Tag Archives: ddos news

The evolution of DDoS attacks – and defences

Aatish Pattni, regional director, UK & Ireland, Link11, explores in Information Age how DDoS attacks have grown in size and sophistication over the last two decades. What is the biggest cyber-threat to your company? In April 2018, the UK’s National Crime Agency answered that question by naming DDoS attacks as the joint leading threat facing businesses, alongside ransomware. The NCA noted the sharp increase in DDoS attacks on a range of organisations during 2017 and into 2018, and advised organisations to take immediate steps to protect themselves against the potential attacks. It’s no surprise that DDoS is seen as such a significant business risk. Every industry sector is now reliant on web connectivity and online services. No organisation can afford to have its systems offline or inaccessible for more than a few minutes: business partners and consumers expect seamless, 24/7 access to services, and being forced offline costs a company dearly. A Ponemon Institute study found that each DDoS incident costs $981,000 on average, including factors such as lost sales and productivity, the effect on customers and suppliers, the cost of restoring IT systems, and brand damage. So how have DDoS attacks evolved from their early iterations as stunts used by attention-seeking teens, to one of the biggest threats to business? What techniques are attackers now using, and how can organisations defend themselves? Early days of DDoS The first major DDoS attack to gain international attention was early in 2000, launched by a 15-year-old from Canada who called himself Mafiaboy. His campaign effectively broke the internet, restricting access to the web’s most popular sites for a full week, including Yahoo!, Fifa.com, Amazon.com, eBay, CNN, Dell, and more. DDoS continued to be primarily a tool for pranks and small-scale digital vandalism until 2007, when a range of Estonian banking, news, and national government websites were attacked. The attack sparked nationwide riots and is widely regarded as one of the world’s first nation-state acts of cyberwar. The technique is also successful as a diversion tactic, to draw the attention of IT and security teams while a second attack is launched: another security incident accompanies up to 75% of DDoS attacks. Denial of service has also been used as a method of protest by activist groups including Anonymous and others, to conduct targeted take-downs of websites and online services. Anonymous has even made its attacks tools freely available for anyone to use. Recent years have also seen the rise of DDoS-on-demand services such as Webstresser.org. Before being shut down by international police, Webstresser offered attack services for as little as £11, with no user expertise required – yet the attacks were powerful enough to disrupt operations at seven of the UK’s biggest banks. Amplified and multi-vector attacks In October 2016, a new method for distributing DoS attacks emerged – using a network of Internet of Things (IoT) devices to amplify attacks. The first of these, the Mirai botnet infected thousands of insecure IoT devices to power the largest DDoS attack witnessed at the time, with volumes over a Terabyte. By attacking Internet infrastructure company Dyn, Mirai brought down Reddit, Etsy, Spotify, CNN and the New York Times. This was just a signpost showing how big attacks could become. In late February 2018, developer platform Github was hit with a 1.35 Tbps attack, and days later a new record was set with an attack volume exceeding 1.7 Tbps. These massive attacks were powered by artificial intelligence (AI) and self-learning algorithms which amplified their scale, giving them the ability to disrupt the operations of any organisation, of any size. Attacks are not only getting bigger but are increasingly multi-vector. In Q4 2017, Link11 researchers noted that attackers are increasingly combining multiple DDoS attack techniques. Over 45% of attacks used 2 or more different techniques, and for the first time, researchers saw attacks which feature up to 12 vectors. These sophisticated attacks are difficult to defend against, and even low-volume attacks can cause problems, as happened in early 2018 when online services from several Dutch banks, financial and government services were brought to a standstill. Staying ahead of next-generation AI-based attacks As DDoS attacks now have such massive scale and complexity, traditional DDoS defences can no longer withstand them. Firewalls, special hardware appliances and intrusion detection systems are the main pillars of protection against DDoS, but these all have major limitations. Current attack volume levels can easily overload even high-capacity firewalls or appliances, consuming so many resources that that reliable operation is no longer possible. Extortion by DDoS The next iteration of attackers set out to use DDoS as an extortion tool, threatening organisations with an overwhelming attack unless they meet the attacker’s demand for cryptocurrency. Notable extortionists included the original Armada Collective, which targeted banks, web hosting providers, data centre operators as well as e-commerce and online marketing agencies in Greece and Central Europe. Between January and March 2018, Link11’s Security Operation Centre recorded 14,736 DDoS attacks, an average of 160 attacks per day, with multiple attacks exceeding 100 Gbps. Malicious traffic at these high volumes can simply flood a company’s internet bandwidth, rendering on-premise network security solutions useless. What’s needed is to deploy a cloud-native solution that can use AI to filter, analyse, and block web traffic if necessary before it even reaches a company’s IT systems. This can be done by routing the company’s Internet traffic via an external, cloud-based protection service. With this approach, incoming traffic is subject to granular analysis, with the various traffic types being digitally ‘fingerprinted’. Each fingerprint consists of hundreds of properties, including browser data, user behaviour, and its origin. The solution builds up an index of both normal and abnormal, or malicious traffic fingerprints. When known attack patterns are detected in a traffic flow, the attack ‘client’ is blocked immediately and automatically in the cloud, before it even reaches customers’ networks – so that only clean; legitimate traffic reaches the organisation. However, regular traffic is still allowed, enabling a business to continue unaffected, without users being aware of the filtering process. The solution’s self-learning AI algorithms also help to identify and block attacks for which there is no current fingerprint within a matter of seconds, to minimise the impact on the organisation’s website or web services. This means each new attack helps the system improve its detection capabilities, for the benefit of all users. Furthermore, this automated approach to blocking attacks frees up IT and security teams, enabling them to focus on more strategic work without being distracted by DDoS attempts. In conclusion, DDoS attacks will continue to evolve and grow, simply because with DDoS-for-hire services and increasingly sophisticated methods, they are relatively easy and cheap to do – and they continue to be effective in targeting organisations. But by understanding how attacks are evolving and implementing the protective measures described here, organisations will be better placed to deny DDoS attackers. Source: https://www.information-age.com/evolution-of-ddos-123473947/

Read more here:
The evolution of DDoS attacks – and defences

Department of Labour denies server compromise in recent cyberattack

The government department says the attack did not expose any sensitive or confidential information. The South African Department of Labour has confirmed a recent cyberattack which disrupted the government agency’s website. In a statement, the Department of Labour said that a distributed denial-of-service (DDoS) attack was launched against the organization’s front-facing servers over the weekend. According to the department’s acting chief information officer Xola Monakali, the “attempt was through the external Domain Name Server (DNS) server which is sitting at the State Information Technology Agency,” and “no internal servers, systems, or client information were compromised, as they are separated with the relevant protection in place.” The government agency has asked external cybersecurity experts to assist in the investigation. DDoS attacks are often launched through botnets, which contain countless enslaved devices — ranging from standard PCs to IoT devices — which are commanded to flood a domain with traffic requests.  When the volume reaches peak levels, this can prevent legitimate traffic from being able to access the same resource, leading to service disruption. Some of the worst we have seen in recent times include the Mirai botnet, made up of millions of compromised IoT devices, which was powerful enough to disrupt online services across an entire country. With the rapid adoption of IoT and connected devices, including mobile products, routers, smart lighting and more, botnets have become more powerful. Unfortunately, many of our IoT products lag behind in security and the use of lax or default credentials, open ports, and unpatched firmware has led to botnets which automatically scan for vulnerable devices online and add them to the slave pool with no-one the wiser. In July, a threat actor was able to create a botnet 18,000 device-strong in only 24 hours. The botnet scanned the Internet for connected devices left unpatched against Huawei router vulnerability CVE-2017-17215. It is not known who is behind the DDoS attack against the government agency. However, News24 reports that hacker “Paladin” may be responsible. The individual reportedly tipped off reporters that the attack was taking place as a test for a “full-scale attack” due to take place in the future against another government website. Paladin is also believed to be responsible for DDoS attacks launched against SA Express, the country’s Presidency domain, and the Department of Environmental Affairs. Source: https://www.zdnet.com/article/department-of-labour-denies-server-compromise-in-recent-cyberattack/

View the original here:
Department of Labour denies server compromise in recent cyberattack

How to Protect Businesses Against DDoS Attacks

Security, for any business today, is important; we, at HackerCombat, have already reported on the rising costs of IT security on the global level. More and more business today invest heavily in security; they have started realizing that without security, it’s almost impossible for any business to flourish in today’s circumstances. We have arrived at a stage when businesses cannot handle security by simply relying on their ISPs. Proactive measures that businesses adopt for ensuring proper and better security really counts. Businesses today are often targeted by DDoS (Distributed Denial of Service) attacks, planned and executed by cybercriminals all the world over. Hence it becomes important that every business today is armed, in all ways possible, to combat DDoS attacks, in the most effective of manners. Let’s discuss how businesses can secure themselves against such attacks. Let’s begin by discussing how DDoS attacks happen and what they are, in the first place… DDoS Attacks: An Introduction The basic principle of a DDoS attack is this- a very large number of requests are sent from several points targeting a network or server, and that too in a very short span of time. This kind of bombardment causes an overload on the server, which consequently leads to the exhaustion of its resources. The obvious result is that the server would fail and sometime would even become inaccessible, thereby causing a total denial of service, hence the name Distributed Denial of Service attack. The main issue, however, is not that the server or network becomes inaccessible; on the other hand, it pertains to the security of the data stored in the network. A DDoS attack makes a server vulnerable and hackers can penetrate the information system and cause huge losses to the business that’s targeted. The cybercriminals behind a DDoS attack can thus make big money at the expense of the company that’s targeted. The motives behind DDoS attacks vary; such attacks could be carried out for political or financial gains, while some such attacks would have retaliation as the sole purpose. Those who look for political gains would target those who hold contradicting political, social or religious beliefs. Crippling them through a well-planned and well-executed DDoS attack would be the motive here. Retaliatory attacks happen when a botnet or a large cybercriminal network is dismantled and those who stood by the authorities need to be targeted. DDoS attacks that are carried out for financial gains follow a simple pattern. Those who want a business targeted would hire the services of cybercriminals who would carry out the DDoS attack. The hackers are paid for the work they do. Well, irrespective of the motive, the end result for the business that’s targeted is always the same. The network and online services become unavailable, sometimes for a short period and sometimes for a really long period of time, and data security also is at risk. How to protect a business from DDoS attacks ISPs may offer layer 3 and layer 4 DDoS protection, which would help businesses save themselves from many volumetric attacks. But most such ISPs fail when it comes to detecting small, layer 7 attacks. That’s why it’s said that businesses should not depend on their ISPs alone for protecting themselves against DDoS attacks. They should be set to implement measures that ensure comprehensive protection against DDoS attacks. Here’s a look at the different things that need to be done to combat DDoS attacks in the most effective of manners: Go for a good solution provider- There are many service providers who provide Layer 3, 4 and 7 protection against DDoS attacks. There are providers of all kinds, ranging from those that offer low-cost solutions for small websites to those that provide multiple coverages for large enterprises. Most of them would offer custom pricing option, based on your requirements. If yours is a large organization, they would offer advanced layer 7 discovery services with sensors to be installed in your data center. Well, always go for a good provider of security solutions, as per your needs. Always have firewall or IPS installed- Modern firewall software and IPS (Intrusion Prevention Systems) claim to provide a certain level of protection against DDoS attacks. The New Generation Firewalls offers both DDoS protection as well as IPS services and thus would suffice to protect you against most DDoS attacks. There, of course, are some other aspects that need to be kept in mind. Your New Generation Firewall might get overwhelmed by volumetric attacks and might not even suffice for layer 7 detections. Similarly, enabling DDoS protection on your firewall or IPS could even impact the overall performance of your system/network in an adverse manner. Use dedicated appliances that fight DDoS attacks- Today, there are many hardware devices that protect you from DDoS attacks. Some of these provide protection against layer 3 and 4 attacks while some advanced ones give protection against layer 7 DDoS attacks. Such appliances are deployed at the main point of entry for all web traffic and they monitor all incoming and outgoing network traffic. They can detect and block layer 7 threats. There are two versions of these hardware solutions- one for enterprises and the other for telecom operators. The ones for enterprises are cost-effective ones while the ones for providers are too expensive. Investing in getting such hardware appliances would always be advisable. It’s always good to go for devices that use behavior-based adaptation methods to identify threats. These appliances would help protect from unknown zero-day attacks since there is no need to wait for the signature files to be updated. Remember, for any organization, big or small, it’s really important today to be prepared to combat DDoS attacks. For any organization that has a web property, the probability of being attacked is higher today than ever before. Hence, it’s always good to stay prepared. Prevention, as they say, is always better than cure! Source: https://hackercombat.com/how-to-protect-businesses-against-ddos-attacks/

Visit link:
How to Protect Businesses Against DDoS Attacks

A DDoS Knocked Spain’s Central Bank Offline

In a distributed-denial-of-service (DDoS) attack that began on Sunday, 26 August, and extended into today, Spain’s central bank was knocked offline. While Banco de Espana struggled to fight off the attack, business operations were not disrupted, according to Reuters . “We suffered a denial-of-service attack that intermittently affected access to our website, but it had no effect on the normal functioning of the entity,” a spokeswoman for Banco de Espana wrote in an email. DDoS attacks interrupt services by overwhelming network resources. Spain’s central bank is a noncommercial bank, which means that it does not offer banking services online or on site, and communications with the European Central Bank were not impacted. “Worryingly, as of Tuesday afternoon their website remained offline despite the attack having started on Sunday. Whether this was as a result of an ongoing attack, recovering from any resulting damage or as a precaution pending a forensic investigation is not clear,” said Andrew Lloyd, president, Corero Network Security. “The recent guidance from the Bank of England (BoE) requires banks to have the cyber-resilience to ‘resist and recover’ with a heavy emphasis on ‘resist.’ The BoE guidance is a modern take on the old adage that ‘prevention is better than cure.’  Whatever protection the Bank of Spain had in place to resist a DDoS attack has clearly proven to be insufficient to prevent this outage.” To help mitigate the risk of a DDoS attack, banks and other financial institutions can invest in real-time protection that can detect attacks before they compromise systems and impact customer service. As of the time of writing this, the bank’s website appears to be back online. Source: https://www.infosecurity-magazine.com/news/ddos-knocked-spains-central-bank/

Read More:
A DDoS Knocked Spain’s Central Bank Offline

Sweden’s Social Democrats’ website hacked in attack linked to Russia and North Korea

The website of Sweden’s centre-left Social Democrats has been hacked for a second time, and the IP address responsible was linked to Russia and North Korea, according to the party’s IT provider. The hack was a distributed denial-of-service (DDoS) attack, meaning those responsible disrupted the site to make it unavailable to users. “This is serious. Citizens don’t have access to our site, the heart of our election campaign, where the information about our policies is,” the party’s head of communications, Helena Salomonson, told TT. The site was attacked at around 9pm on Monday, and was down for around six minutes in total, Salomonson said. The party has reported the incident to police. It’s the second time in around a week that the Social Democrats, currently part of the ruling coalition with the Green Party, have experienced an online attack, after a similar hack when they first launched their election campaign. On that occasion, the site remained down for several hours. “Denial-of-service attacks are quite hard to prevent,” Salomonson said. “Now we need to look over our preventative measures again.” The IP addresses behind the attack were linked to Russia and North Korea, according to information from the party’s IP provider, but Salomonson said: “It feels difficult to speculate about possible participants and motives.” Source: https://www.thelocal.se/20180822/swedens-social-democrats-website-hacked

Taken from:
Sweden’s Social Democrats’ website hacked in attack linked to Russia and North Korea

Alleged head of BitConnect cryptocurrency scam arrested in Dubai

BitConnect has been accused of operating an exit scam after duping investors out of millions of rupees. If it sounds too good to be true, it probably is — and certainly appears to have been the case when it comes to BitConnect, a folded cryptocurrency project that has been accused of scamming millions out of investors. BitConnect, touted as a “self-regulating financial system” which is part of the “cryptocurrency revolution,” used many buzzwords and the hype of celebrities to lure investors to participate, and also offered an incredibly high interest rate of at least one percent per day, leading many to believe it was a scam. Investors would “lend” funds in Bitcoin (BTC) to various projects and these funds were converted to the platform’s coin, BCC. Divyesh Darji, the Indian head of BitConnect and believed to be a core promoter of the scheme, has reportedly been arrested by the Gujarat Criminal Investigation Department (CID) after arriving in Dubai on his way from Ahmedabad. According to local publication the Financial Express, law enforcement believes that the promoters of BitConnect gained Rs 1.14 crore, roughly $14.5 million, from “thousands of investors” before the exchange closed its doors. BitConnect launched after India’s Prime Minister Narendra Modi demonetized 500 and 1000 rupee notes in the region. In 2016, 90 percent of the country’s financial transactions were made in cash and the change was apparently made in order (.PDF) to crack down on corruption, counterfeiters and so-called “black money,” otherwise known as undeclared income. The unexpected changes caused economic chaos. From farmers struggling to keep their businesses afloat to banks attempting to cope with floods of customers, India’s upheaval was severe — and while the country has pulled through, at the time, the option of a digital currency outside of the government’s grasp may have been extremely enticing. However, the dream of controlling currency outside of the government’s demonetization efforts and earning interest by the day did not last. In January, BitConnect closed its exchange platform, with all loans offered on the platform released — but all were converted to BCC rather than reverted to investors’ original Bitcoin. The price of BCC at the time was $363.62. However, now the system has closed and the founders are silent, the coin is worth $0.67, rendering the virtual asset effectively useless and leaving investors severely out of pocket. “The company was registered in the UK and had an office in Surat,” said DGP Ashish Bhatia of CID crime. “They launched their own ‘Bitconnect coins’ soon after demonetization. They promoted the company on social media and by holding gala functions in cities across the world. They lured investors with 60 percent monthly interest and incentives in the form of ‘referral interest.” The only exchange which still permits the trade of BCC is Trade Satoshi, which intends to delist the coin in September. BitConnect cited bad press, distributed denial-of-service (DDoS) attacks and US regulator scrutiny as reasons for the closure. Source: https://www.zdnet.com/article/alleged-bitconnect-head-arrested-in-dubai/

See the article here:
Alleged head of BitConnect cryptocurrency scam arrested in Dubai

The complete guide to understanding web applications security

MODERN businesses use web applications every day to do different things, from interacting and engaging with customers to supporting sales and operations. As a result, web applications are rich with data and critical to the functioning of the company – which means, special precautions must be taken in order to protect them from hackers. However, not all organizations or their applications are subject to the same level of threats and attacks. In an exclusive interview with Gartner’s Research Director Dale Gardner, Tech Wire Asia learns how businesses can best protect their web applications. Gartner splits attacks on web and mobile applications and web APIs into four categories: # 1 | Denial of service (DoS)  DoS is a specific subtype of abuse where the attacker’s goal is to disrupt the availability of the web application or service. In particular, this attack type covers volumetric attacks, which overwhelm network capabilities, and so-called “low and slow” attacks, which overwhelm application or service resources. # 2 | Exploits  Exploits take advantage of design, code or configuration issues that cause unintended behaviour of the application. Some common examples include SQL Injection (SQLi), cross-site scripting (XSS), buffer overflows, and various Secure Sockets Layer (SSL) and Transport Layer Security (TLS) manipulation attacks. # 3 | Abuse  Abuse covers many non-exploit types of attack that primarily take advantage of business logic. This includes scraping, aggregating, account brute-forcing, scalping, spamming and other — often automated — scenarios. # 4 | Access Access violations occur when an attacker or legitimate user takes advantage of weaknesses in the authentication (AuthN) or authorization (AuthZ) policies of a web application or service. Of the four categories, Gardner says only exploits can be potentially addressed with secure coding and configuration. The others require design-level considerations that cannot be reasonably compensated for in code. For example, although it’s arguably possible to defend against account takeovers in individual application code, it is much more economical and error-proof to do so in the identity and access management (IAM) system or another external capability. In an ideal world, the highest level of protection would be available at all times or as needed, but this isn’t feasible due to complexity and cost factors. And continuously providing the highest level of protection to all web assets can be an expensive proposition, both from economic and operational perspectives. Securing web applications and web APIs from attacks and abuse requires businesses to assess what level of protection is necessary. “Security teams must first pick a protection baseline. Then they must decide what extra protections are necessary to apply to specific assets,” recommends Gardner. When thinking of protecting web applications, security teams often first look to existing network technologies, such as next-generation firewall (NGFW) platforms and intrusion detection and prevention systems (IDPSs). But these do not provide strong-enough capabilities in any of the protection areas, warns Gardner. They are not easily integrated to intercept TLS and do not have the same signatures, rules, behavioral analysis and business logic insight as security solutions that focus on web applications and APIs. Organizations often first look at a “completely automated public Turing test to tell computers and humans apart” (CAPTCHA) when they suffer from abuse of functionality. But an always-on CAPTCHA creates user-experience hurdles for legitimate users, and it is also no guarantee to keep the abuser out (attackers keep finding ways to circumvent or solve many CAPTCHAs). Multifactor authentication (MFA) and out of band (OOB) challenges are often used to enable strong access control, as well as to try to thwart abuse. Unfortunately, they suffer from similar issues as CAPTCHA, and in addition are often complex and expensive to implement. Currently, no single security platform or solution implements the highest possible level of protection in each of the exploit, abuse of functionality, access violation and DoS mitigation categories. Some organizations will still be able to start with a single solution to address the biggest potential risks. But they often find themselves needing greater security capabilities over time due to changes in threats and the application landscape. Web application firewalls (WAFs) are broadly deployed, but buyers routinely express disappointment and frustration over factors such as accuracy, the ability to prevent attacks, the administrative overhead required to maintain attack detection profiles and price. Incumbent vendors have begun addressing emerging requirements, but many products still lag. The market for solutions to protect web applications will continue to grow, but given buyer dissatisfaction, vendors with innovative approaches and new product packaging will capture the bulk of new spending. Buyers are shifting to service-based offerings, and demand for infrastructure as a service (IaaS) deployable products is growing. These shifts pose risks, especially to incumbents, but also present opportunities for new offerings and greater growth. Gartner believes that by 2020, stand-alone WAF hardware appliances will represent less than 20 percent of new WAF deployments, down from 40 percent today. By 2020, more than 50 percent of public-facing web applications will be protected by cloud-based WAAP services that combine content delivery networks, DDoS protection, bot mitigation and WAFs, which is an increase from fewer than 20 percent today. Web applications, mobile applications, and web APIs are subject to increased numbers and complexity of attacks. Gardner, who will be speaking at the Gartner Security & Risk Management Summit in Sydney later this month explains what organizations must keep in mind when planning and implementing solutions: Public, limited-access external, and internal applications require different levels of security. No one capability covers all types of attack. No two capabilities have interchangeable protection efficacy. Some of the capabilities have strong overlaps in addressing specific attack subcategories. Enforcement of policy may be centralized or distributed (for example, use of micro-gateways). “As a result, a mix of capabilities, though not necessarily separate products, have to be put in place as a layered approach,” concludes Gardener. Considering the range of exploits and abuse that can occur with web and mobile applications and web APIs, technical professionals must leverage a mix of externalized security controls to deliver appropriate protection and alleviate burdens to development staff. Source: https://techwireasia.com/2018/08/the-complete-guide-to-understanding-web-applications-security/

Continue Reading:
The complete guide to understanding web applications security

DDoS attackers increasingly strike outside of normal business hours

DDoS attack volumes have increased by 50% to an average of 3.3 Gbps during May, June and July 2018, compared to 2.2 Gbps during the previous quarter, according to Link11. Attacks are also becoming increasingly complex, with 46% of incidents using two or more vectors. While attack volumes increased, researchers recorded a 36% decrease in the overall number of attacks. There was a total of 9,325 attacks during the quarter: an average of 102 attacks … More ? The post DDoS attackers increasingly strike outside of normal business hours appeared first on Help Net Security .

Read the original:
DDoS attackers increasingly strike outside of normal business hours

A botnet of smart irrigation systems can deplete a city’s water supply

Ben-Gurion University of the Negev (BGU) cyber security researchers warn of a potential distributed attack against urban water services that uses a botnet of smart irrigation systems that water simultaneously. The researchers analyzed and found vulnerabilities in a number of commercial smart irrigation systems, which enable attackers to remotely turn watering systems on and off at will. They tested three of the most widely sold smart irrigation systems: GreenIQ, BlueSpray, and RainMachine smart irrigation systems. … More ? The post A botnet of smart irrigation systems can deplete a city’s water supply appeared first on Help Net Security .

See original article:
A botnet of smart irrigation systems can deplete a city’s water supply