Tag Archives: marketing

Staying Informed About DDoS Threats

Distributed-denial-of-service attacks have plagued U.S. banks since last September. But DDoS attacks pose a persistent, genuine threat to other sectors as well. Any organization with an online presence is at risk. Successful DDoS attacks can take a website offline, damaging brand image and chipping away at consumer trust. But they also can do much more. In some cases, these attacks can be used to mask fraud by distracting security and IT departments while banking accounts or confidential files are simultaneously being taken over. To provide insights on the latest DDoS threats – and effective mitigation strategies – Information Security Media Group has launched a DDoS Resource Center . The resource center, sponsored by online security firms Akamai, Fortinet, Neustar, Radware and VeriSign, includes timely interviews, in-depth features, news stories and blogs that offer insights about emerging botnets and attack techniques from those who are analyzing and battling DDoS on the frontlines. The resource center also offers expert insights on practical steps for minimizing the impact of DDoS attacks. By visiting the resource center, you’ll get the latest information on the different types of DDoS attacks, such as DNS reflection and application layer attacks, as well as the attacks’ possible links to fraud . You’ll learn about DDoS protections and mitigation services , notification and response strategies, and DDoS detection measures. Here’s a sampling of the variety of content our resource center offers: An interview with ex-FBI investigator Shawn Henry , who shares insights about cross-border and cross-industry collaboration that’s taking place behind the scenes to strengthen DDoS and cybersecurity knowledge. An analysis of a new type of DDoS strike that targeted two U.S. banks for what some say could have been a test for more attacks to come. A blog about how the botnet, known as Brobot, that’s been used in DDoS attacks against U.S. banks is being retooled to defeat common mitigation practices. And an interview with former federal banking examiner Amy McHugh about why community banks are prime targets for DDoS strikes being waged as modes of distraction to veil account takeover attempts. The DDoS Resource Center also provides research, white papers and webinars, including a session on new defense strategies for DDoS , which includes insights from Rodney Joffee of DDoS-mitigation provider Neustar and Mike Wyffels, senior vice president and chief technology officer of multibank holding company QCR Holdings Inc. Source: http://www.bankinfosecurity.com/blogs/staying-informed-about-ddos-threats-p-1506

See the original article here:
Staying Informed About DDoS Threats

Tips To Prepare For A DDoS Attack

IT security experts report that distributed denial of service (DDoS) attacks are a growing concern for 2013: this trend is proved by the countless attacks during 2012 and shown from the findings on the latest CSI Computer Crime & Security Survey, which attracts widespread media attention and is one of many online sources that provides valuable information and guidance to information security professionals. How can a business or individual decrease the likelihood of these type of threats? Fortunately, there are methods that can be used in advance to mitigate risk and infections from the amplification of such attacks. Safety First First of all, it is paramount to identify if the network is safe and protected from unauthorized access, malicious content, real-time threats and cyber intrusions. If not, network system managers should consider using traditional security products like a firewall, Intrusion Prevention and Detection Systems (IPDS) and Web application firewall devices to establish a first line of security defense. It is crucial to be responsive and implement the necessary security hardware and software tools ahead of time to defend the perimeter of the network from intrusion and before being the hacker’s target. Business and individuals alike should plan early on and not wait until they are at mercy of the attack to use proper security controls. Malicious attacks, which can be carried out from several compromised systems and from another location (IP address), can enable a rogue attacker to install a series of zombie Trojans to attack or infect (with malware) hosted computers. Whatever reason and motive the intruder has, s/he is able to take over an entire network and initiate a flood or packet attack, all while denying legitimate connections and paralyzing victims’ systems or servers (e.g., Web servers, DNS servers, application servers). The aim is to use up the network bandwidth and bring its operations or services down. Knowing how dangerous such an attack can be, it comes of utmost importance to be familiar with the different kind of DDoS attacks that could affect the network to understand what type of countermeasures should be put to use. Despite the scale and frequency of these attacks, there are ways to be prepared and avoid being vulnerable to this threat that can be so disruptive. Next is a list of tips to prepare and plan, before an attack strikes, which if made a victim of could have devastating effects on one’s business, such as costly downtime and/or lost revenue. Here are six ways to prevent a DDoS attack • Utilize packet filters on the router(s) • Setup a firewall with advanced security • Properly configure webserver with security modules • Implement logging with ACLs and have them in place to filter traffic • Exploit NetFlow for traffic monitoring and tracking down specific attacks • Rely on a third-party cloud DDoS mitigation provider for proprietary filtering technology. This is a great alternative for those that do not want to handle the security themselves and obtain a quick solution that provides on-demand, real-time protection to monitor 24/7 a business or individuals’ on-premises network infrastructure. If you’re looking for reputable provider, I would suggest getting DDoS protection from DOSarrest . Other than the tips listed, it is suggested to always have more bandwidth available, maintain anti-virus software, and deploy IPDS devices or firewalls in front of the servers just in case of a DDoS attack. It is better to spend some time (and money) preparing in advance for this network threat than dealing with a last minute crisis and trying to figure out what needs to be done. Source: http://www.examiner.com/article/tips-to-prepare-for-a-ddos-attack

See the original post:
Tips To Prepare For A DDoS Attack

Financial Security: Learning From DDoS Attacks

Exactly how big are distributed denial of service (DDoS) attacks in mid-2013? “Just big enough” is what most attackers would say. The Cyber Fighters of Izz ad-din Al Qassam, a group claiming to protest an anti-Moslem video and considered by many experts to be the perpetrators of the attacks, have shown a knack for ratcheting up the volume as banks invest in greater DDoS mitigation bandwidth. The al Qassam template hasn’t gone unnoticed. In the cyber underground, criminal gangs have chatted about the group’s favorite weapon, the “itsoknoproblembro” DDoS toolkit, which hits various parts of a web site at the same time and floods servers with traffic up to 70Gbps. The al Qassam botnet — dubbed the “brobot” — is striking too. Instead of marshaling tens of thousands of infected home computers, it uses hosting providers’ or business’ commercial content servers, which offer fatter pipes and bandwidth galore. The same tactics are available to those whose motive is greed, with the Internet itself serving as their weapons storehouse. Since they never pay for those high-capacity servers and all that power, what’s to stop attackers from using as much as they want? Though an attack of less than 2Gbps can take down many sites, attackers want to be sure your site is down throughout the world. In fact, they use free web monitoring services to make sure that folks in Chicago and Paris can’t reach you. If the attack isn’t working globally, the attackers up the ante. Just figuratively, though–humongous attacks cost no more than surgical strikes. If this is bad news for top-tier banks, it’s potentially disastrous for smaller institutions lacking the budget and expertise to handle attacks themselves. Fortunately, a little planning and preparation can make a big difference. “Does This Hardware Make Me Look Fat?” It Pays To Be Less Attractive To Attackers. Short of making arrests, the good guys can’t stop the bad guys from launching DDoS attacks. So increasingly, larger banks have taken steps to become less-appealing targets — less likely to go offline for long periods of time and more likely to retain customers thanks to helpful communications. Best practice number one: Distribute your Internet infrastructure. Separate your DNS, e-commerce, payment gateways and VPNs. If everything’s on the same infrastructure and you’re socked with a DDoS attack, the damage is more widespread and the attackers win. Say your DNS is hit. Not good, but if your VPN, for instance, is on a different circuit (either real or virtual), your staff has backdoor access to email and other functions. Because you’ve segregated your private- and public-facing systems, business doesn’t grind to a complete halt. To accomplish this, find a trusted third party to manage infrastructure like DNS. Or at least have a Plan B, enabling you to park your DNS, VPN or web service somewhere else until the attack ends. By lining up a willing provider well in advance, you’ll spare yourself some agony when the dirt hits the fan. It’s also smart to assume that someday you’re going to be hit. To paraphrase Trotsky, you may not be interested in DDoS, but DDoS is interested in you. With over 7,000 attacks daily, it’s only a matter of time, so more banks and credit unions are crafting emergency plans. Like natural disaster planning or certain business recovery efforts, these preparations go far beyond technical responses. It starts with being ready to do business, gasp, offline. If your credit union site is down, you may decide to extend your regular business hours, which in turn might require extra tellers and call center operators, or even coffee and cookies for customers in long lines. You’ll also need to let people know about any such contingencies. Be ready to communicate with customers quickly and reassuringly. Email may not be an option, so consider radio announcements or other media outlets, including a company web page separate from the one that’s under attack. Also think about a toll-free number your customers can call. How much detail should you reveal about the impact of an attack? That’s up to you, of course. Some financial institutions have chosen to say as little as possible, for fear of feeding attackers valuable information. Others have been more transparent, betting they’ll reap the reward in customer gratitude and fewer account defections. Whatever procedures you develop, be sure to practice them. You’ll never be ready for everything, but executing the basics well can help enormously. Again, the throes of a crisis aren’t the best time to white-board responses. Run drills of your emergency plan and you’ll likely accomplish two things: more effective DDoS mitigation and better core service, the latter tending to slip when attacks are all-consuming. While al Qassam is a role model for cyber miscreants, the major banks are a more positive one in the DDoS protection arena. Smaller banks and credit unions don’t have the same deep pockets, but they can still make plans, develop responses and make smart technology investments. Inertia is the one thing they truly can’t afford. For protection against your eCommerce site click here . Source: http://www.banktech.com/risk-management/financial-security-learning-from-ddos-at/240157243

View the original here:
Financial Security: Learning From DDoS Attacks

Protect Your Website: How to Fight DDoS Attacks

Distributed denial of service (DDoS) attacks, a cyberattack that makes a specific resource unavailable to its intended user, are becoming more complex and sophisticated. Attackers don’t just carry out single attacks — they repeatedly test their target’s security and target their assault to achieve the highest amount of damage. Thousands and thousands of attacks occur daily, shutting down websites and network systems, essentially rendering businesses inoperable. To combat DD0S attacks, the first thing SMBs must do is assume they are going to be a target. Since the only DDoS attacks we hear about are those against large corporations, banks and the government, many SMBs don’t think they will ever be the target of digital warfare. Consequently, they don’t take the necessary precautions to prevent or mitigate attacks. “The reason for an attack could be anything,” said Vann Abernethy, senior product manager for NSFOCUS, a leading global DDoS mitigation solution provider. It could be an extortion attempt, a protest against company practices, or even an act of revenge by a disgruntled client or ex-employee. Unarmed with any technical knowledge, anyone with checkbook and a grudge or statement to make can launch an attack. “Everybody that has a measurable ROI associated with their web presence or anybody that can feel pain from their website being down is a target.” Despite the growing threat of DDoS attacks, most Web service providers will not guard your back, according to Abernethy, as it’s not common to cut off one pipe to protect the network. “If you get hit, they’ll say, ‘We’re gonna protect the rest of our customers by shutting you down.’” Therefore, Abernethy tells businesses to always read the fine print and see what their Web host’s policies are regarding DDoS attacks. While some say they will protect you, most have consumer-grade security that is not strong enough to defend your website against high-volume attacks. “SMBs really have two choices to make,” said Brian Laing, vice president of AhnLab, a security solutions provider. “The first is to use cloud-based applications which can more easily scale up to handle any DDoS attacks. The second option would be to implement a DDoS solution that can protect against both application and bandwidth (packet flooding) attacks.” Before implementing any type of DDoS defender, SMBs should investigate exactly what type of solution a vendor is providing, according to Laing. For instance, the defense mechanism should be able to recognize good traffic from bad, while also having a self-learning capability to be able to set flexible thresholds. Abernethy agrees. “We see thousands and thousands of attacks every day, so we have both detection and mitigation algorithms. They basically say, ‘That looks like an attack, it smells like an attack, let’s engage our mitigation algorithms.’ It looks at the attack traffic itself and then says, ‘Yes, that is an attack.’ We can detect those attacks and the system can be set up to go into automatic mitigation.” What SMBs need, Abernethy says, is a purpose-built DDoS defender with both detection and mitigation functions to quickly diagnose and mitigate DDoS attacks. The system should also be a “learning machine” that gets to know your environment over time for more precise detection. SMBs should also keep in mind that defending oneself from DDoS attacks doesn’t stop at prevention and mitigation. Because a DDoS attack shuts down your entire operation — and because most anti-DDoS protections are primarily concerned with simply knocking the attack down — you should have a recovery plan that either you or your providers facilitate. Pierluigi Stella, chief technology officer of Network Box USA, global managed security services provider, says that fending off an attack boils down to strategy and having the right resources for defense. “The real problem, though, is that defense is not a piece of hardware but a strategy, wherein the hardware plays an important role, but isn’t the only player,” Stella said. First, if your bandwidth is an old T1 at 1.5 Mbps, Stella advises businesses to upgrade that old Internet connection to one with a much larger bandwidth that can’t be taken down so quickly. A Disaster Recovery (DR) site should also be part of your recovery plan, Stella said. The DR site should have all your data, so it will serve as your temporary site as you work on getting the current one back up. Ryan Huber, chief architect at Risk I/O, a leader in vulnerability intelligence, says that depending on your business, a simpler option is a static page, such as product literature or other representation of your site. This will temporarily disable site functions such as online ordering, but serves its damage-control purpose of not keeping customers in the dark as you get the full site running. “This has the added benefit of helping you to keep users informed during the attack,” he said. Abernethy recommends that anyone who does business online do regular, full backups. The recovery plan should also include critical details, such as what the recovery process is, where data backups are stored and who is responsible for which tasks. Disaster-recovery planning should also be part of regular operational maintenance. “Don’t just make a plan and think you are covered,” Abernethy said. “Get into the habit of reviewing the full plan each backup cycle to ensure any changes are accounted for. It sounds like a lot of extra work, but it really isn’t if you build it into your normal routine.” As Stella says, businesses should always be in ‘prepared mode.’ “Don’t wait for the hurricane to strike.” For protection against your eCommerce site click here . Source: http://www.businessnewsdaily.com/4667-ddos-attacks-small-business.html

View original post here:
Protect Your Website: How to Fight DDoS Attacks

LulzSec Hacker Ryan Cleary To Be Released

Convicted LulzSec hacker Ryan Cleary, 21, is set to be released “imminently” after appearing Wednesday in a London courtroom for sentencing relating to charges that he made and possessed 172 indecent images of children on his PC. “Some of these images showed children aged as young as six months old in circumstances where they were completely vulnerable,” Judge Deborah Taylor told Cleary, reported The Independent in Britain. “These images were such as would make any right-minded person concerned at you viewing such images.” Cleary, aka Viral, previously pleaded guilty to two charges of making indecent images of children and one charge of possessing indecent images of children. Taylor said Wednesday that although U.K. sentencing guidelines required incarceration for the offenses to which Cleary had plead guilty, “time has been served in any event.” Based on time served, his pleading guilty to all charges filed against him and agreeing to wear an electronic device that will monitor his location, Cleary received a three-year community service order, which requires that he work in the community without pay. He also received a 36-month supervision order, which is akin to probation and requires that Cleary meet weekly with his probation officer. Finally, Cleary was ordered to sign the U.K.’s Violent and Sex Offender Register, which is a database used by police and prison officials to track people convicted of related offenses. Cleary previously appeared in court last month, when he was sentenced to 32 months in prison, followed by a five-year serious crime prevention order that can be used to restrict where he’s allowed to travel and which jobs he’ll be allowed to work. Also sentenced in May were fellow LulzSec participants Jake Davis (Topiary), Mustafa al-Bassam (Tflow) and Ryan Ackroyd (Kayla). Together with Cleary, they pleaded guilty to charges of hacking a number of sites, including the CIA, Britain’s Serious Organized Crime Agency (SOCA) and National Health Service (NHS), and Sony Pictures Entertainment, as well as leaking the credit card data and personal information of hundreds of thousands of people. Cleary also pleaded guilty to launching numerous distributed denial of service (DDoS) attacks under the banners of Anonymous, Internet Feds and LulzSec. British police said the attacks in which Cleary participated caused an estimated $31 million in damages. British police said that when they arrested Cleary at his home on June 20, 2011, they found him in the middle of launching a DDoS attack against the website of SOCA, which was conducting a joint investigation with the FBI into the activities of LulzSec, Anonymous and AntiSec. Clearly was first arrested in 2011 and released on bail, subject to his refraining from using the Internet. He was re-arrested on bail violation charges on March 5, 2012, for going online in December 2011 to contact LulzSec leader Sabu. The day after Cleary’s arrest, federal officials revealed that in June 2011, Sabu — real name Hector Xavier Monsegur — had been arrested and turned confidential government informant, and was helping the FBI investigate hackers and information security attacks. The news of Cleary’s imminent release after serving less than his full jail sentence has led some members of Anonymous to accuse him of having cut a deal with authorities, although no evidence has been produced to back up that assertion. “Anyone who gets away with child porn charges is obviously collaborating with the feds,” according to a post by “ro0ted” to the pro-Anonymous CyberGuerilla blog. Cleary’s legal troubles might not be over, as he was indicted last year by a Los Angeles federal grand jury on hacking charges. But his attorney, Karen Todner, said last year that U.S. prosecutors had indicated that they wouldn’t be seeking his extradition. Furthermore, if that changed, she said her client would fight any such request. “Cleary suffers from Asperger’s syndrome and is on the autistic spectrum and extradition to the United States is totally undesirable,” she said. Source: http://www.informationweek.com/security/attacks/lulzsec-hacker-ryan-cleary-to-be-release/240156590?cid=RSSfeed_IWK_Government

Are DDoS Attacks Against Banks Over?

Distributed-denial-of-service attacks against U.S. banks have been dormant for nearly four weeks, leading security experts to question when and if a new phase of attacks might emerge. The hacktivist group Izz ad-Din al-Qassam Cyber Fighters , which since last September has taken credit for the hits against banks, claimed its attacks were in protest of a YouTube movie trailer deemed offensive to Muslims. But some observers have speculated that Iran was backing the DDoS strikes against banks as payback for cyber-espionage attacks, such as Stuxnet, Flame and Duqu, that have over the last three years affected Iranian computer systems. Rodney Joffe, senior technologist for online security provider Neustar Inc., says the current lull could be a sign that the attacks waged by the hacktivist group are over. “It’s a wild conjecture,” Joffe says. “But we may have seen the end of them.” Joffe says indirect activity linked to the al-Qassam Cyber Fighters’ botnet, known as Brobot, has continued. But there have been no direct attacks. And that lack of activity raises questions about whether al-Qassam will wage any more attacks, Joffe says. “The botnet is no bigger than it was,” he says. “We take [compromised] machines down and then new machines keep getting adding. I still have hope that the government will have some impact or effect, but don’t know one way or the other.” The Federal Bureau of Investigation in April warned that Brobot had been modified, “in an attempt to increase the effectiveness with which the [botnet’s] scripts evade detection.” The FBI said the actors behind Brobot were changing their attack methodology to circumvent mitigation efforts put forth by U.S. banking institutions The FBI also noted that as of April 10, 46 U.S. banking institutions had been targeted by more than 200 separate DDoS attacks of “various degrees of impact” since September. Financial fraud expert Avivah Litan , an analyst at Gartner, says intervention from federal authorities may have spurred al-Qassam to halt its attacks. But, like Joffe, she says there is no way to be sure. “I do know the banks were trying to get the White House to do something politically, and that could be what’s happened.” But other experts, such as Mike Smith of Web security provider Akamai Technologies, don’t think there’s been anything going on behind the scenes to keep the attacks from resuming. Different Attack Actors Other experts anticipate that another group could emerge to resume DDoS attacks against banks if Izz ad-Din al-Qassam Cyber Fighters ends its campaigns. “There has been a lull in the al-Qassam-like attacks,” says Scott Hammack , CEO of DDoS-mitigation provider Prolexic. “But I would definitely not misunderstand this lull as being an end to these types of attacks. The attacks will continue; it’s really just a question of when, not if.” The current break comes after a third phase of hacktivist attacks, which kicked off in March. The latest campaign ran eight weeks, the longest-running so far. The break from the third phase of attacks has lasted four weeks so far. By comparison the break between the first campaign , which began Sept. 18, and the second campaign , which kicked off Dec. 10, lasted six weeks. And the break between the second and third campaigns lasted five weeks. Hammack, like Smith, says Brobot, as well as other botnets, continue to grow. In fact, over Memorial Day weekend, Prolexic helped to mitigate a 167-gigabyte DNS-reflection attack, the largest attack recorded to date, Hammack says. “The attack traffic was global and required us to use all four of our cloud-based scrubbing centers,” he says. DNS-reflection was the attack method used in Operation Stophaus , an attack waged in March by The Spamhaus Project, a Geneva-based not-for-profit organization dedicated to fighting Internet spam. And while it’s not an extremely sophisticated type of attack, Hammack says these types of DDoS strikes are only going to become more prevalent. “There are plenty of countries where rogue elements will continue to exist,” he says. “You’re never going to overcome that. I think, if anything, people should be taking advantage of this down time to fortify their infrastructures.” The application-layer attacks al-Qassam Cyber Fighters favored in its last two campaigns have remained inactive, despite that the group appears to continue efforts to grow and strengthen its botnet. “The botnets are out there,” Hanmmack says. “We have between 15,000 and 100,000 compromised web servers out there that we know of. So the artillery is still out there to create these types of attacks. We just haven’t seen any of the web server attacks for the last 30 days.” Why Have Attacks Stopped So why have the hacktivists remained quiet for the last month? On May 6, al-Qassam Cyber Fighters claimed on the open forum Pastebin that its attacks would cease for just a week, out of respect for OperationUSA , a separate hacktivist movement organized by Anonymous that proved unsuccessful Many experts predicted the group’s attacks against banks would resume by May 14. But they didn’t. Some have speculated that international law enforcement could be close to nailing members of the al-Qassam team. But Hammack says drawing conclusions based on the ebbs and flows of DDoS attacks is dangerous because hacktivists attack in waves. “Certain attacks die down after certain periods,” he says. “That doesn’t mean, though, that the attacks are over.” Banking institution leaders say they’ve been advised by groups such as the Financial Services Information Sharing and Analysis Center not to lessen their DDoS mitigation efforts. Litan says banks are heeding that advice. “The banks have more vendors involved now,” she says. “I don’t think they’ll ever pull back. They have put a lot of systems in. They really can’t go back now, and they shouldn’t.” Source: http://www.bankinfosecurity.com/are-ddos-attacks-against-banks-over-a-5801/op-1

Possibly related DDoS attacks cause DNS hosting outages

Distributed denial-of-service (DDoS) attacks that could be related have in the past few days slammed the DNS servers of at least three providers of domain name management and DNS hosting services. DNSimple, easyDNS and TPP Wholesale all reported temporary DNS service outages and degradation on Monday, citing DDoS attacks as the reason. In some cases the attacks started a few days ago and are ongoing. TPP Wholesale, a subsidiary of Sydney-based Netregistry, one of Australia’s largest providers of Web hosting, domain management and other online services, alerted its customers through its website on Monday that eight of its DNS servers experienced “unscheduled service interruption.” TPP Wholesale experienced a series of DDoS attacks against its DNS name servers over the past several days, the Netregistry Group Security Team said in a blog post. The company managed to mitigate the DDoS attacks that caused service interruptions throughout Monday by taking “the drastic step” of rate-limiting DNS queries, the team said. Such aggressive filtering is prone to false positives and might result in some customers being denied DNS service. “In the next few days we will continue to whitelist such false positives as we discover them,” the team said. Second wave EasyDNS, a DNS hosting provider based in Toronto, also reported DNS service disruptions caused by a DDoS attack on Monday. “This looks like a larger version of a smaller DDoS yesterday which was possibly a test run,” the company’s CEO Mark Jeftovic said Monday in a blog post. “This DDoS attack is different from our previous ones in that it looks as if the target is us, easyDNS, not one of our clients.” Jeftovic said that it was difficult to differentiate the real traffic from the DDoS traffic, but the company managed to partially mitigate the attack and also published workarounds for affected customers. “This is the ‘nightmare scenario’ for DNS providers, because it is not against a specific domain which we can isolate and mitigate, but it’s against easyDNS itself and it is fairly well constructed,” he said. Third victim Aetrion, based in Malabar, Florida, operates a DNS hosting service called DNSimple, which was also attacked on Monday. According to DNSimple founder Anthony Eden, the DDoS attack is ongoing, but the company managed to mitigate it. “Our authoritative name servers were used as an amplifier for an attack against a third-party network,” Eden said Tuesday via email. “The attacker essentially flooded us with ‘ANY’ queries for a variety of domains managed by our DNS service, with the intention of amplifying these small queries into significantly larger responses aimed at a specific network.” This attack technique is known as DNS reflection or DNS amplification. It involves sending queries with a spoofed source IP (Internet Protocol) address—usually the victim’s address—to DNS servers from a large number of computers in order to trigger long responses to be sent by those servers to victim’s IP address within a short time window. If enough computers and DNS servers are used, the resulting rogue DNS traffic will exhaust the victim’s available Internet bandwidth. The DNS reflection technique has been known for a long time. However, its recent use to launch DDoS attacks of unprecedented scale, like the one in March that targeted a spam-fighting organization called Spamhaus, has likely brought it renewed interest from attackers. The attack experienced by DNSimple on Monday was significantly larger in volume and duration than other attacks that hit the company’s name servers in the past, Eden said. He believes that the attack is related to the ones experienced by easyDNS and TPP Wholesale. “The pattern displayed on TPP Wholesale’s blog is similar to what we see, and we have been communicating with easyDNS and find similarities between the attacks.” EasyDNS and TPP Wholesale did not immediately respond to inquiries seeking more information about the recent attacks against their servers and confirmation that they were using DNS reflection techniques. Attack and abuse reports on the increase It’s possible that DNS servers operated by other companies were also affected by this attack, Eden said. “A DNS provider will have a significantly higher number of customers and thus the attacks get noticed much sooner because it affects a larger group of people,” he said. DNSimple’s authoritative name servers were used to amplify a DDoS attack directed at a server hosting company called Sharktech or one of its customers, Eden said. Sharktech has noticed a surge of abuse reports in the past 24 hours coming from ISPs and hosting companies complaining about DDoS attacks against their DNS servers that appear to originate from Sharktech, said Tim Timrawi, president and CEO of Sharktech, via email. Upon further investigation the company determined that these reports were actually the result of a DNS amplification attack against its own customers that abused the authoritative DNS servers of those companies, he said. Most of the affected DNS servers were secured properly and were being queried for domains they are responsible for, Timrawi said. “Unlike previous DNS Amplification Attacks in which the attacker used open recursive DNS servers, in this one, the attacker is collecting all the DNS servers they can find and sending MX (and other kind of queries) to them for their domain records with a spoofed source of the target host,” he said. The amplified DDoS attack targeting Sharktech customers was larger than 40Gbps, Timrawi said. “We are unaware of the reason behind the attacks,” he said. The abuse of authoritative name servers in DNS reflection attacks is not very common because attackers need to know the exact domain names that each abused server is responsible for, said Carlos Morales, vice president of sales engineering and operations at DDoS mitigation provider Arbor Networks. Obtaining this information is not very hard, but it does require additional work compared to abusing open DNS resolvers, and attackers usually prefer the easiest route to reach their goals, he said. Open DNS resolvers are recursive DNS servers that are configured to accept queries from any computers on the Internet. These act as relays between users and authoritative DNS servers; they receive queries for any domain name, find the authoritative name server responsible for it and relay the information obtained from that server back to the user. Meanwhile, authoritative name servers, like those operated by DNSimple, easyDNS and TPP Wholesale, will only respond to queries concerning the domain names they serve. Well-prepared attackers The extra work required to target such servers suggests that the attackers behind the recent attacks on these DNS hosting providers were well prepared and did their homework in advance, Morales said. One mitigation against this kind of attack is to configure the DNS server software to force all “ANY” queries sent over UDP (User Datagram Protocol) to be resent over TCP (Transmission Control Protocol) instead, Eden said. This can be done by sending a UDP response with the TC bit set and an empty answer section. A legitimate DNS client will retry over TCP, while a bogus client will get no benefit, he said. In the case of open resolvers, the problem can be mitigated by restricting which IP addresses are allowed to query them, said Morales. For example, an ISP operating a DNS resolver for its customers can restrict its use to only IP addresses from its network, he said. However, this kind of mitigation is not applicable to authoritative name servers because they are meant to be queried by anyone on the Internet who wants to get information about the specific domain names served by them, Morales said. The mitigation described by Eden is very good and is actually one that Arbor also uses to protect authoritative name servers, he said. Another mitigation is to enforce a query rate limit for source IP addresses, he said. Source: http://www.pcworld.com/article/2040766/possibly-related-ddos-attacks-cause-dns-hosting-outages.html

View original post here:
Possibly related DDoS attacks cause DNS hosting outages

Turkish gov’t websites hacked by Anonymous

A group of computer hackers known as Anonymous carried out early on Monday a series of cyberattacks on Turkish government websites in retaliation for violent police response to anti-government protests. Several Anonymous messages in its Twitter blog provide links to the sites, including those of President Turkish President Abdullah Gul and Turkey’s ruling Justice and Development Party, that have been denied public access. Hackers normally use distributed denial of service (DDoS) attacks to knock their targets offline. Turkey’s Hürriyet Daily News reported on Monday that some Turkish media websites have also been targeted by Anonymous for “for failing to adequately cover the events.” The planned demolition of Gezi Park in central Istanbul sparked mass rallies in the city on Saturday, prompting police to use tear gas and water cannons to disperse the protesters. Violent clashes between protesters and police continued in Istanbul and the capital, Ankara, on Sunday. The rally in Istanbul triggered more than 230 separate protests in 67 cities across the country, according to Sky News. Turkey’s Interior Minister Muammer Guler said on Sunday that more than 1,700 people had been arrested in the unrest nationwide, adding that 58 civilians and 115 security officers had been injured over several days of protests. The United States and the European Union and have already urged the Turkish government to exercise restraint, while Amnesty International has condemned the use of tear gas by Turkish police as “a breach of international human rights standards.” Anonymous declares Internet attacks in support of Turkish protests Anonymous vows to kick off a worldwide action which will “bring the Turkish government to its knees.” With #opTurkey, the hacktivist collective plans to “attack every Internet and communications asset of the Turkish government.” Anonymous claims to have taken down several websites across Turkey, targeting municipal governments in Mersin and Izmir as well the Gebze Institute of Technology. Source: http://www.turkishweekly.net/news/151067/turkish-gov-39-t-websites-hacked-by-anonymous.html

Continued here:
Turkish gov’t websites hacked by Anonymous

Preparing for Battle: DDoS Attacks On Business

Lately, DDoS attacks have crept back into the headlines, forcing businesses to reacquaint themselves with the concept. DDoS stands for distributed denial-of-service which uses multiple machines to carry out a DoS attack on unsuspecting victims. It is estimated that over 7,000 attacks happen daily with the motives and severity of consequences varying between different attacks but all have the potential to greatly harm a company’s operations. To minimize any possible damage, it is important to prepare a defense against these malicious attacks especially as they are on the rise and could target your business at any moment. How to realize you are in the midst of a DDoS attack At the beginning of a DDoS attack, you may fail to even realize what is occurring. The optimistic side of you wants to believe that your marketing efforts have finally kicked in and created a sudden wave of interested customers to your website. However great that may be, the reality is as the numbers increase and overwhelm your servers, you are more likely to be under attack. When a DDoS attack occurs they are using one of two avenues: a special malware that infects the machines of others in order to carry out the attack from a large number of hosts or utilizing a large number of volunteers to their cause to perform the attack in unison. Regardless of the technique employed, they both use many host computers to access the target’s website and overwhelm their servers which results in long periods of downtime. Why Attackers Target You The reasons behind DDoS attacks can vary depending on the organization performing the attack and who they are attacking. The most common reason behind an attack is extortion where they perform a small attack on your servers first, then contact you demanding a certain amount of money to prevent a larger attack from occurring. The more profitable a company you are, the higher the chance you will be a target for extortion. Also, if your organization is currently in the spotlight for political controversy, there are many “hacktivists,” like the group Anonymous, who carry out DDoS attacks to satisfy their political agenda. Lastly, in sophisticated and large-scale attacks, the hackers could be attempting a security breach in order to obtain confidential information. All of these causes could create a devastating impact upon your company’s image. The Effects of DDoS Attacks 1. Revenue The more heavily you rely on your website as a means for business, the more severe a DDoS attack will affect your company. The average daily revenue loss from attacks for those that depend heavily on the Internet for their business is $2,000,000 or nearly $100,000 per hour. Even if you are a smaller organization with less reliance on the Internet, the average loss is $10,000 per hour when in downtime. These are significant amounts of losses that could be hard to recover from, especially for a small business. 2. Reputation As a DDoS attack is occurring, it becomes nearly impossible for any customer to access your website and results in an unpleasant experience for them. For instance, if you are a banking website, they can’t access their accounts which is very critical and leaves them feeling like their private information is at risk. Even after the attack is over, you will have to spend time and money in public relations efforts to reinstate faith in your service from your customer base. 3. Lawsuits When the attack breaches security and confidential information, a risk for lawsuits from customers and consumer protection groups occurs. Now you are not only looking at revenue loss from the downtime and from a loss of reputation but also, significant legal fees associated with your company failing to protect customer information. If all three occur, the DDoS attack could be enough to send your company into bankruptcy and impending failure. How to Protect Your Company The devastating effects from a DDoS attack is enough to leave you shaking in your boots, however most companies still fail to provide adequate protection against said attacks. As the sophistication of these attacks increase, your company’s firewall and current security measures may not be enough to handle a full-scale attack. In a recent survey, Neustar only found that 3% of the surveyed organizations had an anti-DoS solution. Here are some steps you should take to protect your company in the event of a DDoS attack: Develop a defense strategy immediately so you are prepared to take action when an attack occurs. Identify current security lapses or vulnerabilities within your website. If you have been a victim from an attack, keep information collected about it so you can determine how to properly fight off future attacks Simulate a DDoS attack to ensure your response measures are adequate. Consider purchasing an anti-DoS service from a security provider to narrow the possibility of attack. Combine anti-DoS service with the above steps to provide a comprehensive approach to protection. As DDoS attacks are on the rise, now is the time to prepare your company in the event of attack. Even smaller organizations could become victims, so it is important to be ready to defend your company’s website and servers from hackers. Following the steps for protection can prevent a DDoS attack from causing results that could be extremely difficult to recover from, allowing you to come out victorious in an otherwise disastrous situation. Source: http://technologyadvice.com/preparing-for-battle-ddos-attacks-on-business/

More:
Preparing for Battle: DDoS Attacks On Business

Threat of the Week: DDoS For Hire on the Rise

Just when you thought you could tune out the fears about DDoS (distributed denial of service) attacks, listen up: the risks for you suddenly are much graver, and it may be the time when defensive action on your part has become necessary. Yes, the fear-mongering over the May 7th DDoS blitzkrieg – which turned out to be a non-event – has prompted many credit union executives to turn off the DDoS discussion. That’s a mistake, however. “Three years ago I would have called DDoS a nuisance. Now it is a threat to many more businesses,” said Vann Abernethy, an executive with security firm NSFOCUS. A big change that is occurring, sources insist to Credit Union Times , is that for-rent DDoS networks – often costing spare change – are proliferating and they have plenty of firepower to take down most credit unions’ online presences. The scariest part: absolutely no technical skills are required to deploy what is being called DDoS as a service. All that’s needed is digital money – PayPal or BitCoin and there even are some providers that take MasterCard and Visa. Barry Shteiman, senior security strategist at Imperva, named names of sites that he said offer what seems to be DDoS for hire: SSH Booter, Empire Stresser, Quantum Stresser, Asylum Stresser, Titanium Stresser, Illuminati Stresser, Legion Stresser, Agony Stresser. The list is not complete. “There are dozens of companies selling DDoS as a service now,” said Sean Bodmer, chief researcher, Counter-Exploitation Intelligence, for CounterTack. Note: Almost all such sites claim to offer, not rogue DDoS for hire, but “stress testing” so that an organization – a credit union for instance – can check its DDoS defenses. Just one problem: sources insisted that the majority of stress-testing sites they are familiar with do no verification that the person buying the “stress test” has any affiliation whatsoever with the target. What’s fueled the rise in DDoS as a service? For one, the intense publicity for DDoS has just about everybody aware of the attack format. For two, “As email spam has become more and more a solved problem it has forced criminals with botnets to find other uses for them. DDoS lets them monetize their botnets,” said Matthew Prince, CEO of CloudFlare, a DDoS mitigation company. DDoS as a service prices are also tumbling. Hemant Jain, vice president of engineering for security company Fortinet, said that he has found providers who are selling an hour of DDoS for $5, a 24-hour day of it for $40 and a week for $260. Can’t these DDoS as service provider be shut down by law enforcement? It’s not that easy. Commented Carl Herberger, vice president of security solutions at mitigation provider Radware, “It’s important to note that ‘DDos for Hire’ websites move around in terms of their technical underpinning. They don’t stay in one area or one location for too long. It’s almost like a game of “Whack-a-Mole” – just when you think you’ve identified the location of the website, it’s already moved.” Added Chris Ensey, COO of security company Dunbar Digital Army, “These (DDoS as a service) sites are being resold like white-labeled products now. Most of the sellers are just affiliates who leverage another botnet or platform” – that is, they have none of their own infrastructure and, poof, they can be here today and back tomorrow under a new flag. That’s the problem: it is very hard to pinpoint the location of a DDoS command and control center and when it’s found, said sources, it generally is in a country with little or no law enforcement reciprocity with the United States. The bottom line for credit unions: “They have to take DDoS seriously. There is no turning this back,” said Shteiman. The good news: the attack throughputs via DDoS for hire are tiny fractions of what al Qassam is throwing at money center banks – 1% or 2% of the volume in many cases. But that is plenty to knock out a credit union that lacks defenses. As for what defenses are needed to thwart for hire DDoS, experts indicated that in most cases low-cost mitigation, within the budget of just about every credit union, ought to suffice. Talk with mitigation companies, also ask Web hosts what protections they have on hand or can line up, Small expenditures ought to bring peace of mind – at least that’s what the experts are saying today Source: http://www.cutimes.com/2013/05/28/threat-of-the-week-ddos-for-hire-on-the-rise?ref=hp

View the original here:
Threat of the Week: DDoS For Hire on the Rise