Tag Archives: stop-ddos

Canada one of sources for destructive IoT botnet

Canada is among the countries that have been stung by a mysterious botnet infecting Internet-connected devices using the Linux and BusyBox operating systems that essentially trashes the hardware, according to a security vendor. Called a Permanent Denial of Service attack (PDoS) – also called “plashing” by some – the attack exploits security flaws or misconfiguration and goes on to destroy device firmware and/or basic functions of a system, Radware said in a blog released last week. The first of two versions has rendered IoT devices affected into bricks, which presumably is why the attack has been dubbed the BrickerBot. A second version goes after IoT devices and Linux servers. “Over a four-day period, Radware’s honeypot recorded 1,895 PDoS attempts performed from several locations around the world,” the company said in the blog. “Its sole purpose was to compromise IoT devices and corrupt their storage.” After accessing a device by brute force attacks on the Telnet login, the malware issues a series of Linux commands that will lead to corrupted storage, followed by commands to disrupt Internet connectivity, device performance, and the wiping of all files on the device. Vulnerable devices have their Telnet port open. Devices tricked into spreading the attack — mainly equipment from Ubiquiti Networks Inc. including wireless access points and bridges with beam directivity — ran an older version of the Dropbear secure shell (SSH) server. Radware estimates there are over 20 million devices with Dropbear connected to the Internet now which could be leveraged for attacks. Targets include digital video cameras and recorders, which have also been victimized by the Mirai or similar IoT botnets. According to Radware, the PDoS attempts it detected came from a limited number of IP addresses in Argentina, the U.S., Canada, Russia, Iran, India, South Africa and other countries. Two versions of the bot were found starting March 20: Version one, which was short-lived and aimed at BusyBox devices, and version two, which continues and has a wider number of targets. While the IP addresses of servers used to launch the first attack can be mapped, the more random addresses of servers used in the second attack have been obscured by Tor egress nodes. The second version is not only going after IoT devices but also Unix and Linux servers by adding new commands. What makes this botnet mysterious is that it wipes out devices, rather than try to assemble them into a large dagger that can knock out web sites – like Mirai. “BrickerBot 2 is still ongoing,” Pascal Geenens, a Radware security evangelist based in Belgium, said in a phone interview this morning. “We still don’t have an idea who it is because it’s still hiding behind the Tor network.” “We still have a lot of questions like where was it originating from, what is the motivation? One of them could be someone who’s angry at IoT manufacturers for not solving that [security] problem, maybe somebody who suffered a DDoS attack and wants to get back at manufacturers by bricking the devices. That way it solves the IoT problem and gets back at manufacturers. “Another idea that I have is maybe its a hacker that is running Windows-based botnets, which are more costly to maintain.” It’s easy to inspect and compromise an IoT device through a Telnet command, he explained, so IoT botnet are easy to assemble. That lowers the cost for a botnet-for-hire. By comparison Windows devices have to be compromised through phishing campaigns that trick end users into downloading binaries that evade anti-virus software. It’s complex. So Geenens wonders if a hacker’s goal here is to get into IoT botnets and destroy the devices, which then raises the value of his Windows botnet. Another theory is the attacker is searching for Linux-based honeypots — traps set by infosec pros — with default passwords. He also pointed out Unix or Linux-based servers with default credentials are vulnerable to the BrickerBot 2 attack. However, he added, there wouldn’t be many of those because during installation process Linux ask for creation of a root password, so there isn’t a default credential. The exception, he added, is a pre-installed image downloaded from the Internet. Administrators who have these devices on their networks are urged to change factory default credentials and disable Telnet access. Network and user behavior analysis can detect anomalies in traffic, says Radware. Source: http://www.itworldcanada.com/article/canada-one-of-sources-for-destructive-iot-botnet/392242

Read the original:
Canada one of sources for destructive IoT botnet

Identifying the three steps of DDoS mitigation

It’s not a matter of if you’re going to be DDoS attacked, it’s a matter of when – many APAC organisations fail to understand the threat and quantify the risk – right-sizing and verifying the solution is a must. When an attack occurs, the mature organisation is prepared to effectively mitigate the attack – protecting themselves (and in turn their clients and partners) from unacceptable financial and reputational impact. Let us look at these three steps, understand, quantify and mitigate, in detail. 1.Understand the threat The threat imposed by DDoS attacks in APAC is more significant than global counterparts. A recent Neustar survey showed that 77 percent of organisations within APAC have been attacked at least once, compared to 73 percent globally. Organisations within the region are also getting attacked more frequently, with 83 percent of those attacked being attacked more than once, and 45 percent having been attacked more than six times. In addition, attack sizes are steadily growing. In 2015, the average attack size identified by Neustar was about 5GB per second. By September 2016, average attack sizes had reached up to 7GB per second – and this was prior to the Mirai driven – IoT fuelled attacks – like those on Krebs, OVH and Dyn. Given this, we should expect a considerable rise in the mean size of volumetric attacks during 2017. We’ve also seen a steady increase in the number of multi-vector attacks – which now equates to about 50 percent of all DDoS attacks. In a multi-vector attack – the criminals are potentially aiming to distract an organisation with the DDoS attack while they go after their main target. They use the DDoS attack to draw away the organisations defensive capacity while they plant ransomware, breach the network or steal valuable data. Within APAC, compared to the global average of 25 percent, network breaches associated with a multi-vector attack is sitting at 33 percent, according to Neustar’s own data. This begs the question, are APAC organisations deficient when it comes to perimeter protection? When dealing with an attack, speed is critical. But surprisingly, within APAC, on average almost half of all organisations take over three hours to detect an attack and an additional three hours to respond. This is significantly higher than the global average of 29 percent and 28 percent respectively. Worryingly, slow detection and response can lead to huge damages financially. Around half of all organisations stand to lose an average of $100,000 per hour of peak downtime during an attack. To exacerbate this, half the attacked organisations were notified of the attack by a third party, inflicting additional potential reputational damage. 2.Quantify the risk If a person goes to insure their car, they’re not going to over or underinsure it. That is, they’re not going to pay a premium associated with a higher value car – if the car gets written-off, they’re only going to get the value of the car, not the extra value associated with the premium. Alternatively, if they are underinsured, they’re not going to get back the full value of the car – they will need to pay an additional amount to replace the car. When looking at a DDoS environment, it is a similar scenario. An organisation will want to make sure it understands the level of risk and apply the right mitigation and the right cost to protect that risk. Paying the cost for a DDoS mitigation that exceeds their requirements is like over insuring the car – you are paying a premium for a service that does not match your level of risk/potential loss. Similarly, implementing a DDoS mitigation that does not cover the risk will likely lead to additional costs, resulting from greater organisational impact and additional emergency response activities. Risk management is critical – rightsizing is a must – organisations need to prepare and implement a sound mitigation plan. To understand the severity of the risk DDoS imposes, organisations must quantify both probability and impact – tangible and intangible – and know the risk appetite and technical environment of the organisation. Once this information is gathered and the severity of the risk is understood, there are three key critical elements of producing a good mitigation plan that must be enacted: detection, response and rehearsal. 3.Mitigate the attack Detection; Timely detection is critical – slow detection greatly increases potential financial and reputational loss, and allows the attackers valuable time to initiate other attack vectors. Fortunately, there are several technologies out there that can be used to monitor both the physical and cloud-based environment. For example, organisations can use Netflow monitoring on border routers to detect a volumetric attack, or provide this data to a third-party for analysis and detection. Organisations can also look at using appliances to conduct automatic detection and response, again managed internally or by a third-party. In a cloud environment, there are plenty of cloud monitoring tools out there that allow companies to identify degradation and performance, CPU utilisation and latency, giving them an indication of when an attack occurs. Response; There are many DDoS mitigation solutions available, allowing organisations to match the solution to their requirements. In selecting a mitigation solution, it is important to review a complete range of options, and align the selected solution to the organisation’s risk exposure and technology infrastructure. For example an organisation operating in the cloud with a moderate risk exposure, might opt for a cloud based solution, pay-on-occurrence model. While a financial services company, operating its own infrastructure and exposed to substantial financial and reputational risk, would look for a hybrid solution, providing the best time to mitigate, low latency and near immediate failover to cloud mitigation for large volumetric attacks. Rehearsing; Once a DDoS mitigation service is selected and implemented, the detection and mitigation plan must be document and verified through testing. The frequency of testing a mitigation plan should be dependent on the level of risk. If in a high-risk environment, a business might want to rehearse monthly or quarterly. In a lower-risk environment, the organisation might stretch it out to yearly or biannually. By understanding the threat, quantifying the risk to the organisation and implementing a right-sized mitigation solution organisations can effectively and efficiently mitigate the risk of DDoS attacks. A well implemented and tested plan will protect an organisation from both financial and reputational damage, discouraging attackers, leading the wolf from your door, leaving them hunting for a softer target. Source: http://www.cso.com.au/article/617417/identifying-three-steps-ddos-mitigation/

Read the original post:
Identifying the three steps of DDoS mitigation

Identifying the three steps of DDoS mitigation

Read the original post:
Identifying the three steps of DDoS mitigation

#OpIsrael: Anonymous hackers poised to execute ‘electronic holocaust’ cyberattacks against Israel

Hacktivists pledge to take government, military and business websites offline in annual attacks. Since 2013, hackers and internet activists affiliated with the notorious Anonymous collective have targeted digital services as part of #OpIsrael, a campaign designed to take down the websites of government, military and financial services in the country. Taking place annually on 7 April, it first started in 2013 to coincide with a Holocaust memorial service. Anonymous-linked hackers take to Twitter and YouTube to tout their cybercrime plans – which includes defacements and distributed denial of service (DDoS) attacks as a retaliation against Israel’s treatment of the Palestinians. On PasteBin, a list of targets for the 2017 series of attacks has been posted, naming potential victims as the government and parliament websites. In one YouTube video, links to alleged DDoS tools had been posted. These have the ability to send surges of malicious traffic at a website domain to take it offline. “We are coming back to punish you again for your crimes in the Palestinian territories as we do every year,” a statement being circulated by Anonymous-linked accounts online pledged. The statement said the hackers’ plan is to take down servers and the websites of the government, military, banks and unspecified public institutions. “We’ll erase you from cyberspace as we have every year,” it added, continuing: “[It] will be an electronic holocaust. “Elite cyber-squadrons from around the world will decide to unite in solidarity with the Palestinian people, against Israel, as one entity to disrupt and erase Israel from cyberspace. “To the government, as we always say, expect us.” Far from being shocked at the news of the attacks, both cybersecurity experts and government officials have brushed off the aggressive rhetoric from the hacking group. It is not believed that past attacks have caused any physical damage other than website outages. Dudu Mimran, a chief technology officer at Ben-Gurion University, told The Jerusalem Post on 5 April that the attacks may actually be used as “training” for the Israelis. “From a training perspective there is always a learning lessons from this kind of event,” he said. Mimran claimed the biggest threat that may come from #OpIsrael is that it keeps government and business officials distracted from other – potentially more serious attacks. “When it makes everyone busy it gives slack to more serious attackers,” he said. Nevertheless, he added that “Israel and many other Western countries – but Israel in particular – are always under attack and ultimately concluded: “It does not elevate any serious threat on Israel.” On the morning of 7 April, Anonymous tweets mounted. “#OpIsrael has begun,” one claimed. Anonymous has been linked to numerous cyberattacks in recent years, launching campaigns on targets including US president Donald Trump, the government of Thailand and Arms supplier Armscor. The group has no known leadership and remains a loose collective of hackers. Source: http://www.ibtimes.co.uk/opisrael-anonymous-hackers-poised-execute-electronic-holocaust-cyberattacks-against-israel-1615926

View post:
#OpIsrael: Anonymous hackers poised to execute ‘electronic holocaust’ cyberattacks against Israel

Recognizing the New Face of Cyber-Security

Threats, risks and dangers related to cyber-security are changing. CIOs must respond with a well-defined strategy and the right mix of processes and tools. Over the past few years, digital technologies have rippled through the business world and unleashed unprecedented innovation and disruption. Yet today’s technology framework also has put businesses in the crosshairs and created new levels of risk. No longer are cyber-threats thwarted by clearly defined perimeters such as firewalls. No longer are malware and cyber-attacks blocked by traditional security tools designed to identify specific viruses and code. “It’s an entirely different landscape,” observes Oswin Deally, vice president of cyber-security at consulting firm Capgemini. To be sure, mobility, clouds, the internet of things (IoT) and the increasingly interconnected nature of business and IT systems have radically changed the stakes. There’s a growing need for security transformation. Yet, at the same time, attacks are becoming more insidious and sophisticated. Phishing, spear-phishing, whaling, ransomware, hacking, hacktivism and corporate espionage are now mainstream problems. Data breaches and DDoS attacks are a daily concern. “Cyber-security has moved from a compliance and regulatory topic to front-page headline news,” says Dan Logan, director of enterprise and security architecture for Tata Consultancy Services (TCS). No Space Is Safe The scope of today’s cyber-security challenge is mind-boggling. Gartner predicts that more than 8.4 billion IoT devices will be used in 2017, and the number will swell to more than 20 billion by 2020. Meanwhile, 74 percent of organizations now store some, if not all, sensitive data in the public cloud, according to a February 2017 Intel Security study. Not surprisingly, the stakes are growing, and achieving digital transformation while ensuring security is not a simple task. An October 2016 Ponemon Institute study found that the average cost of cyber-crime to a large organization in the United States rose to more than $17 million in 2016. An interconnected world with intertwined data means that threats can come from anywhere at any time. Business disruption, information loss, a diminished brand image and revenue, and damage to equipment are constant risks. Nevertheless, organizations are struggling to keep up. Ponemon points out that only 39 percent of companies deploy advanced backup and recovery operations, though it reduces the average cost of cyber-crime by nearly $2 million. Similarly, only 28 percent of companies have a formal information governance program, though this typically reduces the cost of cyber-crime by nearly $1 million. Capgemini’s Deally says that a starting point for dealing with today’s threat landscape is to recognize that there are two primary areas to focus on: business-driven events and threat-driven events. The former revolves around things like digital commerce, innovation, intellectual property, products and supply chains that present targets and create risks for the enterprise. The latter encompasses attack methods and vectors, including email, mobile devices, the IoT, and other systems and software. “It is becoming more and more of a borderless world where the devices that drive productivity also represent risk,” he points out. CIOs and other enterprise leaders must understand business and technology intersection points and how they introduce risks at various levels—from application security to APIs and network design to clouds. It’s also important to clearly understand business and data assets and identify priorities in terms of value, sensitivity and risk. Not all data is created equal and not all systems require equal protection. This approach, when layered over specific industry risks, begins to deliver some clarity about how and where to focus a cyber-security strategy and select the right protections and processes. o be sure, cyber-security must take a multilayered approach, and it must focus on defense-in-depth. One of today’s challenges is that intruders may gain entry to a network through a vulnerability or breach and worm their way through systems and files over a period of weeks, months or years. These advanced persistent threats (APTs) use multiple tools, technologies and methods to take intrusions to a deeper and more dangerous level. In some cases, the intruders may never make their presence known. They simply pull information—everything from employee or customer data to intellectual property—to perpetuate attacks that monetize their efforts. Secure Horizons CIOs and other enterprise leaders must ultimately focus on strategies that rely on multiple tools, technologies and methods to address the problem on several fronts. This may include everything from reviewing privileges and reexamining authentication methods to analyzing coding practices and reviewing the way encryption is used for data at rest and in transit. It could also address everything from vendor relationships to coding practices. For example, as organizations migrate to DevOps, it’s possible to use automated code scanning to detect vulnerabilities before software goes live. In addition, emerging cyber-security tools use artificial intelligence (AI), machine learning or deep learning, along with analytics, to detect unusual behavior and patterns. If an employee logs in at an unusual time from an unknown device or IP address, the system may require re-authentication. However, TCS’ Logan also stresses the urgency of employee education and training. Many of today’s breaches are caused by inattentive employees, sometimes even those in the C-suite, who click a link and infect a system with malware, including ransomware. In other cases, employees circumvent policies because they interfere with their work, or they turn to shadow IT and rogue applications to complete work easier or faster. “Ongoing employee education about phishing—and the use of anti-phishing campaigns that send test emails to users and then respond to clicks with just-in-time education—is an effective addition to employee security awareness efforts,” Logan says. Likewise, intelligence sharing services can help organizations identify new risks quickly. In the end, Logan says that a simple mnemonic is useful for security transformation: ARM. This translates to assess, remediate and monitor. Best-practice organizations embed cyber-security into the foundation of day-to-day IT operations. They have robust backup and recovery systems in place to guard against ransomware and other problems. They handle basic blocking and tackling but also examine how more advanced tools, technologies and practices can boost protection. To be sure, the road to security transformation is long and winding. “A world-class organization must excel at the basics of identity management, vulnerability management, configuration management, incident management, incident response, backup and recovery,” Logan explains. Capgemini’s Deally adds: “From a CIO’s perspective, it’s essential to look at what are you doing from a business perspective and build security protections from there. The most important question—and the one to work backward from in every case—is, ‘How can I best mitigate risk?’ Source: http://www.cioinsight.com/security/recognizing-the-new-face-of-cyber-security.html

Korean foreign ministry gets several DDoS attacks from China

The website of South Korea’s Ministry of Foreign Affairs has come under several cyberattacks originating from China but little damage has been reported so far, the ministry said Tuesday. “Several on-and-off DDoS attack attempts originating from China have taken place on websites including that of the Ministry of Foreign Affairs,” ministry spokesman Cho June-hyuck said in a press briefing. Defensive measures were immediately taken against the cyberattacks and no damage has been sustained, he said. The latest hacking attempts came as bilateral tensions remain high over the deployment of a US missile defense system in South Korea. Since the attempts, the foreign ministry has launched a special response team and distributed a response manual among the South Korean diplomatic missions in China, the spokesman noted. The spokesman did not elaborate on exactly who is behind the DDoS, or distributed denial of service, attacks, but they are the latest in a recent series of Chinese retaliations on South Korean industries and entities. A month earlier, the Chinese-language website of South Korean retail giant Lotte as well as its duty-free branch’s Chinese and Japanese-language websites sustained similar DDoS assaults, incurring heavy revenue losses. The attacks came as China stepped up its retaliatory actions over Seoul’s on-going deployment of the US missile interception system, Terminal High Altitude Area Defense. China vehemently protests the deployment which it said would compromise its security interests. “Our government pays attention to the Chinese government’s (past) expression of its consistent stance that it opposes any kind of cyberattack,” the ministry spokesman noted. “The government is expecting that (China) will continuously take responsible steps in accordance with the stance.” South Korea has also recently lodged a protest with the Chinese government after South Korean national flags were found destroyed in China, Cho said. “A national flag is a symbol of a nation’s dignity and the government takes very seriously the cases of destroyed Taegeukgi that took place in certain Chinese areas,” he said. “The government has officially lodged complaints with China on many occasions and demanded China take steps to address them immediately.” “In any case, the people-to-people exchange which is the foundation of the bilateral relationship should come under a man-made obstacle,” the spokesman said, adding that the South Korean government is trying to proactively react to China’s unjust measures in order to minimize any impact on South Korean companies. Referring to a media report alleging North Korean involvement in hacking attempts at a Poland bank and other international financial institutions, Cho also said that North Korea is likely to be using illegal cyber activities for a source of foreign currency earnings. “Given the international community’s concerns over the possibility that illegal income could be used for the development of weapons of mass destruction, North Korean cyber threats are emerging as new international threats along with its nuclear, missile and WMD threats.” (Yonhap) Source: http://www.koreaherald.com/view.php?ud=20170328000862

Follow this link:
Korean foreign ministry gets several DDoS attacks from China

A DDoS attack is cheaper than a pack of doughnuts

Cybercriminals organising DDoS attacks are making a profit of around $18 per hour, says Kaspersky. Do you know how much it costs to hire hackers for a DDoS attack? I’m asking for a friend. Anyway, Kaspersky Lab seems to know the answer as its researchers have spent some time looking into DDoS-as-a-service websites, and have come up with some numbers. As it turns out, it’s can be pretty cheap to have a website DDoSed, even though that could mean losses for the victim, in millions. It seems as hackers are undervaluing their services, yet again. In a press release, Kaspersky Lab said a DDoS attack can cost “anything from $5 for a 300-second attack, to $400 for 24 hours”. The average price for an attack is approximately $25 an hour. Using a cloud-based botnet of 1,000 desktops will set you back roughly $7 per hour. “That means the cybercriminals organising DDoS attacks are making a profit of around $18 per hour.” http://www.itproportal.com/news/a-ddos-attack-is-cheaper-than-a-pack-of-doughnuts/The definitive price is determined by a couple of factors. First, what type of devices are being used. An IoT-botnet is cheaper than a server-botnet. The type of site that needs to be attacked can also be a factor. Government sites, or those with dedicated DDoS protection, will be more expensive. “We expect the profitability of DDoS attacks to continue to grow. As a result, will see them increasingly used to extort, disrupt and mask other more intrusive attacks on businesses,” commented says Russ Madley, Head of B2B at Kaspersky Lab UK. “Worryingly, small and medium sized businesses are not confident in their knowledge of how to combat these threats effectively. The longest DDoS attack in 2016 lasted 292 hours according to Kaspersky Lab’s research, or about 12 days. Most online businesses can ill-afford to have their ‘doors closed’ for even an hour, let alone for 292 hours, as criminals take advantage of their poor defences. Companies that host these online sites are also under attack on a daily basis. The channel has a significant opportunity with our help to identify risks, provide strategic advice and deliver the right solutions to customers to prevent damaging DDoS attacks.” Source: http://www.itproportal.com/news/a-ddos-attack-is-cheaper-than-a-pack-of-doughnuts/

Original post:
A DDoS attack is cheaper than a pack of doughnuts

Criminal benefits: profit margin of a DDoS attack can reach 95%

Kaspersky Lab’s researchers have discovered the full extent of the profit margins benefiting criminals from DDoS services that are available on the black market. Kaspersky Lab’s experts have studied the DDoS services available on the black market and determined just how far this illegal business has advanced, as well as the extent of its popularity and profitability. The worrying news is that arranging an attack costs as little as $7 an hour, while the targeted company can end up losing thousands, if not millions, of dollars. The level of service involved when arranging a DDoS attack on the black market is not very different from that of a legal business. The only difference is that there’s no direct contact between the provider and the customer. The ‘service providers’ offer a convenient site where customers, after registering, can select the service they need, pay for it, and receive a report about the attacks. In some cases, there is even a customer loyalty program, with clients receiving rewards or bonus points for each attack. There are a number of factors that affect the cost for the customer. One is the type of attack and its source: for example, a botnet made up of popular IoT devices is cheaper than a botnet of servers. However, not all those providing attack services are ready to specify such details. Another factor is the duration of the attack (measured in seconds, hours and days), and the client’s location. DDoS attacks on English-language websites, for example, are usually more expensive than similar attacks on Russian-language sites. Another big factor affecting the cost is the type of victim. Attacks on government websites and resources protected by dedicated anti-DDoS solutions are much more expensive, as the former are high risk, while the latter are more difficult to attack. For instance, on one DDoS-as-a-service website, the cost of an attack on an unprotected website ranges from $50 to $100, while an attack on a protected site costs $400 or more. It means a DDoS attack can cost anything from $5 for a 300-second attack, to $400 for 24 hours. The average price for an attack is around $25 per hour. Kaspersky Lab’s experts were also able to calculate that an attack using a cloud-based botnet of 1000 desktops is likely to cost the providers about $7 per hour. That means the cybercriminals organising DDoS attacks are making a profit of around $18 per hour. There is, however, yet another scenario that offers greater profitability for cybercriminals – it involves the attackers demanding a ransom from a target in return for not launching a DDoS attack, or to call off an ongoing attack. The ransom can be the bitcoin equivalent of thousands of dollars, meaning the profitability of a single attack can exceed 95 per cent. In fact, those carrying out the blackmail don’t even need to have the resources to launch an attack – sometimes the mere threat is enough. “We expect the profitability of DDoS attacks to continue to grow. As a result, will see them increasingly used to extort, disrupt and mask other more intrusive attacks on businesses. Worryingly, small and medium sized businesses are not confident in their knowledge of how to combat these threats effectively. The longest DDoS attack in 2016 lasted 292 hours according to Kaspersky Lab’s research, or about 12 days,” said says Russ Madley, head of B2B at Kaspersky Lab UK. “Most online businesses can ill-afford to have their ‘doors closed’ for even an hour, let alone for 292 hours, as criminals take advantage of their poor defences. Companies that host these online sites are also under attack on a daily basis. The channel has a significant opportunity with our help to identify risks, provide strategic advice and deliver the right solutions to customers to prevent damaging DDoS attacks.” Interestingly, some cybercriminals have no scruples about selling DDoS attacks alongside protection from them. Kaspersky Lab’s experts, however, do not recommend using criminal services. Source: http://www.information-age.com/connected-cities-suffer-catastrophic-blackouts-123465253/

Taken from:
Criminal benefits: profit margin of a DDoS attack can reach 95%

The Short List of Who Protects Companies Against DDoS Attacks

Here’s a question: when was the last time you got something truly useful for free? Like that time it turned out your phone company was giving you mobile data even though it wasn’t included in the plan you selected, or that time you turned up at the car dealership for a major repair, and they informed you the cost was covered because you’re just such a great customer. Oh right: it was never. So why is it that so many companies seem to think somebody else is responsible for protecting them against distributed denial of service (DDoS) attacks? DDoS mitigation is an important and complex service that requires careful expertise, on-demand or always-on deployment, nearly limitless scalability and huge amounts of network bandwidth. If a company hasn’t taken the steps to invest in this kind of protection, they don’t have it. Attack overview A DDoS attack is a distributed denial of service attack, which is a cyberattack that uses a botnet, a network of internet-connected devices that have been hijacked for remote use, to direct large amounts of malicious traffic at a website that has been targeted. This traffic overwhelms the website, its server or its resources to take it offline or render it so frustratingly slow it can’t be used. Distributed denial of service attacks have been a problem for websites and organizations of all sizes for over 15 years, and the problem is becoming a crisis as DDoS for hire services steadily gain popularity, and botnets steadily gain in size due to unsecured Internet of Things devices. For larger organizations, a successful DDoS attack can cost between $20,000 and $100,000 per hour, and while unquantifiable, the loss of user trust or loyalty that can result from such an attack can be even worse. Erroneous assumptions DDoS attacks haven’t exactly been flying under the radar lately. Their frequency, as well as the threat they pose, should be well known to anyone working in online security. Yet a recent survey by Kaspersky uncovered some staggering statistics. Thirty percent of companies surveyed indicated that they haven’t taken action against the threat of DDoS attacks because they believe they won’t be targeted, 40% believe their ISP will provide protection, and a further 30% believe data centers will provide protection. Perhaps most misguided of all, 12% believe a small amount of DDoS-caused downtime would not have a negative impact on the company. Why ISPs won’t provide complete protection While some ISPs do provide complete DDoS protection as an added service that clients pay good money for, most provide only partial protection. Due to the large amounts of bandwidth an ISP has available, they can do well against large volumetric attacks, but craftier application layer attacks are a problem. Also, while ISPs can be good at identifying malicious traffic, they don’t deal with that malicious traffic efficiently, meaning that while it’s struggling to deal with an influx of malicious traffic, legitimate traffic will be caught in the bottleneck with it or even discarded alongside the bad traffic, resulting in users unable to get through to the website. In other words, while a basic DDoS attack could be thwarted by an ISP, the result – users unable to access the website – ends up being the same. Further, some DDoS attacks like the Slowloris are made up of traffic and requests that are seemingly legitimate, making them difficult to detect for even some intrusion detection systems, let alone an ISP. Perhaps the biggest problem with relying on an ISP for protection is that regardless of what type of attack is launched, there isn’t going to be a quick response from an ISP. They aren’t built for the kind of real-time monitoring and deployment that can catch an attack within seconds. Most often, it will be several hours before an ISP begins to deal with an attack. By then, the damage is done. Why data centers won’t provide complete protection either There’s a caveat here: just as with ISPs, some data centers do provide complete protection against distributed denial of service attacks, but again it is an added service that definitely adds to the data center bill. Similar to ISPs, data centers do provide some measure of DDoS protection, but it can generally only protect against basic attacks that can be stopped with rate limiters, or attacks that are not directly aimed at an application service. Large or complex attacks cannot be stopped by basic data center protection. Moreover, not only do ISPs and data centers not provide complete protection against DDoS attacks, but they also put their clients at a bigger risk of second-hand DDoS damage. If an ISP or data center is struggling with a large or complex attack, websites that weren’t targeted will nonetheless suffer the effects. A-Z protection Professional DDoS protection is built to provide the quickest, most proactive and most complete protection against distributed denial of service attacks. Cloud-based protection is especially excellent at protecting against both network-layer and application-layer attacks, and with the use of a scrubbing server, attack traffic will be kept from ever touching the target website while legitimate traffic is let through unfettered. For companies after a more bang-for-their-buck solution, it may be preferable to look into a quality content delivery network (CDN). CDNs are designed to improve site speed and performance, and all CDNs offer some level of DDoS protection due to the built-in load balancing that comes from their multi-server environments. However, CDNs will also offer additional DDoS protection on top of that. High-quality distributed denial of service protection won’t become a freebie or throw-in until the internet reaches a phase where there’s something so much worse and so much more common than DDoS attacks that they become almost after-thoughts for all the malicious cyberattackers out there. So companies can either root for that reality, or take protection into their own hands by investing in solid DDoS protection. Source: http://www.iotevolutionworld.com/iot/articles/430637-short-list-who-protects-companies-against-ddos-attacks.htm

Servers hosting Daphne Caruana Galizia’s website suffer ‘unprecedented’ DDoS attack

The servers hosting Daphne Caruana Galizia’s personal blog have suffered a DDoS attack. A DDos (denial of service) attack occurs when many systems flood the bandwidth of a targeted system, in an attempt to make the online service unavailable. Mrs Caruana Galizia does not yet know who is behind the attack, but did say it is highly likely to be a person of Maltese nationality.. Prior to the DDoS attack on the servers, she said, a fake Gmail account was setup – similar to her personal email address. The person who created the account, then emailed two persons working for the company who handle software support for the website, and tried to acquire information required to hack the site through them. This, however, did not work and the software support personnel realised that it was not Mrs Caruana Galizia’s email address, and also the use of broken English in the email. This, she said, is what led her to believe that the person behind the attack is Maltese. The police were contacted aftewr the DDOS attack occurred later, and an investigation is ongoing. The fake Gmail address used a proxy server, and thus far no culprit has been identified, she said. She explained that aside from the crime involving the DDoS attack, impersonation is also a crime. Vanilla Communications, a server hosting company owned by David Thake, hosts Daphne Caruana Galizia’s personal blog – a service that she pays for each month, she said. In a Facebook post, Mr Thake said that the servers hosting her website suffered a DDoS attack which he called “unprecedented in scale.” Mr Thake, in his post, said the attack brought the network to its knees. Source: http://www.independent.com.mt/articles/2017-03-21/local-news/Servers-hosting-Daphne-Caruana-Galizia-s-website-suffer-unprecedented-DDOS-attack-6736171884

Follow this link:
Servers hosting Daphne Caruana Galizia’s website suffer ‘unprecedented’ DDoS attack