Tag Archives: stop ddos attacks

DDoS attacks: Cops cuff 12 British suspects in pre-Xmas clampdown

Nationwide arrests bring in number of alleged repeat offenders—mostly young men. Twelve people—almost all of whom are men under the age of 30—have been arrested in the past week on suspicion of repeatedly performing direct denial of service attacks, in a crackdown spearheaded by the National Crime Agency. Cops working on Operation Vulcanalia targeted more than 60 individuals believed to have paid as little as £4 to use a DDoS suite called Netspoof, resulting in 12 arrests, 30 cease-and-desist notices, 11 suspects having computer equipment seized, and two cautions. The arrests were mostly among alleged repeat offenders, with the aim being to discourage rather than punish first-timers. Netspoof subscription packages cost between £4 and £380, and some customers had paid more than £8,000 “to launch hundreds of attacks”—the specific sites they attacked, however, weren’t revealed by the NCA. Victims were said to include “gaming providers, government departments, Internet hosting companies, schools, and colleges.” The agency said: “Where cybercrime has largely been seen as being committed by hackers with technical skills, stresser services allow amateurs—sometimes motivated by a grudge—to launch attacks easily and with little or no specialist knowledge.” The operation was run nationwide, with the NCA supported by officers working for Regional Organised Crime Units (ROCUs). It was part of a wider push by Europol, named Operation Tarpit, during a “week of action” which was also coordinated with law enforcement agencies in the US and Australia. Senior investigating officer Jo Goodall, who works at the NCA’s National Cyber Crime Unit, said the problem posed by DDoS attacks is “truly global” in scale. “These attacks pose a huge economic cost to the economy. It is not a victimless crime,” she said. “It requires worldwide co-operation which we have seen on this job with the focus on arresting those who won’t change their ways, and trying to prevent those who will from future offending.” A survey by cyber security specialists Kaspersky Lab and researchers B2B International—cited by the NCA—which talked to more than 4,000 small and medium firms and 1,000 large businesses, found that an attack can cost more than £1.3 million for large firms and approximately £84,000 for smaller companies. Europol’s Steven Wilson said: “Many IT enthusiasts get involved in seemingly low-level fringe cyber crime activities from a young age, unaware of the consequences that such crimes carry. “One of the key priorities of law enforcement should be to engage with these young people to prevent them from pursuing a criminal path.” Roughly 30 percent of UK businesses reported a DDoS attack last year, the NCA said. Of the agency’s twelve arrests, only one so far has led to an unnamed, 27-year-old male suspect from Hamilton, Scotland being charged under the Computer Misuse Act. Source: http://arstechnica.co.uk/tech-policy/2016/12/ddos-attacks-cops-cuff-12-british-suspects-pre-xmas-clampdown/

View post:
DDoS attacks: Cops cuff 12 British suspects in pre-Xmas clampdown

New Botnet is Attacking the US West Coast with Huge DDoS Attacks

The developers of this new botnet are inspired by Mirai success. In a blog post by CloudFlare, it has been revealed that the US West Coast is likely to become the target of yet another huge DDoS attack but this time it will be conducted with a different botnet than Mirai that was using during Dyn DNS attack which forced sites like Twitter, Amazon, PayPal etc to go offline for hours. The content delivery network states in the blog post that the company has been observing the overflow of traffic from about two weeks. It seems to be coming from a single source. Seemingly, someone was firstly testing their abilities with a 9-to-5 attack schedule and then the attack pattern was shifted to 24 hours. This new botnet is either equal or superior to the Mirai botnet. After observing the heavy attack traffic that literally peaked at 172MBPS, which means about a million data packets per second or 400 gigabits per second, CloudFlare concluded that the botnet was being turned on and off by some person who was busy with a 9-to-5 job. In the blog post, CloudFare wrote: “The attack started at 1830 UTC and lasted non-stop for almost exactly 8.5 hours, stopping at 0300 UTC. It felt as if an attacker ‘worked’ a day and then went home.” For about a whole week, the same attacker was observed to be sending data packets in huge proportions every day. Then the schedule was abruptly changed since the attacker was working on a 24-hour basis. This hints at the fact that the attacking mechanism was taken over by another, much-organized group. It is worth noting that the attack traffic wasn’t launched via Mirai botnet; the attackers are using a different kind of software with different methods like “”very large L3/L4 floods aimed at the TCP protocol.” The company also noted that the attacks are now focused on locations that are smaller and fall within the jurisdiction of the US West Coast. The revelation arrived soon after the special cyber-security commission of the White House issued recommendations and delivered the paper to the president. In the recommendations, it was urged that effective actions are required to mitigate and/or eliminate threats involving botnets. The report issued by the White House’s Commission on Enhancing National Cyber-security basically highlights the vulnerable nature of cyber-security nowadays with the emergence of sophisticated DDoS attacks methods like Mirai botnet that has been causing havoc lately. The 100-page long report contained recommendations regarding how the US government should tackle this issue. The bottom line was that the issue was much severe than it seems on paper and there is a lot needed to be done as soon as possible or else the situation will go out of hands. The report has identified six imperatives and there are 16 recommendations along with 53 Action Items aimed at countering the threat. The crux of the report and the commission’s research is that the US government and the private sector must collaborate and work closely to devise ways for handling cyber-security related issues and vulnerabilities along with developing programs for handling such problems in future. Source: https://www.hackread.com/new-mirai-like-botnet-ddos-attack/

See more here:
New Botnet is Attacking the US West Coast with Huge DDoS Attacks

Cybercriminals use DDoS as smokescreen for other attacks on business

Distributed Denial of Service (DDoS) attacks are sometimes used by cybercriminals to distract businesses while hackers sneak in through the back door, a survey from Kaspersky Lab and B2B International suggests. Over half of businesses questioned (56%) are confident that DDoS has been used as a smokescreen for other kinds of cybercrime, and of those business respondents, a large majority (87%) reported that they had also been the victim of a targeted attack. The Kaspersky Lab IT Security Risks 2016 study showed that when businesses have suffered from cybercrime, DDoS has often been part of the attack tactics (29%). For example, a worrying quarter (26%) of businesses that have suffered data loss as a result of a targeted attack, named DDoS as one of the contributing vectors. Overall, 56% of business representatives surveyed believed that the DDoS attacks their companies had experienced were a smokescreen or decoy for other criminal activities. Kirill Ilganaev, Head of Kaspersky DDoS Protection, explained why DDoS attacks may appeal to cybercriminals as part of their tactics. He said, “DDoS prevents a company from carrying on its normal activities by putting either public or internal services on hold. This is obviously a real problem to businesses and it is often ‘all hands on deck’ in the IT team, to try and fix the problem quickly, so the business can carry on as before. DDoS can therefore be used not only as an easy way to stop the activity of a company, but also as a decoy to distract IT staff from another intrusion taking place through other channels.” The study found that when DDoS attacks have been used by cybercriminals as a smokescreen, businesses also faced threats such as losses and exploits through mobile devices (81%), the actions of other organizations (78%), phishing scams (75%) and even the malicious activity of internal staff (75%). The majority (87%) were also victims of targeted attacks. Ilganaev continued, “The research shows us that DDoS attacks are often aligned with other threats. Businesses therefore need to be aware of the full threat landscape, and prepared to deal with multiple types of criminal activity at any one time. Failure to do this could increase the collateral damage, on top of already significant losses caused by downtime and the resulting impact on reputation. Businesses need to use a reliable DDoS protection service to reduce the risk of DDoS and help staff concentrate their efforts on protecting the business from any threats that can be hidden as a result.” Source: http://www.networksasia.net/article/cybercriminals-use-ddos-smokescreen-other-attacks-business.1480989900

See original article:
Cybercriminals use DDoS as smokescreen for other attacks on business

New botnet launching daily massive DDoS attacks

CloudFlare spotted a new botnet in the wild which launched massive DDoS attacks aimed at the US West Coast for 10 days in a row. A new monster botnet, which hasn’t been given a name yet, has been spotted in the wild launching massive DDoS attacks. Security experts at CloudFlare said the emerging botnet is not related to Mirai, but it is capable of enormous distributed denial-of-service attacks. If this new botnet is just starting up, it could eventually be as powerful as Mirai. The company has so far spent 10 days fending off DDoS attacks aimed at targets on the US West Coast; the strongest attacks peaked at over 480 gigabits per second (Gbps) and 200 million packets per second (Mpps). CloudFlare first detected the new botnet on November 23; peaking at 400 Gbps and 172 Mpps, the DDoS attack hammered on targets “non-stop for almost exactly 8.5 hours” before the attack ended. CloudFlare’s John Graham-Cumming noted, “It felt as if an attacker ‘worked’ a day and then went home.” The botnet DDoS attacks followed the same pattern the next day, like the attacker was “someone working at a desk job,” except the attacks began 30 minutes earlier. On the third day, the attacks reached over 480 Gbps and 200 Mpps before the attacker decided to knock off a bit early from ‘work.’ Once Thanksgiving, Black Friday and Cyber Monday were over, the attacker changed patterns and started working 24 hours a day. The attacks continued for 10 days; each day the DDoS attacks “were peaking at 400 Gbps and hitting 320 Gbps for hours on end.” That’s not as powerful as the Mirai botnet made up of insecure IoT devices, but this botnet is presumably just getting started. It’s already plenty big enough to bring a site to its knees for hours on end unless it has some decent form of DDoS protection. If it were to be combined with other botnet strains, it might be capable of beating the unprecedented records set by the Mirai attacks. Although CloudFlare never elaborated on what devices the new botnet was abusing for its attacks, the company said it uses different attack software then Mirai. The emerging botnet sends very large Layer 3 and Layer 4 floods aimed at the TCP protocol. Hopefully it’s not using poorly secured internet of things devices as there seems to be an endless supply of IoT devices with pitiful-to-no security waiting to be added to botnets. That’s likely going to get worse, since IoT gadgets are expected to sell in record-breaking numbers this holiday season. It’s just a guess, but it does seem likely that the new botnet is aimed at such devices. CloudFlare posted the new botnet information on Friday, so it is unknown if the attacks have continued since the article was published. Last week, a modified version of the Mirai IoT malware was responsible for creating chaos in Germany and other worldwide locations; the hackers reportedly responsible for attempting to add routers to their botnet apologized for knocking Deutsche Telekom customers offline as it was allegedly not their intention. DDoS attacks may give a blue Christmas to gamers Regarding DDoS attacks, the most recent Akamai State of the Internet/Security Report suggested that gamers might not have the best holiday season. For the past several years, hackers have attacked and sometimes taken down Microsoft’s Xbox and Sony’s PlayStation networks, even Steam, making it impossible for seasoned gamers as well as those who received new gaming platforms for Christmas to enjoy new games and consoles. “Thanksgiving, Christmas, and the holiday season in general have long been characterized by a rise in the threat of DDoS attacks,” the Akamai report stated. “Malicious actors have new tools – IoT botnets – that will almost certainly be used in the coming quarter.” As first pointed out by Network World’s Tim Greene, Akamai added, “It is very likely that malicious actors are now working diligently to understand how they can capture their own huge botnet of IoT devices to create the next largest DDoS ever.” Let’s hope the newly discovered botnet isn’t an example of Akamai’s prediction. Source:http://www.computerworld.com/article/3147081/security/new-botnet-launching-daily-massive-ddos-attacks.html

View article:
New botnet launching daily massive DDoS attacks

WikiLeaks website suffers mysterious outage sparking Rule 41 hacking conspiracy

The website was offline for roughly four hours on 1 December. Whistleblowing website WikiLeaks suffered a mysterious outage on the morning of 1 December for roughly four hours, two days after posting its release of a searchable database of 60,000 emails from US government contractor HBGary. The website reportedly went down at around 4:00am (GMT), with some social media users quickly speculating it was the result of yet another distributed-denial-of-service (DDoS) assault – a form of cyberattack that sends waves of traffic at a web server in order to force it offline. By 9:00am (GMT) the website had fully resurfaced. “WikiLeaks is offline. Page no longer exists?!” one user wrote. Another said: “@WikiLeaks is down right now. Could be DDoS attack.” Meanwhile, a well-known account linked with Anonymous added: “Rule 41 happens and the first thing that goes down? WikiLeaks, of course, is currently unreachable.” Rule 41 is the newly-passed law in the US that permits the FBI and other agencies to conduct hacking-based investigations on multiple computers with a single warrant. Despite the claims of Anonymous, there is nothing to suggest it was related to any problems with WikiLeaks’ website. IBTimes UK contacted WikiLeaks for comment however had received no response at the time of publication. The outage comes after a slew of politically-charged leaks from the Democratic National Committee (DNC) and the personal email inbox of John Podesta, a close aide to Hillary Clinton. In October, Julian Assange, the founder of the organisation, claimed that unknown forces within the “DC establishment” had attempted to disrupt WikiLeaks’ operations via cyberattack after it released a collection of emails from the DNC. “The US DC establishment – which believes that Hillary Clinton will be the winner of the election – tried to find different ways to distract from our publications,” he said at the time, adding: “They started attacking our servers with DDoS attacks and attempted hacking attacks.” Later, on the morning of 7 November, after publishing 8,000 more DNC emails, WikiLeaks issued a series of updates to its four million-strong follower base about yet another attack. It said: “ WikiLeaks.org was down briefly. That’s rare. We’re investigating.” Later, it added: “Our email publication servers are under a targeted DoS attack.” Most recently, Assange renewed his effort to be allowed to exit the Ecuadorian embassy in London after a United Nations (UN) panel reinforced an earlier ruling that he was being arbitrarily detained. The decision came down after an appeal by the UK government. “Now that all appeals are exhausted I expect that the UK and Sweden will comply with their international obligations and set me free,” Assange said in a statement. “It is an obvious and grotesque injustice to detain someone for six years who hasn’t even been charged with an offence.” Source: http://www.ibtimes.co.uk/wikileaks-website-suffers-mysterious-outage-sparking-rule-41-hacking-conspiracy-1594392

Read the article:
WikiLeaks website suffers mysterious outage sparking Rule 41 hacking conspiracy

Why you should have a DDoS defence

Duncan Hughes explains the best methods to use to effectively protect businesses and ensure networks can stand up to a DDoS attack. The latest headlines have shown that distributed denial of service (DDoS) attacks have been growing in both size and complexity. In the last month, two high-profile DDoS attacks reached more than 600 Gbps and 1 Tbps. The most recent attacks have ranked among the largest DDoS attacks on record. The ferocity and frequency of these attacks has suggested that this trend is only set to upsurge in the near future. With the most recent DDoS attack targeting the service provider, rather than a specific website, resulting in Twitter, Netflix, Reddit, Spotify and others being severely affected, it is clear to see how DDoS attackers are increasing their capability. In my opinion, this most recent DDoS incident is a new spin on an old attack, as the bad guys are finding new and innovative ways to cause further discontent. It was an interesting point to see that the bad guys are moving upstream for DDoS attacks on the DNS providers, instead of just on sites or applications. What is also interesting to see is that threat actors are leveraging unsecure Internet of Things (IoT) devices to launch some of these large DDoS attacks. The immediate solution is for manufacturers to eliminate the use of default or easy passwords to access and manage smart or connected devices. That said, consumer adoption will be tricky, but this change is critical for the greater security of all. This response will hinder many of the global botnets that are created and deployed for malicious use. DDoS attacks can impact businesses of all types and sizes. Retail stores, enterprises and service providers can all find themselves at threat of the DDoS crosshairs. According to a recent report commissioned by A10 Networks in its A10 Networks IDG Connect report – everyone is a target, but some types of businesses come under fire more frequently. Entertainment and gambling are targeted the most targetted, with 33 percent of DDoS attacks aimed at that industry, followed by advertising media and web content (28 percent), and traditional and online retail (22 percent). The financial impact of DDoS attacks for businesses can be severe and a recent Ponemon Institute study revealed that between 2011 and 2016, the costs associated with a DDoS attack swelled by 31 percent, with some larger attacks exceeding US$2 million (£1.6 million) due to lost revenue, business disruption and other hard costs. Brand and reputation damage, can also have a lasting effect which cannot be financially measured. The IDG Connect report found the average company suffers 15 DDoS attacks per year (some averaging as many as 25 DDoS attacks annually), and the average attack causes at least 17 hours of disruption, whether that’s downtime, latency, denied customer access or crashes. That’s 255 hours of disruption a year, can businesses afford this level of interruption? I would suggest that the answer is probably not. So to be properly prepared, businesses must brace for the worst-case scenario. The following points below outline four main steps in prevention to ensure networks can stand up to a DDoS attack: Be proactive. Do not wait for a major crash. You may already be experiencing attacks with slowed or blocked customer access, which can result in lost sales or dissatisfied customers. Beware of the “world of denial.” Ask tough questions. What do your customer satisfaction metrics reveal? Do you see indicators of lost sales? What’s the real cost of service restoration? Hope for the best, but prepare for the worst. Invest in sufficient DDoS protection and mitigation solutions early, before a major attack strikes. Defend against all vectors. Consider dedicated multi-vector DDoS protection using in-path mitigation, coupled with integrated threat intelligence, for the best accuracy. Include hybrid protection with a cloud-bursting service as an extra precaution to combat volumetric attacks. Businesses of all sizes need to be able to detect and mitigate DDoS attacks particularly ‘multi-vector’ ones that simultaneously attack the bandwidth, application and network layers. This is all the more important because we have all seen that major DDoS attacks are taking place – and growing exponentially in size. Not only are the implications of this profound but these attacks are leveraging botnets comprising hundreds of thousands of unsecured IoT devices. With industry analysts expecting IoT usage to grow substantially the issue is coming into ever more sharper focus. Referring back to the Ponemon research, some of the main findings really bring to light the extent of the problem. From the research in which over 1000 IT and IT security practitioners in North America and EMEA participated, one of the most frightening takeaways was that organisations are highly concerned that they aren’t able to detect and stop encrypted attacks, but aren’t sure where to start or how best to defend their business. Clearly a lot needs to be done within the industry to protect against cyber-security threats. The one key thing that should be reflected from this is to not let your network remain unprotected against such attacks that are noticeably increasing and could end up being more costly for your business in the long run. Source: http://www.scmagazineuk.com/why-you-should-have-a-ddos-defence/article/570782

View post:
Why you should have a DDoS defence

Could a DDoS wipe out Black Friday online sales?

Don’t miss out on Black Friday sales: why retailers must prepare for DDoS threat to online shopping. The recent spate of Distributed Denial of Service (DDoS) attacks should be a call to action for online retailers to prepare their defences in the run-up to Black Friday. DDoS attacks flood a target website with redundant traffic and take it offline. This is bad news for any company with an online presence; it can damage the company’s image in the eyes of potential customers if they attempt to access support services, for example, and find that the site is not operational. But with retail, the threat is an existential one and in the case of Black Friday could make the difference between success and bankruptcy. An example of an existential DDoS was seen earlier this month when the website of bookmaker William Hill was attacked and taken offline for around 24 hours. The threat is not new to the betting industry; in 2004, the online betting industry was hit with DDoS attacks during the Cheltenham horse races. The technical team for the website worked tirelessly to restore service, but estimates of the company’s losses are in the millions of pounds. These seem significant, but one can only imagine the losses on a peak day (not to denigrate the importance of the KAA Gent vs Shakhtar Donetsk fixture that took place during the attack). Imagine if attackers had hit the betting site during a major tournament such as the World Cup or the Olympics. Black Friday is perhaps the retail equivalent of the World Cup. In 2015, consumers in the UK spent £3.3 billion during the Black Friday and Cyber Monday weekend. According to Rubikloud, a machine intelligence platform for enterprise retailers which analysed Black Friday sales in 2015, retailers acquire 40 percent more customers on Black Friday than the average shopping day. In this context, a DDoS could be lethal to a vendor. As Martin McKeay, Akamai’s Senior Security Advocate, says, “if retailers have a DDoS hit it could mean the difference between making or failing to make their figures for the year.” The Akamai Q3 2016 State of the Internet/Security report found that DDoS capacities are increasing. In the quarter Akamai found a 58 percent year-on-year increase in attacks of over 100 Gbps. Even without a DDoS, the traffic increase to a site will be huge anyway and the chances of a website crashing are there. Analysis by cloud and CDN provider Tibus suggests that websites including those of Boots, Boohoo, John Lewis and Argos suffered service outages during last year’s Black Friday. So what is to be done if retailers are to protect the November cash cow? The first step is to evaluate what a DDoS would do to an organisation, says McKeay. “Understand your exposure and what it will cost you. If you are a merchant you can’t take the chance of being knocked offline.” Visibility is the key foundation for DDoS mitigation. Having a view of the actual volume of traffic hitting your site allows decisions to be made on policy. In terms of the architecture of a DDoS prevention solution, there are three lines of defence: the basic mitigation in network equipment, dedicated customer premises equipment (CPE) devices and finally, cloud integration. A DDoS mitigation provider will be all too happy to talk a customer through the technological aspects of DDoS mitigation, but there are also important management decisions to be made. Crucially, think about the outcome you want. “Is it better for most of the people to have some service or all of them to have none? It’s about keeping the service available, because their goal is to not have it available,” Steve Mulhearn, Fortinet’s Director of Enhanced Technologies UKI & DACH, told CBR in a recent interview. Nowhere is that more true than in retail, where a vast array of factors come into play when a customer is making a transaction. Research, including a study by Baymard in July 2016, continues to show low conversion rates for online shopping: sometimes languishing around the 25 percent mark. Retailers will need to use their own data and experience of their own site to learn how to allocate resources. For example, focus on keeping online the parts of the site enabling the actual transaction rather than auxiliary services. Black Friday should be an opportunity for retailers, not a threat – which is why a DDoS prevention strategy should be on every online vendor’s shopping list. Source: http://www.cbronline.com/news/cybersecurity/breaches/ddos-wipe-black-friday-online-sales/

Visit link:
Could a DDoS wipe out Black Friday online sales?

5 major Russian banks repel massive DDoS attack

At least five Russian major banks came under a continuous hacker attack, although online client services were not disrupted. The attack came from a wide-scale botnet involving at least 24,000 computers, located in 30 countries. The attack began Tuesday afternoon, and continued for two days straight, according to a source close to Russia’s Central Bank quoted by RIA Novosti. Sberbank confirmed the DDoS attack on its online services. “The attacks are conducted from botnets, consisting of tens of thousands computers, which are located in tens of countries,” Sberbank’s press service told RIA. The initial attack was rather massive and its power intensified over the course of the day. “We registered a first attack early in the morning … the next attack in the evening involved several waves, each of them was twice as powerful as the previous one. Bank’s cybersecurity noticed and located the attack in time. There have been no problems in client online services,” Sberbank representative said. Alfabank has also confirmed the fact of the attack, but called it a “weak” one. “There was an attack, but it was relatively weak. It did not affect Alfabank’s business systems in any way,” the bank told RIA Novosti. According to Russian computer security company Kaspersky Lab, more than a half of the botnet devices were situated in the US, India, Taiwan and Israel, while the attack came from 30 countries. Each wave of attack lasted for at least one hour, while the longest one went on for 12 hours straight. The power of the attacks peaked at 660 thousands of requests per second. Some of the banks were attacked repeatedly. “Such attacks are complex, and almost cannot be repelled by standard means used by internet providers,” the news agency quoted Kaspersky Lab’s statement as saying. According to a source in Central Bank, the botnet behind the attack consists not only of computers, but also of the so-called Internet of Things (IoT) devices. Computer security experts note, that various devices ranging from CCTV cameras to microwaves, are prone to hacking and pose a significant threat when assembled into a botnet. Owners of such devices underestimate the risks and often do not even bother to change a default password. A massive botnet, able to send more than 1.5Tbps and consisting of almost 150 thousands of CCTV cameras has been reportedly uncovered in September. According to Kaspersky Lab, it was the first massive attack on Russian banks this year. The previous attack of such a scale came in October 2015, when eight major banks were affected. Source: https://www.rt.com/news/366172-russian-banks-ddos-attack/

Gartner: Despite the DDoS attacks, don’t give up on Dyn or DNS service providers

Enterprises going it alone against such an attack ‘would have been toast The DDoS attacks that flooded Dyn last month and knocked some high-profile Web sites offline don’t mean businesses should abandon it or other DNS service providers, Gartner says. In fact, the best way to go is to make sure critical Web sites are backed by more than one DNS provider, says Gartner analyst Bob Gill. It’s also the easiest way for an enterprise to defend against this type of attack and the only one known to be effective . “There’s nothing more elegant anyone has come up with in the intervening week,” he says. The high-volume, high-velocity attack was based largely on a botnet backed by Mirai malware that finds and infects internet of things devices that are virtually defenseless against it. It has proven capable of DDoS traffic of 1Tbps or more and the source code has been made public, so experts say it’s certain there will be more such attacks. Before the Dyn attacks, DNS services were considered vastly more reliable in-house DNS, and it still should be, Gill says. “If an enterprise had been hit with the volume Dyn was they would have been toast,” Gill says. He says he has been briefed by Dyn about the Oct. 21-22 attacks, most of which he can’t discuss publicly. But he says those Dyn customers that recovered quickly were those who dual-sourced their DNS service. “A significant number of Dyn customers popped back up after 10 to 15 minutes,” he says, and likely they were the ones with more than one DNS provider. Downsides of multiple providers is they represent an extra expense and not all providers offer exactly similar features such as telemetry, local-based routing and fault tolerance. So switching from one to another in an emergency might be complicated and might mean winding up with a different set of features. Coordinating multiple providers is an added headache. If cost is a concern, businesses could use a DNS provider like Amazon Web Service’s Route 53 that is inexpensive, relatively easy to set up and pay-as-you-go, he says. Gill says the motivation for the attack is hard to know. Dyn was a very attractive target for many possible reasons. It had advertised its security, and that might have been considered a reason for a glory-seeking attacker to go after it and take it down. A Dyn researcher delivered a paper on the links between DDoS mitigation firms and DDoS attacks the day before Dyn was hit, so perhaps the attack was revenge. Dyn has many high-profile customers, so perhaps the real target was one of them. It’s impossible to know for sure what the motive was. Gill says Dyn has learned a great deal about how to successfully mitigate this new class of attack. In general, after such incidents, providers ally themselves with other providers to help identify and block malicious traffic at the edges between their networks. Attacks may result in identifying new profiles of attack traffic that make it easier to sort out bad from good in future incidents. Source: http://www.networkworld.com/article/3137456/security/gartner-despite-the-ddos-attacks-don-t-give-up-on-dyn-or-dns-service-providers.html

Original post:
Gartner: Despite the DDoS attacks, don’t give up on Dyn or DNS service providers

Number of DDoS attacks down but speed and size increases

The number of DDoS attacks fell more than 40 percent to 97,700 attacks in the second quarter of 2016 according to the latest threat report from DDoS security service Nexusguard. The report reveals there was a sharp dip in distributed reflection denial of service (DrDoS) attacks, with DNS-based attacks falling 97 percent compared to the previous quarter. However, recent DDoS attacks on cybercrime journalist Brian Krebs and OVH, a French internet hosting provider, broke records for speed and size. Nexusguard researchers put the drop in reflection attacks and the success of these massive attacks to hackers favoring Mirai-style botnets of hijacked connected devices, demonstrating the power the Internet of Things has to threaten major organizations. With increasing pressure on hosting and internet service providers to fend off fierce attacks against customers, Nexusguard analysts advise organizations to ensure they use signature-based detection to quickly identify and thwart botnets. “Few service providers can sustain the level of malicious traffic we saw in Q3 from IoT botnets, so these DDoS outages are causing companies to completely rethink their cybersecurity strategies,” says Terrence Gareau, chief scientist for Nexusguard. “Hackers’ preferences for botnets over reflection attacks are typical of cyclical behavior, where attackers will switch to methods that have fallen out of popularity to test security teams with unexpected vectors”. The attack on OVH put France in the top three countries targeted by DDoS attacks. While DDoS attacks fell in average frequency during Q3, Nexusguard researchers predict the attention from recent botnet attacks will cause companies to strengthen their cybersecurity and rethink their service provider contracts to deliver support and ensure business continuity despite supersized attacks. You can find out more about the findings in the full report available from the Nexusguard website. Source: http://betanews.com/2016/11/01/ddos-speed-size-increase/

Read the original:
Number of DDoS attacks down but speed and size increases