Tag Archives: denial of service attack

To the Rescue: A Fully Managed Distributed Denial of Service (DDoS) Protection Solution

With its hosting DNA, DOSarrest understands the challenges of dealing with a distribute denial of service (DDoS) attack in a data center. We know, for example, that for every minute your website is reeling from a DDoS attack, thousands – or even hundreds of thousands-of dollars can be lost in the form of missed sales and credibility with your customers. In addition to lost revenue, you risk future losses due to the negative impact to your search engine optimization (SEO) ranking caused by a prolonged outage – a penalty from which it can take months to recover. To help avoid these problems, DOSarrest designed a cloud-based mitigation service that provides carrier-grade service and leaves your Web infrastructure intact. Because we created a multilayered defense system in each of its geo-distributed mitigation centers, we can handle the large Layer 2 and Layer 3 attacks all the way to the most sophisticated application layer incursions with relative ease. Expecting the Unexpected Given the relatively low barrier of entry for the committed attacker, a DDoS attack can be launched at anytime for a variety of reasons, unbeknownst to the victim. Because of this uncertainty, we had to design a mitigation service that could be implemented within minutes. By using a distributed architecture, we can provide both DDoS protection and added website performance for our customers. But this distribution presented some challenges we had to overcome. Given that we broadcast our customers’ content from several locations between Europe and North America, we needed to know how each location was performing. Ensuring Total Stability and Performance To solve this problem we developed – and are now in the process of rolling out – DOSarrest External Monitoring Service (DEMS) , a completely separate website monitoring service designed to ensure the highest degree of stability and performance for all the geographic regions from which we broadcast. Even some of the world’s largest content-delivery networks don’t supply this information to their customers. With DEMS , we can provide the first fully managed DDoS protection service, backed by a team of engineers on duty 24/7/365 in our Security Operations Center, which is capable of detecting and thwarting an oncoming attack before it has any effect. Our philosophy is to resolve issues that may arise on the first call or e-mail from our customers. There are no auto-replies here, as an experienced engineer responds to every inquiry, normally within 10 minutes. Jag Bains, CTO at DOSarrest Internet Security . To read more about the InformationWeek DDoS Special Report, download it here: http://www.informationweek.com/gogreen/121112fs

More here:
To the Rescue: A Fully Managed Distributed Denial of Service (DDoS) Protection Solution

4 Banks Respond to Distributed Denial of Service (DDoS) Threats

The day after Izz ad-Din al-Qassam Cyber Fighters announced plans to launch a second wave of distributed-denial-of-service attacks on five U.S. banks, SunTrust suffered intermittent outages and Bank of America and PNC said small numbers of their customers reported having trouble accessing their sites. But it remained unclear whether the problems were the result of an attack. U.S. Bank, which did not suffer any known outages or access issues, did, however, acknowledge that new attacks could be on the way. On Dec. 11, PNC used social media to warn consumers that site outages should be expected, but that account and online-banking credentials would remain secure. And one expert was advising banks to expect the worst, saying Izz ad-Din al-Qassam Cyber Fighters’ second wave of attacks would likely be more fierce than the first. The online-monitoring site websitedown.com reported that about noon ET on Dec. 11, SunTrust Banks website suffered intermittent outages. But SunTrust executives declined to comment on the nature of the outages. BofA spokesman Mark Pipitone said that while BofA’s site suffered no overall outages, an isolated number of online-banking users reported problems accessing the site. “We’re aware of the reports of possible cyberattacks, and we’re monitoring our systems, which are fully operational,” Pipitone said in the early evening of Dec. 11. PNC spokeswoman Amy Vargo said some PNC customers may have experienced intermittent difficulty logging in on their first attempts. “We are aware of the situation and working to restore full access,” she said during the early evening of Dec. 11. “We are focused on minimizing disruption to our customers and will review the cause of this incident once full access is restored.” And U.S. Bank spokesman Tom Joyce told the Minneapolis/St. Paul Business Journal that the bank is “taking all necessary steps” to prepare for more attacks. “It’s important to note that these denial-of-service attacks are designed to slow down banks’ websites and create a nuisance for consumers,” Joyce said. “Customers can be assured that their data and funds are secure.” The hacktivist group Izz ad-Din al-Qassam Cyber Fighters named SunTrust, U.S. Bancorp, JPMorgan Chase, Bank of America and PNC Financial Services Group as targets for its next wave of DDoS attacks. The group, in a Dec. 10 post on Pastebin , announced plans for what it portrays as “Phase 2 Operation Ababil” – a second campaign of attacks waged against leading U.S. banks to protest a YouTube movie trailer deemed offensive to Muslims. All five banks were targets – along with Wells Fargo, Capital One, Regions Bank, BB&T and HSBC – during the first wave of DDoS attacks , which ran from mid-September to mid-October. During that period, each bank’s website suffered intermittent outages of varying degrees. CapOne was the only institution targeted twice in the first wave (see CapOne Takes Second DDoS Hit ). PNC’s Communications Stand Out On Dec. 11, three of the five newly targeted banks were remaining quiet, declining to comment about the threat and steps they were taking, if any, to communicate with consumers about the expectation of more attacks. BofA acknowledged isolated reports from consumers who suffered difficulty logging in. PNC, the only bank to publicly outline details surrounding the DDoS attack it suffered in the first wave, however, immediately took steps to notify the public of the possibility for a second attack. Through Dec. 11 posts on the social-networking sites Facebook and Twitter , PNC forewarned online-banking customers that outages should be expected. “This potential threat could result in high volume of electronic traffic that may make it difficult for our customers to log onto online banking,” the bank stated on its Facebook page and website . “Please be assured that PNC’s website is protected by sophisticated encryption strategies that shield customer information and accounts. We have no information regarding timing, duration or intensity of this potential threat. Please continue to follow our page for additional updates.” Fiercer Attacks Ahead? Why these five banks have been targeted for a second attack is not clear. But John Walker , an independent security professional in London and member of the European Network and Information Security Agency’s security experts team, says banks should expect the new attacks to be more fierce than the first, as the hacktivists promised in their Dec. 10 post. “By showing the game can be taken to ever-increasing levels starts to focus the mind of the victim organizations as to their frailty,” Walker says. “They [the hacktivists] are, I believe, demonstrating their power.” Walker says banks learned valuable lessons during the first wave, which will provide them with tools to better prepare this time around. But they should not be overly confident in their abilities to stave off outages. “This style of attack has not even matured yet, and there is more to come,” he says. “The time has arrived for … more techno-savvy security – and more honesty in the boardroom – as to real-time security exposure before the event, not just after it has impacted the business.” Source: http://www.bankinfosecurity.com/webinars/new-wave-ddos-attacks-how-to-prepare-respond-w-308

Continue reading here:
4 Banks Respond to Distributed Denial of Service (DDoS) Threats

British student found guilty of Anonymous PayPal Distributed Denial of Service (DDoS) Attacks

A British student has been convicted over his role in a series of denial of service attacks against PayPal, which cost the payment firm £3.5m. Christopher Weatherhead was part of an Anonymous gang that attacked PayPal in protest at the firm’s decision not to handle payments being made to whistle-blowing website Wikileaks, in an attack dubbed ‘Operation Payback’. According to multiple reports, the jury hearing the case took little more than two hours to reach their guilty verdict. Three other members of the gang had already pleaded guilty but Weatherhead had argued he had not taken part in the attacks, claiming his role had been limited to operating Anonymous chat rooms. The judge presiding over the case, Peter Testar, told the defendants that he regarded the offences as serious. Weatherhead, who was a student at Northampton University at the time of the attacks, was found guilty under the Criminal Law Act 1977, and could face jail time as a result of the guilty verdict. The Metropolitan Police arrested five youths in 2011 in connection with Operation Payback, while other suspected members were arrested by the Dutch authorities. Operation Payback had initially begun as a protest against the music industry’s anti-piracy stance, but the focus changed after Wikileaks published a series of leaked diplomatic memos. Several financial services firms including PayPal, MasterCard and Visa withdrew services from Wikileaks, and as a result drew the ire of the Anonymous activists. Source: http://www.v3.co.uk/v3-uk/news/2230251/british-student-found-guilty-of-anonymous-paypal-ddos-attacks

Link:
British student found guilty of Anonymous PayPal Distributed Denial of Service (DDoS) Attacks

Hacktivist Hints at New Distributed Denial of Service (DDoS) Attacks

The hacktivists are now letting their words speak for their actions. For the third time in one month, a source claiming to be part of the self-proclaimed hacktivist group known as Izz ad-Din al-Qassam Cyber Fighters has granted an interview to discuss the wave of high-profile distributed denial of service attacks on U.S. banks. During the recent interview with Flashpoint Global Partners , an international consulting firm, the hacktivist representative said more attacks would be waged and that methods of attacks would diverge, until a YouTube movie trailer deemed by the group to cast Islam in a negative light is removed from the Internet. “We have done what we had promised,” the source said. “If the film isn’t removed, we’ll use our other abilities according to the new conditions.” No New Attacks Since Sept. 18, the group has taken credit for attacks on 10 leading U.S. banks: Bank of America, JPMorgan Chase, Wells Fargo, PNC, U.S. Bank, CapitalOne, HSBC, SunTrust, Regions and BB&T. No new attacks have been claimed by the group since mid-October. In early November, Webster Bank and Zions Bancorp also suffered from DDoS attacks, which caused intermittent outages to their online-banking sites for several hours. While the attacks were not linked directly to Izz ad-Din al-Qassam, Zions spokesman Rob Brough said the bank did not know who was behind the attack. “There’s no way for us to know if the attack against us was just the next one [in the series of attacks waged by Izz ad-Din al-Qassam] or if it was just a coincidence,” Brough said. “What I can tell you is that we were well-prepared because of the other incidents. When we recognized that it was a DDoS attack, we had plans in place.” DDoS and Fraud? The attacks have been concerning for two reasons: customer frustration with online-banking inaccessibility and the possibility of fraud being perpetrated in the background. On Sept. 17, the Federal Bureau of Investigation, along with the Financial Services Information Sharing and Analysis Center, issued a warning about DDoS being waged to mask incidents of account takeover occurring simultaneously. In their alert, the FBI and FS-ISAC note recent attacks that linked DDoS to fraud. “In some of the incidents, before and after unauthorized transactions occurred, the bank or credit union suffered a distributed denial of service (DDoS) attack against their public Web site(s) and/or Internet Banking URL,” the alert states. “The DDoS attacks were likely used as a distraction for bank personnel to prevent them from immediately identifying a fraudulent transaction, which in most cases is necessary to stop the wire transfer” (see High Risk: What Alert Means to Banks ). So far, no bank has reported fraud linked to DDoS attacks waged by Izz ad-Din al-Qassam, but security experts question what might really be taking place in the background. Questioning Consultants’ Competency The latest interview with Izz ad-Din al-Qassam marks the third time a member claiming affiliation with the group has spoken out on the attacks. On Oct. 31, ABC News was granted an e-mail interview, and on Nov. 7 technology news site Softpedia was given e-mailed insights. During all interviews, alleged members of the Izz ad-Din al-Qassam group stressed the group was not supported by any nation-state, government or other hacktivist group, and that all of its members were merely tech-savvy volunteers with a common mission to see the YouTube video removed (see Hacktivist Speaks Out About DDoS ). In the most recent interview, the respondent defends Izz ad-Din al-Qassam’s purpose as well as the efficacy of its attacks. “Many of [the] technical comments during the attacks have made us doubtful about [the] technical competence of American companies’ security consultants,” the respondent said, when asked by Flashpoint if the botnets it used also have attacked web-hosting companies and Internet service providers. “Many of [the] technical statements about this case are not scientific, reliable or significant,” the source added. Break Suspicious, But Expected An Oct. 23 Pastebin post notes the group’s plans to temporarily halt attacks in honor of a three-day Muslim holiday. Pastebin is the public online forum Izz ad-Din al-Qassam has used to communicate updates about its attacks. The continued break from attacks is curious, says Mike Smith , a security evangelist and DDoS specialist at Web security provider Akamai Technologies. It’s just difficult to know who is behind which attacks, he says. Speculating is pointless, he says. What is clear, however, is that banking institutions and other organizations are continually targeted, and staying ahead of these attacks, regardless of who wages them, is a necessity. “We get two or more large attacks per week against our entire customer base and countless smaller ones,” Smith says. But connecting those to one hacktivist group over another is nearly impossible, he adds. “Some of those targets are financial services, some are not.” Information-sharing shortens response time, he adds. “It’s always tough to be the first target when a new attacker or technique appears because you have to work your way to a diagnosis and implement blocking: things that take time,” Smith says. “However, good incident managers and organizations doing threat intelligence share what they know with each other, so that during subsequent attacks, although of the same magnitude and lethality, the targeted organizations know what indicators there are to the start of the attack and what techniques worked the best in previous attacks.” For DDoS protection against your eCommerce site click here . Source: http://www.bankinfosecurity.com/hacktivist-hints-at-new-ddos-attacks-a-5325/op-1

More here:
Hacktivist Hints at New Distributed Denial of Service (DDoS) Attacks

Evolving Distributed Denial of Service ‘DDoS’ Attacks Force Defenders to Adapt

Distributed denial-of-service attacks get bigger and combine application-layer exploits requiring defenders to be more agile. n the past, attackers using distributed denial-of-service (DDoS) attacks to take down Web sites or network servers typically adopted one of two tactics: Flooding the site with a deluge of data or overwhelming an application server with seemingly valid requests. Companies concerned about denial-of-service attacks have generally focused more on mitigating data floods, also known as volumetric or infrastructure attacks. Yet, increasingly attackers are using a hybrid approach, using multiple vectors to attack. The attacks that hit financial firms in September and October, for example, often used a massive flood of data packets that would overwhelm a victim’s network connection, while a much smaller subset of traffic would target vulnerable applications functions, consuming server resources. “It is almost like sending a whole squadron of tanks and then have an assault team that can go in and be mores stealthy in taking out their targets,” says Carlos Morales, vice president of global sales engineering and operations for network protection firm Arbor Networks. “It broke the model that people had for stopping these things.” The one-two punch is potent. Many financial firms thought they had the defenses in place to defeat such attacks but had problems staying accessible during the onslaught. Companies prepared to handle application-layer attacks or smaller volumetric attacks could not handle the 20Gbps or more that saturated their Internet connection. Even a gateway that can keep up with 10Gbps connection speed cannot deal with twice as much–or more–traffic sent to the same server. A recent report from network-security firm Prolexic found that the average attack bandwidth had increased to nearly 5Gbps, with 20Gbps attacks quite common. In a year, the average volume of attacks had doubled, the firm found. “The late Senator Ted Stevens got mocked for saying that the Internet is a ‘series of tubes,’” says Matthew Prince, CEO of Cloudflare, a content-delivery and network-security firm. “But the Internet is a series of tubes, and you can only fit so much through it.” Companies must start creating a multi-layered approach to stopping distributed denial-of-service attacks, according to mitigation experts. The greatest amount of attack volume should be stopped inside a provider’s network, away from the company’s links to the Internet. Trying to over-provision your network for the worst case scenario will likely not work and will be very expensive to boot. “Even if you are a large bank in the U.S., you are doing less than 10Gbps of traffic across all the properties of your network combined,” says Cloudflare’s Prince. “If you have to over-provision that by 10x, that is wasting a lot of resources.” By using a service provider to filter out most of the spurious traffic at the edge of the Internet, companies can pay attention to the data that actually enters their network. Collecting information on the traffic can help a company to better develop defenses for future attacks as well, even if a company does not have the resources to identify attacks in real time. Yet, faster detection and more agile response can mean the difference between successful defenses and downtime. “Seeing an impact and understanding that there is an attack happening is not necessarily going to happen at the same time,” says Neal Quinn, chief operating officer for attack-mitigation service Prolexic. For many companies, the threat of attacks is not over, but rather, just beginning. The most recent attacks did not start with the financial industry; other industries have been hit by similar attacks for almost the last year. Companies should not expect it to end there either. The holiday season tends to be a popular time for attackers to attempt to extort money from retailers by threatening denial-of-service attacks. “It is traditionally a very busy time of year for these attacks,” Prolexic’s Quinn says. “If anything, organizations should make themselves more aware of how well they can handle these attacks.” Source: http://www.darkreading.com/security-services/167801101/security/perimeter-security/240142616/evolving-ddos-attacks-force-defenders-to-adapt.html

Distributed Denial of Service ‘DDoS’ Attacks From Anonymous Cost PayPal £3.5 Million of Damage

The distributed denial of service attack (DDoS) from hacktivist Anonymous has cost PayPal more than €4.3 million . The attack which was named Operation Payback were initially aimed at companies that opposed internet piracy, but switched to companies like Mastercard, Visa and PayPal after they refused to process payments to WikiLeaks . After that attack PayPal -the global leader in online money transfer and payments has paid around £3.5 million defend and arm itself against such kind distributed denial-of-service (DDoS) attacks. In a report BBC said that more than one hundred skilled employees from eBay, PayPal’s parent company, spent almost three weeks working on DDoS-attack-related issues and that PayPal had bought software and hardware to defend itself against further attacks. In all, the total cost of this work came to £3.5 million. This details have been revealed in a court case at Southwark Crown Court where a defendant, Christopher Weatherhead (studying at Northampton University when who allegedly took part in the campaign), is facing charges of conspiring to impair the operation of computers. He has pleaded not guilty to conspiring to impair the operation of computers between 1 August 2010 and 22 January 2011. Sandip Patel , prosecuting, said the group caused PayPal “enormous economic harm” . Mr Patel said they used distributed denial of service, or DDoS, which flooded the targets computers with enormous amounts of online requests. Target websites would crash and users would be directed to a page displaying the message: “You’ve tried to bite the Anonymous hand. You angered the hive and now you are being stung.” Mr Patel said: “This case, simply put, is about hackers who used the internet to attack and disable computer systems – colloquially described as cyber-attackers or vandals.” He said Mr Weatherhead, who used the online name Nerdo, posted plans on an Internet Relay Chat (IRC) channel encouraging an attack on PayPal. He said PayPal was the victim of a series of attacks “which caused considerable damage to its reputation and loss of trade”. Source: http://www.voiceofgreyhat.com/2012/11/DDoS-Attack-From-Anonymous-Cost-PayPal-3.5-Million.html?utm_source=dlvr.it&utm_medium=identica

Continue Reading:
Distributed Denial of Service ‘DDoS’ Attacks From Anonymous Cost PayPal £3.5 Million of Damage

The New Wave of Distributed Denial of Service ‘DDoS’ attacks: How to Prepare and Respond

What will you do if your organization is the next target of a distributed denial of service attack? Hacktivists recently launched DDoS attacks that caused online outages at several major U.S. banks. Each institution was warned in advance; none were able to prevent disruptions. And while banks are the current targets, any organization could be next. Join this panel for expert insight on: Why these recent DDoS attacks elude traditional defenses; New security solutions to help detect and respond to DDoS attacks; How to respond if you are attacked – from ramping up fraud prevention in other channels to what to tell customers about the attacks. Background Beginning in mid-September, hacktivists initiated a series of sophisticated DDoS attacks against major U.S. banks, including Bank of America, Chase and Wells Fargo. The attackers claim to be waging a cyber war against top-tier banking institutions because of outrage over a YouTube movie trailer believed by the hacktivists to be anti-Islam. In each instance, the group has given at least 24 hours notice before launching the DDoS attacks. But no institution so far has successfully avoided online outages resulting from the attacks. These incidents send two clear messages to security leaders: The sophistication and strength of the DDoS attacks are greater than organizations have seen before. One industry expert measured the DDoS traffic flow at one institution to be 65 gigabytes per second – roughly 65 times heavier than previous DDoS attacks. Any organization is susceptible. Banks are today’s DDoS target, but tomorrow it could be a government agency, merchant or healthcare entity that offends a hacktivist group with the resources to launch an attack. If banks, with their mature security programs and state-of-the-art defenses, cannot ward off these attacks, then what other organization can? In this panel webinar, industry leaders with expertise in DDoS defense will present the unique qualities of these latest attacks, why no organization should feel immune, then discuss successful solutions that can empower organizations to detect, prevent and respond to attacks. Leading the discussion is Matthew Speare, SVP of IT at M&T Bancorp. He will set the stage by discussing how his institution responded to the attacks against other banks, including preparation, security controls and customer communication strategies. Speare then will be joined by thought-leaders from Akamai, Fortinet and Neustar, who will discuss a range of DDoS-related topics, including: Sophistication of Attacks – In the past, DDoS meant brute-force network attacks. Now, experts say, they are not only stronger, but also morphing into application layer attack, which makes them harder to detect and block. What have we learned from these attacks, and which new solutions are best for identifying and rerouting the DDoS traffic? A Cover for Fraud? – Sometimes DDoS attacks are meant as a distraction – to keep security personnel focused online while the fraudsters turn to other channels, such as the call center, to commit fraud. What are the account anomalies you need to be equipped to detect? Incident Response – Not only does your organization need to be prepared to respond internally to DDoS attacks, but you also need to know how to communicate externally to customers. What’s your message, and how can you take this opportunity to better explain your security posture? Source: http://www.bankinfosecurity.com/webinars/new-wave-ddos-attacks-how-to-prepare-respond-w-308

Read the article:
The New Wave of Distributed Denial of Service ‘DDoS’ attacks: How to Prepare and Respond

65% Of Organizations Experience Three Distributed Denial of Service ‘DDoS’ Attacks A Year

Despite the increasing sophistication and severity of cyber attacks, a survey of more than 700 senior IT professionals reveals that organizations are surprisingly unarmed to deal with today’s threat landscape. In a new report titled “Cyber Security on the Offense: A Study of IT Security Experts,” the Ponemon Institute and Radware®, (NASDAQ: RDWR), a leading provider of application delivery and application security solutions for virtual and cloud data centers, found that while 65% of organizations experienced an average of three distributed denial-of-service (DDoS) attacks in the past 12 months, less than half reported being vigilant in monitoring for attacks – much less putting into practice proactive and preventative measures to protect their organizations. “The reality is that cyber threats are outpacing security professionals, leaving most organizations vulnerable and unprepared,” said Avi Chesla, chief technology officer, Radware. “From hacktivists to cyber criminals, companies live under the constant threat of assaults that contribute to lost revenue and serious reputational damage. It’s critical that organizations take immediate action after reading this report. IT managers have to advocate for a multi-layered approach that also takes in account countermeasures to prevent threats before they inflict significant damage.” Key findings from the report include: Availability is the top cyber security priority for organizations today. Gone are the days where companies could solely concern themselves with data leakage and integrity based attacks. Unlike the past few years, where many organizations focused on confidentiality and integrity-based attacks, respondents noted a major shift in their security objectives, ranking denial-of-service (DoS) and DDoS as two of the top three threats their organizations face today. DDoS attacks cost companies 3.5 million dollars every year. Although respondents cited a lack of budget as one of the major impediments to shoring up cyber security, it’s clear that organizations will pay a much higher price for their lack of preparedness. 65% reported experiencing an average of three DDoS attacks in the past 12 months, with an average downtime of 54 minutes per attack. With the cost for each minute of downtime amounting to as much as $100,000 per minute – including lost traffic, diminished end-user productivity and lost revenues – it is no surprise that respondents ranked availability as their top cyber security priority. 63% rate their organization’s offensive countermeasure capabilities as below average. While 60% say they want technology that slows down or even halts an attacker’s computer, the majority of respondents give their organizations an average or below average rating when it comes to their ability to launch counter measures. With 75% of organizations still relying on anti-virus and anti-malware to protect themselves from attacks, it’s clear that the old adage, “the best defense is a good offense” is not being practiced by most firms. Organizations are more vulnerable than ever before. With respondents ranking lack of system visibility (34 percent), mobile/remote employees (32 percent) and negligent insiders (31 percent) as their top three areas of greatest cyber security risk, it’s clear that threats can come from a number of new sources including the Bring Your Own Device (BYOD) movement. Even more frightening, today’s threats are multi-layered, targeting not only networks but the data and application levels as well. “There is a frightening gap that exists between the increasing severity of cyber attacks and the level of preparedness that exists in the industry,” said Larry Ponemon, chairman and founder of the Ponemon Institute. “The report’s findings make clear that now is the time for organizations to begin making critical changes to their security approaches in order to stave off the potentially devastating costs associated with a lack of preparedness and adequate defenses.” To access a complete version of the report, please visit www.ddoswarriors.com, Radware’s in-depth resource for information security professionals. In addition, Radware will host a webinar on November 14 to discuss the report’s findings and provide actionable insights to help any organization properly mitigate attacks in an increasingly hostile threat landscape. Sign up here. About Cyber Security on the Offense: A Study of IT Security Experts The research for Cyber Security on the Offense: A Study of IT Security Experts was co-authored by the Ponemon Institute and Radware. The report surveyed 705 U.S. based IT and IT security practitioners responsible for managing their organization’s cyber security activities. 62% of the respondents surveyed were at the supervisor level or higher with an average of more than 11 years of experience. 65% of respondents were from organizations with a global headcount of more than one thousand and the primary industry segments for the report included financial services and the public sector as well as healthcare and pharmaceuticals. The survey consisted of 35 questions on respondents’ perceptions of and experiences with their organization’s cyber security infrastructure and the types of threats they now face. In addition to the report’s key findings, Cyber Security on the Offense includes: The top ranked negative consequences of cyber attacks Barriers to achieving a strong cyber security posture The technologies most favored by IT security professionals Top methods for performing counter techniques A comparison of attacks across the financial services, healthcare and public sectors About the Ponemon Institute The Ponemon Institute is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a variety of industries. Source: http://www.darkreading.com/insider-threat/167801100/security/news/240124966/65-of-organizations-experience-three-ddos-attacks-a-year.html

Follow this link:
65% Of Organizations Experience Three Distributed Denial of Service ‘DDoS’ Attacks A Year

What to Do About Distributed Denial of Service ‘DDoS’ attack

Leaders at four security technology companies say the distributed-denial-of-service attacks that have hit 10 U.S. banks in recent weeks highlight the need for new approaches to preventing and responding to online outages. “Attackers have broadened their toolkits, and DDoS is a not just a blunt instrument anymore,” says Jason Malo , a fraud analyst CEB TowerGroup and former DDoS-prevention expert for domain-naming-system registry operator VeriSign. These experts advise banking institutions to: Use appropriate technology, including cloud-based Web servers, which can handle overflow, when high volumes of Web traffic strike; Assess ongoing DDoS risks, such as through tests that mimic real-world attacks; Implement online outage mitigation and response strategies before attacks hit; Train staff to recognize the signs of a DDoS attack. During a DDoS attack, a website is flooded with what security experts often call “junk” traffic – a saturation of requests that overwhelm the site’s servers, preventing them from being able to respond to legitimate traffic. In essence, DDoS attacks take websites down because the servers can’t handle the traffic. Security experts interviewed for this story say most banks have failed to address this vulnerability to high volumes of traffic. DDoS: Banks on Alert Starting in mid-September, DDoS attacks have resulted in online outages at 10 major U.S. banks . The hacktivist group Izz ad-Din al-Qassam Cyber Fighters has taken credit for the hits, saying the attacks are motivated by outrage related to a YouTube movie trailer deemed offensive to Muslims. But security experts say DDoS attacks are often used as tools of distraction to mask fraud in the background (see DDoS Attacks: First Signs of Fraud? ). To reduce their risk of DDoS takedown, experts say banks need to address three key areas: Layered user authentication at login, which consumes bandwidth; Reliance on Internet service providers not equipped to handle extreme bandwidth demands; and The internal management of Web servers, which limits banks’ ability to hand off traffic overflow when volumes are excessive. Expert Advice Fraud should always be an institution’s top concern, meaning addressing DDoS threats should be a priority, experts say. “DDoS protections have quickly become a new industry best practice,” Malo says. But DDoS attacks pose unique challenges for banks and credit unions. The additional layers of security institutions already implement, such as enhanced user authentication, transaction verification and device identification , demand more bandwidth. So when a bank is hit by a DDoS attack, bandwidth is strained more than it would be at a non-banking e-commerce site, says Mike Smith, a senior security evangelist at Akamai Technologies, which specializes in Internet traffic monitoring and cloud-based DDoS protections (see New Bank Attacks Expected Today? ). So what protections make sense? BankInfoSecurity asked security vendors VeriSign, Prolexic, Cisco and Akamai Technologies for their top recommendations. They all stressed that no one-size-fits-all approach to thwarting attacks exists. Nevertheless, they identified several best practices. Use Appropriate Technology When it comes to selecting the right technologies to minimize DDoS-related outages, vendors advise: Rely on the cloud. No internal server could be expected to handle the amount of traffic these recent DDoS attacks have pushed. Akamai’s Smith says the average amount of traffic coming in during some of those individual attacks equaled about 65 gigabytes per second. “Even at the height of the Anonymous attacks, we saw traffic coming in from 7,000 or 8,000 people [at approximately 1 gigabyte per second],” he says. By relying on cloud-based servers and systems, banks can expand their bandwidth. “It’s never a good idea to manage everything internally,” says Joe Dallatore, senior manager of the Cisco Security & Research Information Group, which specializes in security threat monitoring and online event tracking. Working with a cloud vendor also can help institutions more readily identify a DNS-server attack or other DDoS attack, Dallatore says. Using DNS providers with the capacity to absorb an attack makes sense, because when DNS fails, all other services fail, says Akamai’s Smith. “This is why almost all the large banks use a DNS provider in some capacity, and it’s a proactive defense that is always turned on by default,” he adds. Use virtual private networks. VPNs indirectly improve DDoS protections, says Matt Wilson, who oversees strategic technologies at VeriSign. Attackers target publicly available sites because they are public. But a VPN cannot protect an entire infrastructure. For complete protection, banks and businesses must continue to rely on other technologies for firewall management as well as server and router maintenance, he says. A better solution, Akamai’s Smith suggests, is VPN over MPLS [multiprotocol label switching] for critical or business-to-business functions. Apply challenge-and-response. Malo says banks should encourage vendors to develop DDoS protections that “challenge” traffic. These protections, he says, could mirror challenge-and-response options, such as CAPTCHA images, used for online banking. A CAPTCHA image uses distorted letters or numbers that an online user is required to enter at login to help affirm authenticity. “DDoS mitigation is not just about finding a signature and putting mechanisms in to filter or block traffic,” Malo says. “Mitigation also includes introducing challenge-response.” Challenge-and-response options would help banking institutions differentiate legitimate traffic from so-called junk traffic often associated with DDoS attacks, he adds. But Akamai’s Smith warns that challenge-and-response during a large DDoS attack could be dangerous, since challenge-and-response takes one request and turns it into four. “This does not scale, and it sets you up for additional points of failure.” he says. For smaller attacks, challenge-and-response can be effective, however, “where we are worried about denying legitimate users because of mega-proxies, corporate Internet access points,” Smith says. Don’t rely on intrusion detection. Intrusion prevention and detection systems can be effective at picking up on anomalous traffic or behavior associated with a DDoS attack, CEB TowerGroup’s Malo says. But that’s not what those systems were primarily designed to do. While leaning on those systems can help DDoS detection, and in some cases help institutions thwart online outages, redirecting IPS and IDS can create new vulnerabilities. “When protection systems are redirected, banking institutions inadvertently create new vulnerabilities,” he says, because other defenses are weakened. Scrub. Traffic scrubbing, which clears suspected botnets and junk traffic at the ISP, can be effective, Cisco’s Dallatore says. The more bad traffic an institution can block at the outset, the better its chances of limiting an outage. Assess DDoS Risks Vendors stress that regularly assessing DDoS risks, such as through tests that mimic real-world attacks, is essential. “Run periodic table-top exercises to model how an attack could hit and then test the accompanying remediation strategies you’ve put in place,” says Stuart Scholly, president of Prolexic, which specializes in cloud-based services for website restoration after a DDoS attack. To set the stage for remediation plans and testing, vendors recommend banking institutions first: Know typical traffic patterns. To better assess risk, financial institutions must carefully determine what typical site traffic looks like, Malo says. That way, when a DDoS attack hits, atypical traffic patterns are more obvious. Understand the infrastructure. Understand the Web applications, online bandwidth limits and any infrastructure elements that could affect site capacity. Akamai’s Smith says network segmentation can limit the impact an attack has on other services inside the same infrastructure. “At a minimum, critical sites should be provisioned onto their own, dedicated network circuits and border devices to limit the impact of both an attack against them and from attacks against other services in the same data center,” he says. “Brochureware sites,” consumer transactional sites and business sites are good candidates to break out into their own infrastructure, Smith says, while redirect, typo and marketing-campaign sites can be run from shared infrastructure. Mitigation and Response DDoS mitigation strategies and response plans should be included in disaster recovery and business continuity strategies, Prolexic’s Scholly says. Those strategies also must include definitive communication and action plans, Cisco’s Dallatore says. Communicating with employees and the public soon after a DDoS attack is critical for reputational preservation. “You want to be sure operational people, for instance, can reach the decision makers or have the authority to make decisions when a site goes down,” Dallatore says. During the recent wave of attacks, banks’ communication with the public varied. Some institutions acknowledged their sites went down because of DDoS attacks, while others only said their sites experienced intermittent outages. Greg Nowak of the Information Security Forum says most institutions have been too quiet – fueling the public’s fears about the outages. “They seem to be regarding it as a secret,” Nowak says. “[The banks] should be taking the opportunity to explain to their customers the difference between a denial-of-service attack and some sort of hacking attack that actually puts information at risk.” Provide Training Training staff to recognize the signs of an attack is essential, vendors advise. Bank and credit union employees must understand what DDoS attack traffic patterns look like, says Prolexic’s Scholly. Front-line staff members also need to know how to respond if they start getting calls about a site being down. BITS , the technology division of the Financial Services Roundtable, says banks and credit unions need to clearly communicate with customers and members that their financial information and accounts are secure. Among BITS recommendations: Explain that attacks have not resulted in unauthorized access to customer information; Reiterate to consumers that banking institutions use sophisticated online security strategies to protect customer accounts; Let consumers know that institutions continue to invest in technology to defend against potential attacks. “We want the public to know that institutions are taking steps to address these attacks – with ISPs and other security providers – and there is a fair amount of collaboration going on with regulators and the Department of Homeland Security about the threats and how to address them,” says John Carlson, executive vice president of BITS. “You can’t underestimate the importance of training, and the role it plays in your business continuity planning,” Scholly says. “When you are prepared, it makes a world of difference.” Source: http://www.bankinfosecurity.com/what-to-do-about-ddos-attacks-a-5271/p-3

View article:
What to Do About Distributed Denial of Service ‘DDoS’ attack

Man arrested for Distributed Denial of Service ‘DDoS’ attack on Theresa May

A MAN HAS BEEN ARRESTED on suspicion of launching and promoting a denial of service attack on the website of UK Home Secretary Theresa May. The man is unnamed, but is said to be 41 years old and from Stoke on Trent, He is accused of mounting an attack on May’s website and others, and of inciting other people to participate. “The activity this morning demonstrates the commitment of the PCeU (Police Central e-Crime Unit) and our colleagues to combat cyber criminality anywhere within the UK and take action against those responsible,” said detective inspector Jason Tunn of the Metropolitan Police. “Assisting and encouraging cyber crime is a serious matter and I would advise all persons to consider their actions and any possible future consequences prior to posting any material online.” May’s website was attacked earlier this year as part of Operation Trial At Home, an Anonymous backed effort to raise awareness about ongoing extradition controversies, including those affecting Richard O’Dwyer and Gary McKinnon. Optrial At Home, as it was called on Twitter, was announced by an account called AnonopUK. “#OpTrialAtHome We will be firing our Laz0rs at GCHQ.gov.uk 8pm GMT 14th April, We invite all #Anons again to join,” it said in a tweeted message that has now apparently been deleted. That account was still sending out messages late last night. Whoever was arrested was nicked on suspicion of assisting or encouraging crime contrary to the Serious Crime Act 2007. The man has been bailed until mid-December. Source: http://www.theinquirer.net/inquirer/news/2222942/man-arrested-for-denial-of-service-attack-on-theresa-may

Follow this link:
Man arrested for Distributed Denial of Service ‘DDoS’ attack on Theresa May