Tag Archives: internet

Here’s how security cameras drove the world’s biggest DDoS attack ever

DDoS attacks are reaching monster levels that pose a massive threat The record for the biggest DDoS attack ever seen has been broken once again, with an absolute monster of distributed denial of service firepower managing to almost reach the not-so-magic 1Tbps mark. Technically this was actually two concurrent attacks, although the majority of the traffic was concentrated in one, which is the largest ever recorded single blast of DDoS. As the Register reported, Octave Klaba, the founder and CTO of OVH.com, the French hosting company which suffered the attack, said that the assault consisted of two simultaneous barrages of 799Gbps and 191Gbps, for a total of 990Gbps. The previous largest DDoS was the recent 620Gbps effort that hit ‘Krebs On Security’, the website of security researcher Brian Krebs, which was driven by the same botnet of some 150,000+ compromised Internet of Things devices, routers, DVRs and security cameras responsible for this latest volley. Krebs said he was hit in retaliation to an article posted on his blog, although it isn’t clear why OVH.com came under fire. Massive attacks As Klaba said on Twitter, though, it’s hardly uncommon for his company to experience DDoS, and a tweet outlining the attacks suffered by the organisation over a period of four days this month showed 25 separate attacks which all exceeded 100Gbps (including the two mentioned here). Several others were simultaneous (or near-simultaneous) pairs of attacks, too. He further noted that the botnet in question could potentially up its firepower by some 50% compared to the assault his company was hit by, tweeting: “This botnet with 145,607 cameras/dvr (1-30Mbps per IP) is able to send > 1.5Tbps DDoS.” Not only are DDoS attacks getting larger in size, but they are also becoming much more frequent according to a VeriSign report we saw back in the spring – this observed that the number of attacks had almost doubled in the final quarter of 2015, compared to the same period in the previous year. Source: http://www.techradar.com/news/internet/here-s-how-security-cameras-drove-the-world-s-biggest-ddos-attack-ever-1329480

Originally posted here:
Here’s how security cameras drove the world’s biggest DDoS attack ever

DDOS attacks: An old nemesis returns to cripple your network

Once considered a cybersecurity threat of the past, Distributed Denial of Service (DDoS) attacks have re-emerged with a vengeance. DDoS attacks are wreaking havoc on enterprises and end users with alarming frequency. Distributed Denial of Service is a cyberattack where multiple systems are compromised, often joined with a Trojan, and used to target a single system to exhaust resources so that legitimate users are denied access to resources. Websites or other online resources become so overloaded with bogus traffic that they become unusable. A well-orchestrated DDoS carried out by automated bots or programs has the power to knock a website offline. These attacks can cripple even the most established and largest organisations. An e-commerce business can no longer conduct online transactions, jeopardising sales. Emergency response services can no longer respond, putting lives in danger. According to the VeriSign Distributed Denial of Service Trends Report, DDoS activity increased by 85 percent in one year. The report also suggested that cyber attackers are beginning to hit targets repeatedly, with some organisations the target of DDoS attacks up to 16 times in just three months. If you think your organisation is obscure and can fly under the cyber attacker radar – forget it. Every industry is vulnerable. If an increase in attacks isn’t troubling enough, the size and the amount of damage DDoS attacks can do is also disturbing. The fastest flood attack detected by Verisign occurred during the fourth quarter of 2015, targeting a telecommunications company by sending 125 million packets per second (Mpps), and driving a volumetric DDoS attack of 65 gigabits per second (Gbps). The end result – the site imploded and was temporarily knocked out of service. Why DDos attacks are back in vogue The reason why DDoS attacks are back is simple – it is relatively easy to launch a sustained attack and cripple any organisation connected to the Internet. Botnets, a group of computers connected for malicious purposes, can actually be acquired as a DDoS for hire service. The ability to acquire destructive assets demonstrates how easy it is for someone with little technical knowledge to attack any organisation. DDoS attacks typically hit in three ways – Application Order, Volumetric, and Hybrid. Application orders cripple networks by potentially creating hundreds of thousands of connections at a time; volumetric attacks seek to overload a site with traffic; hybrid attacks can deliver the double whammy of knocking a business offline. The real danger of DDoS attacks is that they are often an end around. While technicians are pre-occupied with trying to get the website back up, attackers can often plant a backdoor in others areas of the network to eventually steal information. How to prevent DDoS attacks Prevention is nearly impossible, since there is no effective control of hackers in the outside world. A DDoS appliance protecting the Internet connection is the first line of defence. This will help to mitigate an attack. Appliances from vendors such as Fortinet or Radware are placed on customer premise as close to their Internet edge as possible. These devices can help to identify and block most DDoS traffic. However, this solution falls short with a DDoS attack that is attempting to flood Internet circuits. The only way to protect against this type of attack is to have a device at the service provider or in the cloud. A managed security services provider (MSSP) can offer on-demand services that are both cost effective and architected with a cloud focus in mind, in order to effectively protect against each type of attack. A number of companies offer tools to analyse network traffic for signs of malicious activity, which can often weed out unwanted network connections. Infrastructure Access Control Lists (IACLs) can also be installed in routers and switches to detect suspicious traffic patterns and keep unwanted traffic off servers. Many companies believe they can thwart attacks by hiding behind a firewall, but these general purpose tools are typically the first to fall. Firewalls offer some protection, but they can be easily hacked. Organisations expose themselves to attack when they use technology as a crutch. Winning the DDoS war requires organisations to look at their operations as a critical network and seek ways to defend it with talented individuals and technology that stay one step ahead of the attackers. A firewall is important but not a panacea. The major drawback to do-it-yourself solutions is that they are reactive. Attackers can easily modify their methods and come at a business from disparate sources using different vectors. This keeps an organisation always in a defensive position, having to repeatedly deploy additional configurations, while simultaneously attempting to recover from any downtime events. Many organisations have limited expertise and resource bandwidth to deal with the complexities of security and compliance. Managed security services providers with the ability to monitor, manage and protect control systems fill that cybersecurity gap. Detecting a DDoS attack requires specialised hardware capable of sending alerts via email or text. The goal is to report and respond to the incident before the attacker makes resources unavailable. An MSSP who employs both technology and on-site personnel can monitor and act as a full operations team. If a DDoS attack is suspected, it is probably affecting the ISP as well. The security team should immediately contact the ISP to see if they can detect a DDoS attack and re-route traffic. Inquire whether any DDoS protective services are available, and consider a backup ISP as a contingency. DDoS attacks will continue in the future due to the ease of execution. Companies must ensure they are prepared, constantly monitor the network, and have a game plan if an attack is under way. The daily headlines prove that no organisation is immune. With a little foresight it is possible to both thwart an attack and defend against future ones. Source: http://www.itproportal.com/features/ddos-attacks-an-old-nemesis-returns-to-cripple-your-network/

Visit site:
DDOS attacks: An old nemesis returns to cripple your network

Security man Krebs’ website DDoS was powered by hacked Internet of Things botnet

Internet of Amazingly Insecure Tat? That’s the one The huge distributed denial of service (DDoS) attack which wiped security journalist Brian Krebs’ website from the internet came from a million-device-strong Internet of Things botnet.…

Originally posted here:
Security man Krebs’ website DDoS was powered by hacked Internet of Things botnet

Renowned blog KrebsOnSecurity hit with massive DDoS attack

The 620 Gbps DDoS attack was built on a massive botnet. The security blog KrebsOnSecurity has been hit with one of the largest distributed denial of service (DDoS) attacks of all time. The site, which is run by security expert Brian Krebs, was hit by a DDoS attack of around 620 Gbps on 20 September. KrebsOnSecurity managed to stay online during the attack, due to defences from content delivery network provider Akamai. The largest attack of this kind Akamai had previously defended was one of 336 Gbps earlier this year. Previous large-scale DDoS attacks, including the 336 Gbps attack, used well-known methods to amplify a smaller attack such as using unmanaged DNS servers. Apart from being much larger in terms of scale, the attack on KrebsOnSecurity also differed in that it seemed to instead use a very large botnet of hacked devices. This could have involved hundreds of thousands of systems. “Someone has a botnet with capabilities we haven’t seen before,” Martin McKeay, Akamai’s senior security advocate, said to KrebsOnSecurity. “We looked at the traffic coming from the attacking systems, and they weren’t just from one region of the world or from a small subset of networks — they were everywhere.” Brian Krebs said that there were some signs that the attack had used a botnet that had captured a large number of Internet of Things (IoT) devices. During a DDoS attack, the targeted website is flooded with traffic, designed to overwhelm the resources of the site to crash or suspend its services. “It seems likely that we can expect such monster attacks to soon become the new norm,” wrote Krebs. He suggested that the attack on his site might have been in retaliation for a series he had done on the takedown of a DDoS-for-hire service vDOS, a theory supported by text included in the strings of the DDoS attack referencing the vDOS owners. Source: http://www.cbronline.com/news/cybersecurity/business/renowned-blog-krebsonsecurity-hit-with-massive-ddos-attack-5012622

Excerpt from:
Renowned blog KrebsOnSecurity hit with massive DDoS attack

Researcher believes major DDoS attacks part of military recon to shut down internet

Security researcher Bruce Schneier spotted a series of DDoS attacks which may be part of a larger effort to learn how to take down the internet on a national or even global scale. The attacks targeted major companies that provide the basic infrastructure for the internet and the incidents seem to appear to have probed the companies’ defenses to determine how well they can protect themselves, according to a Sept. 13 blog post. Schneier said he is unable to give details concerning which companies were targeted because he spoke with the companies under anonymity, but said the attack rate has increased in the last two years and that his findings are supported by a Verisign DDoS trends report. Schneier told SCMagazine.com he believes the attacks are part a foreign cyber organization doing military recon activities. The attacks are believed to be from China, but that being said Schneier said he is hesitant to point the blame at anyone. So far the targeted companies have been able to defend themselves, but when it comes to actually being able to take down the internet, Schneier said, “it does seem you can do it for small amounts of time but not permanently.” Some other experts agree. Several countries have a history of using DDoS attacks to target the U.S. and other nations so it’s safe to say that if taking down the internet will improve one’s position as a world power, someone will try to do it, Plixer CEO Michael Patterson told SCMagazine.com via emailed comments. “Consider the past attacks on our utilities and our 911 system and you can begin to appreciate the possibility of a combination of attacks that would certainly be possible with DDoS technologies,” Patterson said. “Our government needs to develop and implement a full scale back-up in the event that any one of these world players are successful in taking down the Internet.” Patterson said so much of the U.S. economy depends on the internet that its critical to have an alternative communication and digital plan in place in case something happens. However, some industry pros expressed doubt that an attacker would be able to carry out such a large scale attack. While the size, duration, and sophistication of DDoS attacks continue to grow, a complete shutdown is unlikely, Tim Matthews, Imperva Incapsula VP of marketing, told SCMagazine.com via emailed comments. “Attacks might present temporary regional slowdowns – and annoy customers – but certainly not cause a global Internet blackout, as Mr. Schneier suggests,” Matthews said. “And with proper DDoS protections in place, most attacks like these would be stopped in their tracks.” Source: http://www.scmagazine.com/infrastructure-ddos-attacks-could-be-part-of-larger-plan-to-shut-down-internet-on-massive-scale/article/522962/

Link:
Researcher believes major DDoS attacks part of military recon to shut down internet

Attackers Launch DDoS Attacks And the Kitchen Sink

First off, full disclosure, I work for Akamai as my day job. I don’t want any illusion on the point as I discuss the latest State of the Internet report that I was fortunate enough to be a part of creating. That being said, it was an interesting quarter. Last quarter shed some light on some interesting developments with regards to Distributed Denial of Service (DDOS) as attackers tried their hand at various different approaches. We hear. time and again, about DDoSdistributed denial of service attacks and theis last most recent quarter gave rise to one of significant volume. This example was a rather significant attack that was a confirmed 363 Gbps of attack traffic against a media organization customer in Europe. Nothing to sneeze at to be certain. Is your organization in a position to sustain operations while weathering an attack of this magnitude? As we have seen more frequently of late, this was a multi vector attack. Tto put a fine point on it, this attack made use of multiple different vectors in the attacker’s futile attempt to take down their intended target. They made their attempt using the following vectors: SYN, UDP fragments, push, tcp, DNS and UDP floods. The only thing they forgot to throw in was the kitchen sink. Over the last few quarters Akamai has noticed an uptick in the number of attacks against sites that have DNSSEC configured domains. DNS open resolvers continue to rise and attackers are taking advantage of this by capitalizing on them to amplify their attack traffic. A great deal of this can be traced back to botnets that have been built out as the commoditization of DDoS continues to spread. Now, in addition to this type of attack, we also see that the criminal element has been leveraging tactics to obfuscate their origin and identity when launching web attacks to obfuscate their origin and identity. These attackers have been demonstrating an increased use of anonymization services to help to cover their digital footprints in the binary sand. Like with any criminal with a lick of ny sense about them, the last thing attackers they want is to get pinched by law enforcement. Subsequently we have seen an increased amount of use of attackers leveraging virtual private networks (VPNs) and proxies when launching web application attacks. When looking for resources on how to accomplish this online, we see all manner of webpage giving step by step instructions onthat steps through what an attacker would need to do. From blocking client side JavaScript to using a browser in Incognito mode and even leveraging Tor to launch attacks. All of these ideas have various levels of merit but, there are shortfalls wherein the attacker can be discovered. There are differences between the traditional VPN services and anonymizing ones. Traffic from between the client and the VPN service is encrypted and the IP address of the client is masqueraded. Pretty standard, but, when you look at an anonymization service they will promise any number of things, the most basic being like not storing any logging information on their customers. This is not always the case as one Lulzsec member discovered in September 2011 when his VPN provider was served with a court order to turn over logs, which they claimed they didn’t keep. Another thing that attackers have to contend with is the throttling of bandwidth over anonymization services. As a result, they leverage third party booted and stressor platforms to launch their attacks. These services would be paid for with Bitcoin in an effort to further obfuscate their identity and avoid detection. Be sure to check out the latest copy of the State of the Internet Report which is out today September 14, 2016. for more in-depth discussion on denial of service attacks and anonymization efforts of the attackers. Source: http://www.csoonline.com/article/3119675/security/attackers-launch-ddos-attacks-and-the-kitchen-sink.html

See original article:
Attackers Launch DDoS Attacks And the Kitchen Sink

“The amount of traffic, or bandwidth, that is able to be generated and used as a weapon is at an all-time high.,” said one expert.

The company measured threats faced by its customers during a roughly one-year time period, seeing a 211 percent year-over-year increase in attacks. More commonly known as DDoS attacks, they are designed to flood servers with artificial internet traffic that causes access interruption to websites or network systems. The firm largely attributed this apparent growth to the establishment of several botnet operations — which serve as a platform to automate and increase attack volume — and malicious actors’ ability to access greater bandwidth to help generate and use such weapons. Dark Web dealers are using these botnets, according to Imperva, to offer more effective cyber tools to would-be customers. “The amount of traffic, or bandwidth, that is able to be generated and used as a weapon is at an all-time high. This is likely the result of more compromised machines with higher bandwidth,” Imperva Vice President Tim Matthews told FedScoop. In short, hackers are able to launch denial of service attacks by manipulating a hosting provider to re-route IP addresses towards a preferred server. Those DDoS attacks recorded by Imperva — recorded between March 2015 and April 2016 — targeted a diverse range of clients. Even so, all of the attacks similarly aimed to disrupt each organization’s digital operations at one of two distinct levels: application or network. To be clear, an application-based DDoS effectively works to discontinue online access to a specific property, like a website or software service, rather than an entire network. Because app-based DDoS attacks are by nature less expansive, they typically leverage less traffic. In the past, DDoS-ing an entire network has presented a challenge for hackers due to the sheer artificial traffic required to pull it off. But Imperva’s new report suggests that botnets are significantly changing this dynamic; making it easier for individual operations to disrupt larger segments of the internet. Another worrisome trend in the DDoS arena, spotted by Imperva, is that when a target gets hit once, it should prepare for another wave. Data shows that 40 percent of affected targets were attacked more than once, while 16 percent were targeted more than five times. In the past, DDoS attacks have been used to distract an organization from a more malicious data breach, leading to the possible exfiltration of valuable data like customer finances and personal records. Here’s what a DDoS looks like via a data visualization by cybersecurity firm Norse : Source: http://fedscoop.com/ddos-attacks-up-211-percent-august-2016

Read the article:
“The amount of traffic, or bandwidth, that is able to be generated and used as a weapon is at an all-time high.,” said one expert.

Why smart companies don’t sweat the SSL stuff in DDoS defense

The average company suffers 15 DDoS attacks per year, with average attacks causing 17 hours of effective downtime, including slowdowns, denied customer access or crashes, according to a recent IDG Connect report based on a survey commissioned by A10 Networks. DDoS attacks have rapidly proliferated in terms of bandwidth (Gbps) and packets per second (pps). In the survey, 59% of organizations polled have experienced an attack over 40 Gbps. Average attack bandwidth are peaking at a staggering 30 to 40 Gbps and 77% of organizations expect multi-vector attacks, which include volumetric and application-layer attacks, to pose the greatest danger in the future. In recent years, multi-vector DDoS attacks have tunneled over encrypted SSL connections to evade cyber defenses. Some attacks have exploited the SSL protocol to cause denial of service by repeating ‘renegotiation’ in the same connection but stop short of creating a secure channel. Others flood SSL traffic over the created secure channel without being distinguished as a malicious connection. The reason is that while most organizations protect their websites and online services with SSL, many existing enterprise security products are either woefully blind to encrypted SSL traffic or debilitated when trying to decrypt and analyze it. From urgent threat to FYI notification Amid growing virtualization, cloud networking and mobility, SSL encryption requirements to protect data and secure commnuications will surge. In other words, organizations must rethink their SSL offload and SSL inspection strategies, especially in defending against DDoS attacks. The IDG Connect report shows that more than half of the organizations surveyed plan to increase DDoS prevention budgets in the next six months. “DDoS attacks are called ‘sudden death’ for good reason,” says Raj Jalan, CTO of A10 Networks. “If left unaddressed, the costs will include lost business, time-to-service restoration and a decline in customer satisfaction. The good news is our findings show that security teams are making DDoS prevention a top priority. With a better threat prevention system, they can turn an urgent business threat into an FYI-level notification.” To stop SSL at the data center perimeter, some organizations have deployed application delivery controllers (ADCs) equipped with crypto engines to help off-load SSL from servers and security appliances. Some ADCs also offer web application firewalls (WAFs) to inspect the traffic and detect attacks. To eliminate SSL blind spots in corporate defenses and enable security devices to regain their effectiveness, application networking and security leader A10 Networks introduced the Thunder SSL Insight (SSLi) standalone security product built on its SSL inspection technology and 64-bit ACOS Harmony platform. The Thunder SSLi appliances decrypt SSL traffic and offer comprehensive inspection of multiple ciphers that deliver up to 48 Gbps of SSL inspection throughput. Their high density 1 GbE, 10 GbE and 40 GbE port options fulfill the highest networking bandwidth demands. Clear and ever present security The appliances are also complemented by intelligence-driven protection policies. The A10 URL Classification Service monitors, blocks, or selectively bypasses specific websites to provide privacy for healthcare and financial Internet activity while the A10 Threat Intelligence Service blocks users from accessing known bad IP addresses. Well-known global manufacturer of consumer gadgets, Casio Computer Company, has seized the opportunity to enhance security by analyzing encrypted communications using A10 Networks’ SSL Insight technology. Having deployed the A10 Thunder ADCs to provide its employees smooth cloud access, Casio seeks the ability to differentiate between personal use and work-related cloud-bound traffic, according to Koji Kawade of Casio Information Systems Co Ltd’s User Support Group. A10 Networks’ ADCs are equipped with SSL acceleration hardware that provides near-parity performance to handle 4096-bit keys at high-quality production levels, providing highly scalable flow distribution and DDoS protection capabilities.. The A10 Thunder TPS Series, for example, leverages SSL security processors to detect and mitigate SSL-based attacks, such as the POODLE vulnerability, and offers a mitigation throughput capacity ranging from 10 Gbps to 1.2 Tbps (in a list synchronization cluster) to deal with the largest multi-vector DDoS attacks effectively. Clearly, A10 ADCs will continue ramping up L4 and L7 connections per second and SSL performance benchmarks to meet increasing performance and security needs against greater multi-vector DDoS attacks. Source: http://www.networksasia.net/article/why-smart-companies-dont-sweat-ssl-stuff-ddos-defense.1471880795

Continued here:
Why smart companies don’t sweat the SSL stuff in DDoS defense

Teen hacker walks free after carrying out DDoS attacks on bank and e-crime portal

Australian teenager who DDoSed E-crime website, Commonwealth Bank and his own school, walks free This teen did something and got away with it! Seldom do you see anyone walking away free after creating online mayhem through DDoS attacks but this teen did just that. A 15-year-old teenage hacker was sentenced to a “family conference” by a judge at the Christies Beach Youth Court in Adelaide, Australia after he targeted Australian Cybercrime Online Reporting Network (ACORN) Portal, Commonwealth Bank of Australia, and his own school servers in February 2016. In Australian law, a family conference is when the court leaves the punishment to the family and a supervising youth police officer, who must agree with the punishment in order to consider the matter closed. Family conferences may require the teen to apologize publicly, pay compensation to the victims, perform a number of hours of community service, or more. The youth, who cannot be identified under state law, pleaded guilty to four counts of unauthorised damage of computer systems related to Distributed Denial of Service (DDoS) attacks. However, the very next day, he walked free as the court ordered mediation between his family and victims rather than facing jail time. The teenager was fortunate for not having to face prison time up to 3 years in youth detention under cyber terrorism laws in Australia, as he is not an adult. “The penalty for orchestrating a DDoS attack is a maximum of 10 years imprisonment. This is found in the Cybercrime Act 2001, section 477.3 ‘unauthorised impairment of electronic communication.’” The teenager started his DDoS spree on February 26 when he first attacked CBA that left the bank and some overseas customers unable to access services for more than three hours. The attack “had the potential to cause serious disruption to our services”, says the bank, even though customer money and information was not put at risk. Later in March, he used his mobile phone in March to disrupt his high school’s information technology systems for “fun” and because he was “bored” in computing studies. Later, the teenager shifted the attacks from the school’s system to its Internet provider. On April 4, 2016, he launched another attack on the ACORN website, which is used by every Australian police force and multiple federal crime fighting agencies, was shut down for up to six minutes but abandoned later. He was arrested at his southern Adelaide home after both state and federal authorities tracked his unique internet protocol (IP) address. His school principal reported his crimes through ACORN. Magistrate Cathy Deland, herself a CBA customer, confessed that she was “making a big step” ordering a “family conference” — a move supported by police — but said the law need to concentrate on rehabilitation, reports Adelaide Now. She believed that he was unlikely to reoffend and had not demanded any “ransom”. Ms Deland said his crimes stopped classmates from learning while his attack on the CBA was “just massive”. She told him: “I don’t know that anyone would be able to put a price on repairing the disruption that you caused. I have no doubt it would have been millions of dollars. “I have no doubt that you would not have thought much about the consequences. I am in the difficult situation having to weigh up your incredible stupidity against … your rehabilitation.” The boy and his family refused to comment outside court. Source: http://www.techworm.net/2016/08/teen-hacker-walks-free-carrying-ddos-attacks-bank-e-crime-portal.html

Follow this link:
Teen hacker walks free after carrying out DDoS attacks on bank and e-crime portal

If two countries waged cyber war on each another, here’s what to expect

Imagine you woke up to discover a massive cyber attack on your country. All government data has been destroyed, taking out healthcare records, birth certificates, social care records and so much more. The transport system isn’t working, traffic lights are blank, immigration is in chaos and all tax records have disappeared. The internet has been reduced to an error message and daily life as you know it has halted. This might sound fanciful but don’t be so sure. When countries declare war on one another in future, this sort of disaster might be the opportunity the enemy is looking for. The internet has brought us many great things but it has made us more vulnerable. Protecting against such futuristic violence is one of the key challenges of the 21st century. Strategists know that the most fragile part of internet infrastructure is the energy supply. The starting point in serious cyber warfare may well be to trip the power stations which power the data centres involved with the core routing elements of the network. Back-up generators and uninterruptible power supplies might offer protection, but they don’t always work and can potentially be hacked. In any case, backup power is usually designed to shut off after a few hours. That is enough time to correct a normal fault, but cyber attacks might require backup for days or even weeks. William Cohen, the former US secretary of defence, recently predicted such a major outage would cause large-scale economic damage and civil unrest throughout a country. In a war situation, this could be enough to bring about defeat. Janet Napolitano, a former secretary at the US Department of Homeland Security, believes the American system is not well enough protected to avoid this. Denial of service An attack on the national grid could involve what is called a distributed denial of service (DDoS) attack. These use multiple computers to flood a system with information from many sources at the same time. This could make it easier for hackers to neutralise the backup power and tripping the system. DDoS attacks are also a major threat in their own right. They could overload the main network gateways of a country and cause major outages. Such attacks are commonplace against the private sector, particularly finance companies. Akamai Technologies, which controls 30% of internet traffic, recently said these are the most worrying kind of attack and becoming ever more sophisticated. Akamai recently monitored a sustained attack against a media outlet of 363 gigabits per second (Gbps) – a scale which few companies, let alone a nation, could cope with for long. Networks specialist Verisign reports a shocking 111% increase in DDoS attacks per year, almost half of them over 10 Gbps in scale – much more powerful than previously. The top sourcesare Vietnam, Brazil and Columbia. Number of attacks Verisign Scale of attacks Verisign Most DDoS attacks swamp an internal network with traffic via the DNS and NTP servers that provide most core services within the network. Without DNS the internet wouldn’t work, but it is weak from a security point of view. Specialists have been trying to come up with a solution, but building security into these servers to recognise DDoS attacks appears to mean re-engineering the entire internet. How to react If a country’s grid were taken down by an attack for any length of time, the ensuing chaos would potentially be enough to win a war outright. If instead its online infrastructure were substantially compromised by a DDoS attack, the response would probably go like this: Phase one: Takeover of network : the country’s security operations centre would need to take control of internet traffic to stop its citizens from crashing the internal infrastructure. We possibly saw this in the failed Turkish coup a few weeks ago, where YouTube and social media went completely offline inside the country. Phase two: Analysis of attack : security analysts would be trying to figure out how to cope with the attack without affecting the internal operation of the network. Phase three: Observation and large-scale control : the authorities would be faced with countless alerts about system crashes and problems. The challenge would be to ensure only key alerts reached the analysts trying to overcome the problems before the infrastructure collapsed. A key focus would be ensuring military, transport, energy, health and law enforcement systems were given the highest priority, along with financial systems. Phase four. Observation and fine control : by this stage there would be some stability and the attention could turn to lesser but important alerts regarding things like financial and commercial interests. Phase five. Coping and restoring : this would be about restoring normality and trying to recover damaged systems. The challenge would be to reach this phase as quickly as possible with the least sustained damage. State of play If even the security-heavy US is concerned about its grid, the same is likely to be true of most countries. I suspect many countries are not well drilled to cope with sustained DDoS, especially given the fundamental weaknesses in DNS servers. Small countries are particularly at risk because they often depend on infrastructure that reaches a central point in a larger country nearby. The UK, it should be said, is probably better placed than some countries to survive cyber warfare. It enjoys an independent grid and GCHQ and the National Crime Agency have helped to encourage some of the best private sector security operations centres in the world. Many countries could probably learn a great deal from it. Estonia, whose infrastructure was disabled for several days in 2007 following a cyber attack, is now looking at moving copies of government data to the UK for protection. Given the current level of international tension and the potential damage from a major cyber attack, this is an area that all countries need to take very seriously. Better to do it now rather than waiting until one country pays the price. For better and worse, the world has never been so connected. Source: http://theconversation.com/if-two-countries-waged-cyber-war-on-each-another-heres-what-to-expect-63544

Visit site:
If two countries waged cyber war on each another, here’s what to expect