Millions of must-be-firewalled services sitting wide open Network security has improved little over the last 12 months – millions of vulnerable devices are still exposed on the open internet, leaving them defenceless to the next big malware attack.…
More here:
Internet hygiene still stinks despite botnet and ransomware flood
Hacking attempts come amid diplomatic crisis in the Gulf Qatar-based news network Al Jazeera yesterday said it was being targeted with systematic hacking attempts.…
Original post:
DDoS attack brings Qatar’s Al Jazeera website to its knees
DDoS stands for Distributed-Denial-of-Service. It basically means that a surge of information cuts you off from your network i.e. your server or your web host, disallowing access to web services. In recent times, a series of DDoS attacks have taken place, which is proven but the statistics put together by Arbor Networks’ 12th Annual Worldwide Infrastructure Security Report (WISR). The report indicates that incidences of DDoS attacks have risen 44% compared to last year. In fact, 53% of the service providers that were surveyed mentioned that 53 percent they are seeing more than 21 DDoS attacks per month, up from 44 percent last year. It is important to know if your network is under an attack, and take the necessary correction steps. Especially if you are an online business, a DDoS attack can wreak havoc, stopping your operations completely. An attack is initiated by sending a flood of traffic to your server or web host, thereby, eating into your available bandwidth and server resources. In effect, the original user, which is you, are left without access to web services. In extreme situations, the server may crash too. In fact, the attack is not launched from one source, making it difficult to track down a single IP in computer and data logs. The attacker generally infects user networks, including personal computers, mobiles, and IoT devices and so on, through his or her malware-infected machines. That is where the complexity of identifying a DDoS attack arises- it can quickly spiral into large proportions. Also, a DDoS attack can strike without warning, most hackers do not believe in sending threats before carrying out the hack. It may look like your website server or hosting domain is down, while in reality it may be a DDoS attack. Even elaborate server tests may just indicate a high traffic, which may appear normal. Hence it is important to be on the vigil and consider that you may indeed, be under a DDoS attack: Here are the key clues to look out for: An IP address makes x requests over y seconds, many times consistently, or IP addresses may repeat frequently: If you spot this behaviour for specific IPs, you can direct traffic from those IPs to specific NULL routes. This will bypass your servers. At the same time, make it a point to whitelist some of the valid IPs. Your server responds with a 503 error citing a service outage: Windows allows you to schedule alerts when a specific event happens in Event Viewer. Allocate a task to an event (such as errors or warnings). Similarly, allocate a task to a 503 event by opening Event Viewer, right clicking on the event, and set up a configuration to send an email to an administrator or to a team of people. Loggly can help you with this in case of multiple servers. Ping requests time out: Move beyond manually pinging servers to test response. A number of web pinging services are available, such as, UpTimeRobot, Pingdom, Mon.itor.us, InternetSeer, Uptrends and others. You can configure the frequency at which you want your site to ping from world-over. If a time out occurs, it is reported back to you or your team. Logs show a huge spike in traffic: Loggly can be used as a lookout for DDoS attacks. It not only shows traffic spikes but also their occurrence date and time, their originating servers and user errors. The logs and alerts can be designed to be more specific, for example, base your alerts on a combination of events and traffic spikes, so as to do away with false alerts. It is not practically possible for any human to keep looking out for these signs. One must automate notification systems. Loggly is a useful tool that can send these alerts to external messaging platforms too, such as Slack, or Hipchat. Of course, it is important that you learn how to perfectly configure an alert, to catch the right indicators, at the same time avoiding an overload of alerts. Source: http://www.readitquik.com/articles/networking-2/a-guide-to-identify-ddos-attack/
View article:
How to Identify a DDoS Attack
The cloud offers organizations a number of benefits, from simple off-site storage to rent-a-server to complete services. But 2017 will also see cloud infrastructure increasingly the target of attacks, with criminals lured by the data stored there and the possibility of using it to launch distributed denial of service attacks. That’s one of the predictions for the new year from security vendor Forcepoint. Hacking a cloud provider’s hypervisor would give an attacker access to all of the customers using the service, Bob Hansmann, Forcepoint’s director of security technologies, told a Webinar last week. “They’re not targeting you, they may not even know you exist until they get into the infrastructure and get the data. Then they’re going to try to maximize the attack” by selling whatever data is gained. Also tempting attackers is the bandwidth cloud providers have, to possibly be leveraged for DDoS attacks. As attacks on cloud infrastructure increase it will be another reason why CISOs will be reluctant to put sensitive data in the cloud, he said, or to limit cloud use to processing but not storing sensitive data. CIOs/CISOs have to realize “the cloud is a lie,” he said. “There is no cloud. Any cloud services means data is going to someone’s server somewhere. So you need to know are they securing that equipment the same way you’re securing data in your organization … are the personnel vetted, what kind of digital defences do they have?” “You’re going to have to start pushing your cloud providers to meet compliance with the regulations you’re trying to be compliant with,” he added. That will be particularly important for organizations that do business in Europe with the coming into force next year of the European Union’s new General Data Protection Regulation (GDPR) So answering questions such as now long does a cloud service hold the organization’s data, is it backed up securely, are employees vetted, is there third party certification of its use of encryption, how is it protected from DDoS attacks are more important than ever. Other predictions for next year include: –Don’t fear millennials. At present on average they are they second largest group (behind boomers) in most organizations. They do increase security risk because as a tech-savvy group they tend to over-share information – particularly through social media. So, Hansmann says, CISOs should use that to their advantage. “Challenge them to become security-savvy. Put in contests where employees submit they think are spam or phishing attacks, put in quarterly award recognitions, or something like that. Challenge them, and they will step up to the challnge. They take pride in their digital awareness.” Don’t try to make them feel what they do is wrong, but help them to become better. “They will be come a major force for change in the organiztion, and hopefully carry the rest of the organization with them.” –the so-called Digital Battlefield is the world. That means attackers can be nation-states as well as criminals. But CISOs should be careful what they do about it. Some infosec pros – and some politicians – advocate organizations and countries should be ready to launch attacks against a foe instead of being defensive. But, Forcepoint warns, pointing the finger is still difficult, with several hops between the victim and attacker. “The potential for mis-attribution and involving innocents is going to grow,” Hansmann said. “Nations are going to struggle with how do they ensure confidence in businesses, that they are a safe and secure place to do business with or through — and yet not over-react in a way that could cause collateral damage.” –Linked to this this the threat that will be posed in 2017 by automated attacks. The widespread weaponization of autonomous hacking machines by threat actors will emerge next year, Forcepoint says, creating an arms race to build autonomous patching. “Like nuclear weapons technology proliferation, weaponized autonomous hacking machines may greatly impact global stability by either preventing national defense protocols being engaged or by triggering them unnecessarily,” says the company. –Get ready for the Euopean GDPR. It will come into effect in May, 2018 and therefore next year will drive compliance and data protection efforts. “We’ve learned compliance takes a long time to do right, and to do it without disrupting your business.” Organizations may have to not only change systems but redefine processes, including training employees. CIOs need to tell business units, ‘We’re here to support you, but if you’re going to run operations through the EU this regulation is going to have impact. We need to understand it now because will require budgeting and changes to processes that IT doesn’t control,’ said Hansmann. –There will be a rise in what Forcepoint calls “corporate-incentivized insider abuse.’ That’s shorthand for ‘employees are going to cheat to meet sales goals.’ The result is staff falsifying reports or signing up customers signed up for services they didn’t order. Think of U.S. bank Wells Fargo being fined $185 million this year because more than 2 million bank accounts or credit cards were opened or applied for without customers’ knowledge or permission between May 2011 and July 2015. Over 5,000 staff were fired over the incidents. If organizations don’t get on top of this problem governments will regulate, Hansmann warned. Source: http://www.itworldcanada.com/article/cloud-infrastructure-attacks-to-increase-in-2017-predicts-forcepoint/389001
Read More:
Cloud infrastructure attacks to increase in 2017, predicts Forcepoint
Major internet services including Twitter, Spotify and Amazon suffered service interruptions and outages on Friday as a US internet provider came under a cyber attack. The internet service company Dyn, which routes and manages internet traffic, said that it had suffered a distributed denial of service (DDoS) attack on its domain name service shortly after 1100 GMT. The service was restored in about two hours, Dyn said. The attack meant that millions of internet users could not access the websites of major online companies such as Netflix and Reddit as well as the crafts marketplace Etsy and the software developer site Github, according to media reports. The website Gizmodo said it had received reports of difficulty at sites for media outlets including CNN, The Guardian, Wired, HBO and People as well as the money transfer service PayPal. Dyn, which is headquartered in New Hampshire, said the attack went after its domain name service, causing interruptions and slowdowns for internet users. “This morning, October 21, Dyn received a global DDoS attack on our Managed DNS infrastructure in the east coast of the United States,” Scott Hilton, executive vice president for products at Dyn, said in a statement. “We have been aggressively mitigating the DDoS attack against our infrastructure.” The company said it was continuing to investigate. A map published by the website downdetector.com showed service interruptions for Level3 Communications, a so-called “backbone” internet service provider, across much of the US east coast and in Texas. Amazon Web Services, which hosts some of the most popular sites on the internet, including Netflix and the homestay network Airbnb, said on its website that users experienced errors including “hostname unknown” when attempting to access hosted sites but that the problem had been resolved by 1310 GMT. Domain name servers are a crucial element of internet infrastructure, converting numbered Internet Protocol addresses into the domain names that allow users to connect to internet sites. Distributed denial of service or DDoS attacks involve flooding websites with traffic, making them difficult to access or taking them offline entirely. Attackers can use them for a range of purposes, including censorship, protest and extortion. The loose-knit hacktivist network Anonymous in 2010 targeted the DNS provider EveryDNS among others in 2010 as retribution for denying service to the anti-secrecy organization WikiLeaks. “The internet continues to rely on protocols and infrastructure designed before cyber security was an issue,” said Ben Johnson, a former engineer at the National Security Agency and founder of the cybersecurity company Carbon Black. He said that growing interconnection of ordinary devices to the internet, the so-called “internet of things,” increased the risks to networks. “DDoS, especially with the rise of insecure IOT devices, will continue to plague our organizations. Sadly, what we are seeing is only the beginning in terms of large scale botnets and disproportionate damage done.” Source: http://phys.org/news/2016-10-twitter-spotify-websites-ddos.html
Read the article:
Twitter, Amazon, other top websites shut in cyber attack
The largest attack detected in the second quarter peaked at 256 Gbps, according to Verisign. According to the Verisign DDoS Trends Report for the second quarter of 2016, the number of distributed denial of service (DDoS) attacks increased by 75 percent year over year. The average peak attack size in the second quarter was 17.37 Gbps, an increase of 214 percent over Q2 2015. Fully 75 percent of attacks peaked over 1 Gbps, and 32 percent exceeded 10 Gbps. The largest and fastest DDoS attack detected by Verisign in Q2 2016 peaked at 256 Gbps for about 15 minutes before settling in at more than 200 Gbps for almost two hours. Sixty-four percent of DDoS attacks detected in Q2 2016 employed multiple attack types, indicating that DDoS attacks continue to increase in complexity. Forty-five percent of DDoS attacks targeted the IT services industry, followed by financial services (23 percent) and the public sector (14 percent). The Kaspersky DDoS Intelligence Report for Q2 2016 found that 77.4 percent of resources targeted by DDoS attacks were located in China. The three most targeted countries for Q2 2016 were China, South Korea and the U.S. While most attacks lasted no more than four hours, 8.6 percent lasted 20-49 hours, and 4 percent last 50-99 hours. The longest DDoS attack in Q2 2016 lasted for 291 hours (12.1 days), a significant increase over the previous quarter’s maximum of 8.2 days. Over 70 percent of all attacks detected by Kaspersky in Q2 2016 were launched from Linux botnets, almost twice the number for the previous quarter. Just under 70 percent of all command and control (C&C) servers were located in South Korea, followed by China (8.1 percent), the U.S. (7.1 percent), Russia (4.5 percent) and Brazil (2.3 percent). And the Nexusguard Q2 2016 Threat Report states that the number of DDoS attacks increased by 83 percent to more than 182,900 attacks in the second quarter. The most targeted countries seen by Nexusguard were Russia, the U.S. and China. “We were surprised to see an increase in DDoS attacks this quarter, especially as hackers experiment with ransomware, phishing schemes and other data-grabbing methods for monetary gain,” Nexusguard chief scientist Terrence Gareau said in a statement. “Organizations can expect cyber attacks to continue growing in frequency this year, especially with more attention on the Summer Olympics and the November election season in the U.S.” “The results from this quarter also show how important it is to not only protect your website, but also to plan for new payloads and attacks on your infrastructure,” Gareau added. Source: http://www.esecurityplanet.com/network-security/ddos-attacks-up-by-75-percent-in-q2-2016.html
See the original article here:
DDoS Attacks Up by 75 Percent in Q2 2016
There’s not much more than fine print between stress testing and DDoS-as-a-service Two Israeli men have been arrested for running a distributed-denial-of service-as-a-service site, after one seemingly claimed to attack the Pentagon.…
Read the original:
Israeli Pentagon DDoSers explain their work, get busted by FBI
Nowhere near as bad as its ten-day Christmas cracker, but something seems to be afoot Cloud hosting outfit Linode has again come under significant denial of service (DoS) attack.…
View original post here:
Linode fends off multiple DDOS attacks
Proof-of-work turned to nefarious purposes, like taking down a Census A curious proof-of-work project built on cryptocurrency has emerged that offers a means to prove participation in distributed denial of service (DDoS) attacks.…
Read More:
Meet DDoSCoin, the cryptocurrency that pays when you p0wn
Imagine you woke up to discover a massive cyber attack on your country. All government data has been destroyed, taking out healthcare records, birth certificates, social care records and so much more. The transport system isn’t working, traffic lights are blank, immigration is in chaos and all tax records have disappeared. The internet has been reduced to an error message and daily life as you know it has halted. This might sound fanciful but don’t be so sure. When countries declare war on one another in future, this sort of disaster might be the opportunity the enemy is looking for. The internet has brought us many great things but it has made us more vulnerable. Protecting against such futuristic violence is one of the key challenges of the 21st century. Strategists know that the most fragile part of internet infrastructure is the energy supply. The starting point in serious cyber warfare may well be to trip the power stations which power the data centres involved with the core routing elements of the network. Back-up generators and uninterruptible power supplies might offer protection, but they don’t always work and can potentially be hacked. In any case, backup power is usually designed to shut off after a few hours. That is enough time to correct a normal fault, but cyber attacks might require backup for days or even weeks. William Cohen, the former US secretary of defence, recently predicted such a major outage would cause large-scale economic damage and civil unrest throughout a country. In a war situation, this could be enough to bring about defeat. Janet Napolitano, a former secretary at the US Department of Homeland Security, believes the American system is not well enough protected to avoid this. Denial of service An attack on the national grid could involve what is called a distributed denial of service (DDoS) attack. These use multiple computers to flood a system with information from many sources at the same time. This could make it easier for hackers to neutralise the backup power and tripping the system. DDoS attacks are also a major threat in their own right. They could overload the main network gateways of a country and cause major outages. Such attacks are commonplace against the private sector, particularly finance companies. Akamai Technologies, which controls 30% of internet traffic, recently said these are the most worrying kind of attack and becoming ever more sophisticated. Akamai recently monitored a sustained attack against a media outlet of 363 gigabits per second (Gbps) – a scale which few companies, let alone a nation, could cope with for long. Networks specialist Verisign reports a shocking 111% increase in DDoS attacks per year, almost half of them over 10 Gbps in scale – much more powerful than previously. The top sourcesare Vietnam, Brazil and Columbia. Number of attacks Verisign Scale of attacks Verisign Most DDoS attacks swamp an internal network with traffic via the DNS and NTP servers that provide most core services within the network. Without DNS the internet wouldn’t work, but it is weak from a security point of view. Specialists have been trying to come up with a solution, but building security into these servers to recognise DDoS attacks appears to mean re-engineering the entire internet. How to react If a country’s grid were taken down by an attack for any length of time, the ensuing chaos would potentially be enough to win a war outright. If instead its online infrastructure were substantially compromised by a DDoS attack, the response would probably go like this: Phase one: Takeover of network : the country’s security operations centre would need to take control of internet traffic to stop its citizens from crashing the internal infrastructure. We possibly saw this in the failed Turkish coup a few weeks ago, where YouTube and social media went completely offline inside the country. Phase two: Analysis of attack : security analysts would be trying to figure out how to cope with the attack without affecting the internal operation of the network. Phase three: Observation and large-scale control : the authorities would be faced with countless alerts about system crashes and problems. The challenge would be to ensure only key alerts reached the analysts trying to overcome the problems before the infrastructure collapsed. A key focus would be ensuring military, transport, energy, health and law enforcement systems were given the highest priority, along with financial systems. Phase four. Observation and fine control : by this stage there would be some stability and the attention could turn to lesser but important alerts regarding things like financial and commercial interests. Phase five. Coping and restoring : this would be about restoring normality and trying to recover damaged systems. The challenge would be to reach this phase as quickly as possible with the least sustained damage. State of play If even the security-heavy US is concerned about its grid, the same is likely to be true of most countries. I suspect many countries are not well drilled to cope with sustained DDoS, especially given the fundamental weaknesses in DNS servers. Small countries are particularly at risk because they often depend on infrastructure that reaches a central point in a larger country nearby. The UK, it should be said, is probably better placed than some countries to survive cyber warfare. It enjoys an independent grid and GCHQ and the National Crime Agency have helped to encourage some of the best private sector security operations centres in the world. Many countries could probably learn a great deal from it. Estonia, whose infrastructure was disabled for several days in 2007 following a cyber attack, is now looking at moving copies of government data to the UK for protection. Given the current level of international tension and the potential damage from a major cyber attack, this is an area that all countries need to take very seriously. Better to do it now rather than waiting until one country pays the price. For better and worse, the world has never been so connected. Source: http://theconversation.com/if-two-countries-waged-cyber-war-on-each-another-heres-what-to-expect-63544
Visit site:
If two countries waged cyber war on each another, here’s what to expect