PDoS attack could cause, when in November last year an attack on residential apartments in Finland targeted the building management system. The attack took the system offline by blocking its Internet connection, causing it to keep rebooting itself in order to reconnect. As a result, the system was unable to supply heating at a time when temperatures were below freezing. Fortunately, the facilities service company were able to relocate residents while the system was brought back online. You only have to consider devices like Samsung’s Note 7 to see the safety hazards that the devices we all carry around with us can potentially harbor. There have been numerous test cases of malware and bots overheating devices, causing them to physically distort or worse. These attacks, bundled into a cyber attack, could have devastating and lasting effects beyond what we commonly think about in the world of the “nuisance” DDoS attack. Another attack type that has flown under the radar is Telephony Denial of Service (TDoS). This attack type will likely rise in sophistication and become a key tool in cyber attackers’ arsenals, particularly those who are more interested in wreaking havoc than having financial gain as a motivator. The rise of the Darknet Just imagine an attacker with the ability to cut off communications during a crisis period. This would hinder first responders, exacerbate suffering and in some situations it could potentially increase loss of life. A physical attack, such as a terror attack, followed by a targeted TDoS attack on communication systems could be devastating. Like PDoS, TDoS has been around for some time but again, as we depend more and more on these connected systems the impact of a targeted attack becomes magnified. One prediction that has come true in the past few years is the rise of the Darknet. However, in 2017 it could go a step further and become a mainstream tool that almost anyone can use to launch attacks or manipulate data. The Darknet offers easy and affordable access to attacks that can terrorize or otherwise alter someone’s personal details for financial or other benefits. The scope of the Darknet is also reaching further than ever thanks to the huge increase in connected devices that the general public has at their disposal. Examples include the ability to rent compromised surveillance systems, access to legal information including lawyers’ emails and the ability to view and manipulate medical or educational records. 2017 could see a frightening scenario develop where the definitive source of who we are and how our details are recorded and accessed is unknown. Just imagine being in a job interview and your CV doesn’t match your online school records. Who will the potential employer trust? This analogy can be extended to numerous scenarios, but the common thread is that your online records require high security and fidelity in order for you to function properly in society. In light of that, one of the single most personalized acts of terror that can occur is a wide-scale loss, alteration or deletion of records — with no reconstitution capability. This should strike fear in us all. Source: https://betanews.com/2017/02/09/the-next-generation-of-cyber-attacks-pdos-tdos-and-others/

View article:
The next generation of cyber attacks — PDoS, TDoS, and others

DDoS attack on Dyn costly for company: claim

A distributed denial of service attack on Dynamic Network Services, otherwise known as Dyn, in October 2016, led to the company losing a considerable amount of business, according to data from the security services company BitSight. A report at the Security Ledger website said while Internet users endured short-term pain because they were cut off from popular websites during the attack, the company, Dyn, lost the business of about 8% of the domains — about 14,500 — it was hosting shortly thereafter. This figure was based on statistics in a talk given on 24 January by Dan Dahlberg, a research scientist at BitSight Technologies in Cambridge, Massachusetts. Dyn is based in Manchester, New Hampshire. It was recently bought by Oracle Corporation. During the outage, Dyn was targeted by hackers who are said to have used digital video recorders and security cameras which were compromised by malware known as Mirai and used to form a massive botnet. The first attack, on 21 October 2016 US time, began at 7.10am EDT (10.10pm AEDT) and, once this was resolved by Dyn, further waves caused disruptions throughout the day. While major US websites like Twitter, Spotify, Netflix and Paypal were disrupted, the application performance management software company Dynatrace said that Australian websites were affected as well. Among the Australian sites that took a hit, Dynatrace listed AAMI, ANZ, BankWest, Coles, The Daily Telegraph, Dan Murphy’s, ebay, HSBC, The Herald Sun, NAB, 9News, The Age, Ticketmaster, The Australian, Woolworths, The Sydney Morning Herald, and Westpac. BitSight provides security rating services for companies. It analysed 178,000 domains that were hosted on Dyn’s managed DNS infrastructure before and after the attacks; of these 145,000 used Dyn exclusively, while the remaining 33,000 used Dyn and others too. After the attack, according to Dahlberg, 139,000 of the 145,000 domains managed exclusively by Dyn continued to use its services, a loss of 4% or 6000 domains. Among domains that used Dyn and other providers as well, there was a loss of 8000 domains, or 24%. Security Ledger said it had tried to get a comment from Dyn but was refused one. It is not clear whether any of the 14,500 domains that were found not to be using Dyn’s services in the aftermath of the attack returned to the provider. Source: http://www.itwire.com/security/76717-ddos-attack-on-dyn-costly-for-company-claim.html

View the original here:
DDoS attack on Dyn costly for company: claim

How to Identify a DDoS Attack

DDoS stands for Distributed-Denial-of-Service. It basically means that a surge of information cuts you off from your network i.e. your server or your web host, disallowing access to web services. In recent times, a series of DDoS attacks have taken place, which is proven but the statistics put together by Arbor Networks’ 12th Annual Worldwide Infrastructure Security Report (WISR). The report indicates that incidences of DDoS attacks have risen 44% compared to last year. In fact, 53% of the service providers that were surveyed mentioned that 53 percent they are seeing more than 21 DDoS attacks per month, up from 44 percent last year. It is important to know if your network is under an attack, and take the necessary correction steps. Especially if you are an online business, a DDoS attack can wreak havoc, stopping your operations completely. An attack is initiated by sending a flood of traffic to your server or web host, thereby, eating into your available bandwidth and server resources. In effect, the original user, which is you, are left without access to web services. In extreme situations, the server may crash too. In fact, the attack is not launched from one source, making it difficult to track down a single IP in computer and data logs. The attacker generally infects user networks, including personal computers, mobiles, and IoT devices and so on, through his or her malware-infected machines. That is where the complexity of identifying a DDoS attack arises- it can quickly spiral into large proportions. Also, a DDoS attack can strike without warning, most hackers do not believe in sending threats before carrying out the hack. It may look like your website server or hosting domain is down, while in reality it may be a DDoS attack. Even elaborate server tests may just indicate a high traffic, which may appear normal. Hence it is important to be on the vigil and consider that you may indeed, be under a DDoS attack: Here are the key clues to look out for: An IP address makes x requests over y seconds, many times consistently, or IP addresses may repeat frequently: If you spot this behaviour for specific IPs, you can direct traffic from those IPs to specific NULL routes. This will bypass your servers. At the same time, make it a point to whitelist some of the valid IPs. Your server responds with a 503 error citing a service outage: Windows allows you to schedule alerts when a specific event happens in Event Viewer. Allocate a task to an event (such as errors or warnings). Similarly, allocate a task to a 503 event by opening Event Viewer, right clicking on the event, and set up a configuration to send an email to an administrator or to a team of people. Loggly can help you with this in case of multiple servers. Ping requests time out: Move beyond manually pinging servers to test response. A number of web pinging services are available, such as, UpTimeRobot, Pingdom, Mon.itor.us, InternetSeer, Uptrends and others. You can configure the frequency at which you want your site to ping from world-over. If a time out occurs, it is reported back to you or your team. Logs show a huge spike in traffic: Loggly can be used as a lookout for DDoS attacks. It not only shows traffic spikes but also their occurrence date and time, their originating servers and user errors. The logs and alerts can be designed to be more specific, for example, base your alerts on a combination of events and traffic spikes, so as to do away with false alerts. It is not practically possible for any human to keep looking out for these signs. One must automate notification systems. Loggly is a useful tool that can send these alerts to external messaging platforms too, such as Slack, or Hipchat. Of course, it is important that you learn how to perfectly configure an alert, to catch the right indicators, at the same time avoiding an overload of alerts. Source: http://www.readitquik.com/articles/networking-2/a-guide-to-identify-ddos-attack/

View article:
How to Identify a DDoS Attack

Get ready for the cyber war in 2017: know your enemy

The current state of the cyber security industry is troubling to say the least, with 2016 experiencing a greater number of successful, more vicious cyber attacks than ever before The past few months have summed up the current state of the cyber security industry. In a matter of days at the end of November the European Commission was brought offline by a distributed denial-of-service (DDoS) attack, San Francisco’s Municipal Railway was held to ransom by ransomware in a system-wide attack and it was revealed that in September the Japanese Defence Ministry and Self-Defence Forces were hacked, which may have compromised Japan’s internal military network. It seems almost farcical, and from these recent examples it is evident that critical infrastructure is totally unprepared for an attack and will continue to be severely vulnerable at the beginning of 2017. It is not just the public sector that is suffering, with private organisations facing daily hacking attacks despite serious investment in cyber security strategies. The problem is inherently twofold. The first is that cyber criminals and their tactics are constantly evolving, becoming more overwhelming and hard to detect by the day, it seems. The ferocity of cyber attacks was illustrated last year by the Mirai botnet n(or Dyn) attacks that overran a number of systems using corrupted Internet of Things (IoT) devices. When the malicious code was first published online in October, it gave a suspected group of teenagers the ability to shut down the likes of Twitter and Spotify. In the preceding month, Liberia’s internet was taken offline using the same code. Improving the security of IoT devices will be crucial during 2017. This is where the most devastating cyber attacks will originate. Source: http://www.information-age.com/get-ready-cyber-war-123464202/

Original post:
Get ready for the cyber war in 2017: know your enemy

Assessing The Massive Security Vulnerability Of The Internet Of Things

The increase in connected devices could make 2017 a banner year for cyber attacks. A report by global professional services company Deloitte said that Distributed Denial of Service (DDoS) attacks will grow in size and scale in 2017, thanks in part to the growing multiverse of connected things. According to Deloitte’s annual Technology, Media and Telecommunications Predictionsreport, DDoS attacks will be more frequent, with an estimated 10 million attacks in total over the next 12 months. DDoS attacks are no new phenomena. The potential impact on an organization from this category of cyber threat should never be underestimated, Deloitte said. The report said that the size of DDoS attacks has increased year-on-year. Between 2013 and 2015, the largest attacks did not exceed 500 gigabits per second. In 2016, there were two attacks that exceeded one terabit per second. Over the next 12 months, the average attack size is forecast to be between 1.25- and 1.5 GBs per second, with at least one per month exceeding 1 TB per second. On a basic level, the success of DDoS attack is focused on making a website or network resource—a server, for example—unusable. This scenario is achieved by creating a flood of Internet traffic from multiple sources that are launched simultaneously. The website or resource is then overwhelmed, resulting in a suspension of service or access. For example, an ecommerce website that is hit by a DDoS attack would be unable to sell its products until the attack was contained. At the same time, any exposed vulnerabilities could produce a knock-on effect and take other organizations or websites down with it. “DDoS attacks are the equivalent of hundreds of thousands of fake customers converging on a traditional shop at the same time,” the report said. “The shop quickly becomes overwhelmed. The genuine customers cannot get in and the shop is unable to trade as it cannot serve them.” Connected Devices Are An Easy Target There are several methods for creating this type of chaos but the most common are botnets and amplification attacks. A DDoS attack generated through a botnet accesses hundreds of thousands of connected devices that have been told to act in disruptive manner via malicious code. An amplification attack also uses malicious code by instructing a server to generate multiple fake IP addresses that are then sent to a website—known as “spoofing”—which then overwhelm that service. Both of these approaches are widely known, although it is the botnet that has become more prevalent. Irrespective of how widespread the impact is on an organization or network, Deloitte said that three concurrent trends will escalate the potential for DDoS attacks in 2017—the Internet of Things, widely available malware and high bandwidth speeds. The prime culprit will be the Internet of Things. Connected devices are notoriously insecure and ripe for being taken over by a third party. The standard way to gain remote access to a device is through a user ID or password, but some people may not be aware that a device’s firmware offers hackers a way in, Deloitte said. Deloitte said: The majority of users are familiar with the need to change user ID and passwords before using a device for the first time, and at regular intervals thereafter. But approximately half a million of the billions of IoT devices worldwide—a small proportion of the total, but a relatively large absolute number—reportedly have hard-coded, unchangeable user IDs and passwords. In other words, they cannot be changed, even if the user wants to. Hard-coded user IDs and passwords are not an issue provided that a third party doesn’t know what they are. The problem is that they can be easy to find. The Internet Of Things Is Always Exploitable Anyone with a degree of programming knowledge can sift through a device’s firmware to discover what these IDs and passwords are, the report said. In addition, a compromised Internet of Things device may not show any signs of being compromised to its owner, especially if there is no obvious deterioration in performance. Theoretically, millions of devices could be affected without their owners having any idea that the device was part of a botnet, Deloitte said. Consumer confidence in the Internet of Things is aligned with how secure a connected device is, confidence that can be shattered if that device can be exploited with little effort. For example, the cyber attack on October 21, 2016, that affected the Dyn network was attributed to a botnet that used Internet-connected devices to take down numerous high-profile services that included Twitter, Amazon.com, Spotify, Comcast, Fox News and PayPal. Thousands of connected devices were used in this attack, which is now accepted as one of the largest of its kind to date. Any company or organization that has a presence on the Internet should be aware that DDoS attacks are not going to stop anytime soon. The report cited several sectors that should be alert to the impact that a successful DDoS attack could have including (but not limited to) retailers with a high proportion of online revenue, video streaming services, financial or professional service companies and online video games providers. “Some organizations may have become a little blasé about DDoS attacks, however these attacks are likely to increase in intensity in 2017 and beyond, and the attackers are likely to become more inventive,” said Deloitte. “Unfortunately, it may never be possible to relax about DDoS attacks. The DDoS genie is out of the bottle, and is unlikely to pop back in.” Source: https://arc.applause.com/2017/01/27/ddos-iot-vulnerability-asssessment/

Taken from:
Assessing The Massive Security Vulnerability Of The Internet Of Things

Hong Kong securities brokers hit by cyber attacks, may face more: regulator

HONG KONG (Reuters) – Hong Kong’s securities regulator said brokers in the city had suffered cyber attacks and warned of possible further incidents across the industry. Regulators in Hong Kong have been stepping up efforts over the past year to combat the growing menace of cyber attacks on companies. A survey in November showed the average number of such attacks detected by firms in mainland China and Hong Kong grew a whopping 969 percent between 2014 and 2016. [nL4N1DU35T] In a circular to licensed firms late on Thursday, the Securities and Futures Commission (SFC) said it had been informed by the Hong Kong police that brokers had encountered so-called “distributed denial of service” (DDoS) attacks targeting their websites and received blackmails from criminals. “The DDoS attacks have caused service disruption to the brokers for a short period. It is possible that similar cyber security incidents would be observed across the securities industry,” the SFC said in the notice. Distributed denial of service (DDoS) attacks, among the most common on the Internet, involve cyber criminals using hijacked and virus-infected computers to target websites with data requests, until they are overwhelmed and unable to function. The SFC urged firms in the financial center to implement protective measures, including reviews of the IT systems and DDoS mitigation plans. Source: https://www.yahoo.com/tech/hong-kong-securities-brokers-hit-cyber-attacks-may-043353386–sector.html

See more here:
Hong Kong securities brokers hit by cyber attacks, may face more: regulator

South Korean authorities worry about DDoS attacks ahead of elections

A new report from a South Korean government agency, the country is at risk of DDoS attacks ahead of the country’s possible election. South Korean authorities are reportedly worried about ramped up attacks from the country’s hostile northern neighbour. A recently released report predicted DDoS attacks, leveraging IoT botnets, would be used to attack government ministries. Authored by the state-run Korea Internet & Security Agency (KISA), the report warns of DDoS attacks just before the country’s upcoming elections. The attacks, which leverage widely insecure IoT devices, could be launched against government ministry, national infrastructure or social bodies to destabilise South Korea. Jeon Kil-soo, from KISA told South Korean news agency, Yonhap, that “there is the possibility that huge DDoS attacks could occur by using IoT devices from both home and abroad”. Kil-soo added that such attacks could be deployed against presidential candidates. Current president Park Geun-hye is currently faced with an impeachment motion, which, if adopted by Korea’s Constitutional Court, will trigger another election. The decision is expected to be made in the next two months. According to KISA’s report, such an occasion would be ripe for exploitation by, some expect, North Korea. South Korea are not the only country bracing themselves for cyber-interference in upcoming elections. Against a backdrop of accusation of Russian interference in the American election, top government officials from Germany, France and other countries have expressed fears about such threats. North Korea’s cyber-offensive activities have long been suspected. The North Korean government was reported to be behind the attacks on Sony Pictures on the eve of the 2014 release of The Interview, a comedy which satirised the country’s leader Kim Jong Un. In November 2014, Sony Pictures Entertainment was breached by a group calling itself the “Guardians of Peace”. The hackers released a slew of emails, personal information and other data from inside the company, prompting sanctions against the country. North Korean agents are also suspected to be behind the heist on the Bangladesh Central Bank. In early 2016, hackers stole US$81 million (£65 million) by impersonating legitimate money orders. The money was then laundered through Sri Lanka and the Philippines into the coffers of, some suspect, the North Korean government. This kind of activity takes on a new light when applied to South Korea. South and North Korea have technically been at war since the middle of the twentieth century. Split in two against the backdrop of the Cold War, the countries fought a war between 1950 and 1953. The war never technically ended and the countries remain separate with a Chinese backed opaque dictatorship under the Kim Jong family in the north and a liberal democratic regime in the south. The two countries exist in a state of formal hostility, and while not effectively at war are believed to regularly meddle in each other’s societies, the cyber-realm included. James Hoare, an associate fellow at Chatham House and the man formerly charged with setting up a British embassy in North Korea, “the report is all very speculative, with nothing much in the way of hard facts.” There are many such claims about North Korean cyber-attacks, “including claims of interference with aircraft landing at Inchon airport – though having watched the behaviour of people on flights into and from Inchon, I would not be surprised if some of the alleged attacks were in reality people on their mobile devices while the planes are taking off and landing.” These kinds of claims are common but “tend to be somewhat unspecific, but on at least one recent occasion, the North Korean released information that indicated that they had been approached to stage some sort of diversion at the time of an election.” Source: https://www.scmagazine.com/south-korean-authorities-worry-about-ddos-attacks-ahead-of-elections/article/633651/

See original article:
South Korean authorities worry about DDoS attacks ahead of elections

Global concern over distributed denial-of-service attacks

Arbor Networks has released its 12th Annual Worldwide Infrastructure Security Report (WISR). The report covers a range of issues from threat detection and incident response to managed services, staffing and budgets. But the main focus is on the operational challenges internet operators face daily from network-based threats and the strategies adopted to address and mitigate them. The largest distributed denial-of-service (DDoS) attack reported this year was 800 Gbps, a 60% increase over 2015’s largest attack of 500 Gbps. According to Arbor, DDoS attacks are not only getting larger, but they are also becoming more frequent and complex. Darren Anstee, chief security technologist with Arbor Networks, says survey respondents have grown accustomed to a constantly evolving threat environment with steady increases in attack size and complexity over the past decade. “However, IoT botnets are a game changer because of the numbers involved – there are billions of these devices deployed and they are being easily weaponised to launch massive attacks,” he says. “Increasing concern over the threat environment is reflected in the survey results, which show significant improvements in the deployment of best practice technologies and response processes. The report also found that the emergence of botnets that exploit inherent security weaknesses in IoT devices and the release of the Mirai botnet source code have increased attacker ability to launch extremely large attacks. According to the company, the massive growth in attack size has been driven by increased attack activity on all reflection/amplification protocols, and by the weaponisation of IoT devices and the emergence of IoT botnets. Because of this, Arbor say the consequences of DDoD attacks are becoming clear – DDoS attacks they have successfully made many leading web properties unreachable – costing thousands, sometimes millions, of dollars in revenue. However, the company does point out that this year’s survey results indicate a better understanding of the brand damage and operational expense of successful DDoS attacks. Source: https://securitybrief.asia/story/global-concern-over-distributed-denial-service-attacks/

Original post:
Global concern over distributed denial-of-service attacks