Tag Archives: stop ddos attacks

How Homeland Security plans to end the scourge of DDoS attacks

The agency is working on a multimillion dollar effort to protect the country’s most critical systems from distributed denial of service attacks, which are among the simplest digital assaults to carry out and the toughest to fight. MARCH 8, 2017 —In late October, in Surprise, Ariz., more than 100 phone calls bombarded the police department’s emergency dispatch line. Calls also overwhelmed the nearby city of Peoria’s 911 system and departments across California and Texas. But each time a dispatcher picked up, no one was on the line – and there was no emergency. The Arizona district attorney’s office says the calls clogging 911 lines resulted from a digital prank, which triggered a distributed denial of service, or DDoS, attack on critical emergency communication systems. The prosecutor’s office tracked the torrent of calls to 18-year-old hacker Meetkumar Hiteshbhai Desai. Now, he’s facing four counts of felony computer tampering. While Mr. Desai said he didn’t intend to cause any harm, according to the Maricopa County Sheriff’s Office, he did surface a potentially devastating glitch in smartphone software that could exact damage on any number of sensitive and critical targets. Whenever anyone clicked a certain link on his webpage via a mobile device, their phone automatically dialed 911. While this kind of DDoS targeting 911 systems is unprecedented, it’s exactly the type of attack that national law enforcement officials have been concerned about for years. In fact, the Homeland Security Department (DHS) has been working on technology to protect 911 centers from DDoS and telephone-based, or TDoS, attacks for three years. The Arizona incident proved someone can “cause a large number of phones or a large number of computers or a large number of whatever connected device to start generating these calls,” says Dan Massey, program manager in the cybersecurity division of the DHS Science and Technology Directorate. “It went from how much damage can I do from my phone” to a situation where, with just a handful of people, “if all of our phones started calling some victim, whether that’s 911 or a bank or a hospital, that can get very fast and very big.” DDoS attacks are both among the simplest forms of cyberattacks to carry out and the most difficult to defend against. They are designed to direct an overwhelming amount of digital traffic – whether from robocalls or web traffic – at targets to overwhelm them so they can’t handle legitimate business. Writ large, there has been an exponential increase in the intensity and frequency of DDoS attacks over the past six months and critical infrastructure components are possible future targets, according to DHS. For a sense of the scale of today’s DDoS attacks, compare the 100 megabits per second Internet speed at a typical company to the more than 1 million megabits (1 terabit) per second speed of a DDoS attack against Web hosting company Dyn in October. The attack, which drew power from insecure webcams and other internet-connected devices, knocked out widely used online services like Netflix, Twitter, and Spotify for hours. Such massive web DDoS assaults may also become a problem for 911, as the country moves toward a next generation 911 system that uses mapping services to locate callers and can support voice, text, data, and video communication. “What you’re seeing is a convergence of the traditional internet with the phone system and next generation 911 is a great example of that,” says Massey. “DDoS attacks and/or TDoS attacks kind of blend together a little bit there.” To help combat the problem, the department has given out $14 million in grants for DDoS prevention studies, including phone-based attacks. Some of that funding is piloting initiatives to stop phone-based attacks at 911 centers in Miami/Dade County and the City of Houston, as well as at a large bank that the department wouldn’t identify. So far, DHS efforts have yielded, among other things, a DDoS early warning system to flag organizations that an attack may be coming, and alerting them to adjust internet network settings to defend against an onslaught of traffic. Additionally, DHS-funded research from tech firm SecureLogix produced a prototype that can thwart phony telephone calls sent to a 911 system or other critical phone operation. The model attempts to detect bogus calls by monitoring for clues that indicate an incoming call is fake. “As we have seen, it is simple to flood a 911 center, enterprise contact center, hospital, or other critical voice system with TDoS calls,” says Mark Collier, SecureLogix chief technology officer. “The research is essential to get ahead” because the assailants “are generating more attacks, the attacks are more sophisticated, and the magnitude of the attacks is increasing. “ To be sure, the race to keep digital adversaries out of the country’s 911 system faces obstacles, some of which are outside the jurisdiction of Homeland Security and dispatch centers. The DHS DDoS defense program is “a good start,” but one “challenge in defending certain types of critical infrastructure is the fact that emergency services like 911 must serve anyone – immediately,” per Federal Communications Commission rules, “due to their life saving nature,” said Mordechai Guri, research and development head at Israel’s Ben-Gurion University Cyber-Security Research Center. “The approach of blocking the DDoS originators must be backed by a change in the laws and regulations.” Before the October attacks on the Arizona 911 systems, he and fellow Ben-Gurion researchers warned that DDoS attacks launched from cellphones could pose a significant threat to emergency services. During one experiment, it took fewer than 6,000 hacked phones to clog emergency services in a simulated US state, the academics wrote in a September 2016 paper. Such an attack can potentially last for days. The very nature of the 911 system makes shutting out any callers potentially dangerous, and some alternatives, like requiring a person in distress to authenticate themselves for assistance, are not viable, says Massey of DHS. “We really need to make sure that we’re not missing a critical 911 call,” he says. “So that’s a challenge for the project to make sure that we’re not misclassifying people.” Source: http://www.csmonitor.com/World/Passcode/2017/0308/How-Homeland-Security-plans-to-end-the-scourge-of-DDoS-attacks

See more here:
How Homeland Security plans to end the scourge of DDoS attacks

7 Security Steps To Defend Your Company Fram A DDoS Attack

Of all the cybersecurity threats today’s businesses face, distributed denial-of-service (DDoS) attacks are among the most complex and devastating. This type of breach involves multiple compromised systems that work in conjunction to shut down service. Although security technology is becoming more sophisticated, so are hackers, and you don’t want to be caught unprepared if (or more likely, when) your company’s data gets compromised. Below, a few members of Forbes Technology Council each offer one important prevention measure to help your IT department defend against a DDoS attack. 1. Continue To Add Layers Of Defense Remain vigilant, continuing to add layers of security as they become available. Also provide your department with signs to look for so they have a better idea of potential threats. This provides for a much more proactive approach to security. – Chalmers Brown, Due 2. Practice Your Response Plan Have a plan on what to do and who should do it, then do a dry run against it a few times a year. Go further than just your IT team – involve your vendors, executive team, etc. and ask for feedback on what would help them help you in the face of a DDoS attack. Update your plan each time. This practice helps your team execute fast and has the added benefit of showing those around you that you’re prepared. – Brian Fritton, Patch of Land 3. Use A Web Application Firewall (WAF) A Web Application Firewall (WAF) is your best line of defense against a DDoS attack. It acts like an antivirus that blocks all malicious attacks on your website. It sits above your application at the network level to provide protection before the attacks reach your server. Using a WAF not only protects you against DDoS attacks, but also improves application performance and enhances user experience. – Thomas Griffin, OptinMonster 4. Leverage Cloud Services And Educate Yourself Continually Cloud providers will handle security better than you can do in-house — especially if you’re a target. Even the U.S. government leverages cloud providers to consult and augment security. Amazon has DDoS mitigation services, and their DNS is both inexpensive and secure. Educate yourself to stay aware of the potential threats and mitigation services that are available to you. – Tim Maliyil, AlertBoot 5. Help Employees Educate Each Other Since our inception, we’ve had a personal ‘buddy’ assigned to any new team member. They are responsible for teaching the new person all of the dos and don’ts of the department, and also get them more culturally aligned with the team/company. – Pin Chen, ONTRAPORT 6. Get Senior Management Involved In Security Planning It is critical for companies to include senior management in DDoS prevention planning. Most attacks are due to poor ongoing security practices or setups. Ransomware attacks alone cost over $1B in 2017. Companies should consider cloud solutions that offer cost-effective managed security solutions, with ongoing security and maintenance updates, so that they can focus on building their core business. – Cristina Dolan, Trading Screen 7. Segment Your IoT Devices Behind A Firewall While DDoS attacks are difficult to prevent, you can minimize the impact by enabling DDoS and flood protection on your organization’s firewalls. To restore order quickly in the event of an attack, develop a DDoS response plan. To minimize the chance of your IoT infrastructure being used in a DDoS attack, make sure all IoT devices are segmented on a dedicated safe zone behind a firewall. – Bill Conner, SonicWall Source: https://www.forbes.com/sites/forbestechcouncil/2017/03/07/7-security-steps-to-defend-your-company-fram-a-ddos-attack/#4a04a540408

Businesses blame rivals for DDoS attacks

Industrial sabotage is considered to be the most likely reason behind a distributed denial of service attack, a study has revealed More than 40% of businesses hit by a distributed denial of service (DDoS) attack worldwide believe their competitors were behind it, research by Kaspersky Lab and B2B International has revealed. Rival firms are considered more likely culprits than cyber criminals, which were cited as suspects by just 38% of DDoS victims on average. Industrial sabotage is considered to be the most likely reason behind a DDoS attack, coming out higher than political conspiracy and personal vendettas against a business. Typically, DDoS attacks target web servers and aim to make websites unavailable to users. Although no data is stolen, the interruption to the service can be costly in terms of lost business damage to reputation. For example, a massive DDoS attack on Luxembourg’s government servers that started on 27 February 2017 reportedly lasted more than 24 hours, and affected more than a hundred websites. The joint Kaspersky Lab, B2B International study, which polled 4,000 businesses in 25 countries, found that only 20% of DDoS victims overall blamed foreign governments and secret service organisations, with the same proportion suspecting disgruntled former employees. Companies in Asia Pacific are the most suspicious of competitors, with 56% blaming their rivals for DDoS attacks and 28% blaming foreign governments. Personal grudges also carry more suspicion in the region too, with 33% blaming former staff. In Western Europe, only 37% of companies suspect foul play by their competitors, with 17% blaming foreign governments. Looking at attitudes by business size, businesses at the smaller end of the scale are more likely to suspect their rivals of staging an experienced DDoS attack. The study found that 48% of small and medium business representatives believe this to be the case compared with only 36% of enterprises. In contrast, respondents from big companies put more blame on former employees and foreign governments. “DDoS attacks have been a threat for many years, and are one of the most popular weapons in a cyber criminals’ arsenal,” said Russ Madley, head of B2B at Kaspersky Lab UK. “The problem we face is that DDoS attacks can be set up cheaply and easily, from almost anyone, whether that be a competitor, a dismissed employee, socio-political protesters or just a lone wolf with a grudge. “It’s therefore imperative that businesses find an effective way to safeguard themselves from such attacks,” he said. Significant advances in DDoS attacks There were significant advances in DDoS attacks in the last quarter of 2016, according to Kaspersky, with the longest DDoS attack in lasting 292 hours or 12.2 days, which set a record for 2016 and was significantly longer than the previous quarter’s maximum of 184 hours. The last quarter of 2016 also saw the first massive DDoS attacks using the Mirai IoT (internet of things) botnet technology, including attacks on Dyn’s Domain Name System (DNS) infrastructure and on Deutsche Telekom, which knocked 900K Germans offline in November. There were also similar attacks on internet service providers (ISPs) in Ireland, the UK and Liberia, all using IoT devices controlled by Mirai technology and partly targeting home routers in an attempt to create new botnets. Stakeholders recognise lack of security in IoT devices According to Kaspersky, stakeholders worldwide, in particular in the US and EU, recognise the lack of security inherent in the functional design of IoT devices and the need to set up a common IoT security ecosystem. Kaspersky expects to see the emergence of further Mirai botnet modifications and a general increase in IoT botnet activity in 2017. Researchers at Kaspersky Lab also believe that the DDoS attacks seen so far are just a starting point initiated by various actors to draw up IoT devices into the actors’ own botnets, test drive Mirai technology and develop attack vectors. First, they demonstrate once again that financial services like the bitcoin trading and blockchain platforms CoinSecure of India and BTC-e of Bulgaria, or William Hill, one of Britain’s biggest betting sites, which took days to come back to full service, were at the highest risk in the fourth quarter and are likely to remain so throughout 2017. Second, cyber criminals have learnt to manage and launch very sophisticated, carefully planned, and constantly changing multi-vector DDoS attacks adapted to the mitigation policy and capacity of the attacked organisation. Kaspersky Lab’s analysis shows that the cybercriminals in several cases tracked in 2016 started with a combination of various attack vectors gradually checking out a bank’s network and web services to find a point of service failure. Once DDoS mitigation and other countermeasures were initiated, researchers said the attack vectors changed over a period of several days. DDoS enters its next stage of evolution Overall, they said these attacks show that the DDoS landscape entered the next stage of its evolution in 2016 with new technology, massive attack power, as well as highly skilled and professional cyber criminals. However, the Kaspersky researchers note that unfortunately, this tendency has not yet found its way into the cyber security policies of many organisations that are still not ready or are unclear about the necessary investments in DDoS protection services. Source: http://www.computerweekly.com/news/450414239/Businesses-blame-rivals-for-DDoS-attacks

Visit site:
Businesses blame rivals for DDoS attacks

Luxembourg government servers forced offline by DDoS attack

Authorities in Luxembourg have said that government servers had come under a DDoS attack on Monday. According to reports from the Luxemburger Wort, the attack started at 9.30 am, forcing the web servers of many state authorities offline or difficult to reach. Just over an hour later, the state-owned IT operator “Centre des Techniques de l’information de l’Etat” (CTIE) sent a message via Twitter, to confirm that the network was the victim of a DDoS attack. Reports by Luxemburg publication Paperjam said that over a hundred servers had been affected by the attack and that the attack impacted servers for more than 24 hours. Gilles Feith, chief of the CTIE government IT centre, said that this was the first-time Luxembourg authorities had been targeted to such an extent but could not confirm the origin of the attack. “Before it gets back to normal, it may take some time to wait,” said Feith, adding it may take “a few hours or even days.” Stephanie Weagle, VP, Corero Network Security, told SC Media UK that DDoS attacks have become many things over the last decade; weapons of cyberwarfare, security breach diversions and service impacting strategies. “The motivations for these attack campaigns are endless – financial, political, nation-state, extortion and everything in between,” she said. Weagle added: “Continuing to rely on traditional IT security solutions, and or human intervention to deal with the growing DDoS epidemic will continue to prove devastating to businesses. As recent events have confirmed once again, proactive, automated protection is required to keep the Internet connected business available in the face of DDoS attacks.” Pascal Geenens, Radware EMEA security evangelist, told SC Magazine that these days anyone has access to booter or stresser services or DDoS-for-hire. “Services are available on the Darknet as well as on the Clearnet and for just a couple of Euros one can launch a DDoS attack by a click of the mouse,” he said. Geenens added the release of the Mirai source code last October was a turning point. “We saw a huge rise in the number of botnets leveraging IoT devices (mostly IP cams and residential routers) and attacks grew in size. A 1Tbps attack should not come as a surprise today, the potential certainly is there.” He said the motivation behind DDoS attacks can be many things, combined with the user-friendly experience and low price provided by the services to perform them, the spectrum of motivations is only widening. “The main drive of most cyber-crime is still money, we have witnessed countless cyber-ransoms leveraging DDoS. This attack could be precursor of a larger RDoS. Attackers typically provide some proof they have the ability to interrupt the service, which is typically followed by a message with a demand for ransom and if the victim does not pay there will be an ultimatum followed by a much larger and longer attack.” Geenens said the number and size of DDoS attacks is growing and we do not predict this trend will slow in the near future. “My advice to any online business or government, it is five past 12, everybody is a potential target. Make DDoS protection a priority. UEBA is another technology that should be part of the strategy for organisations that carry important or sensitive information.” Source: https://www.scmagazineuk.com/luxembourg-government-servers-forced-offline-by-ddos-attack/article/641003/

View post:
Luxembourg government servers forced offline by DDoS attack

DDoS Attack Takes Down Austrian Parliament Website

The DDoS attack, one of the most common cyber threats, is being investigated by authorities The Austrian parliament’s website was hit by a suspected cyber attack over the weekend which took the site down for 20 minutes. Hackers are believed to have used a Distributed Denial of Service (DDoS) attack to flood the website with digital service requests and, although no data was lost, authorities are now investigating the attack. “The hacker attack was most likely a so-called DDoS-attack; a similar attack took place last November targeting the websites of the Foreign Affairs and Defence Ministries,” the parliament said in a statement. Cyber attack One of the most common cyber threats around, DDoS attacks have been growing in size and prevalence in recent times, with Corero Network Security predicting that such threats will become the top security priority for businesses and the new norm in 2017. “While the Mirai botnet is certainly fearsome in terms of its size, its capacity to wreak havoc is also dictated by the various attack vectors it employs, said Dave Larson, CTO/COO at Corero Network Security. “If a variety of new and complex techniques were added to its arsenal next year, we may see a substantial escalation in the already dangerous DDoS landscape, with the potential for frequent, Terabit-scale DDoS events which significantly disrupt our Internet availability.” In January, a DDoS attack was responsible for an outage at Lloyds Banking Group that left customers unable to access online banking services for three days, after web security firm Imperva had earlier that month issued a warning to businesses after fending off the largest DDoS attack ever recorded on its network. But the most high-profile attack in recent months affected domain name service provider Dyn and resulted in a slew major sites – including Twitter, Spotify and Reddit – being taken offline. Source: http://www.silicon.co.uk/security/ddos-attack-austrian-parliament-website-204381

View the original here:
DDoS Attack Takes Down Austrian Parliament Website

Many businesses are relying on others to fight DDoS attacks

With large scale cyber attacks constantly hitting the headlines, businesses ought to be aware of the need to protect themselves. But a new study by Kaspersky Lab shows that 40 percent of businesses are unclear on how to protect themselves against targeted attacks and DDoS. Many believe that someone else will protect them and therefore don’t take their own security measures. 40 percent think their ISP will provide protection and 30 percent think data center or infrastructure partners will protect them. Moreover, the survey finds that 30 percent fail to take action because they think they are unlikely to be targeted by DDoS attacks. Surprisingly, 12 percent even admit to thinking that a small amount of downtime due to DDoS would not cause a major issue for the company. The reality of course is that any company can be targeted because such attacks are easy for cybercriminals to launch and the potential cost of a single attack can be millions. “As we’ve seen with the recent attacks, DDoS is extremely disruptive, and on the rise,” says Kirill Ilganaev, head of Kaspersky DDoS protection at Kaspersky Lab. “When hackers launch a DDoS attack, the damage can be devastating for the business that’s being targeted because it disables a company’s online presence. As a result business workflow comes to a halt, mission-critical processes cannot be completed and reputations can be ruined. Online services and IT infrastructure are just too important to leave unguarded. That’s why specialized DDoS protection solution should be considered an essential part of any effective protection strategy in business today”. The findings are based on Kaspersky Lab’s annual Corporate IT Security Risks survey conducted in cooperation with B2B International. In 2016, it surveyd more than 4,000 representatives of small, medium (50 to 999 employees) and large businesses (1000+) from 25 countries to find their views on IT security and the real incidents they had to deal with. Source: http://betanews.com/2017/01/05/business-ddos-rely-others/

Read the article:
Many businesses are relying on others to fight DDoS attacks

DDoS Attacks on the Rise—Here’s What Companies Need to Do

Distributed denial-of-service (DDoS) attacks have been going on for years. But in recent months they seem to have gained much more attention, in part because of high-profile incidents that affected millions of users. For instance, in late October 2016 a massive DDoS assault on Domain Name System (DNS) service provider Dyn temporarily shut down some of the biggest sites on the Internet. The incident affected users in much of the East Coast of the United States as well as data centers in Texas, Washington, and California. Dyn said in statements that tens of millions of IP addresses hit its infrastructure during the attack. Just how much attention DDoS is getting these days is indicated by a recent blog post by the Software Engineering Institute (SEI) at Carnegie Mellon University. The post, entitled, “Distributed Denial of Service Attacks: Four Best Practices for Prevention and Response,” became SEI’s most visited of the year after just two days, said a spokesman for the institute. To help defend against such attacks, organizations need to understand that this is not just an IT concern. “While DDoS attack prevention is partly a technical issue, it is also largely a business issue,” said Rachel Kartch, analysis team lead at the CERT Division of SEI, a federally funded research and development center sponsored by the U.S. Department of Defense and operated by CMU, and author of the DDoS post. Fortunately there are steps organizations can take to better protect themselves against DDoS attacks, and Kartch describes these in the post. In general, organizations should begin planning for attacks in advance, because it’s much more difficult to respond after an attack is already under way. “While DDoS attacks can’t be prevented, steps can be taken to make it harder for an attacker to render a network unresponsive,” Kartch noted. To fortify IT resources against a DDoS attack, it’s vital to make the architecture as resilient as possible. Fortifying network architecture is an important step not just in DDoS network defense, Kartch said, but in ensuring business continuity and protecting the organization from any kind of outage. To help disperse organizational assets and avoid presenting a single rich target to an attacker. organizations should locate servers in different data centers; ensure that data centers are located on different networks; ensure that data centers have diverse paths, and ensure that the data centers, or the networks that the data centers are connected to, have no notable bottlenecks or single points of failure. For those organizations that depend on servers and Internet presence, it’s important to make sure resources are geographically dispersed and not located in a single data center, Kartch said. “If resources are already geographically dispersed, it is important to view each data center as having more than one pipe to [the] Internet, and ensure that not all data centers are connected to the same Internet provider,” she said. While these are best practices for general business continuity and disaster recovery, they will also help ensure organizational resiliency in response to a DDoS attack. The post also describes other practices for defending against DDoS. One is to deploy appropriate hardware that can handle known attack types and use the options in the hardware that can protect network resources. While bolstering resources will not prevent a DDoS attack from happening, Kartch said, doing so will lessen the impact of an attack. Certain types of DDoS attacks have existed for a long time, and a lot of network and security hardware is capable of mitigating them. For example, many commercially available network firewalls, web application firewalls, and load balancers can defend against protocol attacks and application-layer attacks, Kartch said. Specialty DDoS mitigation appliances also can protect against these attacks. Another good practice is to scale up network bandwidth. “For volumetric attacks, the solution some organizations have adopted is simply to scale bandwidth up to be able to absorb a large volume of traffic if necessary,” Kartch said. “That said, volumetric attacks are something of an arms race, and many organizations won’t be able or willing to pay for the network bandwidth needed to handle some of the very large attacks we have recently seen. This is primarily an option for very large organizations and service providers.” It’s likely that DDoS attacks will continue to be a major issue for organizations. A 2016 study by content delivery network provider Akamai said these types of incidents are rising in number as well as in severity and duration. The company reported a 125% increase in DDoS attacks year over year and a 35% rise in the average attack duration. Cyber security executives need to make it a top priority to protect their organizations against DDoS. Source: http://www.itbestofbreed.com/sponsors/bitdefender/best-tech/ddos-attacks-rise-here-s-what-companies-need-do

Originally posted here:
DDoS Attacks on the Rise—Here’s What Companies Need to Do

2017 predictions: US isolationism, DDoS, data sharing

Without a doubt, 2016 was the year of the DDoS. The year came to a close with a major DDoS attack on DNS provider Dyn, which took down several major internet sites on the Eastern US seaboard. This attack was different – not so much in terms of its volume or its technique, but in the fact that instead of being directed at its intended target, it was targeted at network infrastructure used by the target. I think we are likely to see more DDoS attacks in 2017, both leveraging amplification attacks and direct traffic generated by the Internet of Things. However, we will also see a growing number of incidents in which not just the target experiences outages, but also the networks hosting the sources of the DDoS, as they also need to support significant outbound traffic volumes. This is likely to lead to increasing instability – until such a time as network operators start seeing DDoS as an issue they need to respond to. In this sense, the issue of DDoS is likely to increasingly self-correct over time. The other main trends and developments that I foresee for the year ahead are as follows: ? I think we are likely to see the first few cases where attribution of nation states accountable for attacks starts to backfire. Over the past few years, corporations and nation states have published a lot of theories on espionage campaigns. One issue with these incidents is the fact that often, contrary to human intelligence, the malware and tools that are used in these attacks leave the intent of the attack open to interpretation. Was the goal to spy on the development of a country and its international relations? Was it to steal information for economic gain? Or was the attack intended to result in sabotage? Those are the all-important questions that are not always easy to answer. The risk of one country inadvertently misunderstanding an attack, and taking negative action in response, is increasing. When a nation’s critical infrastructure suddenly fails, after the country has been publicly implicated in an attack, was it a counterattack or a simple failure? ? In the new policy environment being introduced by President-elect Donald Trump, there is some risk that the United States may start to withdraw from the international policy engagement that has become the norm in cyber security. This would be unfortunate. Cyber security is not purely a domestic issue for any country, and that includes the United States. Examples of great cyber security ideas hail from across the world. For instance, recent capture-the-flag competitions show that some of the best offensive cyber security talent hails from Taiwan, China and Korea. In addition, some tools such as Cyber Green, which tracks overall cyber health and makes international security measurable, originate in Japan rather than the United States. Withdrawing from international cooperation on cyber security will have a number of negative implications. At a strategic level it is likely to lead to less trust between countries, and reduce our ability to maintain a good channel of communications when major breaches are uncovered and attributed. At a tactical level it is likely to result in less effective technical solutions and less sharing around attacks. ? Meanwhile, across the pond, Presidential elections in France, a Federal election in Germany, and perhaps a new president taking power in Iran will all lead to more changes in the geopolitical arena. In the past, events of major importance such as these have typically brought an increase in targeted attack campaigns gathering intelligence (as widespread phishing) and exploiting these news stories to steal user credentials and distribute malware. ? Companies will become more selective about what data they decide to store on their users. Historically, the more data that was stored, the more opportunities there were for future monetisation. However, major data breaches such as we have seen at Yahoo! and OPM have highlighted that storing data can lead to costs that are quite unpredictable. Having significant data can result in your government requesting access through warrants and the equivalent of national security letters. It can also mean that you become the target of determined adversaries and nation states. We have started seeing smaller companies and services, such as Whisper Systems, move towards a model where little data is retained. Over time, my expectation is that larger online services will at least become a little bit more selective in the data they store, and their customers will increasingly expect it of them. ? We will see significant progress in the deployment of TLS in 2017. Let’s Encrypt, the free Certificate Authority, now enables anyone to enable TLS for their website at little cost. In addition, Google’s support for Certificate Transparency will make TLS significantly more secure and robust. With this increased use of encryption, though, will come additional scrutiny by governments, the academic cryptography community, and security researchers. We will see more TLS-related vulnerabilities appear throughout the year, but overall, they will get fixed and the internet will become a safer place as a result. ? I expect that 2017 will also be the year when the security community comes to terms with the fact that machine learning is now a crucial part of our toolkit. Machine learning approaches have already been a critical part of how we deal with spam and malicious software, but they have always been treated with some suspicion in the industry. This year it will become widely accepted that machine learning is a core component of most security tools and implementations. However, there is a risk here as well. As the scale of its use continues to grow, we will have less and less direct insight into the decisions our security algorithms and protocols make. As these new machine learning systems need to learn, rather than be reconfigured, we will see more false positives. This will motivate protocol implementers to “get things right” early and stay close to the specifications to avoid detection by overzealous anomaly detection tools. Source: http://www.itproportal.com/features/2017-predictions-us-isolationism-ddos-data-sharing/

Taken from:
2017 predictions: US isolationism, DDoS, data sharing

Bigger than Mirai: Leet Botnet delivers 650 Gbps DDoS attack with ‘pulverized system files’

Earlier in the year, a huge DDoS attack was launched on Krebs on Security. Analysis showed that the attack pelted servers with 620 Gbps, and there were fears that the release of the Mirai source code used to launch the assault would lead to a rise in large-scale DDoS attacks. Welcome Leet Botnet. In the run-up to Christmas, security firm Imperva managed to fend off a 650 Gbps DDoS attack. But this was nothing to do with Mirai; it is a completely new form of malware, but is described as “just as powerful as the most dangerous one to date”. The concern for 2017 is that “it’s about to get a lot worse”. Clearly proud of the work put into the malware, the creator or creators saw fit to sign it. Analysis of the attack showed that the TCP Options header of the SYN packets used spelled out l33t, hence the Leet Botnet name. The attack itself took place on 21 December, but details of what happened are only just starting to come out. It targeted a number of IP addresses, and Imperva speculates that a single customer was not targeted because of an inability to resolve specific IP addresses due to the company’s proxies. One wave of the attack generated 650 Gbps of traffic — or more than 150 million packets per second. Despite attempting to analyze the attack, Imperva has been unable to determine where it originated from, but the company notes that it used a combination of both small and large payloads to “clog network pipes and bring down network switches”. While the Mirai attacks worked by firing randomly generated strings of characters to generate traffic, in the case of Leet Botnet the malware was accessing local files and using scrambled versions of the compromised content as its payload. Imperva describes the attack as “a mishmash of pulverized system files from thousands upon thousands of compromised devices”. What’s the reason for using this particular method? Besides painting a cool mental image, this attack method serves a practical purpose. Specifically, it makes for an effective obfuscation technique that can be used to produce an unlimited number of extremely randomized payloads. Using these payloads, an offender can circumvent signature-based security systems that mitigate attacks by identifying similarities in the content of network packets. While in this instance Imperva was able to mitigate the attack, the company says that Leet Botnet is “a sign of things to come”. Brace yourself for a messy 2017… Source: http://betanews.com/2016/12/28/leet-botnet-ddos/

View article:
Bigger than Mirai: Leet Botnet delivers 650 Gbps DDoS attack with ‘pulverized system files’

DDoS attacks have gone from a minor nuisance to a possible new form of global warfare

“In principle, most of the denial-of-service attacks we see have no solution,” a security expert, Peter Neumann of SRI International, told the New York Times at the time. “The generic problem is basically unsolvable.” It still is. Twenty years on, DDoS attacks have increased exponentially in size, and vast swathes of the internet remain vulnerable. Experts say the proliferation of new but vulnerable connected devices, such as thermostats and security cameras, as well as the architecture of the internet itself, mean DDoS attacks will be with us for the foreseeable future. And rather than a mere annoyance that takes your favorite websites offline, they are starting to become a serious threat. According to Arbor Networks, an internet monitoring company that also sells DDoS protection, the volume of global DDoS attacks has grown by more than 30 times between 2011 and 2014. The attacks are also getting more intense. A string of them in September and October, which set records in terms of the volume of traffic (in gigabits per second, or Gbps) in each attack, proved that DDoS can overwhelm the internet’s best defenses. Among those they took down or threatened were a hosting service, a domain-name services provider (whose clients, including Twitter and Spotify, thus became inaccessible across entire regions of the US), a major content-delivery network, and the internet’s best-known blogger on security matters, Brian Krebs. These are the most powerful DDoS attacks each year, by Arbor Networks’ count. The September and October attacks are thought to have been carried out using Mirai, a piece of malware that allows hackers to hijack internet-connected devices such as security cameras. These are often sold with weak default passwords that their users don’t bother (or know how) to change. Mirai tracks them down, takes them over, and incorporates them into a “botnet” that launches DDoS attacks as well as finding and infecting other devices. Botnets aren’t new, but Mirai takes them to a new level, argues a recent paper (pdf) from the Institute of Critical Infrastructure Technology (ICIT), a research group. It’s a “development platform” for hackers to customize, the researchers say; the code was made public on a hacker forum, and people are free to innovate and build on it. In the past couple of months it’s thought to have been used to cripple the heating systems of two residential buildings in Finland and the online services of several Russian banks. The researchers speculate that hackers could tailor Mirai to do far bigger damage, such as bringing down a power grid. In September, security expert Bruce Schneier pointed to evidence that a large state actor—China or Russia, most likely—has been testing for weak points in companies that run critical parts of American internet infrastructure. It’s not outlandish to imagine that in the future, DDoS attacks powered by something like Mirai, harnessing the vast quantity of weakly secured internet-connected gadgets, could become part of a new kind of warfare. At the moment, the main defense against a DDoS attack is sheer brute force. This is what hosting companies offer. If a client suffers a DDoS attack, the hosting provider simply assigns more servers to soak up the flood of traffic. But as the latest attacks have shown, the power of botnets is simply growing too fast for even the biggest providers to defend against. There is a fix that would prevent a common type of DDoS attack—a “reflection” attack. This is where a hacker sends messages out to a botnet that seem to come from the target’s IP address (like sending an email with a fake reply-to address), causing the botnet to attack that target. The proposed fix, a security standard known as BCP38, which would make such fake return addressing impossible, has been available for 16 years. If all the ISPs on the internet implemented BCP38 on their routers, the most powerful DDoS attacks would be far more difficult to launch. But the sheer number of networks and ISPs on the internet makes this idea wishful thinking, says Steve Uhlig, of London’s Queen Mary University, who specializes in the internet’s routing protocols.”Remember that the internet is made of more than 50,000 networks,” he says. If the most important and influential networks implement the fix, but the countless smaller operators don’t, DDoS attacks can continue to exploit spoofing. “Larger networks in the [internet core] can and do filter,” he says, “But they reduce the attacks by only a limited amount.” The internet’s decentralized design is what gives it its strength. But it’s also the source of what is rapidly becoming its biggest weakness. Source: http://qz.com/860630/ddos-attacks-have-gone-from-a-minor-nuisance-to-a-possible-new-form-of-global-warfare/

See more here:
DDoS attacks have gone from a minor nuisance to a possible new form of global warfare