Tag Archives: defend against ddos

LulzSec Hackers Get Years Of Prison Time

Four men who took part in a significant number of cyber attacks on the likes of the NHS, Sony and the CIA received stern sentences today, following a lengthy trial into the activities of hacktivist crew LulzSec. News International and the UK Serious Organised Crime Agency (SOCA) were also hit by the hackers, who thought they were “latter-day pirates”, according to prosecutors speaking yesterday. Tough sentences for LulzSec Ryan Cleary, who was affiliated with LulzSec but not believed to be a leader, received the toughest sentence, with 32 months in prison. He let LulzSec members use his botnet to carry out distributed denial of service (DDoS) attacks. Cleary is also due to be sentenced over indecent images of children found on his computer at a later date. Ryan Ackroyd received a 30-month sentence for his part in researching and executing many attacks. Jake Davis, the spokesperson of LulzSec, is to serve 24 months in young offenders’ institution, whilst Mustafa Al-Bassamwas, who researched vulnerabilities for the attacks, was handed a 20-month suspended sentence of two years and 300 hours unpaid work. It is believed US law enforcement are keen to have some of the men extradited to face charges on US soil. However, Cleary’s legal team issued the following statement: “We believe the pleas that were entered today do cover all aspects of Mr Cleary’s criminality and therefore we do not anticipate that he will be in receipt of an application for extradition from the United States of America.” The notice, from Karen Todner Solicitors, also noted Cleary suffered from Aspergers Syndrome, but added he “does not seek to excuse his behaviour”. No laughing matter Charlie McMurdie, head of the Police Central e-Crime Unit, which carried out the investigation into the hackers alongside the FBI, said LulzSec had been “running riot, causing significant harm to businesses and people”. “Theirs was an unusual campaign in that it was more about promoting their own criminal behaviour than any form of personal financial profit,” added McMurdie, who is soon to retire from the force. “In essence, they were the worst sort of vandal – acting without care of cost or harm to those they affected, whether that was to cause a company to fold and so costing people their jobs, or to put at threat the thousands of innocent Internet users whose logins and passwords they made public. “They claimed to be doing it for ‘a laugh’ but real people were affected by their actions. Today’s convictions should serve as a deterrent to others who use the Internet to commit cyber attacks.” This might not be the denouement to the LulzSec saga, however, as hackers are threatening to take revenge. According to Sophos’ Graham Cluley, before the sentences were announced today, a group using the Twitter handle @LulzSecWiki said courts “could be in for ‘fun’” depending on their decision. Source: http://www.techweekeurope.co.uk/news/lulzsec-hackers-jailed-uk-116507

Taken from:
LulzSec Hackers Get Years Of Prison Time

Nationwide DDoS Attack Hits ReputationChanger.com

ReputationChanger.com was the most recent target in a string of high-profile cyber-attacks against U.S. web companies and governmental organizations. Reputation.com, LivingSocial and Name.com have all announced recently that they have been the targets of successful attacks by hackers. Tens of millions of consumers have been asked to change passwords in the wake of these attacks with large numbers of the population informed that personal data may have been accessed. A hack of the Associated Press account in Twitter resulted in a temporary loss on U.S. stock markets of $200 billion in late April. The U.S. Defense Department accused Chinese government-backed hackers this week of a sustained cyber campaign which successfully targeted governmental and defense contractor websites. The Chinese later denied these allegations. ReputationChanger.com was indeed targeted by an attack from a Chinese IP address that lasted most of the day. While the company’s public website was taken down for roughly half an hour in a distributed denial of service attack (DDoS), an investigation confirms that the company’s critical information — including client data — remained untouched. “The attack brought down our main website briefly but I think overall it revealed the strength and security of our operation in a way that we are truly proud of,” comments the company’s president, Michael Zammuto. “Because of the system set up, no client data was in danger of being accessed or compromised — and indeed, no client data was accessed or compromised. No action is required of any client although periodic password changes are always recommended.” Even a cyber-attack targeting the company’s Command Center, the firm’s online reputation management platform, could not have led to illicit data access. “The confidentiality of what we do is critical, and we are endlessly devoted to maintaining the complete privacy of our clients,” Zammuto offers. “As such, we have a highly distributed cloud system, response teams and processes in place to prepare for cyber threats.” Though the identity of the cyber assailant is yet unknown, Zammuto says the impetus for the attack is likely the high-profile client list that ReputationChanger.com maintains. “We were surely targeted because of the very important clients that we work with,” he affirms. ReputationChanger.com’s clientele encompasses governments, political figures, educational institutions, celebrities, and major, internationally-recognized businesses and brands. Despite the brief downtime experienced on the ReputationChanger.com website, Zammuto says that he is ultimately thrilled with how well the enterprise held up in the face of a malicious online assault. “I am very pleased with the performance of our network security team and partners,” he remarks. “It is a great reminder of how valuable investments are in these areas. They kept us safe from a vicious online enemy. It is because of their hard work and their expertise that ReputationChanger.com’s clients can rest assured that their confidential data is in the best possible hands.” ReputationChanger.com is the top rated online reputation management firm according to Top SEOs and was announced as a finalist for the Red Herring 100 earlier this week Both organizations citing the firm’s technology and its commitment to serving its clients. For protection against your eCommerce site click here . Source: http://online.wsj.com/article/PR-CO-20130509-912785.html?mod=googlenews_wsj

Visit link:
Nationwide DDoS Attack Hits ReputationChanger.com

Government Takes Precautions Over Expected ‘OpUSA’ Cyber Attack

RHONDA SCHWARTZ, PIERRE THOMAS and LEE FERRAN report: The Department of Homeland Security and the FBI are cautioning American government and financial institutions that they could be targets of a wave of cyber attacks Tuesday from Anonymous-linked hacktivists in the Middle East and North Africa. “The attacks will likely result in limited disruptions and mostly consistent of nuisance-level attacks against publicly accessible web pages and possibly data exploitation,” says an unclassified memo from the Department of Homeland Security, first obtained by the cyber security blog KrebsOnSecurity.com. In another memo, this one from the FBI’s Cyber Division and obtained by ABC News, 140 banks are listed as potential targets for the potential cyber attack campaign known as “OpUSA.” Threats against the targets were originally made weeks ago and posted publicly online in a rambling missive that also denounced American “war crimes” in Iraq, Afghanistan and Pakistan. Both U.S. government and industry analyses of the OpUSA threats have connected them to OpIsrael, a widespread but reportedly largely ineffective cyber attack targeting Israeli government and private websites last November. As in that attack, OpUSA hackers are expected to use distributed denial of service (DDoS) attacks to flood target websites with illegitimate traffic, potentially knocking them offline, a Department of Homeland Security official said. One industry analysis says that due to the “hive mindset” of groups like Anonymous, the attack’s effectiveness could be contingent on its popularity and perceived success. “Similarly, if the central actors appear to be largely failing in their efforts, other Anonymous actors may decide not to join in this operation,” the analysis says. Cyber security expert Mikko Hypponen of F-Secure told ABC News he expects that “something’s going to happen,” but likely not more than some websites being defaced or briefly knocked offline by the DDoS attacks. If it proves correct, Hypponen’s prediction would be a far cry from OpUSA’s original promise to wipe the U.S. “off the cyber map.” For protection against your eCommerce site click here . Source: http://abcnews.go.com/blogs/headlines/2013/05/government-takes-precautions-over-expected-opusa-cyber-attack/

Continued here:
Government Takes Precautions Over Expected ‘OpUSA’ Cyber Attack

5 Tips for Fighting DDoS Attacks

It should be the busiest day of the year for your business, but your website has just disappeared off the Internet and orders have dried up. If this happens to you, then you’ve likely just become yet another victim of a distributed denial of service (DDoS) attack. A basic denial of service attack involves bombarding an IP address with large amounts of traffic. If the IP address points to a Web server, then it (or routers upstream of it) may be overwhelmed. Legitimate traffic heading for the Web server will be unable to contact it, and the site becomes unavailable. Service is denied. A distributed denial of service attack is a special type of denial of service attack. The principle is the same, but the malicious traffic is generated from multiple sources — although orchestrated from one central point. The fact that the traffic sources are distributed — often throughout the world — makes a DDoS attack much harder to block than one originating from a single IP address. DDoS Attacks Bigger and Badder DDoS attacks are becoming an increasingly significant problem. According to the latest Quarterly Global DDoS Attack Report commissioned by DDoS mitigation company Prolexic, there’s been a 22 percent increase in the number of DDoS attacks carried out over the last 12 months. The attacks have also lasted longer, up 21 percent from 28.5 hours to 34.5 hours. And attacks have become far more intense, with the average attack bandwidth rising a staggering 691 percent from 6.1Gbps to 48.25Gbps. A March DDoS attack against anti-spam organization Spamhaus may have reached as much as 300Gbps, according to some reports. Studies from Arbor Networks and Akamai Technologies found similar increases in the number and intensity of DDoS attacks. “The barrier to entry of DDoS attacks in terms of cost has largely gone,” says Tim Pat Dufficy, managing director of ServerSpace, a hosting company and Internet service provider (ISP). “That means anyone can launch an attack: organized crime, a group of blackmailers, or just a disgruntled ex-employee or a competitor. And anyone can be the victim. One of our customers is a very small company that does training for people in the construction business, yet they came under attack for two weeks.” It used to be technically difficult to launch a DDoS attack, but now it’s possible to rent a botnet of tens or even hundreds of thousands of infected or “zombie” machines relatively cheaply and use these zombies to launch an attack. And as the Internet develops, home or office computers that have become zombies can make use of increasingly high bandwidth Internet connections. There are also pre-packaged or Web-based DDoS toolkits like Low Orbit Ion Cannon and RussKill that anyone with a minimal amount of know-how can use. So what can you do to protect yourself against DDoS attacks? Identify a DDoS Attack Early If you run your own servers, then you need to be able to identify when you are under attack. That’s because the sooner you can establish that problems with your website are due to a DDoS attack, the sooner you can start to do something about it. To be in a position to do this, it’s a good idea to familiarize yourself with your typical inbound traffic profile; the more you know about what your normal traffic looks like, the easier it is to spot when its profile changes. Most DDoS attacks start as sharp spikes in traffic, and it’s helpful to be able to tell the difference between a sudden surge of legitimate visitors and the start of a DDoS attack. It’s also a good idea to nominate a DDoS leader in your company who is responsible for acting should you come under attack. Overprovision Bandwidth It generally makes sense to have more bandwidth available to your Web server than you ever think you are likely to need. That way, you can accommodate sudden and unexpected surges in traffic that could be a result of an advertising campaign, a special offer or even a mention of your company in the media. Even if you overprovision by 100 percent – or 500 percent – that likely won’t stop a DDoS attack. But it may give you a few extra minutes to act before your resources are overwhelmed. Defend at Network Perimeter (if You Run Your Own Web Server) There are a few technical measures that can be taken to partially mitigate the effect of an attack — especially in the first minutes — and some of these are quite simple. For example, you can: rate limit your router to prevent your Web server being overwhelmed add filters to tell your router to drop packets from obvious sources of attack timeout half-open connections more aggressively drop spoofed or malformed packages set lower SYN, ICMP, and UDP flood drop thresholds But the truth is that while these steps have been effective in the past, DDoS attacks are now usually too large for these measures to have any significant effect. Again, the most you can hope for is that they will buy you a little time as an attack ramps up. Call Your ISP or Hosting Provider The next step is to call your ISP (or hosting provider if you do not host your own web server), tell them you are under attack and ask for help. Keep emergency contacts for your ISP or hosting provider readily available, so you can do this quickly. Depending on the strength of the attack, the ISP or hoster may already have detected it, or they may themselves start to be overwhelmed by the attack. You stand a better chance of withstanding a DDoS attack if your Web server is located in a hosting center than if you run it yourself. That’s because its data center will likely have far higher bandwidth links and higher capacity routers than your company has itself, and its staff will probably have more experience dealing with attacks. Having your Web server located with a hoster will also keep DDoS traffic aimed at your Web server off your corporate LAN, so at least that part of your business — including email and possibly voice over IP services — should operate normally during an attack. If an attack is large enough, the first thing a hosting company or ISP is likely to do is “null route” your traffic — which results in packets destined for your Web server being dropped before they arrive. “It can be very costly for a hosting company to allow a DDoS on to their network because it consumes a lot of bandwidth and can affect other customers, so the first thing we might do is black hole you for a while,” says Liam Enticknap, a network operations engineer at PEER 1 hosting. Tim Pat Dufficy, managing director of ISP and hosting company ServerSpace, agrees. “The first thing we do when we see a customer under attack is log on to our routers and stop the traffic getting on to our network,” he says. “That takes about two minutes to propagate globally using BGP (border gateway protocol) and then traffic falls off.” If that was the end of the story, then the DDoS attack would be successful. To get the website back online, your ISP or hosting company may divert traffic to a “scrubber” where the malicious packets can be removed before the legitimate ones are be sent on to your Web server. “We use our experience, and various tools, to understand how the traffic to your site has changed from what it was receiving before and to identify malicious packets,” explains Enticknap. He says PEER 1 has the capacity to take in, scrub and send on very high levels of traffic — as much as 20Gbps. But with levels of traffic comparable to those experienced by Spamhaus, even this scrubbing effort would likely be overwhelmed. Do have a DDoS plan in place with your ISP or hoster so that it can begin mitigation or divert your traffic to a mitigation specialist with the minimum delay. Call a DDoS Specialist For very large attacks, it’s likely that your best chance of staying online is to use a specialist DDoS mitigation company. These organizations have large scale infrastructure and use a variety of technologies, including data scrubbing, to help keep your website online. You may need to contact a DDoS mitigation company directly, or your hosting company or service provider may have a partnership agreement with one to handle large attacks. “If a customer needs DDoS mitigation then we divert their traffic to (DDoS mitigation company) Black Lotus,” says Dufficy. ”We do this using BGP, so it only takes a few minutes.” Black Lotus’s scrubbing center can handle very high levels of traffic indeed, and sends on the cleaned traffic to its intended destination. This does result in higher latency for website users, but the alternative is that they can’t access the site at all. DDoS mitigation services are not free, so it’s up to you whether you want to pay to stay online or take the hit and wait for the DDoS attack to subside before continuing to do business. Subscribing to a DDoS mitigation service on an ongoing basis may cost a few hundred dollars a month. If you wait until you need one, however, expect to pay much more for the service and wait longer before it starts to work. DDoS mitigation specialists include: Arbor Networks Black Lotus DOSarrest Prolexic VeriSign Source: http://www.esecurityplanet.com/network-security/5-tips-for-fighting-ddos-attacks.html

Follow this link:
5 Tips for Fighting DDoS Attacks

Charles Schwab website recovers after second day of cyber attacks

Charles Schwab Corp said it was the target of a cyber attack that prevented access to its website intermittently for about an hour on Wednesday, the second such attack in as many days, but that the problem had been resolved. Schwab, one of the largest U.S. brokerages, said on Tuesday afternoon it was that target of a distributed denial of service attack – an attack that floods websites with traffic in order to block access – that left clients unable to trade through the site for two hours. Phone service was available during both attacks, although responses were slower than usual due to the large number of people calling in, said Schwab spokesman Greg Gable. He said clients who believe they were affected by the outage can call 1-800-435-4000 to talk with a Schwab representative. The attacks did not impact client data or accounts, Gable added. Schwab said it is actively investigating the attacks but could not provide further information. The San Francisco-based company had 8.9 million active brokerage accounts and $2.1 trillion in total client assets at the end of the last quarter. For protection against your eCommerce site click here . Source: http://www.csmonitor.com/Business/Latest-News-Wires/2013/0424/Schwab-website-recovers-after-second-day-of-cyber-attacks

Original post:
Charles Schwab website recovers after second day of cyber attacks

This is what a DDoS attack looks like

By now, almost everyone has at least heard or seen the term DDoS. Unless you’re fairly geeky, however, you might not know what a distributed denial-of-service attack is or how one works. Even if you are a dyed-in-the-wool geek, chances are you don’t know what a DDoS attack looks like . Thanks to the security staff at VideoLan, developers of the highly popular VLC media player, you can now catch a glimpse. This is what it’s like to be on the receiving end: According to VideoLan’s Ludovic Fauvet, the servers at get.videolan.org have been dealing with around 400 requests every second. A pattern was quickly identified in the attacks, however, which allowed Fauvet and his teammates to cut the bad guys off at the pass. By singling out a common user agent, they’ve been able to tweak Nginx to leave those connections lingering in limbo. Right now, the DDoS requests aren’t accomplishing anything more than generating HTTP 403 errors. Prior to fortifying their defenses, the VideoLan crew was seeing around 200 downloads of VLC every second — which totalled nearly 30Gbps. Here’s a quick comparative: the massive DDoS that took down Wikipedia was pushing about 10 gigabits every second. So who’s behind the attack on VideoLan and what’s the motivation? That’s not known just yet, but thankfully the team in France should be able to plug away in the interim. They won’t let something like a DDoS stand in the way of delivering that fancy, new Windows 8 app to their backers. For protection against your eCommerce site click here . Source: http://www.geek.com/news/vulnerability-in-ruby-on-rails-could-bring-200000-sites-down-1535400/

Taken from:
This is what a DDoS attack looks like

DDoS Attack Strikes Take EU Banks Offline

Distributed-denial-of-service attacks against banking institutions are becoming a global concern, and experts say many organizations outside the U.S. financial-services sector are ill-equipped to defend themselves. DDoS strikes have taken down online-banking sites in Northern Europe in recent days and weeks, several security experts say. Scott Hammack , CEO of DDoS-mitigation provider Prolexic, says institutions in the Netherlands appear to be among the most recently targeted, but banking institutions throughout Europe have been hit within the last several months. Energy companies also have fallen victim, he says. But experts say the attacks being waged against European banks are not linked to Izz ad-Din al-Qassam Cyber Fighters , the hacktivist group that since September has been striking leading U.S. banks. And some experts believe fraud is the motive behind the attacks waged in Europe. Northern European Targets Hammack would not name which European organizations had been targeted. Carl Herberger of online-security firm Radware, which specializes in DDoS mitigation, says six Northern European banking institutions have been targeted in the last two to three weeks, and attacks continue. “From our perspective, based on the traffic we see, it’s only been about a half-dozen hit, and it’s been mostly banks and e-commerce sites,” he says. “They’re all located in continental Northern Europe – the EU epicenter or power areas in the EU.” Herberger also would not provide names of the targeted banks. But ING confirms in a statement that was available on its website April 19 that its online- and mobile-banking platforms had earlier been inaccessible because of a DDoS attack. In a separate statement issued April 5 by the Dutch Banking Association , ING’s outages also were mentioned. “All this was the result of a very wide range of Internet traffic on the websites of banks, called a DDoS attack, where both Dutch and foreign banks [were] affected by the encounter,” the banking association states. ENISA , the European Network and Information Security Agency, on March 13 issued a warning to European business about the increasing risk of cyber-attacks, but spokesman Ulf Bergstrom says few banks and Internet service providers have adequately heeded the warning. ENISA has longstanding standards that address DDoS risks, Bergstrom notes. But most organizations have failed to make online protections a priority, he contends. “The ISPs are either unaware of these standards that have existed for 13 years, or they do not deem they can muster the costs to apply them,” he says. “Banks also do not always go for the best solutions, but cheaper security solutions. It depends if it’s easier to pay off one person who is hit by cyberfraud.” A Different Kind of Attack Herberger and others say the attacks in Europe are different than the DDoS campaigns waged against U.S. banks. “The attacks are not of the same signatures as Operation Ababil,” he notes, referring to the campaigns being waged by Izz ad-Din al-Qassam Cyber Fighters against U.S. banking institutions. “The attacks don’t match the current attack profiles we see from Operation Ababil,” he adds. “They are less sophisticated, less pervasive and less aggressive. Nevertheless, for institutions that have endured attacks of this nature, they have been trying.” Other experts also say the botnet used by Izz ad-Din al-Qassam Cyber Fighters has not been linked to attacks in Europe. And the motives for the attacks in Europe could be more about fraud than hacktivism, they add. John Walker , chairman of ISACA’s Security Advisory Group in London who in September said European banks were not prepared to defend themselves against DDoS, says the attacks being waged now likely have a monetary motivation. “I know in two cases extortion was involved,” he says. Herberger says the attack patterns in Europe are still being analyzed at Radware, but that it does seem the attacks in Europe are being waged for more than annoyance. “The attacks seem to be directed against integrity-based interests,” he says. “There’s no evidence yet that there has been a data loss; but once you violate integrity systems, you can get anything you want.” But the greater worry, Herberger says, is the apathy among European banks when it comes to addressing DDoS risks. “Around the world, everyone has viewed this as an ‘Ugly American’ problem,” he says. “But these attacks are hitting more than banks, and it’s been more than one country.” For protection against your eCommerce site click here . Source: http://www.bankinfosecurity.com/ddos-strikes-take-eu-banks-offline-a-5701/p-2

Read the original:
DDoS Attack Strikes Take EU Banks Offline

Reddit Is Targeted with a DDoS Attack

The challenge with DDoS attacks like the one that hit Reddit is separating malicious traffic from legitimate, said security analyst Alex Horan. “If you wait until the traffic hits your site to make that distinction, it is too late. You are wasting processing time and bandwidth making that determination,” he said. Reddit got a black eye this week after being hit with a distributed denial of service (DDoS) attack Friday morning. The attacks left the site dark for a while and with spotty service well into the afternoon. “Having some technical difficulties right now. We’ll be back ASAP,” the @redditstatus Twitter feed reported before sunrise on the East Coast Friday morning. About 6:30 a.m., the site noted it was “working on mitigating a malicious DDoS attack.” Within 30 minutes, the site seemed to be up and running again but some of the functions were still hurting from the fallout. The Whys and Hows Alex Horan, senior product manager at Core Security, said the important point about DDoS is the initial ‘D’ for Distributed. In other words, Reddit could not easily distinguish between legitimate traffic and attack traffic. “If you wait until the traffic hits your site to make that distinction, it is too late. You are wasting processing time and bandwidth making that determination,” he said. “You need to work with the downstream Internet providers to make that distinction as close to the source of each of the nodes participating in the attack and drop the traffic there. This, in theory, could make the whole Internet faster, as less of this malicious traffic would make it to the shared information superhighway.” Horan said understanding the motive of the attackers is useful for the general community. Of course, he added, consumers shouldn’t necessarily change our behavior because of the threat of a DDoS. “It is important to learn the whys and the hows of these attacks and attackers so we can better anticipate what actions might provoke them,” he said, “so we can be forewarned — and technically what actions they will take so we can apply the right defenses — be forearmed.” Sending a Message? Richard Westmoreland, lead security analyst for the Security Operations Group at SilverSky, said DDoS attacks are normally launched to send some form of a message and can vary greatly in terms of their sophistication. “It has been widely speculated in federal circles that due to the sheer mass and complexity of these recent attacks that they are the result of an escalating cyber war with Iran. DDoS attacks have become the preferred and paid weapon for many politically motivated groups,” Westmoreland said. “This is both a scary and positive aspect to these types of attacks. The negatives are that they are perpetrated by professionals who have the skills and resources to effectively launch these attacks, and there is little that can be done to stop them. The consolation is that these attacks are generally shorter in duration before moving on to other targets.” For protection against your eCommerce site click here . Source: http://www.sci-tech-today.com/news/Reddit-Is-Targeted-with-a-DDoS-Attack/story.xhtml?story_id=10300BI2ZXIA&full_skip=1

View original post here:
Reddit Is Targeted with a DDoS Attack

DDoS Attack Bandwidth Jumps 718%

Distributed denial-of-service study finds increase in attack quantity and severity, while most attacks continue to originate from China. The average bandwidth seen in distributed denial-of-service (DDoS) attacks has recently increased by a factor of seven, jumping from 6 Gbps to 48 Gbps. Furthermore, 10% of DDoS attacks now exceed 60 Gbps. Those findings come from a new report released Wednesday by DDoS mitigation service provider Prolexic Technologies, which saw across-the-board increases in DDoS attack metrics involving the company’s customers. “Average packet-per-second rate and average bit rate spiked in the first quarter and both are growing at a fast clip,” said Prolexic president Stuart Scholly in a statement. “When you have average — not peak — rates in excess of 45 Gbps and 30 million packets per second, even the largest enterprises, carriers and, quite frankly, most mitigation providers, are going to face significant challenges.” In the first three months of 2013, 77% of DDoS attacks targeted bandwidth capacity and routing infrastructure, while 23% were application-level attacks that didn’t overwhelm targeted networks through packet quantity, but rather by disrupting critical applications or processes running on a server. The report also found that between the fourth quarter of 2012 and the first quarter of 2013, the total number of attacks increased marginally — by only 2% — while attack duration increased by 7%, from 32.2 hours to 34.5 hours. But the greatest number of DDoS attacks continue to be launched from China, although the volume of such attacks has recently declined. While 55% of all attacks came from China at the end of last year, by March 2013 that had dropped to 41%, followed by the United States (22%), Germany (11%), Iran (6%) and India (5%). The source of attacks doesn’t mean that a country’s government or even criminal gangs are directly responsible for launching DDoS campaigns. For example, the Operation Ababil bank disruption campaign being run by al-Qassam Cyber Fighters relies in part on hacking into vulnerable WordPress servers and installing such DDoS toolkits as “itsoknoproblembro” — aka Brobot. Attackers then use command-and-control servers to issue attack instructions to the toolkits, thus transforming legitimate websites into DDoS launch platforms. Given that situation, it’s no surprise that China, the United States and Germany — which all sport a relatively large Internet infrastructure — are also tops for DDoS attack origin. But Prolexic’s report said it’s odd that Iran, which has a very small Internet architecture by comparison, should be the source of so many attacks. “This is very interesting because Iran enforces strict browsing policies similar to Cuba and North Korea,” according to Prolexic’s report. As DDoS attack sizes increase, so do fears of an Armageddon scenario, in which the attack not only disrupts a targeted site, but every site or service provider in between. According to Prolexic’s report, the largest single attack it’s mitigated to date occurred in March, when an “enterprise customer” was hit with an attack that peaked at 130 Gbps. While that wasn’t equal to the 300 Gbps attack experienced by Spamhaus, it still represents well more than most businesses can handle, unless they work with their service provider or third parties to build a better DDoS mitigation defense. On that front, some businesses tap dedicated DDoS mitigation services from the likes of Arbor Networks, CloudFlare, Prolexic and Verisign. “There are a number of DDoS mitigation technologies out there, and we see organizations that are deploying the technologies in their own infrastructure and in their own environments,” as well as working with service providers, said Chris Novak, managing principal of the RISK Team at Verizon Enterprise Solutions, speaking recently by phone. “Like so many things in the security space, the layered approach is the most effective for most organizations,” he said. For protection against your eCommerce site click here . Source: http://www.informationweek.com/security/attacks/ddos-attack-bandwidth-jumps-718/240153084

Follow this link:
DDoS Attack Bandwidth Jumps 718%

WordPress Websites Target of Hacker Attack

Many websites built on the blogging and content management system WordPress are currently under attack by a group of hackers attempting to gain access to the sites to use them in Distributed Denial of Service (DDOS) attacks. The infected machines are then, in turn, attempting to gain access to other WordPress installations, to quickly grow the size of the botnet. Security experts say this is one of the most robust WordPress attacks to date, and the hackers have succeeded in building a very strong botnet of infected systems. There are currently nearly 100,000 IP addresses in use by the infected systems, and this could grow as the hackers turn additional WordPress installations into subservient systems. Two popular managed hosting services, HostGator and Resellers Panel are undergoing a very heavy attack by the botnet right now – both services specialize in WordPress hosting packages. Hackers are bute-force punching their way into the WordPress backend by trying 1,000 – 2,000 password combinations against the “admin” username on WordPress systems. WordPress users with easy-to-guess passwords are at the most risk for having their systems compromised. To avoid having your WordPress instances violated, John Dolan, a freelance security expert, suggests that users go into their WordPress settings “right now, as soon as possible, and update their passwords,” he said. “It should be changed to a complex password, not a dictionary word, and it should use a mixture of capital and lowercase letters, as well as numbers and another character, like a question mark, for example.” In addition to making sure your password is secure, Dolan also recommends that WordPress users look into a service like CloudFlare, an online security vendor that monitors your website’s incoming traffic and deflects attacks from known bots and spammers. What to do if your WordPress instance has been hijacked? “Talk to your hosting provider,” says Dolan. “They most likely have experience with this, and can help you wipe your WordPress install and restore your latest backup.” Source: http://www.szsu.com/2013/04/13/wordpress-websites-target-of-hacker-attack/

View article:
WordPress Websites Target of Hacker Attack