Not down to people trying to file comments on issues rhyming with wetsuit balloty, it insists Problems faced by consumers hoping to submit comments to the Federal Communications Commission over the weekend were caused by a denial of service attack, the US government agency admits.…
Continue Reading:
FCC blames DDoS for weekend commentary lockout
Not down to people trying to file comments on issues rhyming with wetsuit balloty, it insists Vid Problems faced by consumers hoping to submit comments to the Federal Communications Commission over the weekend were caused by a denial of service attack, the US government agency admits.…
The Dark Knight of malware’s purpose remains unknown Hajime – the “vigilante” IoT worm that blocks rival botnets – has built up a compromised network of 300,000 malware-compromised devices, according to new figures from Kaspersky Lab.…
Read More:
Mysterious Hajime botnet has pwned 300,000 IoT devices
The internet’s new scourge is hugely damaging global attacks that harness armies of routers, cameras, and other connected gadgets—the so-called Internet of Things (IoT)—to direct floods of traffic that can take down swaths of the network. The blame so far has largely fallen on the Chinese manufacturers who churn out devices with shoddy security on the cheap. But all those devices have to be plugged in somewhere for them to used maliciously. And American consumers are increasingly the ones plugging them in. Nearly a quarter of the internet addresses behind these distributed denial-of-service, or DDoS, attacks are located in the United States, newresearch from network services firm Akamai has found. Some 180,000 US IP addresses took part in DDoS attacks in the last quarter of 2016, it found—more than four times as many as addresses originating in China. Akamai’s findings are particularly notable because the armies of hacked devices that carry out DDoS attacks—such as those controlled by the Mirai malware—don’t bother covering their tracks. That means the IP addresses are far more likely to genuinely correspond to a location within a certain country, the report’s authors write. The findings also end an era of Chinese dominance in DDoS attacks. Over the previous year, China has accounted for the highest proportion of IP addresses taking part in such attacks globally. Now the US is the clear leader, accounting for 24% of such addresses. The UK and Germany are a distant second and third. (To be clear, though, wherever the attacking devices’ IP addresses are, the person controlling them could be located anywhere.) The huge number of devices taking part in DDoS attacks in the US means regulation there, and in Europe, could stem the flood of damaging traffic. Of course, IoT regulation is a thorny issue—essentially, no US federal agency really wants to take the problem on—and there remain technical questions over how to actually go about blocking the attacks. Still, it’s a lot clearer now that simply pointing the finger at China isn’t enough. Source: https://qz.com/912419/akamai-akam-report-a-quarter-of-ddos-ip-addresses-are-now-from-the-us/
View article:
Blame the US, not China, for the recent surge in massive cyberattacks
According to reports, United States, the United Kingdom and Germany became the top three source countries for DDoS attacks in October-December 2016. MOSCOW (Sputnik) – The United States, the United Kingdom and Germany became the top three source countries for DDoS attacks in October-December 2016, an Internet company dubbed Akamai said in report Wednesday, adding that the overall number of attacks in 2016 increased by 4 percent compared to previous year. “The top three source countries for DDoS attacks were the U.S. (24%), the U.K. (10%), and Germany (7%). In the past year, China dominated the top 10 list of source countries. In Q4 2016, China dropped to the fourth position overall, with 6% of traffic,” the State of the Internet / Security Report said. Russia became the fifth country in the list, with 4.4 percent of attacks. “The average number of DDoS attacks remained steady this quarter [October-December 2016] at 30 per target, indicating that after the first attack, an organization has a high likelihood of experiencing another,” the report said. The study notes that the number of IP addresses, used for DDoS attacks, significantly increased in the last quarter of 2016. The report also provides data regarding attacks in January- September 2016, with China, the United States, Turkey and the United Kingdom being the top source countries for attacks. Source: https://sputniknews.com/world/201702151050711562-ddos-atacks-internet/
Visit link:
Majority of DDoS Attacks in October-December 2016 Conducted From Germany, UK, US
Infected vending machines and light bulbs teach establishment a lesson. A PLACE WHERE late stage teenagers go to drink and make arses of themselves has fallen victim to a denial of service (DDoS) attack of, essentially, it’s own making. Yeah, we are talking about a university. We do not know what university it is, but Verizon’s breach report for 2016 tells us that the mysterious educational establishment, probably in the US, was taken to its knees by a DDoS attack that was brought about by its own bloody Internet of Things (IoT) devices. It’s kinda like that Mirai thing, but on a much smaller, and more personally embarrassingly scale. We like to imagine that a connected toaster and a connected fridge had a fallout and that everything when bits up. According to Bleeping Computer, which has had a cheeky look at the Verizon report, it was a bit more pedestrian than that. “The DDoS attack was caused by an unnamed IoT malware strain that connected to the university’s smart devices, changed their default password, and then launched brute-force attacks to guess the admin credentials of nearby devices,” Verizon says as it explained that something fishy went down. “Hacked devices would start an abnormally high level of DNS lookups that flooded the university’s DNS server, which in turn resulted in the server dropping many DNS requests, including legitimate student traffic. The university’s IT team said that many of these rogue DNS requests were related to seafood-related domains.” The university has placed all IoT devices, such as light bulbs and vending machines, on its separate subnet, or perhaps in a bin. The security industry reckons that this is a signal of the kind of unprotected troubles to come. Naturally. “On the surface this appears to be more of a prank than a sophisticated denial of service attack. However, proving that largescale IoT takeovers are possible should be a wakeup call to those who manage networks rife with unsecure IoT devices,” said Stephen Gates, chief research intelligence analyst at NSFOCUS by way of introduction. “Municipal, Industrial, Commercial, and now Educational infrastructures are becoming more and more vulnerable, because organisations often carelessly deploy IoT without understanding the ramifications of weak IoT security. “In this case the damage appears to be limited, and only inconvenienced users on a campus network. Do the same to a transportation system, a chemical plant, a hospital complex, an E911 system, or an ISP, and the damage could be much, much greater.” Source: http://www.theinquirer.net/inquirer/news/3004579/university-suffers-ddos-attack-after-its-schooled-by-own-iot-devices#
Link:
University suffers DDoS attack after it’s schooled by own IoT devices
2016 was a landmark year in cyber security. The cyber landscape was rocked as Internet of Things (IoT) threats became a reality and unleashed the first 1TB DDoS attacks — the largest in history. Security experts had long warned of the potential of IoT attacks, and a number of other predictions also came true; Advanced Persistent Denial of Service (APDoS) attacks became standard, ransom attacks continued to grow and evolve and data protection agreements dominated privacy debates. So what’s coming in 2017? Well, for years there have been theories about how a cyber attack could cripple society in some way. So what would this look like, and how could it come to fruition in 2017? An attack type that has been largely ignored that could prove to be key in a major cyber attack is the Permanent Denial of Service (PDoS) attack. This attack type is unique as rather than collecting data or providing some on-going nefarious function its only aim is to completely prevent its target’s device from functioning. PDoS, or Phlashing PDoS, also known as “phlashing”, often damages its target to such an extent that replacement or reinstallation of hardware is usually required. Although the attack type itself has been around for some time now, but it’s easy to imagine how much damage they could do it today’s connected world, and therefore it could quickly gain momentum in 2017. For example, one method PDoS leverages to accomplish its damage is remote or physical administration on the management interface of the victim’s hardware, such as routers, printers, or other networking hardware. In the case of firmware attacks, the attacker may use vulnerabilities to replace a device’s basic software with a modified, corrupt, or defective firmware image. This “bricks” the device, rendering it unusable for its original purpose until it can be repaired or replaced. Other attacks include overloading the battery or power systems. We’ve already seen the potential harm that a PDoS attack could cause, when in November last year an attack on residential apartments in Finland targeted the building management system. The attack took the system offline by blocking its Internet connection, causing it to keep rebooting itself in order to reconnect. As a result, the system was unable to supply heating at a time when temperatures were below freezing. Fortunately, the facilities service company were able to relocate residents while the system was brought back online. You only have to consider devices like Samsung’s Note 7 to see the safety hazards that the devices we all carry around with us can potentially harbor. There have been numerous test cases of malware and bots overheating devices, causing them to physically distort or worse. These attacks, bundled into a cyber attack, could have devastating and lasting effects beyond what we commonly think about in the world of the “nuisance” DDoS attack. Another attack type that has flown under the radar is Telephony Denial of Service (TDoS). This attack type will likely rise in sophistication and become a key tool in cyber attackers’ arsenals, particularly those who are more interested in wreaking havoc than having financial gain as a motivator. The rise of the Darknet Just imagine an attacker with the ability to cut off communications during a crisis period. This would hinder first responders, exacerbate suffering and in some situations it could potentially increase loss of life. A physical attack, such as a terror attack, followed by a targeted TDoS attack on communication systems could be devastating. Like PDoS, TDoS has been around for some time but again, as we depend more and more on these connected systems the impact of a targeted attack becomes magnified. One prediction that has come true in the past few years is the rise of the Darknet. However, in 2017 it could go a step further and become a mainstream tool that almost anyone can use to launch attacks or manipulate data. The Darknet offers easy and affordable access to attacks that can terrorize or otherwise alter someone’s personal details for financial or other benefits. The scope of the Darknet is also reaching further than ever thanks to the huge increase in connected devices that the general public has at their disposal. Examples include the ability to rent compromised surveillance systems, access to legal information including lawyers’ emails and the ability to view and manipulate medical or educational records. 2017 could see a frightening scenario develop where the definitive source of who we are and how our details are recorded and accessed is unknown. Just imagine being in a job interview and your CV doesn’t match your online school records. Who will the potential employer trust? This analogy can be extended to numerous scenarios, but the common thread is that your online records require high security and fidelity in order for you to function properly in society. In light of that, one of the single most personalized acts of terror that can occur is a wide-scale loss, alteration or deletion of records — with no reconstitution capability. This should strike fear in us all. Source: https://betanews.com/2017/02/09/the-next-generation-of-cyber-attacks-pdos-tdos-and-others/
View article:
The next generation of cyber attacks — PDoS, TDoS, and others
Companies are not ready to protect themselves against DDoS, with four in ten (39%) businesses unclear about the most effective protection strategy to combat this type of attack, according to research from Kaspersky Lab. A lack of knowledge and protection is putting businesses at risk of grinding to a halt. DDoS attacks can quickly incapacitate a targeted business’s workflow, bringing business-critical processes to a stop. However, the research found that nearly a fifth (16%) of businesses are not protected from DDoS attacks at all, and half (49%) rely on built-in hardware for protection. This is not effective against the increasing number of large-scale attacks and ‘smart’ DDoS attacks which are hard to filter with standard methods. Large-scale cyberattacks are now commonplace, such as the recent attack on telecommunications provider StarHub, which faced a high-profile DDoS attack in October last year. Hackers are also showing a preference for DDoS attacks, with the proliferation of IoT devices today. As IoT devices have weak security protocols, they are easy targets for hackers to launch DDoS attacks from. As IoT devices are forecasted to hit 21 billion in 2020, each potential entry point into an organisation increases vulnerability to DDoS attacks. Many businesses are in fact aware that DDoS is a threat to them – of those that have anti-DDoS protection in place, a third (33%) said this was because risk assessments had identified DDoS as a potential problem, and one in five (18%) said they have been attacked in the past. For some, compliance, rather than awareness of the security threat, is the main driver, with almost half (43%) saying regulation is the reason they protect themselves. The problem for businesses is that, in many cases, they may assume they’re already protected. Almost half (40%) of the organizations surveyed fail to put measures in place because they think their Internet service provider will provide protection, and one in three (30%) think data center or infrastructure partners will protect them. This is also not always effective, because these organizations mostly protect businesses from large-scale or standard attacks, while ‘smart’ attacks, such as those using encryption or imitating user behavior, require an expert approach. Moreover, the survey found that a third (30%) fail to take action because they think they are unlikely to be targeted by DDoS attacks. Surprisingly, one in ten (12%) even admit to thinking that a small amount of downtime due to DDoS would not cause a major issue for the company. The reality is that any company can be targeted because such attacks are easy for cybercriminals to launch. What’s more, the potential cost to a victim can reach millions. “As we’ve seen with the recent attacks, DDoS is extremely disruptive, and on the rise,” says Kirill Ilganaev, Head of Kaspersky DDoS Protection at Kaspersky Lab. “When hackers launch a DDoS attack, the damage can be devastating for the business that’s being targeted because it disables a company’s online presence. As a result business workflow comes to a halt, mission-critical processes cannot be completed and reputations can be ruined. Online services and IT infrastructure are just too important to leave unguarded. That’s why specialized DDoS protection solution should be considered an essential part of any effective protection strategy in business today.” Source: http://www.networksasia.net/article/39-businesses-not-ready-protect-themselves-against-ddos.1486046674
See original article:
39% of businesses not ready to protect themselves against DDoS
DDoS stands for Distributed-Denial-of-Service. It basically means that a surge of information cuts you off from your network i.e. your server or your web host, disallowing access to web services. In recent times, a series of DDoS attacks have taken place, which is proven but the statistics put together by Arbor Networks’ 12th Annual Worldwide Infrastructure Security Report (WISR). The report indicates that incidences of DDoS attacks have risen 44% compared to last year. In fact, 53% of the service providers that were surveyed mentioned that 53 percent they are seeing more than 21 DDoS attacks per month, up from 44 percent last year. It is important to know if your network is under an attack, and take the necessary correction steps. Especially if you are an online business, a DDoS attack can wreak havoc, stopping your operations completely. An attack is initiated by sending a flood of traffic to your server or web host, thereby, eating into your available bandwidth and server resources. In effect, the original user, which is you, are left without access to web services. In extreme situations, the server may crash too. In fact, the attack is not launched from one source, making it difficult to track down a single IP in computer and data logs. The attacker generally infects user networks, including personal computers, mobiles, and IoT devices and so on, through his or her malware-infected machines. That is where the complexity of identifying a DDoS attack arises- it can quickly spiral into large proportions. Also, a DDoS attack can strike without warning, most hackers do not believe in sending threats before carrying out the hack. It may look like your website server or hosting domain is down, while in reality it may be a DDoS attack. Even elaborate server tests may just indicate a high traffic, which may appear normal. Hence it is important to be on the vigil and consider that you may indeed, be under a DDoS attack: Here are the key clues to look out for: An IP address makes x requests over y seconds, many times consistently, or IP addresses may repeat frequently: If you spot this behaviour for specific IPs, you can direct traffic from those IPs to specific NULL routes. This will bypass your servers. At the same time, make it a point to whitelist some of the valid IPs. Your server responds with a 503 error citing a service outage: Windows allows you to schedule alerts when a specific event happens in Event Viewer. Allocate a task to an event (such as errors or warnings). Similarly, allocate a task to a 503 event by opening Event Viewer, right clicking on the event, and set up a configuration to send an email to an administrator or to a team of people. Loggly can help you with this in case of multiple servers. Ping requests time out: Move beyond manually pinging servers to test response. A number of web pinging services are available, such as, UpTimeRobot, Pingdom, Mon.itor.us, InternetSeer, Uptrends and others. You can configure the frequency at which you want your site to ping from world-over. If a time out occurs, it is reported back to you or your team. Logs show a huge spike in traffic: Loggly can be used as a lookout for DDoS attacks. It not only shows traffic spikes but also their occurrence date and time, their originating servers and user errors. The logs and alerts can be designed to be more specific, for example, base your alerts on a combination of events and traffic spikes, so as to do away with false alerts. It is not practically possible for any human to keep looking out for these signs. One must automate notification systems. Loggly is a useful tool that can send these alerts to external messaging platforms too, such as Slack, or Hipchat. Of course, it is important that you learn how to perfectly configure an alert, to catch the right indicators, at the same time avoiding an overload of alerts. Source: http://www.readitquik.com/articles/networking-2/a-guide-to-identify-ddos-attack/
View article:
How to Identify a DDoS Attack
The increase in connected devices could make 2017 a banner year for cyber attacks. A report by global professional services company Deloitte said that Distributed Denial of Service (DDoS) attacks will grow in size and scale in 2017, thanks in part to the growing multiverse of connected things. According to Deloitte’s annual Technology, Media and Telecommunications Predictionsreport, DDoS attacks will be more frequent, with an estimated 10 million attacks in total over the next 12 months. DDoS attacks are no new phenomena. The potential impact on an organization from this category of cyber threat should never be underestimated, Deloitte said. The report said that the size of DDoS attacks has increased year-on-year. Between 2013 and 2015, the largest attacks did not exceed 500 gigabits per second. In 2016, there were two attacks that exceeded one terabit per second. Over the next 12 months, the average attack size is forecast to be between 1.25- and 1.5 GBs per second, with at least one per month exceeding 1 TB per second. On a basic level, the success of DDoS attack is focused on making a website or network resource—a server, for example—unusable. This scenario is achieved by creating a flood of Internet traffic from multiple sources that are launched simultaneously. The website or resource is then overwhelmed, resulting in a suspension of service or access. For example, an ecommerce website that is hit by a DDoS attack would be unable to sell its products until the attack was contained. At the same time, any exposed vulnerabilities could produce a knock-on effect and take other organizations or websites down with it. “DDoS attacks are the equivalent of hundreds of thousands of fake customers converging on a traditional shop at the same time,” the report said. “The shop quickly becomes overwhelmed. The genuine customers cannot get in and the shop is unable to trade as it cannot serve them.” Connected Devices Are An Easy Target There are several methods for creating this type of chaos but the most common are botnets and amplification attacks. A DDoS attack generated through a botnet accesses hundreds of thousands of connected devices that have been told to act in disruptive manner via malicious code. An amplification attack also uses malicious code by instructing a server to generate multiple fake IP addresses that are then sent to a website—known as “spoofing”—which then overwhelm that service. Both of these approaches are widely known, although it is the botnet that has become more prevalent. Irrespective of how widespread the impact is on an organization or network, Deloitte said that three concurrent trends will escalate the potential for DDoS attacks in 2017—the Internet of Things, widely available malware and high bandwidth speeds. The prime culprit will be the Internet of Things. Connected devices are notoriously insecure and ripe for being taken over by a third party. The standard way to gain remote access to a device is through a user ID or password, but some people may not be aware that a device’s firmware offers hackers a way in, Deloitte said. Deloitte said: The majority of users are familiar with the need to change user ID and passwords before using a device for the first time, and at regular intervals thereafter. But approximately half a million of the billions of IoT devices worldwide—a small proportion of the total, but a relatively large absolute number—reportedly have hard-coded, unchangeable user IDs and passwords. In other words, they cannot be changed, even if the user wants to. Hard-coded user IDs and passwords are not an issue provided that a third party doesn’t know what they are. The problem is that they can be easy to find. The Internet Of Things Is Always Exploitable Anyone with a degree of programming knowledge can sift through a device’s firmware to discover what these IDs and passwords are, the report said. In addition, a compromised Internet of Things device may not show any signs of being compromised to its owner, especially if there is no obvious deterioration in performance. Theoretically, millions of devices could be affected without their owners having any idea that the device was part of a botnet, Deloitte said. Consumer confidence in the Internet of Things is aligned with how secure a connected device is, confidence that can be shattered if that device can be exploited with little effort. For example, the cyber attack on October 21, 2016, that affected the Dyn network was attributed to a botnet that used Internet-connected devices to take down numerous high-profile services that included Twitter, Amazon.com, Spotify, Comcast, Fox News and PayPal. Thousands of connected devices were used in this attack, which is now accepted as one of the largest of its kind to date. Any company or organization that has a presence on the Internet should be aware that DDoS attacks are not going to stop anytime soon. The report cited several sectors that should be alert to the impact that a successful DDoS attack could have including (but not limited to) retailers with a high proportion of online revenue, video streaming services, financial or professional service companies and online video games providers. “Some organizations may have become a little blasé about DDoS attacks, however these attacks are likely to increase in intensity in 2017 and beyond, and the attackers are likely to become more inventive,” said Deloitte. “Unfortunately, it may never be possible to relax about DDoS attacks. The DDoS genie is out of the bottle, and is unlikely to pop back in.” Source: https://arc.applause.com/2017/01/27/ddos-iot-vulnerability-asssessment/
Taken from:
Assessing The Massive Security Vulnerability Of The Internet Of Things