Tag Archives: defend against ddos

DDoS dilemmas: how far can you predict attacks, and what can be done?

Distributed Denial of Service (DDoS) attacks are back in the news; it seems that barely a month goes by without media reports of a website or service being brought down by a DDoS attack. Sony’s PlayStation Network again became the victim of such an attack recently, while hacking group Anonymous is on a disabling offensive of extremist websites. DDoS attacks can come in a variety of shapes and sizes. However, the aim of a DDoS attack is always the same: to saturate a server with so many requests that it simply cannot cope, leaving legitimate users unable to connect. Attackers will sometimes use their own network of computers to launch DDoS attacks, but what is now more common is for them to use a network of PCs across the world that have been infected with malware that is capable of joining in a DDoS attack without the owner’s knowledge. We’ve written before about the easy availability of DDoS attack kits, which anyone can download and use to launch their own attacks. DDoS attacks were one of the primary methods used by Anonymous and LulzSec to tackle their victims: the Vatican, the Church of Scientology, the Australian government were all hit, as were Amazon, PayPal, MasterCard and Visa in response to their perceived lack of support for whistleblowing website WikiLeaks. Some of these big name companies could perhaps have predicted a DDoS attack was on its way; taking a stance against Anonymous would often leave a company in its firing line. In fact, Anonymous often warned targets that an attack was imminent. But for many other businesses, predicting a DDoS attack is difficult, and the results can be disastrous: loss of revenue-generating applications as well as reputational damage can negatively impact a business for years. Why would a company be a target for DDoS attacks? Hacktivism is certainly one reason, competition with rival businesses is another. But beyond that, it is tough to establish whether a business is at risk and, if so, from whom? With the exception of the aforementioned Anonymous messages, DDoS attacks can start without warning. So while predicting an attack may be difficult, protecting against one is less so. There are ways a company can keep its applications, services and even its whole network online without stopping legitimate traffic. A sophisticated firewall manager, application security manager and local traffic manager combined provide the protection needed to mitigate DDoS attacks, from blocking attack traffic to re-routing legitimate requests to ensure uptime. Analysis is also key: understanding who is attacking you, as well as how and why, can help prevent an attack from causing too much damage and can help protect against future attacks. Establishing which layer is being attacked (application, network or session, for example) will help a company know where to focus its resources, and intelligent firewall management will be able to inspect all traffic coming into a network and stop traffic that is coming from a DDoS attack. Source: http://memeburn.com/2015/01/ddos-dilemmas-how-far-can-you-predict-attacks-and-what-can-be-done/

Continue reading here:
DDoS dilemmas: how far can you predict attacks, and what can be done?

The Dirty hit by DDoS attack

The FBI is on the hunt for hackers who shutdown Nik Richie ‘s website The Dirty … and the reality star tells us he’s hemorrhaging money. The Dirty has been down for weeks after a team of hackers began hitting the site with a DDoS attack — which basically floods a server with so many requests it shuts down. Nik tells us he contacted FBI investigators and they’re on the case. Richie says he’s lost $250-300K this month alone in Super Bowl ads he couldn’t deliver. He’s also losing out because of cancelled appearances because he promotes them on his site. Nik is blunt … “These hackers are hypocrites. My website promotes free speech. F****** losers.” Source: http://www.tmz.com/2015/01/20/the-dirty-hacked-nik-richie-fbi-investigation-ddos-attack/

Continue Reading:
The Dirty hit by DDoS attack

French DDoS attacks spike after terror protest

The firm leveraged its Arbor Atlas initiative, which receives anonymised internet traffic and DDoS event data from 330 internet service providers (ISPs) worldwide, to view events in France in the days after the protest, which was in response to the Charlie Hebdo shootings that left 20 people dead. The magazine was targeted by ISIS sympathisers and others unhappy with the satirical magazine’s ridiculing of Islam, including its depiction of the Prophet Muhammed. The publication also satirised other religions. Comparing the DDoS attacks between January 3-10 and 11-18, the US security firm found that there were 1,342 unique attacks – an average of 708 attacks a day – during the two week period. However, the firm noted in a recent blog post that the number of DDoS attacks after the march rose by 26 percent with the average size of DDoS attack growing 35 percent. In the eight days prior to the attack, the average size was 1.21Gbps but this later increased to 1.64Gbps. The vast majority of these DDoS attacks were low-level although the number of attacks larger than 5Gbps did double in the days after the protest. Arbor reports that one attack measured as high as 63.2 Gbps on January 11. “This is yet another striking example of significant online attacks paralleling real-world geopolitical events, wrote Arbor’s threat intelligence and response manager Kirk Soluk. Speaking to SC after it first emerged that ‘thousands’ of French websites were facing cyber-attacks, Corero Network Security CEO Ashley Stephenson said that DDoS attacks were increasingly being used as an attack tool during international conflicts. “Whatever the motivation – cyber-terrorism, retaliation, religious incitement, radicalisation… It is clear that modern conflicts will be fought in the cyber-world as well as the real world,” he said via email. “The internet should be better protected against all of these associated cyber-threats. Increasingly we are seeing DDoS used as a tool in and around these conflicts and we should be prepared to institute increased cyber-security to protect this vital resource.” Last week, Admiral Arnaud Coustilliere, head of cyber-defence at the French military, said that about 19,000 French websites had faced cyber-attacks in the days after the shootings, although one source closely connected with the clean-up operation for some of these sites later told SC that hacking groups from Tunisia, Syria, Morocco, the Middle East and Africa had largely ignored DDoS as an attack vector because such attacks “didn’t work”. Instead, Gérôme Billois, senior manager of Solucom, said that these groups – also believed to often be ISIS sympathisers – had looked to scan thousands of websites to identify and exploit common WordPress, Joomla and other content management system (CMS) vulnerabilities. Source: http://www.scmagazineuk.com/french-ddos-attacks-spike-after-terror-protest/article/393796/

Read this article:
French DDoS attacks spike after terror protest

City of Fort Lauderdale Spends $430,000 on Cyber Security After DDoS Attack from Anonymous

After getting hacked by cyber activist group Anonymous last month for its homeless laws, the City of Fort Lauderdale beefed-up its cyber security network with a hefty $430,000 worth of improvements. But city officials say it wasn’t the Anonymous attack that made them spend almost half a million dollars on computer upgrades – they were planning on doing it anyways. Back on December 1, hacktivists attacked the city’s main website – fortlauderdale.gov – and the Fort Lauderdale PD’s website – flpd.org – with a distributed denial-of-service (DDoS) hack, which bombarded the websites with so much traffic that they had to shut down. The attack only lasted a few hours, however, and the sites were back up by evening. In a video warning of the attack, a masked hacker wearing the Guy Fawkes mask that has become synonymous with Anonymous demanded that the city drop the three controversial ordinances in the next 24 hours. “It has come to our attention that Mayor John P. Seiler has become an embarrassment to the good law-abiding citizens of Fort Lauderdale,” the hacker says. “You should have expected us, Mayor John Seiler.” City officials hope the new upgrades will be able to prevent this and other types of attacks in the future. But Seiler is quick to point out that these plans were in the works before a group of hackers in plastic masks made good on a threat to shut down an entire city’s web presence if laws against feeding homeless people weren’t struck down. “Certainly, Anonymous probably expedited the work that needed to be done and probably exposed some areas that needed to be addressed,” Seiler tells the Sun-Sentinel . “I wouldn’t say that [the expense] was all tied to Anonymous in any way, shape, or form.” The vast majority of Fort Lauderdale’s computer upgrade bill is going for consulting and oversight. From the Sentinel : City manager Lee Feldman broke down the emergency expenses: $366,989 for specialized security consulting and oversight services; $45,398 for software licenses to manage and control computer activities; and $17,907 for hardware to strenghten the computer infrastructure. The City of Fort Lauderdale is just one of the latest victims of Anonymous’ DDoS attacks. Past victims include credit card giants Visa and Mastercard, as well as online payment system Paypal, which lost almost $6 million in 2010. The reason for the hack was because Visa, Mastercard, and Paypal decided to stop allowing people to donate to Wikileaks via its systems. Two of the three hackers, who are from the United Kingdom, were caught and sentenced to prison terms of seven months and eighteen months. And Fort Lauderdale isn’t the first city to be targeted by Anonymous DDoS attacks, either. That distinction is shared with Albuquerque’s police department, whose website was crashed in March, 2014 in retaliation for the police-killing of James Boyd, an unarmed, mentally ill homeless man who was shot to death. Source: http://blogs.browardpalmbeach.com/pulp/2015/01/city_of_fort_lauderdale_spends_430000_on_cyber_security_after_hacktivst_group_anonymous_attack.php

View article:
City of Fort Lauderdale Spends $430,000 on Cyber Security After DDoS Attack from Anonymous

LizardSquad’s DDoS tool falls prey to hack, exposes complete customer database

If you conceive a fire, you better prepare yourself to stray away from its flames. Maybe LizardSquad failed to learn this elementary lesson and underestimated the consequences that a rising popularity brings along. LizardSquad, the hacker group that earned its fame from Playstation and XBox web portals hack, last month mentioned the intentions behind its notorious activities saying that it just wanted to catch a little attention for its tool dubbed “Lizard Stresser”. Lizard Stresser is a tool developed by Lizard Squad which holds the potential to execute similar DDoS attacks that the group made on PlayStation and Xbox websites. Now reports have surfaced that the tool that was supposed to hack other websites, has fallen prey to a powerful attack, revealing all of the customer’s information who registered themselves to get access to the tool. Well, Lizard Squad isn’t the only player in this arena, that’s evident. A copy of the Lizard Stresser customer database obtained by KrebsOnSecurity says that it has more than 14,241 registered users during its first month of operation. Another interesting fact noticed from the hack and the leak is that Lizard Squad saved all registered usernames and passwords were in plain text. The registered clients are now under a potential threat as much as the sites they paid to take down. Their identities are not a secret anymore. Source: http://thetechportal.in/2015/01/18/lizardsquads-ddos-tool-falls-prey-hack-exposes-complete-customer-database/

Read this article:
LizardSquad’s DDoS tool falls prey to hack, exposes complete customer database

Outage that swept French news sites ‘was not a DDoS’

The outage looks to be linked to issues with the hosting provider rather than cyber criminals. Reports that major French news sites were taken offline this morning by a massive DDoS appear to be inaccurate. News websites including that of media group Mediapart; daily newspaper Libération; political magazine L’Express; and ZDNet.fr suffered significant outages on Friday morning. Problems began at around 8.30am CET and lasted for approximately an hour. It was initially feared the outage could be a DDoS linked to the recent Charlie Hebdo attack, where 10 journalists and two police officers were killed. According to reports citing Arnaud Coustilliere, head of cyberdefense for the French military, DDoS attacks have been carried out against thousands of French websites by “Islamic hacker groups” following the Charlie Hebdo attack. However, in the case of today’s incident, the cause is thought to be a more straightforward one. Oxalide, the hosting provider used by the news companies, tweeted this morning that it was investigating the cause of the incident which went “right to the heart of our network”. Around an hour later, the company’s Twitter account said that the cause of the problem had been identified and that some services were beginning to become functional once again. Over an hour later, the company confirmed that a DDoS was not thought to be behind the attack. The company added that it will provide an update as to the cause of the outage to customers by early afternoon. According to a report published this week by European security body ENISA (European Agency for Network and Information Security), the number of DDoS attacks businesses suffered last year has significantly since 2013. Source: http://www.zdnet.com/article/outages-that-swept-french-news-sites-was-not-a-ddos/

See the original post:
Outage that swept French news sites ‘was not a DDoS’

Thousands of French Websites Face DDoS Attacks Since Charlie Hebdo Massacre

Nineteen thousand French websites have been attacked since the Charlie Hebdo terrorist attacks last week, according to French military head of cyberdefense Adm. Arnaud Coustilliere. The attacks have been carried out by a variety of hackers, including “more or less structured groups” and some well-known Islamic groups, Coustilliere said. Most have been minor DDoS attacks, carried out on sites for everything from military regiments to pizza shops. “What’s new, what’s important, is that this is 19,000 sites — that’s never been seen before,” the Associated Press quoted Coustilliere as saying. “This is the first time that a country has been faced with such a large wave of cyber-contestation.” The Huffington Post published a story earlier this week on Algerian hackers attacking French sites in response to the publication of offensive images by the French magazine. Those hackers included members of a group called Anonymous Algeria, though the similarly named group Anonymous explicitly expressed support for Charlie Hebdo while vowing to disrupt terrorist websites. Coustilliere characterized the attacks as a response to the public outpouring of support for free speech and the victims of the attack. Arbor Networks counted 1,070 DDoS attacks in a 24 hour period this week, CBC said. For comparison, Arbor says the US hosts 30 times more sites and suffered four times more attacks, meaning French sites are roughly 750 percent more likely to be attacked. Jihadist hackers also hacked US military social media accounts on Monday, and the intersection of hacking with the revived “war on terror” promises to further muddy a whole raft of long awaited regulatory reforms related to internet communication and security. The European Union and UK have both suggested more monitoring of internet communication is necessary since the attacks. Source: http://www.thewhir.com/web-hosting-news/thousands-french-websites-face-ddos-attacks-since-charlie-hebdo-massacre

More:
Thousands of French Websites Face DDoS Attacks Since Charlie Hebdo Massacre

Anonymous launching DDoS attack against the Montreal Police for Their Treatment of Homeless People #OpSafeWinterMTL

Members of the hacktivist collective Anonymous have launched new protests in reaction to the dismantling of a homeless camp at Viger Square in downtown Montreal as part of a project they started last year dubbed #OpSafeWinterMTL. The group has executed one distributed denial of service (DDoS) attack against the Service de Police de la Ville de Montréal (SPVM) and occupied the square for a short time; members are calling for a permanent moratorium on police winter raids of homeless encampments. On January 7, without warning and in the middle of a cold snap—temperatures had dropped under -22 degrees Fahrenheit during the night—city crews bulldozed the encampment while SPVM officers watched. Last week, in an interview with the CBC, Montreal police spokesman Laurent Gingras argued that it’s a matter “of cleanliness, of public health,” and that the City had mostly collected garbage and soiled needles. “There was some good stuff in there,” said Jacques, 49, who returned to Viger Square on Monday after camping at the site for about three months. CBC’s footage from the dismantling clearly shows bulldozers piling up mattresses, blankets, pillows and sleeping bags. “This is all they have,” an Anonymous activist told VICE, outraged at how the Montreal government destroyed and confiscated all their belongings—including winter gear provided by Op Safe Winter Montreal activists on December 23. “This has nothing to do with public health, it has to do with aesthetics,” the activist said. “What’s actually a hazard is still on the floor,” They pointing out that used syringes were still lying around in a corner of the destroyed encampment site. The encampment is located in the lower downtown area, right across the street from the new Centre Hospitalier Universitaire de Montréal (CHUM) construction site and half a kilometer from City Hall and the tourist-friendly Old Montreal—leading some to believe that the camp’s removal had more to do with optics than public health and safety. Brutally removing the homeless population is nothing less than “an act of war against the poorest of the poor,” the activist told VICE. “The encampment was tolerated for a long time,” another Anonymous activist added, saying there was no reason to dismantle it in the middle of winter. SPVM Commander Vincent Richer insisted, however, that “the interventions that were made, in the context of extreme cold weather, were made with regards to the safety and health of homeless people.” He also noted that interventions with homeless people were made in partnership with health services and with the Old Brewery Mission, and that the material the city bulldozed was soiled and caught in the ice. In response to the city’s raid on the Viger Square homeless encampment, Anonymous launched a call for an occupation of the site and threatened the city of Montreal with attacks on its cyber infrastructure. “Anonymous will not stand by and allow the SPVM (Montreal police) and the City of Montreal to attack homeless camps in the middle of winter,” the hacktivist group stated in a January 11 press release. “We love this camp,” said one #OpSafeWinterMTL activist. “We want to help. We’ve got people ready to build a kitchen,” the other added. Two SPVM officers came by early Monday afternoon and took down all the signs that had been put up around the square. They told the activists that the occupation would not be tolerated. “Encampments have always been forbidden,” an officer named Fradette told both activists before she and her partner went to check out the site where homeless people had already started setting up a new camp. When the activists were told they would be evicted by nightfall, Anonymous launched a DDoS attack on the SPVM’s website, and successfully brought it down just before 5 PM. In recent years, Montreal police have been criticized for their questionable handling of the homeless population. A year ago an SPVM officer was caught on video threatening to tie a homeless man to a pole in the biting cold of January. A 2012 study showed that homeless people counted for 25 percent of all tickets gave out by the SPVM in 2010—a 7 percent increase from 2006. At Viger Square, Jacques told VICE, “Every week we get harassed by police… That’s not right.” SPVM officers have also been involved in the killing of several homeless men in mental health crises. A public coroner’s inquiry was launched this week into the shooting of Alain Magloire, who was gunned down on February 3, 2014, just a few blocks north of Viger Square. With an estimated homeless population of around 30,000, the homelessness crisis in Montreal is serious. In an attempt to alleviate the problem, last fall the city adopted an action plan on homelessness, which includes “reinforcing the exercise of citizenship.” “Raiding encampments and destroying precious cold weather gear belonging to the homeless is an act of war against the poorest of the poor,” Anonymous declared in its statement on Sunday, accusing Montreal of neglecting the needs most vulnerable population. The action plan adopted in September 2014 does involve creating a position of “homeless people’s protector” who would engage in regular consultation with homeless people and launch public consultations into issues of social profiling by the SPVM. But the watchdog for homeless people’s rights has yet to be appointed—and apparently Anonymous is attempting to step into that role instead. Source: http://www.vice.com/read/anonymous-has-targeted-montreal-police-for-their-treatment-of-the-homeless-283

See original article:
Anonymous launching DDoS attack against the Montreal Police for Their Treatment of Homeless People #OpSafeWinterMTL

The Evolution of Web Application Firewalls

Technological advances related to computing and the Internet have affected every one of us. The Information Revolution that the Internet has made possible is affecting society just as dramatically as the Industrial and Agricultural Revolutions of the past, but there is an unpleasant side to progress. Criminal use of the Internet, or hacking, is an unavoidable part of information technology development. Hackers have gained unauthorized and undesirable access to information, sometimes with far-reaching consequences. Innovations in hacking have in turn led to the development of protection methods and devices commonly known as web application firewalls (WAF) . An application firewall is a form of firewall which controls input, output, and/or access from, to, or by an application or service. It operates by monitoring and potentially blocking the input, output, or system service calls which do not meet the configured policy of the firewall. A Web Application Firewall does much more than a consumer’s computer firewall. Consumer-level applications work by blocking software access to certain ports. Web applications such as Apache, WordPress and Microsoft’s Office all require an extra level of protection against malicious users. WAFs offer this extra protection and work by analyzing all data passing through them and checking its conformity to pre-set rules. A WAF fulfills a web-user’s need to protect both internal and public web applications, whether locally (on-premises) or remotely (cloud-hosted), against unauthorized access attempts. These attacks revolve around hacking and illegal access to web applications. According to statistics, every year, cyber attacks are increasing by 30%, while successful breaches are increasing at twice that rate, 60% a year: In plain English, more attacks are getting through. Basic consumer-level cyber security measures are essential and are an urgent call on companies’ financial resources, but these are not enough. If a company has a website then that website must be protected using a WAF against unauthorized intrusion by hackers. The need to protect customers’ data is even more important than the need to keep the website live. If there is a security breach the negative effects of the attendant publicity and loss of trust are immeasurable. So how have application firewalls been evolving? Web application firewalls have been evolving rapidly and becoming more sophisticated with the objective of protecting websites and customer data from increasingly sophisticated attacks and unauthorized access. Hackers’ methods have become more devious and WAF sophistication has increased correspondingly as part of the information security industry’s fight back against criminals stealing data and malicious hacking. The more evolved and developed WAF solutions are capable of preventing attacks and unwanted intrusion on any website. Modern web application firewalls generally have default settings that give no false negatives and errors and all modern WAFs are designed to work perfectly without the need for any user knowledge of source code. A WAF has become crucial in detecting and preventing any attack that that is masquerading as network access by a legitimate user. Understanding interactions Web Application Firewalls need to do much more than just see the code: They need to be able understand every line of code passing through them and to evaluate any risk that it represents. This risk evaluation ability enables a WAF to analyze visitors based on reputation behaviors. The old adage of prevention being the best cure still holds true and is very relevant here. Instead of blocking an attack as and when it occurs, a WAF should see it coming by understanding and tracking visitor behavior. It should be proactive. More than In-Depth Inspection From the historical perspective of web application firewalls, they have always performed an in-depth inspection of any access routes to the protected sites. However, the modern evolution of web application firewalls comes with more than in-depth inspection of access routes in the sense that modern WAFs are deployed in-line in the form of reverse proxies. These are crucial in preventing any form of access log collection that may be used later to audit the protected site or perform any form of analysis on the protected web applications. Simplicity of use is vital, so the modern web application firewall has evolved to the extent that it can be deployed out of the box with no user setting changes necessary. New-age WAFs such as those from the aforementioned Incapsula are constantly learning and are able to stop threats that have never been seen before by analysis of their code and finding similarities to previous threats. They are updated frequently and monitoring is available on some plans to ensure maximum protection for your site and your customers. Modern firewalls have enabled an increase in firewall features that revolve around transparent proxy and bright modes, which can enable WAFs to easily integrate with other network security technologies such as vulnerability scanners, protection applications, distributed denial of service prevention, database security solutions, and web fraud detection. Another major noticeable evolution has to do with the fact that modern WAFs are perfectly packaged to include content caching, as well as web access management modules, which are specially designed to provide simple sign-in features, especially for distributed web applications. Concluding thoughts There are massive advances going on in the field of web application firewalls. Modern firewalls are perfectly devised to provide maximum protection against hacking, easy detection and filtering of both known and unknown threats, while at the same time, minimizing false alerts. Are you aware of the level of protection that your web application firewall offers? Does it protect you against a DDOS attack? Does it protect your customers’ login and credit card details adequately? Source: http://tech.co/evolution-web-application-firewalls-2015-01

Visit site:
The Evolution of Web Application Firewalls

Extratorrent down – Massive DDoS attack against popular torrent website

The worlds number 4 torrent website is down following a massive Distributed Denial of Service (DDoS) attack by unknown hackers. The website seems to have been down for 23 hours and seems to come online for little bit before throwing up a 503 service error. The Extratorrent admin took to Twitter to tell its fans about the DDoS attack ExtraTorrent was one of the more popular torrent websites in 2014. It has grown in size due to more traffic and has moved up again in the top 10, now placed as the 4th most-visited torrent site by torrent ranking websites. This success didn’t go unnoticed by rightsholders groups such as the MPAA who recently called out ExtraTorrent as one of the top pirate sites. The site was forced to trade in its .com domain for .cc this year, after it was suspended by its domain registrar. The Isitdownrightnow says that Extratorrent has been down for past 23 hours (now it says 4 minutes because the website sprang to live for few seconds before going down again While the admin says that its a DDoS attack by unknown hackers, the actual reason may be a takedown by authorities or a revenge DDoS by the music and movie companies. Earlier Sony had allegedly undertaken a similar kind of DoS attacks to stop the torrents sites from sharing the files from the massive hack attack. Reader may note that only two days back around 13 mega Hollywood movie screener versions were leaked and being shared on torrent websites. These movies are considered to be prime Oscar award contenders and it is though that one of the guild members or his/her associates may have leaked these screener versions. Source: http://www.techworm.net/2015/01/extratorrent-down-hackers-launch-ddos-attack.html

Taken from:
Extratorrent down – Massive DDoS attack against popular torrent website