Tag Archives: ddos

Russian banks floored by withering DDoS attacks

IoT blamed. Again. At least five Russian banks weathered days-long DDoS attacks this week.…

More:
Russian banks floored by withering DDoS attacks

5 major Russian banks repel massive DDoS attack

At least five Russian major banks came under a continuous hacker attack, although online client services were not disrupted. The attack came from a wide-scale botnet involving at least 24,000 computers, located in 30 countries. The attack began Tuesday afternoon, and continued for two days straight, according to a source close to Russia’s Central Bank quoted by RIA Novosti. Sberbank confirmed the DDoS attack on its online services. “The attacks are conducted from botnets, consisting of tens of thousands computers, which are located in tens of countries,” Sberbank’s press service told RIA. The initial attack was rather massive and its power intensified over the course of the day. “We registered a first attack early in the morning … the next attack in the evening involved several waves, each of them was twice as powerful as the previous one. Bank’s cybersecurity noticed and located the attack in time. There have been no problems in client online services,” Sberbank representative said. Alfabank has also confirmed the fact of the attack, but called it a “weak” one. “There was an attack, but it was relatively weak. It did not affect Alfabank’s business systems in any way,” the bank told RIA Novosti. According to Russian computer security company Kaspersky Lab, more than a half of the botnet devices were situated in the US, India, Taiwan and Israel, while the attack came from 30 countries. Each wave of attack lasted for at least one hour, while the longest one went on for 12 hours straight. The power of the attacks peaked at 660 thousands of requests per second. Some of the banks were attacked repeatedly. “Such attacks are complex, and almost cannot be repelled by standard means used by internet providers,” the news agency quoted Kaspersky Lab’s statement as saying. According to a source in Central Bank, the botnet behind the attack consists not only of computers, but also of the so-called Internet of Things (IoT) devices. Computer security experts note, that various devices ranging from CCTV cameras to microwaves, are prone to hacking and pose a significant threat when assembled into a botnet. Owners of such devices underestimate the risks and often do not even bother to change a default password. A massive botnet, able to send more than 1.5Tbps and consisting of almost 150 thousands of CCTV cameras has been reportedly uncovered in September. According to Kaspersky Lab, it was the first massive attack on Russian banks this year. The previous attack of such a scale came in October 2015, when eight major banks were affected. Source: https://www.rt.com/news/366172-russian-banks-ddos-attack/

Is government regulation the way to blunt DDoS attacks?

Government regulation is a sticky issue in any industry, perhaps even more in cyber security. Every time the government creates a rule or an obligation, goes the argument, it merely opens a hole to be exploited. Exhibit number one is the call for makers of any product with encryption to create a secure back door police and intelligence agencies can use to de-crypt possibly criminal communications. Of course there’s no such thing as an absolutely secure back door, so it will end up being used by criminals or nation states. I raise this because last week security expert Bruce Schneier again raised the issue of whether governments should step in to help give more protection against distributed denial of service DDoS attacks. It’s easy for attackers to build powerful DDoS botnets that leverage insecure Internet connected devices like consumer webcams, he argues, the most recent of which was the attack last month on U.S. domain name service provider Dyn Inc., which temporarily impaired the ability of a number of online businesses including Twitter. It doesn’t matter, Schneier argues, if DDoS attacks are state-based or not. The fact the software is so easily available to their build a botnot or buy it as a service that can pour 1 TB and more of data at a target is the threat. “The market can’t fix this because neither the buyer nor the seller cares,” he has written. One logical place to block DDoS attacks is on the Internet backbone, he says, but providers have no incentive to do it because “they don’t feel the pain when the attacks occur and they have no way of billing for the service when they provide it.” So when the market can’t provide discipline, Schneier says, government should. He offers two suggestions: –impose security regulations on manufacturers, forcing them to make their devices secure; –impose liabilities on manufacturers of insecure Internet connected devices, allowing victims to sue them. Either one of these would raise the cost of insecurity and give companies incentives to spend money making their devices secure, he argues. I’m not sure. For one thing litigation is a long and expensive process. How do I sue a company headquartered in another country (say, China) that sells devices used by a person in a third country (say, Brazil) which is part of a botnet assembled by a person in another country (say, the U.S.) used to attack me in Canada? There’s also the problem of defining secure. What can a manufacturer do if it forces creation a long password for a device, but users insist on insecure passwords (like “password123456879.”) Still, we need to discuss short-term solutions because, as Schneier points out, with the huge number of insecure Internet connected devices out there the DDoS problem is only going to get worse. Let us know what you think in the comments section below. Source: http://www.itworldcanada.com/article/is-government-regulation-the-way-to-blunt-ddos-attacks/388238

Link:
Is government regulation the way to blunt DDoS attacks?

Apocalypse now: The IoT DDoS threat

One of the things you learn about humanity, if you’re paying attention, is that “gold rushes” bring out the worse in us. When there are no constraints and there is a greed motivator, people will literally trample anyone or anything to get to the goods. Over the ages, literal and financial empires have been forged on this principle, and no matter when or for what particular gain, there has always been serious collateral damage. Despite … More ?

See the article here:
Apocalypse now: The IoT DDoS threat

Massive DDoS Attacks Disable Internet Access Throughout Liberia

British security researcher Kevin Beaumont recently reported that a series of massive cyber attacks using the Mirai DDoS botnet periodically disabled all Internet access throughout the country of Liberia. “Liberia has one Internet cable, installed in 2011, which provides a single point of failure for Internet access. … The attacks are extremely worrying because they suggest a Mirai operator who has enough capacity to seriously impact systems in a nation state,” Beaumont wrote. An employee at a Liberian mobile service provider told Network Worldthat the attacks were hurting his business. “It’s killing our revenue,” he said. “Our business has been targeted frequently.” Beaumont said it appears that the attacks, which targeted Liberian telecom operators who co-own the single Internet cable, were being used to test denial of service techniques. Given the volume of traffic, more than 500 Gbps, Beaumont said it appears that the botnet is owned by the same actor who hit the managed DNS provider Dyn on October 21, disabling websites across the U.S. Mikko Hypponen, chief research officer at F-Secure, told VICE News that those actors were probably… kids. “Kids who have the capability and don’t know what to do with it,” he said. Flashpoint director of security research Allison Nixon agreed with that assessment, stating in a blog post, “The technical and social indicators of this attack align more closely with attacks from the Hackforums community than the other type of actors that may be involved, such as higher-tier criminal actors, hacktivisits, nation states, and terrorist groups.” Still, NSFOCUS chief research intelligence analyst Stephen Gates told eSecurity Planet by email that attacks like these could have a real impact on tomorrow’s U.S. presidential election. While U.S. polling machines aren’t connected to the Internet, Gates said, some voter identification systems may be. “In some states, the voter ID must be checked before a voter can proceed,” he said. “If those systems are connected to the Internet to gain access to a database of registered voters, and they were taken offline, then would-be voters could not be verified.” “What that would mean to the election process is anyone’s guess,” Gates added. According to Nexusguard’s Q3 2016 DDoS Threat Report, the number of reflection-based DDoS attacks fell more than 40 percent during the third quarter of the year, while IoT-based botnets reached unprecedented speeds. The U.S. saw the most attack events in the third quarter, followed by China, Russia and the United Kingdom. “Few service providers can sustain the level of malicious traffic we saw in Q3 from IoT botnets, so these DDoS outages are causing companies to completely rethink their cybersecurity strategies,” Nexusguard chief scientist Terrence Gareau said in a statement. “Hackers’ preferences for botnets over reflection attacks are typical of cyclical behavior, where attackers will switch to methods that have fallen out of popularity to test security teams with unexpected vectors,” Gareau added. Source: http://www.esecurityplanet.com/network-security/massive-ddos-attacks-disable-internet-access-throughout-liberia.html

More:
Massive DDoS Attacks Disable Internet Access Throughout Liberia

How to protect your business from DDoS attacks

Increasingly, IT teams find themselves on the front lines of a battle with an invisible enemy. Cyber-threats and attacks continue to increase, with the anonymous intruders breaching large and small enterprises alike. Even with the most robust security strategies in place, continuous vigilance is required just to keep up with the ever-evolving tactics of intruders. A report by Imperva states that the UK is now the second most popular target in the world for DDoS attacks. With attacks increasing both in frequency and complexity, what do security professionals need to know when it comes to DDoS? Mitigate and minimise damage At least once a week, there is news about successful businesses being disrupted by these attacks and those are only the ones that are reported – many smaller companies suffer from DDoS offenders that we just don’t hear about. The number of attacks rose by 221 percent over the past year – underlining the need for an active DDoS defence. DDoS attacks work by flooding a website or domain with bandwidth until it breaks down under the weight of traffic. The best way for companies to mitigate against these sort of attacks is to have an accurate overview of the traffic and data feeds in the network. By using real-time data analytics, threats can be detected at an early stage and re-routed to scrubbing centres – thereby neutralising the attack before it has had the chance to do any real damage. Long-term protection and prevention It is crucial that security professionals not only think about the short term tactics to minimise cyber-attacks but also consider long term infrastructure protection when it comes to managing security and preventing future DDoS attacks. Cloud-based managed security services are an important tool to protect against cyber-attacks as they are used by a multitude of services and Internet service providers – providing extra levels of security and making it harder for the DDoS attack to reach their intended targets. In most cases, it is best to err on the side of caution when it comes to cyber-security. Adopting a “zero trust” approach to threats minimises the risk of a potential breach. Earlier this year, we saw the reputational damage caused to a major UK bank when one of their payment websites was brought down by a suspected DDoS attack. The UK’s position as a global leader in financial services makes it a high-profile and potentially very rewarding target for would-be cyber-criminals. However, it is not just financial services companies who are at risk. The UK has a sophisticated and fast growing digital economy, it is expected to account for 12.4 percent of GDP in 2016 – a substantial amount of money and traffic across all industries with an online presence at risk of DDoS attacks. It is now more important than ever for security professionals to have real-time data analytics in their defensive arsenal to detect and neutralise threats early on. The shared aspects of cloud technology can benefit companies with their multiple layers of security in place that can deter potential future attacks. We have seen the financial and reputational losses that can arise from it and how these attacks can affect major UK businesses. Real-time data and a sophisticated infrastructure network, capable of re-routing and quelling dangerous activity is the best way of mitigating against this increasingly prevalent threat. Source: http://www.scmagazineuk.com/how-to-protect-your-business-from-ddos-attacks/article/526297/

Read the article:
How to protect your business from DDoS attacks

Bookmakers William Hill under siege from DDoS internet flood

IT admins are having a hell of an evening? You can bet on it! Well, on another website William Hill is currently on the receiving end of a Distributed Denial of Service attack.…

Teen UK hacker pleads guilty after earning $385k from DDoS tool

Cops say net crims launched 1.7 million attacks from 15 year-old’s creation. A 19 year-old Hertfordshire man has pled guilty to running the Titanium Stresser booter service that offered distributed denial of service (DDoS)-as-a-service.…

See the original article here:
Teen UK hacker pleads guilty after earning $385k from DDoS tool

Gartner: Despite the DDoS attacks, don’t give up on Dyn or DNS service providers

Enterprises going it alone against such an attack ‘would have been toast The DDoS attacks that flooded Dyn last month and knocked some high-profile Web sites offline don’t mean businesses should abandon it or other DNS service providers, Gartner says. In fact, the best way to go is to make sure critical Web sites are backed by more than one DNS provider, says Gartner analyst Bob Gill. It’s also the easiest way for an enterprise to defend against this type of attack and the only one known to be effective . “There’s nothing more elegant anyone has come up with in the intervening week,” he says. The high-volume, high-velocity attack was based largely on a botnet backed by Mirai malware that finds and infects internet of things devices that are virtually defenseless against it. It has proven capable of DDoS traffic of 1Tbps or more and the source code has been made public, so experts say it’s certain there will be more such attacks. Before the Dyn attacks, DNS services were considered vastly more reliable in-house DNS, and it still should be, Gill says. “If an enterprise had been hit with the volume Dyn was they would have been toast,” Gill says. He says he has been briefed by Dyn about the Oct. 21-22 attacks, most of which he can’t discuss publicly. But he says those Dyn customers that recovered quickly were those who dual-sourced their DNS service. “A significant number of Dyn customers popped back up after 10 to 15 minutes,” he says, and likely they were the ones with more than one DNS provider. Downsides of multiple providers is they represent an extra expense and not all providers offer exactly similar features such as telemetry, local-based routing and fault tolerance. So switching from one to another in an emergency might be complicated and might mean winding up with a different set of features. Coordinating multiple providers is an added headache. If cost is a concern, businesses could use a DNS provider like Amazon Web Service’s Route 53 that is inexpensive, relatively easy to set up and pay-as-you-go, he says. Gill says the motivation for the attack is hard to know. Dyn was a very attractive target for many possible reasons. It had advertised its security, and that might have been considered a reason for a glory-seeking attacker to go after it and take it down. A Dyn researcher delivered a paper on the links between DDoS mitigation firms and DDoS attacks the day before Dyn was hit, so perhaps the attack was revenge. Dyn has many high-profile customers, so perhaps the real target was one of them. It’s impossible to know for sure what the motive was. Gill says Dyn has learned a great deal about how to successfully mitigate this new class of attack. In general, after such incidents, providers ally themselves with other providers to help identify and block malicious traffic at the edges between their networks. Attacks may result in identifying new profiles of attack traffic that make it easier to sort out bad from good in future incidents. Source: http://www.networkworld.com/article/3137456/security/gartner-despite-the-ddos-attacks-don-t-give-up-on-dyn-or-dns-service-providers.html

Original post:
Gartner: Despite the DDoS attacks, don’t give up on Dyn or DNS service providers

Can we extinguish the Mirai threat?

The recent massive DDoS attack against DNS provider Dyn has jolted (some of) the general public and legislators, and has opened their eyes to the danger of insecure IoT devices. It is clear by now that it will take joint action by all stakeholders – users, manufacturers, the security industry, ISPs, law enforcement and legislators – to put an end to this particular problem, but it will take quite some time. Theoretical stopgap solutions In … More ?

View post:
Can we extinguish the Mirai threat?