Tag Archives: latest-news

UK webhost 123-Reg in DDOS attack

Businesses using 123-Reg’s web hosting service were knocked offline on Wednesday evening following a reported distributed denial of service (DDoS) attack. 123-Reg is the UK’s largest domain provider hosting over 1.4 million websites. The company said it was hit by a DDoS style attack that caused disruption to some customers on its shared hosting packages. DDoS attacks typically use a botnet of computers in a co-ordinated attack, driving web traffic to a particular website. The attack appeared to cause patchy service for websites hosted by the company for several hours with many customers taking to Twitter to vent their frustration. UK games and mobile apps start-up Greedy Goblin Games (@GreedyGoblins) tweeted 123-Reg: “It appears your shared hosting servers are down. Can access FTP but not websites”. While IT consultant @thepaulturvey tweeted: “Is there a problem with 123-Reg shared hosting? Multiple sites not responding”. 123-Reg support staff told one UK website owner: “There has been a DDOS type of attack targeting a website from our shared hosting platform which unfortunately affected some of our customers. Our system administrators have contained the attack and the connectivity issues should shortly be resolved”. Update: I’ve received the following statement from 123-Reg confirming the attack. 123-Reg did experience a DDoS attack targeted against one particular customer domain. It was a sustained attack which we monitored closely over the course of several hours. The attack itself was from 823 different IP addresses globally. This resulted in denigrated service to our hosting platform, meaning some customer sites were running slower, but no sites were taken offline as a result of this attack. Customer impact measured in terms of support queries was minimal — and likewise our social platforms saw a handful of comments — which are being addressed on a one to one basis via our support teams. Source: http://betanews.com/2014/04/23/uk-webhost-123-reg-in-ddos-attack/

Read this article:
UK webhost 123-Reg in DDOS attack

DOSarrest Releases Latest Generation DDoS Mitigation System Software

VANCOUVER, BRITISH COLUMBIA–(Marketwired – Apr 23, 2014) – DOSarrest has just released its latest generation of proprietary backend software that incorporates an all-new customer-facing portal. This new release will enable DOSarrest to implement changes to customer configurations in seconds, enabling them to apply custom made DDoS mitigation modules extremely quickly. It is also equipped with an Intrusion Detection System (IDS), allowing the security team to pinpoint sophisticated layer 7 attacks as well as provide cloud based Web Application Firewall (WAF) services for its customers. Mark Teolis, GM at DOSarrest said: “This upgrade is by far our largest project to date, it has taken us over 2 years of development and testing to get here. This latest generation of software is extremely powerful, and can stop the next generation of sophisticated layer 7 attacks.” DOSarrest is now able to offer additional services, including: Cloud Based Web Application Firewall (WAF) Cloud based layer 7 load balancing, Local, Global with health checks Enhanced reporting on traffic types, status codes, cache performance, etc Create virtual servers, to have us pick-up, cache and deliver content from multiple customer servers IDS engine to detect and help stop any malicious traffic “We recognised our customers’ requirements to have comprehensive security related services, rather than disparate point solutions; this new system has all the features that we need to accommodate them. The best part about this new generation of software is its flexibility at the core. What used to take days and weeks to develop and implement, can now be measured in minutes and hours,” added Jag Bains, CTO at DOSarrest. Bains went on to say: “The best part of this new release is that it enables us to quickly react and stop sophisticated attacks that have not even been created yet!” Source: http://www.reuters.com/article/2014/04/23/idUSnMKWNkbj9a+1e0+MKW20140423

See the original article here:
DOSarrest Releases Latest Generation DDoS Mitigation System Software

Blockchain.info Services Down Due to DDoS Attacks

A number of users have taken to social media to report issues with their Blockchain.info wallets on Monday. The reason, according to Blockchain, relates to what has been described as “higher than usual traffic volumes due to DDoS [distributed denial of service] attacks” on the company’s servers. Upon this writing, the website presents the following message: Blockchain.info is currently down for maintenance. For status updates please see Twitter. Apologies for any inconvenience. The company took the opportunity to remind users that their wallets were safe, but made the suggestion that all users make backups upon full service restoration. Distributed denial of service attacks target one or more machines by bombarding them with information requests, slowing down services for legitimate users. DDoS attacks are almost commonplace against larger websites, often becoming a frequent occurrence. Blockchain.info serves as the internet’s most popular bitcoin-related website. Growing tremendously fast, the service recently announced the creation of their 1.5 millionth wallet. Last week, it was announced that the company, led by Nic Cary, had signed a five-year deal to hold rights to the bitcoin.com domain name. Source: http://newsbtc.com/2014/04/21/blockchain-info-services-due-ddos-attacks/

Continue Reading:
Blockchain.info Services Down Due to DDoS Attacks

Easy-to-Use NTP Amplification Emerges as Common DDoS Attack Vector

Reflection attacks using the Network Time Protocol surge in the first quarter, as attackers shift to bandwidth-clogging floods of data. In the past year, attackers have changed focus from attacking applications to overwhelming network bandwidth using brute-force reflection attacks, according to a report published April 17 by content-delivery provider Akamai. The two most popular types of reflection attacks, which bounce network traffic off intermediate servers on the Internet, have shot up in popularity, accounting for 23 percent of all infrastructure attacks in the 2014 first quarter, Akamai stated in its Prolexic Quarterly Global DDoS Attack Report. The attacks were largely unheard of in 2013, the report stated. Much of the increase is due to easy-to-use tools, including techniques for using a vulnerability in the Network Time Protocol, or NTP, not only to reflect attacks but amplify them, Matt Mosher, director security strategy for Akamai, told eWEEK. “Reflection and amplification are easier for the attackers to do,” he said. “They don’t have to build a bot army or infect a bunch of machines.” The number of distributed denial-of-service (DDoS) attacks and the average bandwidth of an attack have both climbed, increasing by 47 percent and 39 percent, respectively, according to Akamai’s report. The jump occurred even as DDoS attacks that attempt to tie up applications with bogus requests declined 21 percent. Application layer attacks have declined since the third quarter of 2013, the report stated. “There have always been two dimensions to DDoS: the large volumetric attacks including amplification, and then there’s another set of DDoS that tries to create complexity and targets applications,” Mosher said. Attackers also focused on media and entertainment companies, which were the targets of nearly 50 percent of attacks. Software and technology companies were the second most popular target, at 17 percent, while security firms faced 12 percent of all DDoS attacks, according to Akamai. The largest attack seen by Akamai targeted a European entertainment firm, and exceeded 200G bps at its peak, the firm said. The attack lasted more than 10 hours, and amplified the attack volume through vulnerable servers using a combination of NTP and the Domain Name System (DNS) reflection. The attack also employed a tactic known as a POST flood attack, according to Akamai. Reflection attacks do not just use basic Internet protocols, but can use Web application features to inundate a target. An interesting attack in the first quarter of 2014 involved using the pingback function of WordPress sites to send data at the targeted network. “The effectiveness of this attack lies in the leveraging of victim WordPress Websites that have pingback functionality enabled,” the report stated. “This attack vector typically succeeds by exhausting the number of connections to the target site, rather than by overwhelming the target with bandwidth floods.” Computers in the United States, China, Thailand, Turkey and Germany accounted for almost three-quarters of all attacks, according to the report. Indonesia and South Korea were also in the top 10. “There was a noticeable presence of Asian countries in the top 10 source countries,” Akamai’s report noted. “Growing economies and an expanding IT infrastructure, plus large online populations, fuel DDoS attack campaigns.” Source: http://www.eweek.com/security/easy-to-use-ntp-amplification-emerges-as-common-ddos-attack-vector.html/

More:
Easy-to-Use NTP Amplification Emerges as Common DDoS Attack Vector

Lookout, DDoS Attackers Are Changing Their Techniques

In the past couple of years we’ve seen a drastic increase in the number of DDoS (distributed denial-of-service) attacks taking place, many of which are being carried out as a means of protest by various groups. The attacks are attempts to make a machine or network resource such as a website totally unavailable to anyone trying to reach it. The reasons for the attacks vary, as do the means used to carry them out. A typical attack generally consists of efforts by two or more persons, and in many cases, botnets, to temporarily or indefinitely interrupt or suspend services of a specific host connected to the Internet. Such attacks usually lead to a server overload and are implemented by either forcing the targeted computer(s) to reset, or consuming enough of its resources so that it can no longer provide its intended service, or by obstructing the communication media between the intended users and the targeted victim so that they can no longer communicate. Based on a new report, now it appears that the attackers are changing their techniques in order to launch much larger scale attacks on websites. In a Global DDoS Attack Report from the 1st quarter of 2014 released Thursday, Prolexic Technology describes seeing a new trend toward “reflection and amplification techniques” which are being used more frequently in lieu of the botnet methods. The report states, “Instead of using a network of zombie computers, the newer DDoS toolkits abuse Internet protocols that are available on open or vulnerable servers and devices. We believe this approach can lead to the Internet becoming a ready-to-use botnet for malicious actors.” Prolexic mentions that these new attack tools can deliver a much more powerful punch. In this Q1 2014 report they saw a 39 percent increase in average bandwidth and also saw the largest-ever DDoS attack, one that involved multiple reflection techniques combined with a traditional botnet-based application attack. That attack generated peak traffic of more than 200 Gbps (gigabits per second) and 53.5 Mpps (million packets per second). The report also states, “Compared to the same quarter one year ago, peak attack bandwidth increased 133% compared to Q1 last year.” The full report showed that the media and entertainment industry were the targets in more than half of the attacks in the first quarter. Prolexic Technology is owned by Akamai. Unfortunately, the new techniques are becoming all too popular with some websites now providing easy access to the services for use in launching these types of attacks. Source: http://www.slyck.com/story2396_Lookout_DDoS_Attackers_Are_Changing_Their_Techniques

Link:
Lookout, DDoS Attackers Are Changing Their Techniques

Bahrain Telecom Teams Up With DOSarrest to Offer DDoS Protection Services

VANCOUVER, BRITISH COLUMBIA–(Marketwired – April 16, 2014) – Bahrain Telecom realized the threat of DDoS attacks on their customer base and set out to explore the various options available for their business customers’ enterprise websites. After evaluating the options available, BATELCO chose the fully managed DDoS Protection service offered by DOSarrest Internet Security. The service will be offered by BATELCO to its business customers as part of its cloud portfolio. Batelco Enterprise General Manager Adel Daylami said that DOSarrest came as an answer to the increased threats in cyber space, as cyber-attacks have become a major security concern for organizations of all sizes. “The DDoS Mitigation solution is designed to protect customers’ networks against any malicious attempts by containing the harm of such attacks, thus ensuring the operational status of the organisation. The introduction of this service is in line with our repeated commitments to providing our valued customers with the most advanced products and services that meet their dynamic demands,” added Mr. Daylami. “We are honored to be providing DDoS protection services for Batelco’s business customers. We have been providing DDoS protection for a number of Bahrain-based enterprises, for over 4 years now, this announcement just cements the business association,” states Mark Teolis, General Manager of DOSarrest. About Batelco: Batelco Group is headquartered in the Kingdom of Bahrain and listed on the Bahrain Bourse. Batelco has played a pivotal role in the country’s development as a major communications hub and today is the leading integrated communications’ provider, continuing to lead and shape the local consumer market and the enterprise ICT market. Batelco has been growing overseas via investing in other market-leading fixed and wireless operators. Batelco Group has evolved from being a regional Middle Eastern operation to become a major communications company with direct and indirect investments across 14 geographies, namely Bahrain, Jordan, Kuwait, Saudi Arabia, Yemen, Egypt, Guernsey, Jersey, Isle of Man, Maldives, Diego Garcia, St. Helena, Ascension Islands and Falklands. (www.batelcogroup.com) About DOSarrest Internet Security: DOSarrest, founded in 2007 in Vancouver, BC, Canada, is one of only a couple of companies worldwide to specialize in only cloud based DDoS protection services. Their global client base includes mission critical ecommerce websites in a wide range of business segments including financial, health, media, education and government. Their innovative systems, software and exceptional service have been leading edge for over 7 years now. Source: http://www.marketwired.com/press-release/bahrain-telecom-teams-up-with-dosarrest-to-offer-ddos-protection-services-1900083.htm

See the original article here:
Bahrain Telecom Teams Up With DOSarrest to Offer DDoS Protection Services

Bot masters in cut-throat DDoS fight

DDoS reaches 300,000 connections a minute. Botnet operators in the criminal underground are launching large denial of service attacks against each other in a bid to knock out rivals in the race to compromise computers. Security researchers have discovered command and control servers owned by operators of Zeus botnets were blasted by those running a rival Cutwail botnet in a distributed denial of service attack reaching 300,000 connections a minute. The infamous Zeus malware was a trojan often used to steal banking information and install cyrptolocking software. The Zeus family was considered to be the largest botnet operating on the internet. Cutwail is also an established botnet which is typically involved in sending spam via the Pushdo trojan, at its peak pushing out millions of emails a day. University researchers said in a paper that Cutwail, known to spammers as ’0bulk Psyche Evolution’, was rented to spam affiliates who pay fees to the botmasters totalling hundreds of thousands of dollars, in order to launch spam campaigns (pdf). RSA researchers found a hit list of new dynamically generated domain names within a Cutwail botnet which served as infrastructure targets of the operator’s rivals. A senior threat researcher that runs under the handle ‘Fielder’ wrote he was surprised to find evidence of the continual fighting. “This is an incredibly interesting finding as it suggests some fierce competition within the criminal underground,” Fielder said. “This was quite literally a live action view of botmasters attacking one another.” The research team examined the attacked IP addresses and found that each was related to Zeus and Zbot (Zeus) command and control hosts. The attacker’s IP addresses were tracked since August and linked to Zeus and kryptik trojans and variants, as well as Bitcoin mining activity. These addresses were also embroiled in a “long history” of malware campaigns including those foisting the formerly infamous BlackHole exploit kit, spam campaigns and an effort to serve malware over IRC and BitTorrent. Source: http://www.itnews.com.au/News/382411,bot-masters-in-cut-throat-ddos-fight.aspx?utm_source=feed&utm_medium=rss&utm_campaign=editors_picks

More:
Bot masters in cut-throat DDoS fight

BTC-e Reports DDoS Attack Against Their Server

Having issues with BTC-e today? You’re not the only one. A number of users in the bitcoin community have reported issues with the exchange, raising fears about the service and whether or not it was operating as-should or not. The root of those issues are a distributed denial of service attack (DDoS), confirms the exchange on their official Twitter account. This isn’t the first time this has taken place (nor the last time, we reckon), and it certainly does highlight the community’s sensitivity when it comes to service disruptions. You can’t blame them, either. After the Mt. Gox debacle, it’s become difficult to trust some of these large-scale operations, particularly an exchange that has established itself as mostly secretive. That secrecy has allowed BTC-e to not require verification checks, making it a go-to spot for individuals looking to stay under the radar. As of this writing, it appears services are back to normal. Source: http://newsbtc.com/2014/04/13/btc-e-reports-ddos-attack-server/

Continue Reading:
BTC-e Reports DDoS Attack Against Their Server

DDoS attacks: Bigger, Badder and Nastier than last year

DDoS bots are evolving, developing immunity to cookie and JavaScript challenges along the way. A raft of next-generation DDoS attacks have marked the first months of 2014, says a new report from Incapsula, which notes that large-scale SYN floods attacks now account for a hefty 51.5 percent of all large-scale attacks. The research – which covers the whole of 2013 and the first two months of 2014 – says that 81 percent of DDoS attacks seen in 2014 are now multi-vectored, with almost one in every three attacks now above 20 Gbps in data volume terms. The analysis – entitled the `2013-2014 DDoS Threat Landscape Report’ – says that application (Layer 7) DDoS attacks are becoming a major headache for IT professionals as this year progresses, with DDoS bot traffic up by 240 percent in the three months to the end of February this year. Interestingly, Incapsula says that 29 per cent of botnets have been seen attacking more than 50 targets a month. The analysis – which is based on 237 network DDoS attacks that exceeded 5 Gbps and targeting Web sites on Incapsula’s network – concludes that DDoS bots are evolving, developing immunity to cookie and JavaScript challenges along the way. In fact, says Incapsula, during the final quarter of 2013, the firm’s research team reported the first encounter with browser-based DDoS bots that were able to bypass both JavaScript and Cookie challenges – the two most common methods of bot filtering. The problem, concludes the report, is that the DDoS attack perpetrators are now looking to raise the stakes even higher by introducing new capabilities, many of which are specifically designed to abuse the weaknesses of traditional anti-DDoS solutions. As a result, in 2014, the research predicts, many IT organisations will need to re-think their security strategies to respond to latest Layer 3-4 and Layer 7 DDoS threats. According to Barry Shteiman, Director of Security Strategy with Imperva, the report exposes advancements in both network and application layers. The most interesting take-out from the report, he says, is that the application DDoS attacks are now originating in botnets. “Last year we wrote extensively about the trend on CMS hacking for industrialised cybercrime where attackers use botnets in order to turn onboard infected machines into botnets and then use those as platforms for network and application attacks,” he said. “For DDoS attacks, it just makes sense. When a hacker has the power of masses with a large botnet, there are great opportunities to disrupt service. When servers are being infected rather than user’s computers, it’s even worse, just because of the bandwidth and computing power that becomes available to the hacker,” he added. Ashley Stephenson, CEO of Corero Network Security, said that it is essential that the governments take a more active role in encouraging private sector organisations to address the issue of DDoS attacks – and to put in place the appropriate plans to deal with these unavoidable security risks to their business and the nation’s financial infrastructure. “As consumers saw in late 2012 and early 2013, in both the US and UK, banks and financial institutions were successfully targeted by attacks which compromised their online services,” he told SCMagazineUK.com . The Corero CEO went on to say that his company believes that mandated controls – like those recently proposed by the Federal Financial Institutions Examination Council (FFIEC) – will drive organisations to take pro-active steps to regaining control of their online presence. “These mandates, at a minimum, offer guidance for financial institutions for appropriate DDoS activity monitoring and adequate incident response planning, this will ultimately lead to the deployment of more effective DDoS defence solutions,” he explained. Source: http://www.scmagazineuk.com/ddos-attacks-bigger-badder-and-nastier-than-last-year/article/342078/

DDoS attacks target online gaming

Distributed denial of service (DDoS) attacks are not limited to enterprises; we have recently seen a string of DDoS attacks hitting the gaming industry, says senior engineer at F5 Networks, Martin Walshaw. “The attacks have become more frequent, particularly in the professional gaming scene where large sums of money are available,” explains Walshaw, adding that this presents a fresh concern for competitive gamers, as Internet protocol addresses of individual players, as well as servers, being increasingly targeted. DDoS attacks are designed to make a service unavailable to its intended users, according to Walshaw, they typically target banking sites and credit card payment gateways, but lately there has been a marked increase in attacks targeting gaming sites. “InfoSecurity Magazine reports that in February the number of network time protocol (NTP) amplification attacks increased 371.43%. The average peak DDoS attack volume increased a staggering 807.48%, prompting Prolexic Technologies to issue a high alert threat advisory on NTP amplification DDoS attacks – but it was too late for Wurm and League of Legends.” Walshaw cites a recent article on BBC News, which revealed that Wurm is among the latest games to have been hit, with an attack knocking the multiplayer servers offline for two days between 18 and 20 February. For the developer, this is a major inconvenience, he says, as the main selling point of the game is its multiplayer content – the more prolonged the attack, the more damage it does to the brand. “For most gamers, these attacks are frustrating and inconvenient. Wurm’s creators were forced to migrate to new servers and offered a bounty of €10 000 for information that would lead to the perpetrator/s. Also in February, the League of Legends site suffered two DDoS attacks in 24 hours, described as the “biggest [attack] of its kind” against the game since its inception.” However, notes Walshaw, in electronic sports competitions, which offer professional gamers considerable sums of money in tournaments, DDoS attacks are more than just an inconvenience; they can have a significant impact on the results of a game. Last year, several rounds of a popular DOTA 2 tournament had to be postponed after persistent DDoS attacks in qualifying rounds. In competitions where reactions delayed by a fraction of a second can result in failure and lost funds, a slow connection can be a serious issue. “DDoS attacks are increasingly prevalent and show no signs of losing popularity with cyber criminals. Experts expect these enormous volumetric attacks will gain popularity due to the fact that they leverage existing DNS servers on the Internet – there is no need to recruit one’s own botnet, or even rent one,” he states. “Large cyber-attacks are capable of knocking out business-critical applications that generate revenue and facilitate communications, which can have severe business impacts. Organisations that depend on their online presence for survival absolutely need to invest in security solutions that protect themselves, staff, customers and end-users against these attack vectors.” According to John Grady, research manager for security products at IDC, DDoS attack methods have become much stealthier and are increasing in frequency, volume and application specificity. To ensure protection against these threats, he urges organisations to consider a defence-in-depth posture for DDoS defence. Grady adds that one important component is the on-premises appliance, key in detecting and mitigating advanced application, SSL and volumetric attacks. “Whether these kinds of DDoS attacks are the work of mischief makers, sore losers or even attempts to sabotage rivals, is unclear. What is clear is that defending against DDoS attacks is not just the province of private and public sector businesses,” observes Walshaw. He concludes that these attacks have become more prevalent and have amplified over the last year; we can expect to see a lot more of them, with even greater power, across different sectors, throughout this year. Source: http://www.itweb.co.za/index.php?option=com_content&view=article&id=111708:DDoS-attacks-target-online-gaming&catid=218

Continue Reading:
DDoS attacks target online gaming