Tag Archives: ddos-defense

HOSTING Partners With DOSarrest Internet Security to Offer DDoS Protection Services

DOSarrest Internet Security, an industry leading DDoS protection provider, has announced a partnership agreement to offer its full suite of DDoS products to HOSTING, the leading cloud service provider in the market today. Products include DDoS protection for client websites, Layer 7 cloud based Load balancing, WAF, vulnerability testing and optimization as well as DEMS, D OSarrest E xternal M onitoring S ervice. “We are excited to add HOSTING to our growing list of service provider partners. DDoS protection has become a necessity to ensure a customer has a stable website environment and more clients are beginning to realize this and are requesting this protection service from their hosting provider,” said Brian Mohammed, DOSarrest Director of Sales and Marketing. “It’s a fact of modern business that organizations must deploy comprehensive, multilayered security to best protect themselves from DDoS attacks,” said Bill Santos, President of HOSTING’s Advanced Solutions. “DOSarrest’s DDoS protection products offer the sophistication, reliability and service that HOSTING customers have come to rely upon, and we are eager to introduce their offerings.” “A single DDoS attack puts a heavy strain on Network Operations Center resources, often for hours,” said Jag Bains, CTO of DOSarrest Internet Security., “This partnership helps to alleviate the strain on HOSTING’s support team, who can remain focused on providing the highest level of support and monitoring for their customers.” About HOSTING: HOSTING helps organizations design, build, migrate, manage and protect their cloud-based environments. Leveraging enterprise-class networking and connectivity technologies, HOSTING provides the highest levels of compliance, availability, recovery, security and performance. HOSTING owns and operates six geographically dispersed data centers under an ITIL-based control environment validated for compliance against HIPAA, PCI DSS and SOC (formerly SAS 70) frameworks. HOSTING’s cloud-enabled solutions were recently recognized by Gartner Group, placing in the Top 10 in the Managed Hosting Magic Quadrant in both “ability to execute” and “completeness of vision” – in both 2012 and 2013. More information at www.hosting.com About DOSarrest Internet Security: DOSarrest founded in 2007 in Vancouver, BC, Canada is one of only a couple of companies worldwide to specialize in only cloud based DDoS protection services. Their global client base includes mission critical ecommerce websites in a wide range of business segments including financial, health, media, education and government. Other cloud based services include, Load balancing, WAF, External Website monitoring and Vulnerability Testing. More information at www.DOSarrest.com Source: http://www.marketwired.com/press-release/-1915044.htm

See the original article here:
HOSTING Partners With DOSarrest Internet Security to Offer DDoS Protection Services

TypePad Claims It Was Hit By Another DDoS Attack

A number of technology companies, including Meetup, Basecamp, Vimeo, Bit.ly and others, have undergone website-crashing DDoS attacks (distributed denial-of-service) in recent months, but SAY Media-owned blogging platform Typepad, apparently, has the dubious honor of being taken down for an extended outage more than once in just a few weeks. The company has confirmed to us this morning that it is again undergoing another DDoS attack, which has taken its service offline. However, until all the facts are in and TypePad can provide more info about the nature of this attack, which right now it’s unable to do, it’s unclear at this time that this morning’s network outage is definitely a DDoS attack — the same as before. Because it’s still early in the investigation, it’s possible the company is presuming a DDoS attack, where only a network outage was at fault. We’ll update when we — and they — know more. However, when asked around an hour ago, TypePad did say that it was indeed “under a DDoS attack.” In April, we reported that Typepad was undergoing an extended DDoS attack, which, at the time, had been underway off and on for nearly five days. The company explained that the attack was similar in style to that which had taken down Basecamp, and confirmed that it was working with technology providers, including CloudFlare and Fastly to help mitigate the attack and bring its service back online. Though TypePad never shared extensive technical details about the DDoS attack, the typical scenario — and one that Basecamp had faced, as well — involves an initial demand for some sort of “ransom” once the site and its related services have been knocked offline. The amount first requested is usually small, but once attackers know they have a willing victim, they’ll often increase the amount. SAY Media said it had also received a “ransom” note, and was cooperating with the FBI on an investigation. According to Paul Devine, VP of Engineering at Say Media, this new Typepad attack began at 6:00 AM PT and the company is again working with CloudFlare and Fastly to mitigate the situation. “[We] don’t expect these attacks to have longevity,” he tells us. “We’re looking forward to having the sites up and running as quickly as we can.” As of a few minutes ago, the company tweeted that blogs were loading. However, at the same time, the URL http://www.typepad.com was still largely crashed when we tried it ourselves. That is, instead of loading up properly, CloudFlare is providing a snapshot of the site through its “Always Online” service, which helps sites offer a webpage instead of an error message when taken down through cyberattacks like this. The www.saymedia.com website address came up, however, though a bit slowly. (SAY Media operates a number of brands, including ReadWrite, xoJane, Fashionista, Cupcakes and Cashmere, and others.) The site loads but a “fatal error” message appears at the bottom of the page. Thanks to newer, more powerful types of DDoS attacks that have emerged as of late, attacks that once would have been thought to be record-breaking in size are now becoming routine. For instance, Meetup’s attack was 8 Gigabits in size, and it’s not uncommon for NTP-based DDoS attacks (which exploit an older protocol called Network Time Protocol) to be 10 Gigabits in size. However, one side effect of these attacks is that when a company later experiences a network outage, they sometimes immediately presume that they’re being attacked again. It can be difficult to tell the difference, especially in the early hours of these sorts of situations. We’ll be looking for TypePad to provide its customers with a longer post-mortem following this morning’s outage. Given multiple attacks over the course of several weeks, the company has a responsibility to let their customers know whether or not they’re being targeted by criminals, or if unrelated network outages came into play this morning instead. Source: http://techcrunch.com/2014/05/19/typepad-claims-it-was-hit-by-another-ddos-attack/?ncid=rss

Continued here:
TypePad Claims It Was Hit By Another DDoS Attack

Majority of UK firms unprepared for DDoS attacks, study finds

New research released by Neustar suggests that the majority of UK businesses are unprepared to cope with the threat of DDoS attacks. Distributed Denial of Service (DDoS) attacks are a common method for cyberattacks to disrupt an online businesses. A DDoS attack uses compromised computer systems to attack a single target, sending traffic from multiple points of origin in a flow, which often overwhelms a system, causing it to deny authentic traffic access to services. According to research released by Neustar, a third of UK businesses estimate losses of £240,000 per day when hit with DDoS attacks. After surveying 331 companies in the United Kingdom across numerous industries including financial services, technology, and the public sector, the analytics provider says larger DDoS attacks are becoming more frequent with a 200 percent increase in attacks affecting bandwidth between 1-20Gbps, in addition to a significant increase in attacks on bandwidth with a magnitude of 100Gbps or more. Neustar’s report, “ United Kingdom DDoS Attacks & Impact Report. 2014: The Danger Deepens ,” also states that DDoS attacks are a “growing threat to organisations with potentially calamitous consequences for companies” without proper protection. Not only can DDoS attacks have an immediate impact on sales and business revenue, they can have long-lasting detrimental effects on brand value, customer trust, and public reputation. Key findings from the survey include: DDoS attacks often disrupt multiple business units, with public-facing areas like call centres, customer service, and marketing absorbing over 40 percent of DDoS-attack related costs. Over 35 percent more UK companies were hit by DDoS attacks in 2013 compared with 2012. In 2013, there was an increased number of longer attacks, with 28 percent lasting up to two days or more. Once attacked, there is an estimated 69 percent chance of a repeat attack. While 31 percent of these companies were DDoS-attacked once, over 48 percent were targeted two to 10 times. In 2013, attacks requiring over six people to mitigate rose to 39 percent compared to 25 percent in 2012, a 56 percent increase. In addition, Neustar’s research highlights an increase in a trend dubbed “smokescreening.” These types of DDoS attacks are used by cybercriminals in order to divert IT department attention while malware and viruses are inserted within a business network, with the overall aim of stealing valuable data or funds. Rodney Joffe, Senior Vice President and Technology Fellow at Neustar commented: Organisations must remain constantly vigilant and abreast of the latest threats. As an example, Neustar’s UltraDNS network suffered an attack just last week peaking at over 250Gbps — a massive attack by industry standards. Even with proper mitigations in place, the attack caused an upstream ripple. It is a constantly changing threat landscape. In February, Web performance company CloudFlare reported the mitigation of a DDoS attack on a French website which reached a record-setting attack of at least 325Gbps, and a potential reach of 400Gbps. Source: http://www.zdnet.com/majority-of-uk-firms-unprepared-for-ddos-attacks-study-finds-7000029178/

More:
Majority of UK firms unprepared for DDoS attacks, study finds

Lookout, DDoS Attackers Are Changing Their Techniques

In the past couple of years we’ve seen a drastic increase in the number of DDoS (distributed denial-of-service) attacks taking place, many of which are being carried out as a means of protest by various groups. The attacks are attempts to make a machine or network resource such as a website totally unavailable to anyone trying to reach it. The reasons for the attacks vary, as do the means used to carry them out. A typical attack generally consists of efforts by two or more persons, and in many cases, botnets, to temporarily or indefinitely interrupt or suspend services of a specific host connected to the Internet. Such attacks usually lead to a server overload and are implemented by either forcing the targeted computer(s) to reset, or consuming enough of its resources so that it can no longer provide its intended service, or by obstructing the communication media between the intended users and the targeted victim so that they can no longer communicate. Based on a new report, now it appears that the attackers are changing their techniques in order to launch much larger scale attacks on websites. In a Global DDoS Attack Report from the 1st quarter of 2014 released Thursday, Prolexic Technology describes seeing a new trend toward “reflection and amplification techniques” which are being used more frequently in lieu of the botnet methods. The report states, “Instead of using a network of zombie computers, the newer DDoS toolkits abuse Internet protocols that are available on open or vulnerable servers and devices. We believe this approach can lead to the Internet becoming a ready-to-use botnet for malicious actors.” Prolexic mentions that these new attack tools can deliver a much more powerful punch. In this Q1 2014 report they saw a 39 percent increase in average bandwidth and also saw the largest-ever DDoS attack, one that involved multiple reflection techniques combined with a traditional botnet-based application attack. That attack generated peak traffic of more than 200 Gbps (gigabits per second) and 53.5 Mpps (million packets per second). The report also states, “Compared to the same quarter one year ago, peak attack bandwidth increased 133% compared to Q1 last year.” The full report showed that the media and entertainment industry were the targets in more than half of the attacks in the first quarter. Prolexic Technology is owned by Akamai. Unfortunately, the new techniques are becoming all too popular with some websites now providing easy access to the services for use in launching these types of attacks. Source: http://www.slyck.com/story2396_Lookout_DDoS_Attackers_Are_Changing_Their_Techniques

Link:
Lookout, DDoS Attackers Are Changing Their Techniques

DDoS attacks: Bigger, Badder and Nastier than last year

DDoS bots are evolving, developing immunity to cookie and JavaScript challenges along the way. A raft of next-generation DDoS attacks have marked the first months of 2014, says a new report from Incapsula, which notes that large-scale SYN floods attacks now account for a hefty 51.5 percent of all large-scale attacks. The research – which covers the whole of 2013 and the first two months of 2014 – says that 81 percent of DDoS attacks seen in 2014 are now multi-vectored, with almost one in every three attacks now above 20 Gbps in data volume terms. The analysis – entitled the `2013-2014 DDoS Threat Landscape Report’ – says that application (Layer 7) DDoS attacks are becoming a major headache for IT professionals as this year progresses, with DDoS bot traffic up by 240 percent in the three months to the end of February this year. Interestingly, Incapsula says that 29 per cent of botnets have been seen attacking more than 50 targets a month. The analysis – which is based on 237 network DDoS attacks that exceeded 5 Gbps and targeting Web sites on Incapsula’s network – concludes that DDoS bots are evolving, developing immunity to cookie and JavaScript challenges along the way. In fact, says Incapsula, during the final quarter of 2013, the firm’s research team reported the first encounter with browser-based DDoS bots that were able to bypass both JavaScript and Cookie challenges – the two most common methods of bot filtering. The problem, concludes the report, is that the DDoS attack perpetrators are now looking to raise the stakes even higher by introducing new capabilities, many of which are specifically designed to abuse the weaknesses of traditional anti-DDoS solutions. As a result, in 2014, the research predicts, many IT organisations will need to re-think their security strategies to respond to latest Layer 3-4 and Layer 7 DDoS threats. According to Barry Shteiman, Director of Security Strategy with Imperva, the report exposes advancements in both network and application layers. The most interesting take-out from the report, he says, is that the application DDoS attacks are now originating in botnets. “Last year we wrote extensively about the trend on CMS hacking for industrialised cybercrime where attackers use botnets in order to turn onboard infected machines into botnets and then use those as platforms for network and application attacks,” he said. “For DDoS attacks, it just makes sense. When a hacker has the power of masses with a large botnet, there are great opportunities to disrupt service. When servers are being infected rather than user’s computers, it’s even worse, just because of the bandwidth and computing power that becomes available to the hacker,” he added. Ashley Stephenson, CEO of Corero Network Security, said that it is essential that the governments take a more active role in encouraging private sector organisations to address the issue of DDoS attacks – and to put in place the appropriate plans to deal with these unavoidable security risks to their business and the nation’s financial infrastructure. “As consumers saw in late 2012 and early 2013, in both the US and UK, banks and financial institutions were successfully targeted by attacks which compromised their online services,” he told SCMagazineUK.com . The Corero CEO went on to say that his company believes that mandated controls – like those recently proposed by the Federal Financial Institutions Examination Council (FFIEC) – will drive organisations to take pro-active steps to regaining control of their online presence. “These mandates, at a minimum, offer guidance for financial institutions for appropriate DDoS activity monitoring and adequate incident response planning, this will ultimately lead to the deployment of more effective DDoS defence solutions,” he explained. Source: http://www.scmagazineuk.com/ddos-attacks-bigger-badder-and-nastier-than-last-year/article/342078/

How a website flaw turned 22,000 visitors into a botnet of DDoS zombies

Researchers have uncovered a recent denial-of-service attack that employed an unusual, if not unprecedented, technique to surreptitiously cause thousands of everyday Internet users to bombard the target with a massive amount of junk traffic. The attack worked by exploiting a Web application vulnerability on one of the biggest and most popular video sites on the Web, according to a blog post published recently by researchers at security firm Incapsula, which declined to identify the site by name. Malicious JavaScript embedded inside the image icons of accounts created by the attackers caused anyone viewing the users’ posts to run attack code that instructed their browser to send one Web request per second to the DoS victim. In all, the technique caused 22,000 ordinary Web users to unwittingly flood the target with 20 million GET requests. “Obviously one request per second is not a lot,” Incapsula researchers Ronen Atias and Ofer Gayer wrote. “However, when dealing with video content of 10, 20, and 30 minutes in length, and with thousands of views every minute, the attack can quickly become very large and extremely dangerous. Knowing this, the offender strategically posted comments on popular videos, effectively created a self-sustaining botnet comprising tens of thousands of hijacked browsers, operated by unsuspecting human visitors who were only there to watch a few funny cat videos.” The novel attack was made possible by the presence of a persistent cross-site scripting (XSS) vulnerability in the video site, which Incapsula didn’t identify except to say it fell in the Alexa top 50 list. XSS exploits effectively allow attackers to store malicious JavaScript on a website that gets invoked each time someone visits. The booby-trapped user icons contained an iframe tag that pulled malicious instructions off an attacker-controlled command and control server. The malicious instructions caused browsers to surreptitiously flood the DDoS target with an unusually high number of GET requests. Incapsula was able to mitigate the effects of the attack using a combination of progressive challenges and behavior-based security algorithms. Remember the Samy Worm? The attack is only the latest to harness the tremendous power of XSS vulnerabilities. The technique came into vogue in 2005 with the advent of the Samy worm. Named after its creator, a hacker named Samy Kamkar, the XSS exploit knocked MySpace out of commission for a day by forcing anyone who viewed his profile to become a MySpace friend. In less than 24 hours, Kamkar, who later served time in jail for the stunt, gained more than one million followers. “The nature and beauty of persistent XSS is that the attacker doesn’t need to target specific users,” Matt Johansen, senior manager of Whitehat Security’s threat research center, told Ars. “The malicious JavaScript is stored on the website and replayed to anybody who visits this in the future. This particular JavaScript forced each browser that was running it to make a request in one-second intervals.” Last year, Johansen and other colleagues from Whitehat Security demonstrated a proof-of-concept ad network that created a browser-based botnet using a technique that’s similar to the one Incapsula observed exploiting the XSS weakness. “The delivery mechanism [in the Incapsula-observed attack] was different as it was from persistent XSS in the site instead of an ad network,” Johansen explained. “The only difference there was how the malicious JavaScript was rendered in the user’s (bot’s) browser. The code that is quoted in the [Incapsula] article is using a very similar technique to the code we wrote for our talk. Instead of using (image) tags like we did, this attacker is using tags which then make one request per second. We were just loading as many images as possible in the time our JavaScript was running.” Incapsula’s discovery comes three months after criminals were observed using another novel technique to drastically amplify the volume of DDoS attacks on online game services and other websites. Rather than directly flooding the targeted services with torrents of data, an attack group sent much smaller sized data requests to time-synchronization servers running the Network Time Protocol. By manipulating the requests to make them appear as if they originated from one of the gaming sites, the attackers were able to vastly increase the firepower at their disposal. The technique abusing the Network Time Protocol can result in as much as a 58-fold increase or more. Miscreants have long exploited unsecured domain name system servers available online to similarly amplify the amount of junk traffic available in DDoS attacks. Incapsula’s finding underscores the constantly evolving nature of online attacks. It also demonstrates how a single weakness on one party’s website can have powerful consequences for the Internet at large, even for those who don’t visit or otherwise interact with the buggy application. Source: http://arstechnica.com/security/2014/04/how-a-website-flaw-turned-22000-visitors-into-a-botnet-of-ddos-zombies/

Visit site:
How a website flaw turned 22,000 visitors into a botnet of DDoS zombies

DDoS Attack on Ellie Mae site Suspects Attackers Had Industry Knowledge

The distributed denial-of-service attack that crashed Ellie Mae’s loan origination system was cleverly disguised and could have been carried out by individuals with mortgage industry expertise, the vendor says. The March 31-April 1 attack overwhelmed the company’s servers with data requests that had the look and feel of legitimate communications. Specifically, the attack flooded the servers with requests to a URL that is used to download an XML file containing a list of third-party technology vendors that integrate with the Encompass LOS via the Ellie Mae Network. “It was a massive number of requests that came in and consumed the full capacity of one set of our servers around a specific URL,” Ellie Mae President and Chief Operating Officer Jonathan Corr says in his first interview since the attack was disclosed. “Where a classic denial-of-service attack would be a request that comes in that is not valid and would just create a lot of failed attempts, this was a valid request with a normal signature.” The investigation into the incident is ongoing, but the manner in which the attack was carried out may indicate that it was carried out by people familiar with the mortgage industry. “I find it very coincidental that this was using a valid request and a normal signature, which if you look at just a random attack, that’s not typically the case,” Corr says. “And it occurred on the last day of the month and the quarter, starting first thing in the morning” — a critical time for loan closings. “That could be coincidence, I don’t have evidence otherwise, but we find it very disturbing and we’re trying to figure it out. It seems like that could be a possibility,” he adds. The XML file contains no sensitive data and is accessible through a so-called open request, which doesn’t require the type of authentication needed to access actual loan files in the system. The attack resembled data requests that would come from the smart client application used to access Encompass and the Ellie Mae Network. This similarity initially made the communications difficult to identify as a threat. “Because of the way it came in, it looked just like a request that we would expect and it wasn’t something that someone out there randomly could do,” Corr says. “Somebody obviously understood a basic public request that would come from an Encompass system.” Ellie Mae has hired Stroz Friedberg, a cyber-security and digital forensics investigation firm, to piece together evidence and trace the attack, evaluate Ellie Mae’s response to the incident, as well as validate that the vendor did not suffer a data or security breach. “We’re asking them to validate that so we can provide a third-party perspective to our customers so that they can turn around and let their regulators know,” Corr says. Ellie Mae, based in Pleasanton, Calif., has put protocols in place to defend against an attack of this nature, and Corr says the company will make additional investments “to further harden the walls” of its infrastructure. “We’re really focused on how to get even better at dealing with anybody that might try to affect the livelihood of our customers,” he says. Source: http://www.americanbanker.com/issues/179_65/ellie-mae-suspects-attackers-had-industry-knowledge-1066689-1.html

Visit site:
DDoS Attack on Ellie Mae site Suspects Attackers Had Industry Knowledge

24 million reasons to lock down DNS amplification attacks

Research from Nominum, a US security consultancy that supplies ISPs with DNS-based analytics and revenue advice, claims to show that 24 million home and small office broadband routers around the world are vulnerable to being tapped as part of a massive DDoS attack. Distributed-denial-of-service (DDoS) swarm attacks have been around for years, but hijacking routers is a relatively recent trend, driven largely by the fact that very few users actively update the firmware of their legacy routers. Rather than hack the host computer, Nominum says that the hackers can now manipulate DNS (Domain Name System) traffic lookups – the technology that translates alphabetic domain names (e.g. www.bbc.co.uk) into its numeric identifier (e.g. 987.65.43.21). By spoofing the target’s IP address and generating a small IP request (ICMP) to a vulnerable router, the router will then generate a larger IP data packet to the real IP address. Nominum claims that this `amplification’ effect can be tapped to turn a few megabits of data bandwidth into many tens of gigabits of bandwidth hogging IP streams. This is no theoretical analysis, as the consultancy claims to have spotted over 5.3 million home and office routers being hijacked during February to generate IP attack traffic – with as much as 70 per cent of total DNS traffic being attributed to one attack seen during January. Nominum says the effect on ISP traffic is immense, with trillions of bytes of attack data disrupting ISP networks, websites and individuals. In the longer term, the consultancy says there is a network impact generated by malicious traffic saturating the available bandwidth and a consequent loss of revenue as users migrate to other ISPs due to an apparently poor experience. Sanjay Kapoor, the SVP of strategy with Nominum, said that existing DDoS defences do not work against today’s amplification attacks, which can be launched by any criminal who wants to achieve maximum damage with minimum effort. “Even if ISPs employ best practices to protect their networks, they can still become victims, thanks to the inherent vulnerability in open DNS proxies,” he said. Peter Wood, CEO of pen-testing specialist First Base Technologies, says that the problem identified by Nominum is often found by his research team where remote branch offices and staff working from home are involved. “We’ve recently been testing a Draytek Vigor router in this regard, and the good news is that most of the attack ports that could be used are turned off by default. Conversely, we also tested a Buffalo router, where the exact reverse was true,” he explained. “This is the joy of OpenDNS proxies. It’s also not that obvious how to configure a fixed IP on many routers,” he said, adding that some clients are – thankfully – becoming more aware of the security risks from the amplification attacks identified by Nominum’s research. Sven Schlueter, a senior consultant with Context Information Security, said that DNS application attacks mean that only minimal resources are required to conduct an attack against the availability of a larger system or network. “This type of attack is then often performed from different sources, all spoofing the source ‘to origin from the target’, resulting in a DDoS against the available bandwidth of the targeted hosts and networks when content is returned from the legitimate DNS,” he said, adding that a number of mitigation solutions are now possible. “For example, a DNS server administrator can ensure that the resolver is not open to the Internet. Very rarely – usually only for service providers – is a resolver required to be open to the Internet. However, if necessary, rate limiting and monitoring can be applied to slow down, detect and mitigate attacks,” he said. “ISPs can also enforce restrictions so that spoofing of addresses is not possible. Service owners, such as a Web site administrator, can only slightly mitigate the issue by dynamically allocating more bandwidth and filtering the attack at the border/ISP core, to the network affected,” he added. Jag Bains, CTO of DDoS remediation specialist DOSarrest, said that is a need for focused DDoS protection services as his firm is seeing more and more attack vectors and agents emerge – something that he says is only going to increase as the `Internet of Things’ gains further traction. “Strategic decision makers will need to understand what specific assets need protection and in what specific manner, and ensure they buy the right solution,” he noted. Lamar Bailey, director of security research with Tripwire, said that home and small office modems, gateways and routers are a generally the second weakest link in a home/small office network behind printers. “Internet providers do update or use current technology for home user gateways and the end user is generally stuck with what every the provider gives them. The routers are generally on very old technology and not easy or possible to secure. DDoS and other attacks are very successful on these old routers,” he said. Bailey went on to say that the ISPs need to take security more seriously and help protect their consumers. “In the US each region has limited options for ISPs which is almost a monopoly. This is bad for consumers and great for attackers and bot herders,” he explained. “Internet providers do update or use current technology for home user gateways and the end user is generally stuck with what every the provider gives them. The routers are generally on very old technology and not easy or possible to secure. DDoS and other attacks are very successful on these old routers,” he said. Bailey went on to say that the ISPs need to take security more seriously and help protect their consumers. “In the US each region has limited options for ISPs which is almost a monopoly. This is bad for consumers and great for attackers and bot herders,” he explained. Source: http://www.scmagazineuk.com/24-million-reasons-to-lock-down-dns-amplification-attacks/article/341026/

More here:
24 million reasons to lock down DNS amplification attacks

Cisco patches six holes to stop DoS attacks

Cisco has released patches for six flaws in its Internetwork Operating System (IOS) which could be used as part of a DDoS (Distributed Denial of Service) attack. The update features five fixes for its IOS Software and a single patch for its Cisco 7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet uplinks. The company said that the vulnerabilities are serious as they could be used to mount DoS attacks on its customers. It advises Systems Administrators to use the Cisco IOS Software Checker to determine if a given release is exposed to a Cisco product vulnerability. Not exploited yet So far there is no evidence that the vulnerabilities are being exploited, but any flaws that serious in Cisco’s IOS are made more significant because of the amount of control the software has over the market. IOS is a widely used network infrastructure and is working on millions of systems, ranging from the small home office router to the core systems of the world’s largest service provider networks. DoS attacks are the weapon of choice of hacktivists, though other groups have begun experimenting with it. Leaked PRISM documents proved a secret spy unit linked to the UK Government Communications Headquarters (GCHQ) had mounted DoS attacks against the Anonymous collective earlier in February. Cisco boasts that it is the most widely used network infrastructure software in the world. You can see details of the flaws and the patches at the Cisco site here. Source: http://www.techradar.com/news/networking/lan/cisco-patches-six-holes-to-stop-dos-attacks-1237692

View article:
Cisco patches six holes to stop DoS attacks

Why having a DDoS Playbook is essential for your organisation

Just like any major emergency, IT managers must prepare a playbook to follow in case a DDoS attack occurs. What follows are some of the most important considerations every manager needs to consider when creating their DDoS playbook: it’s about 75% preparation, 25% organised action. Situation awareness Every business operates within the context of certain realities. There are the human, political realities: are there competitors, activists or people who might have something against your organisation? Your team should be actively monitoring social media for indications of growing tension. And then there are known technological realities: what device types and browsers normally access your public websites? What is within the range of normal legitimate traffic and what is not? Document what’s normal, what’s not, how to monitor for it, and what to do about it when things change. Know thy network, and protect it In order to effectively protect your network, you and your team must understand it completely. Establish the following practices, share in a safe location, and update regularly: Create a detailed depiction of your network topology. This will ensure everyone is working from the same page and will be useful for team coordination while under attack. Establish baselines. Collect baseline measurements of all network activity as it relates to your public access points. Examples are graphing and threshold alerts for bits per second and packets per second on major ingress and egress links in your network. You should also identify all critical services (for example, DNS, web servers and databases) running in your network and define monitoring indices to assess health in real time. Defend from the edge. Deploy technology at the edge of your network to defend as best as possible. Understand it may have limited capabilities, but can be of use in thwarting a small attack or identifying a ramping attack. Give yourself options. Design a secure remote access configuration, preferably out of band, to allow for remote management of your systems while under attack. Create a strong DDoS response team Help your people be successful by designating a strong team leader and making sure everyone knows and understands their responsibilities. Include the following: Who should be notified and when (emergency contact info for your ISP, your own senior management, customer service and PR managers)? What info needs to be collected and when, and where is it logged? What action needs to be taken to protect infrastructure or service? What is the escalation path for critical decisions? Communicate the DDoS plan It’s not enough to have created a DDoS plan, but you need to share it and staff needs to know exactly when to initiate a DDoS response. It should be part of orientation for new staff, with hard copies at stations and version in your wiki or online shared resources. Run drills periodically, including contacting your ISP. Partner when necessary If an attack is beyond the capabilities of your team or your ISP, make sure you have done your research and know which expert you want to call. There are companies whose sole expertise is preparing for and defending against sophisticated and large scale DDoS attacks. Make sure you understand your needs and vendors’ service offerings beforehand so that when the need arises, you will have taken that difficult decision-making process out of the equation. Source: http://www.techradar.com/news/software/security-software/why-having-a-ddos-playbook-is-essential-for-your-organisation-1232315

View original post here:
Why having a DDoS Playbook is essential for your organisation