While businesses are preoccupied solving DDoS attacks, hackers go in the back door to do some looting. Distributed denial of service (DDoS) attacks make a lot of noise, and according to a new Kaspersky Lab report, that’s exactly what hackers are using them for. As businesses are preoccupied solving DDoS attacks, hackers use the opportunity for another, more targeted and more deadly type of attack. Basically, DDoS is nothing more than a smokescreen. The conclusion comes in Kaspersky Lab’s report which polled businesses about their cybersecurity experiences, and more than half (56 per cent) say DDoS is being used as a smokescreen. In more than a quarter (29 per cent) of attacks, DDoS has been part of the tactics. Another quarter (26 per cent) said when they lost data due to a targeted attack, they were also hit by DDoS. “DDoS prevents a company from continuing its normal activities by putting either public or internal services on hold,” said Kirill Ilganaev, Head of Kaspersky DDoS Protection. “This is a real problem to businesses and it is often ‘all hands on deck’ in the IT team to try and fix the problem quickly so the business can carry on as before. DDoS can therefore be used not only as an easy way to stop the activity of a company, but also as a decoy to distract IT staff from another intrusion taking place through other channels.” The usual tactics include exploiting mobile devices, phishing scams, or even malicious activity from insiders. “The research shows us that DDoS attacks are often aligned with other threats. Businesses therefore need to be aware of the full threat landscape and prepared to deal with multiple types of criminal activity at any one time,” Ilganaev continued. “Failure to do this could increase the collateral damage, on top of already significant losses caused by downtime and the resulting impact on reputation. Businesses need to use a reliable DDoS protection service to reduce the risk of DDoS and help staff concentrate their efforts on protecting the business from any threats that can be hidden as a result.” Source: http://www.itproportal.com/news/ddos-often-used-as-a-diversion-tactic/
Tag Archives: ddos-attacks
New DDoS attack method called BlackNurse lets hackers take down firewalls and servers from a single laptop
Security researchers have discovered a new attack technique that requires less effort to launch large-scale attacks. A new DDoS attack method called BlackNurse has been discovered by security researchers, which allows hackers to launch large-scale attacks with less effort than is required for traditional DDoS attacks. BlackNurse also provides attackers with the ability to take down severs and firewalls with just a single laptop. According to researchers at TDC SOC (Security Operations Centre of the Danish telecom operator TDC), BlackNurse leverages low-volume ICMP (Internet Control Message Protocol)-based attacks to launch attacks capable of overloading firewalls and shutting them down. BlackNurse targets vulnerable firewalls made by Cisco, PaloAlto and others, in a “ping flood attack” reminiscent of those popular in the 1990s. TDC researchers said: “The BlackNurse attack attracted our attention, because in our anti-DDoS solution we experienced that even though traffic speed and packets per second were very low, this attack could keep our customers’ operations down. This even applied to customers with large internet uplinks and large enterprise firewalls in place. We had expected that professional firewall equipment would be able to handle the attack. “Based on our test, we know that a reasonable sized laptop can produce approx a 180 Mbit/s DoS attack with these commands.” Researchers at security firm Netresec, clarified how and why the new technique was dubbed BlackNurse, which according to the firm has caused “some confusion/amusement/discussion”. Netresec also cautioned about googling the term, which they claimed “might not be 100% safe-for-work, since you risk getting search results with inappropriate videos that have nothing to do with this attack”. Netresec said: “The term ‘BlackNurse’, which has been used within the TDC SOC for some time to denote the ‘ICMP 3,3? attack, is actually referring to the two guys at the SOC who noticed how surprisingly effective this attack was. One of these guys is a former blacksmith and the other a nurse, which was why a colleague of theirs jokingly came up with the name ‘BlackNurse’. However, although it was first intended as a joke, the team decided to call the attack ‘BlackNurse’ even when going public about it.” How does BlackNurse work? DDoS attacks ideally require a large volume of traffic to successfully cripple targets. Traditionally, large-scale attacks involve hoards of devices and numerous IP addresses working collectively to bombard a targeted server with massive volumes of traffic, in efforts to stop it from functioning. However, BlackNurse does not need an army of compromised devices; neither does it require high volumes of traffic. Instead, BlackNurse issues out low volume ICMP error messages to servers and firewalls, which can fairly easily overload the main processors, rendering them useless. ESET security researcher Mark James told IBTimes UK: “BlackNurse uses ICMP flooding to achieve its goal. ICMP is also known as Ping and is predominantly used to test the connectivity between two computers. An ICMP (ping) echo request is sent from one machine and awaits an ICMP echo reply from the receiving machine. “The time of the round trip is measured which would normally indicate how good the connection route is based on errors and or packet loss. If you take that same technology and send lots of requests without waiting for any replies, it’s possible to overload the destination server. It works two-fold, as often the receiving server will attempt to reply to the incoming requests and try to send replies thus increasing its activity and helping the initial attack. Also BlackNurse uses a different technique that is slower than traditional ICMP flood attacks utilising some firewall vulnerabilities or misconfiguration.” Mitigation for such an attack is possible. “Disabling ICMP Type 3 Code 3 on the WAN interface can mitigate the attack quite easily,” the TDC researchers said. “This is the best mitigation we know of so far.” Source: http://www.ibtimes.co.uk/new-ddos-attack-method-called-blacknurse-lets-hackers-take-down-firewalls-servers-single-laptop-1592214
Read the article:
New DDoS attack method called BlackNurse lets hackers take down firewalls and servers from a single laptop
BlackNurse Attack Lets Lone Computers Take Down Whole Networks
DDoS attacks generally rely on big numbers to get results. Hundreds of thousands of devices, millions of IP addresses all unleashing coordinated blasts of data at another device to bring it to its knees. A BlackNurse denial-of-service attack doesn’t need a massive army of zombies to be effective. The BlackNurse attack is much more efficient than the DDoS attacks that crippled security researcher Brian Krebs’ website and the DNS servers at Dyn. Some recent DDoS attacks have seen traffic peak at more than 1 Tbps. A BlackNurse attack has the ability to disrupt by sending just a fraction of that volume. As little as 21 Mbps can be enough to take down a firewall, according to security firm Netresec. What’s different about BlackNurse that allows it to inflict so much damage with so little effort? It’s the type of traffic it utilizes. BlackNurse directs Internet Control Message Protocol (ICMP) packets, which have been used in other DDoS attacks in the past. BlackNurse uses a specific type — ICMP type 3 code 3. An attack from a single laptop could, theoretically, knock an entire business offline, though it’s not likely to be a very large business. In their blog post, Netresec calls out firewalls made by Cisco, Palo Alto Networks, Sonicwall, and Zyxel as being at risk. Most of the devices Netresec reports as being vulnerable to a BlackNurse attack (like the Cisco ASA 5506 and Zyxel Zywall USG50) were designed for small office or home office use. That said, TDC, a Denmark-based company that offers DDoS protection services to businesses, has seen enterprise-grade gear impacted. “We had expected that professional firewall equipment would be able to handle the attack,” they wrote, adding that they’ve seen around 100 of these attacks launched against their customers. TDC also notes that BlackNurse has the potential to create a lot of havoc. In Denmark’s IP space alone they discovered 1.7 million devices that respond to the ICMP requests that the BlackNurse attack leverages. If even a small percentage of those 1.7 million devices are vulnerable, the effects of a coordinated, large-scale attack could be disastrous. And that’s just Denmark. Source: http://www.forbes.com/sites/leemathews/2016/11/14/blacknurse-attack-lets-lone-computers-take-down-whole-networks/#6d27bd961999
More:
BlackNurse Attack Lets Lone Computers Take Down Whole Networks
5 major Russian banks repel massive DDoS attack
At least five Russian major banks came under a continuous hacker attack, although online client services were not disrupted. The attack came from a wide-scale botnet involving at least 24,000 computers, located in 30 countries. The attack began Tuesday afternoon, and continued for two days straight, according to a source close to Russia’s Central Bank quoted by RIA Novosti. Sberbank confirmed the DDoS attack on its online services. “The attacks are conducted from botnets, consisting of tens of thousands computers, which are located in tens of countries,” Sberbank’s press service told RIA. The initial attack was rather massive and its power intensified over the course of the day. “We registered a first attack early in the morning … the next attack in the evening involved several waves, each of them was twice as powerful as the previous one. Bank’s cybersecurity noticed and located the attack in time. There have been no problems in client online services,” Sberbank representative said. Alfabank has also confirmed the fact of the attack, but called it a “weak” one. “There was an attack, but it was relatively weak. It did not affect Alfabank’s business systems in any way,” the bank told RIA Novosti. According to Russian computer security company Kaspersky Lab, more than a half of the botnet devices were situated in the US, India, Taiwan and Israel, while the attack came from 30 countries. Each wave of attack lasted for at least one hour, while the longest one went on for 12 hours straight. The power of the attacks peaked at 660 thousands of requests per second. Some of the banks were attacked repeatedly. “Such attacks are complex, and almost cannot be repelled by standard means used by internet providers,” the news agency quoted Kaspersky Lab’s statement as saying. According to a source in Central Bank, the botnet behind the attack consists not only of computers, but also of the so-called Internet of Things (IoT) devices. Computer security experts note, that various devices ranging from CCTV cameras to microwaves, are prone to hacking and pose a significant threat when assembled into a botnet. Owners of such devices underestimate the risks and often do not even bother to change a default password. A massive botnet, able to send more than 1.5Tbps and consisting of almost 150 thousands of CCTV cameras has been reportedly uncovered in September. According to Kaspersky Lab, it was the first massive attack on Russian banks this year. The previous attack of such a scale came in October 2015, when eight major banks were affected. Source: https://www.rt.com/news/366172-russian-banks-ddos-attack/
How hackers could wreak havoc on the US election
AS VOTES are counted and polls close across America, security experts have warned that hackers could disrupt the presidential election process. “Anything that unsettles the election process would be a complete disaster,” explained Stephen Gates, chief research intelligence analyst at security specialist NSFOCUS. “Misinformation on exit polls, widespread internet and media outages, and delays in reporting could seriously impact people’s desire to vote and even worse — trust the results.” Mr Gates pointed to the mysterious cyber attacks that recently snarled East Coast Web traffic as evidence of hackers’ ability to cause disruption. A number of major sites including Twitter, Netflix, Spotify and Reddit were impacted by the October 21 distributed denial of service attacks (DDoS), on internet services company Dyn. DDoS attacks, which often occur when a hacker “floods” a network with information, are a popular method for disrupting websites and services. Mr Gates warned that, in addition to large DDoS attacks on internet infrastructure, online news and media outlets, attackers could target voter registration systems by launching smaller attacks on individual polling centres. “Many of these verification systems are likely online and need to access state databases where voter registration and verification is required to cast a vote,” he said. “Attacks against registered voter databases themselves would also be highly likely.” DDoS attacks and bogus election posts could also flood social media sites and spread misinformation, he warned, noting that so-called ‘man-in-the-middle’ attacks against polling centres as they report their final numbers to collection centres are also possible. In a man-in-the-middle attack a hacker secretly intercepts, and potentially alters, information as it is sent between two parties. Roger Kay, president of Endpoint Technologies Associates, also sees a potential DDoS threat. “I have considered it a real possibility, not only are the cyber tools available, but the motivation is there as well, from anyone — they could be state actors, they could be malicious hackers.” Hackers, for example, could use the internet of Things, where even household devices are web-enabled, as a launch pad for their attacks, according to Mr Kay. The analyst, however, notes that major DDoS attacks are difficult for hackers to sustain, and also cites the low-tech nature of some US election infrastructure. “If you look at the safety of the democratic structure, there’s all these decentralised activities, many of which are paper[-based].” Nonetheless, a Department of Homeland Security report obtained by FoxNews.com warns that parts of America’s election infrastructure are vulnerable to cyber attack. While the risk to computer-enabled election systems varies from county to county, targeted attacks against individual voter registration databases are possible, it said. One technology being touted as a potential solution to cyber threats and voter fraud is blockchain. Blockchain, which uses a decentralised security protocol, could be used to safely record and transmit votes. Because blockchain messages are distributed and not kept in one central location, they are very difficult to tamper with, say experts. “The technology could be used to prevent voter fraud (e.g., multiple votes by a single person) through use of private keys for each voter and storage of votes on an immutable blockchain ledger,” Joe Guagliardo, chair of the Blockchain Technology Group at law firm Pepper Hamilton, in an email to FoxNews.com. “Once the vote has been cast and verified, it cannot be changed without verification by all of the nodes in the network (potentially millions or more) — fraudulent activity would require computational power to overcome the resources of the collective nodes in the net.” Source: http://www.ntnews.com.au/technology/how-hackers-could-wreak-havoc-on-the-us-election/news-story/4f732c684f8f14eeee46e82641bcd5f8
Massive DDoS Attacks Disable Internet Access Throughout Liberia
British security researcher Kevin Beaumont recently reported that a series of massive cyber attacks using the Mirai DDoS botnet periodically disabled all Internet access throughout the country of Liberia. “Liberia has one Internet cable, installed in 2011, which provides a single point of failure for Internet access. … The attacks are extremely worrying because they suggest a Mirai operator who has enough capacity to seriously impact systems in a nation state,” Beaumont wrote. An employee at a Liberian mobile service provider told Network Worldthat the attacks were hurting his business. “It’s killing our revenue,” he said. “Our business has been targeted frequently.” Beaumont said it appears that the attacks, which targeted Liberian telecom operators who co-own the single Internet cable, were being used to test denial of service techniques. Given the volume of traffic, more than 500 Gbps, Beaumont said it appears that the botnet is owned by the same actor who hit the managed DNS provider Dyn on October 21, disabling websites across the U.S. Mikko Hypponen, chief research officer at F-Secure, told VICE News that those actors were probably… kids. “Kids who have the capability and don’t know what to do with it,” he said. Flashpoint director of security research Allison Nixon agreed with that assessment, stating in a blog post, “The technical and social indicators of this attack align more closely with attacks from the Hackforums community than the other type of actors that may be involved, such as higher-tier criminal actors, hacktivisits, nation states, and terrorist groups.” Still, NSFOCUS chief research intelligence analyst Stephen Gates told eSecurity Planet by email that attacks like these could have a real impact on tomorrow’s U.S. presidential election. While U.S. polling machines aren’t connected to the Internet, Gates said, some voter identification systems may be. “In some states, the voter ID must be checked before a voter can proceed,” he said. “If those systems are connected to the Internet to gain access to a database of registered voters, and they were taken offline, then would-be voters could not be verified.” “What that would mean to the election process is anyone’s guess,” Gates added. According to Nexusguard’s Q3 2016 DDoS Threat Report, the number of reflection-based DDoS attacks fell more than 40 percent during the third quarter of the year, while IoT-based botnets reached unprecedented speeds. The U.S. saw the most attack events in the third quarter, followed by China, Russia and the United Kingdom. “Few service providers can sustain the level of malicious traffic we saw in Q3 from IoT botnets, so these DDoS outages are causing companies to completely rethink their cybersecurity strategies,” Nexusguard chief scientist Terrence Gareau said in a statement. “Hackers’ preferences for botnets over reflection attacks are typical of cyclical behavior, where attackers will switch to methods that have fallen out of popularity to test security teams with unexpected vectors,” Gareau added. Source: http://www.esecurityplanet.com/network-security/massive-ddos-attacks-disable-internet-access-throughout-liberia.html
More:
Massive DDoS Attacks Disable Internet Access Throughout Liberia
How to protect your business from DDoS attacks
Increasingly, IT teams find themselves on the front lines of a battle with an invisible enemy. Cyber-threats and attacks continue to increase, with the anonymous intruders breaching large and small enterprises alike. Even with the most robust security strategies in place, continuous vigilance is required just to keep up with the ever-evolving tactics of intruders. A report by Imperva states that the UK is now the second most popular target in the world for DDoS attacks. With attacks increasing both in frequency and complexity, what do security professionals need to know when it comes to DDoS? Mitigate and minimise damage At least once a week, there is news about successful businesses being disrupted by these attacks and those are only the ones that are reported – many smaller companies suffer from DDoS offenders that we just don’t hear about. The number of attacks rose by 221 percent over the past year – underlining the need for an active DDoS defence. DDoS attacks work by flooding a website or domain with bandwidth until it breaks down under the weight of traffic. The best way for companies to mitigate against these sort of attacks is to have an accurate overview of the traffic and data feeds in the network. By using real-time data analytics, threats can be detected at an early stage and re-routed to scrubbing centres – thereby neutralising the attack before it has had the chance to do any real damage. Long-term protection and prevention It is crucial that security professionals not only think about the short term tactics to minimise cyber-attacks but also consider long term infrastructure protection when it comes to managing security and preventing future DDoS attacks. Cloud-based managed security services are an important tool to protect against cyber-attacks as they are used by a multitude of services and Internet service providers – providing extra levels of security and making it harder for the DDoS attack to reach their intended targets. In most cases, it is best to err on the side of caution when it comes to cyber-security. Adopting a “zero trust” approach to threats minimises the risk of a potential breach. Earlier this year, we saw the reputational damage caused to a major UK bank when one of their payment websites was brought down by a suspected DDoS attack. The UK’s position as a global leader in financial services makes it a high-profile and potentially very rewarding target for would-be cyber-criminals. However, it is not just financial services companies who are at risk. The UK has a sophisticated and fast growing digital economy, it is expected to account for 12.4 percent of GDP in 2016 – a substantial amount of money and traffic across all industries with an online presence at risk of DDoS attacks. It is now more important than ever for security professionals to have real-time data analytics in their defensive arsenal to detect and neutralise threats early on. The shared aspects of cloud technology can benefit companies with their multiple layers of security in place that can deter potential future attacks. We have seen the financial and reputational losses that can arise from it and how these attacks can affect major UK businesses. Real-time data and a sophisticated infrastructure network, capable of re-routing and quelling dangerous activity is the best way of mitigating against this increasingly prevalent threat. Source: http://www.scmagazineuk.com/how-to-protect-your-business-from-ddos-attacks/article/526297/
Read the article:
How to protect your business from DDoS attacks
Gartner: Despite the DDoS attacks, don’t give up on Dyn or DNS service providers
Enterprises going it alone against such an attack ‘would have been toast The DDoS attacks that flooded Dyn last month and knocked some high-profile Web sites offline don’t mean businesses should abandon it or other DNS service providers, Gartner says. In fact, the best way to go is to make sure critical Web sites are backed by more than one DNS provider, says Gartner analyst Bob Gill. It’s also the easiest way for an enterprise to defend against this type of attack and the only one known to be effective . “There’s nothing more elegant anyone has come up with in the intervening week,” he says. The high-volume, high-velocity attack was based largely on a botnet backed by Mirai malware that finds and infects internet of things devices that are virtually defenseless against it. It has proven capable of DDoS traffic of 1Tbps or more and the source code has been made public, so experts say it’s certain there will be more such attacks. Before the Dyn attacks, DNS services were considered vastly more reliable in-house DNS, and it still should be, Gill says. “If an enterprise had been hit with the volume Dyn was they would have been toast,” Gill says. He says he has been briefed by Dyn about the Oct. 21-22 attacks, most of which he can’t discuss publicly. But he says those Dyn customers that recovered quickly were those who dual-sourced their DNS service. “A significant number of Dyn customers popped back up after 10 to 15 minutes,” he says, and likely they were the ones with more than one DNS provider. Downsides of multiple providers is they represent an extra expense and not all providers offer exactly similar features such as telemetry, local-based routing and fault tolerance. So switching from one to another in an emergency might be complicated and might mean winding up with a different set of features. Coordinating multiple providers is an added headache. If cost is a concern, businesses could use a DNS provider like Amazon Web Service’s Route 53 that is inexpensive, relatively easy to set up and pay-as-you-go, he says. Gill says the motivation for the attack is hard to know. Dyn was a very attractive target for many possible reasons. It had advertised its security, and that might have been considered a reason for a glory-seeking attacker to go after it and take it down. A Dyn researcher delivered a paper on the links between DDoS mitigation firms and DDoS attacks the day before Dyn was hit, so perhaps the attack was revenge. Dyn has many high-profile customers, so perhaps the real target was one of them. It’s impossible to know for sure what the motive was. Gill says Dyn has learned a great deal about how to successfully mitigate this new class of attack. In general, after such incidents, providers ally themselves with other providers to help identify and block malicious traffic at the edges between their networks. Attacks may result in identifying new profiles of attack traffic that make it easier to sort out bad from good in future incidents. Source: http://www.networkworld.com/article/3137456/security/gartner-despite-the-ddos-attacks-don-t-give-up-on-dyn-or-dns-service-providers.html
Original post:
Gartner: Despite the DDoS attacks, don’t give up on Dyn or DNS service providers
Number of DDoS attacks down but speed and size increases
The number of DDoS attacks fell more than 40 percent to 97,700 attacks in the second quarter of 2016 according to the latest threat report from DDoS security service Nexusguard. The report reveals there was a sharp dip in distributed reflection denial of service (DrDoS) attacks, with DNS-based attacks falling 97 percent compared to the previous quarter. However, recent DDoS attacks on cybercrime journalist Brian Krebs and OVH, a French internet hosting provider, broke records for speed and size. Nexusguard researchers put the drop in reflection attacks and the success of these massive attacks to hackers favoring Mirai-style botnets of hijacked connected devices, demonstrating the power the Internet of Things has to threaten major organizations. With increasing pressure on hosting and internet service providers to fend off fierce attacks against customers, Nexusguard analysts advise organizations to ensure they use signature-based detection to quickly identify and thwart botnets. “Few service providers can sustain the level of malicious traffic we saw in Q3 from IoT botnets, so these DDoS outages are causing companies to completely rethink their cybersecurity strategies,” says Terrence Gareau, chief scientist for Nexusguard. “Hackers’ preferences for botnets over reflection attacks are typical of cyclical behavior, where attackers will switch to methods that have fallen out of popularity to test security teams with unexpected vectors”. The attack on OVH put France in the top three countries targeted by DDoS attacks. While DDoS attacks fell in average frequency during Q3, Nexusguard researchers predict the attention from recent botnet attacks will cause companies to strengthen their cybersecurity and rethink their service provider contracts to deliver support and ensure business continuity despite supersized attacks. You can find out more about the findings in the full report available from the Nexusguard website. Source: http://betanews.com/2016/11/01/ddos-speed-size-increase/
Read the original:
Number of DDoS attacks down but speed and size increases
Historic DDoS attack likely waged by ‘non-state actor’: Intel director
The nation’s top intelligence official on Tuesday said state-sponsored hackers likely weren’t behind the distributed denial-of-service (DDoS) attacks that disrupted internet access across the United States last week. Weighing in on the outages during an event at the Council on Foreign Relations in Washington, D.C., National Intelligence Director James Clapper said investigators believe a “non-state actor” was likely responsible for the DDoS attacks that made it difficult to access some of the world’s most popular websites Friday. “That appears to be preliminarily the case,” Mr. Clapper said, The Hill reported. “But I wouldn’t want to be conclusively definitive about that, specifically whether a nation state may have been behind that or not.” “The investigation’s still going on,” he added. “There’s a lot of data going on here.” Beyond the Beltway, private sector security researchers like those employed by Flashpoint, a business risk intelligence firm that’s analyzed the attacks, hold a similar opinion. “Despite public speculation, Flashpoint assesses with a moderate degree of confidence that the perpetrators behind this attack are most likely not politically motivated, and most likely not nation-state actors,” its researchers wrote Tuesday. In fact, Flashpoint said its investigation revealed that the same infrastructure used to disrupt access to websites like Twitter and Netflix was also used to attack a well-known video game company — an indication that the culprits of the crippling DDoS weren’t necessarily waging assault on behalf of a foreign power. “While there does not appear to have been any disruption of service, the targeting of a video game company is less indicative of hacktivists, state-actors or social justice communities, and aligns more with the hackers that frequent online hacking forums,” Flashpoint’s researchers wrote. “These hackers exist in their own tier, sometimes called ‘script kiddies,’ and are separate and distinct from hacktivists, organized crime, state-actors, and terrorist groups. They can be motivated by financial gain, but just as often will execute attacks such as these to show off, or to cause disruption and chaos for sport.” “I think they are right,” agreed Mikko Hypponen, chief research officer for security firm F-Secure. “I don’t believe the Friday attackers were financially or politically motivated. It was such an untargeted attack, it’s hard to find a good motive for it. So: kids,” he told TechCrunch. As authorities attempt to identify the culprits responsible for waging last week’s DDoS attacks, investigators have at least found out how the hackers were able to disrupt internet access North America and Europe. Researchers say the outage occurred after hackers compromised millions of internet-connected household devices like video recorders and digital cameras, then used those products to overload a widely used Domain Name System (DNS) — an online directory that enables web users to navigate from site to site. The director of the Department of Homeland Security said Monday that DHS has “been working to develop a set of strategic principles for securing the Internet of Things, which we plan to release in the coming weeks.” Source: http://www.washingtontimes.com/news/2016/oct/26/historic-ddos-attack-likely-waged-by-non-state-act/
See more here:
Historic DDoS attack likely waged by ‘non-state actor’: Intel director