Tag Archives: stop-ddos

Euro commissioner calls for more collaboration on cyber security

European commissioner for security union has called for greater awareness of cyber security risks and increased collaboration in defending against them. Cyber threats are one of the top security concerns for nine out of 10 European Union citizens, according to Julian King, European commissioner for security union. “In an internet-connected age that is becoming ever more dependent on internet-connected technologies, we have become more vulnerable to those who are ready to exploit those technologies to try and do us harm for financial or political motives,” he told the CyberSec European Cybersecurity Forum in Krakow, Poland. King, who has previously served as the UK ambassador to France, said that while the digital age brings “huge opportunities”, it also brings risk. But he said these risks are becoming increasingly widely understood, particularly because of events such as the WannaCry and NotPetya attacks in May and June 2017, which affected hundreds of thousands of individuals and organisations in more than 150 countries and naturally serve as a “wake-up call”. According to the latest Europol report on internet organised crime, King said the barriers to committing cyber attacks are “woefully low”, with little chance of getting caught, mainly because of the availability of a “vast range” of cyber criminal tools and services on the dark net, with some attacks costing as little as $5. “For criminals, non-state and state actors, life has never been so easy,” he said, “with an arsenal that includes ransomware, phishing tools, Trojans, distributed denial of service [DDoS] attacks, botnets and identity theft services.” In 2016, said King, European citizens were the subject of two billion data breaches, and every month, one in five industrial computers was attacked. Since 2016, more than 4,000 ransomware attacks have taken place every day across the EU – a 300% increase on 2015, he said. Aviation systems face an average of 1,000 cyber attacks a month, and card-not-present fraud is currently worth about €1bn a year in the Eurozone alone. ‘Tackle this scourge’ “If we were talking about a public health issue, then we would be using the word ‘pandemic’ to describe the scale of the challenge,” said King, “so I think it is time to shift our efforts to tackle this scourge, which is precisely what the European Commission, with the other institutions and the member states, wants to do. “We want to strengthen resilience, build effective deterrents and create durable cyber defence.” King pointed out that this work has been going on for some time, and that the European Union has had a cyber security strategy since 2013. “The Network and Information System [NIS] directive, agreed in 2016, built on that and will require [operators of] essential systems to assess risk, prepare a strategy, put in place protections, develop capabilities and competence, educate staff and the public, and share information about threats and incidents,” he said. The challenge is that the threat itself does not stand still, said King. “It continues to change and evolve, both in its nature and in terms of the expanding attack surface that we are seeking to protect and manage, with homes, hospitals, governments, electricity grids and cars becoming increasingly connected.” ‘Offline’ lives affected Another important fact to acknowledge, said King, is that cyber attacks are increasingly affecting people’s “offline” lives, such as the power outages in Ukraine caused by cyber attacks. He noted that, according to Symantec, the Dragonfly hacking group potentially still has the capacity to control or sabotage European energy systems. “The internet of things [IoT] means that tens of billions more devices will go online, and in 2016, the Mirai malware attack highlighted IoT vulnerability, with hundreds of thousands of normal devices infected and turned into the world’s biggest botnet,” he said. The internet was designed and built on trust, said King. “Our challenge today is to retro-engineer security and security awareness into the system,” he said, noting that “too often” in the rush to get new devices to market, manufacturers “forget” security or do not give it enough importance. “That means devices never lose their easy-to-guess default passwords; it means the update policy is unclear; it means encryption not being used; and it means unnecessary ports, hardware, services and code that make the attack surface larger than it needs to be,” he said. According to King, all these things are “relatively straightforward” to sort out, but when they are attacked cumulatively, it has “deeply troubling implications for our collective digital security and, as a result, cyber threats are becoming more strategic, especially with the ability to endanger critical infrastructure, and they are becoming more ‘endemic’ – spreading from IT networks to the business-critical operations of other economic sectors”. Collective response A few days after the recent State of the Union speech by European Commission president Jean Claude Junker underlining the importance of tackling cyber threats, King said the EC had presented a package of proposals intended to reinforce a collective response based on resilience, deterrence and defence. “In all of these areas, we need to strengthen co-operation and we need to focus on international governance and international co-operation,” said King. “We urgently need to become more resilient. We need to make ourselves harder to attack, and we need to be quicker to respond.” To that end, he said, the EC is proposing an EU cyber security agency based on the existing Enisa network and information security agency to help drive up cyber security standards and ensure a rapid and co-ordinated response to attacks across the whole of the EU. Member states also need to fully implement the NIS directive, said King, to extend beyond critical sectors to other sectors at risk, starting with public administration, and to resource their computer incident response teams properly. “To further reinforce these efforts, the new cyber security agency will also implement an EU standards certification framework to drive up the level of cyber security by ensuring that products on the market are sufficiently cyber resilient,” he said. “We need to move to a world in which there are no default passwords on internet-connected devices, where all companies providing internet services and devices adhere to a vulnerability disclosure policy, and where connected devices and software are updatable for their entire lifespan.” Standards certification framework King said the new standards certification framework should promote new EU-wide schemes and procedures and create a comprehensive set of rules, requirements and standards to evaluate how secure digital products and services actually are. “But, given that 95% of attacks involve some human interaction with technology, building resilience also means changing behaviours to improve cyber hygiene…and having the right skills to drive technological innovation to stay ahead of attackers,” he said, pointing out that Europe is projected to have 350,000 unfilled cyber security jobs by 2022. “We need to mainstream cyber security education and training programmes and we need to invest in innovation,” said King. As well as improving resilience, he said, there is a need to create real and credible disincentives for attackers. “We need to make attacks easier to detect, trace, investigate and punish,” he said. But attribution is often difficult, said King, and for this reason, the EC is seeking to promote the uptake of Internet Protocol Version 6 (IPv6). “Under IPv6, you will only be able to allocate a single user per IP address,” he said, adding that the EC is also seeking to increase cooperation and sharing of cyber expertise and reinforcing forensic capabilities across the EU and within Europol “so that law enforcement can keep pace with criminals”. Strengthen cyber defence When it comes to defence, said King, the EC plans to explore whether the new EU Defence Fund could help to develop and strengthen cyber defence capabilities. “We want to team up with our partners, and the EU will deepen co-operation with Nato on cyber security, hybrid threats and cyber defence,” he said. “It is in our common interest.” Finally, King said that while the internet offers “enormous opportunities” for citizens, governments and international organisations, it also offers “unprecedented opportunities” for criminals, terrorists and other hostile actors. “We need to be alive to this risk, and we need to take steps together to counter these threats because by working together, we can boost resilience, drive technological innovation, increase deterrents, and harness international co-operation to promote our collective security,” he concluded. Source: http://www.computerweekly.com/news/450427879/Euro-commissioner-calls-for-more-collaboration-on-cyber-security

Link:
Euro commissioner calls for more collaboration on cyber security

DDoS attacks double as corporate data becomes new target

While more organisations are being hit by a DDoS attacks in 2017 compared to last year, less are being hit by more than one. DDoS attacks have increased in frequency in 2017, with 33 per cent of organisations having faced one this year compared to just 17 per cent in 2016. While DDoS attacks have been previously used to disable the operations of a target, the driving motivation to use it now is the theft of corporate data. Over a third of organisations having been hit by a DDoS attack this year, 20 per cent have been small businesses, 33 per cent medium, and 41 per cent have been in the enterprise category. Security provider Kaspersky is behind this data, with findings from its Global IT Security Risks Survey 2017. The damage inflicted by a DDoS attack may prove more long lasting than some might expect, with 26 per cent of businesses hit reporting a lasting impact on the performance of services. Russ Madley, Head of VSMB & channel at Kaspersky Lab UK, said: “While DDoS attacks have been a threat for many years, it’s still important that businesses take DDoS attacks seriously as they are one of the most popular weapons in a cybercriminal’s arsenal. They can be just as damaging to a business as any other cybercrime, especially if used as part of a bigger targeted attack.” It important to remember that DDoS attack can leave an organisation lame as it returns to regular activity, but an attack can also have a direct and immediate impact on reputation and the financial standing of a business. “The ramifications caused by these types of attacks can be far-reaching as they’re able to reach deep into a company’s internal systems. Organisations must understand that protection of the IT infrastructure requires a comprehensive approach and continuous monitoring, regardless of the company’s size or sphere of activity,” said Madley. While more organisations are facing DDoS attacks, the percentage of businesses hit by more than one has dropped this year to 76 per cent, a reduction from the 82 per cent that experienced more than one last year. Source: http://www.cbronline.com/news/cybersecurity/ddos-attacks-double-corporate-data-becomes-new-target/

View post:
DDoS attacks double as corporate data becomes new target

US SEC Corporate Filing System Said to Be Vulnerable to DDoS Attacks

The US Securities and Exchange Commission (SEC), Wall Street’s top regulator, has discovered a vulnerability in its corporate filing database that could cause the system to collapse, according to an internal document seen by Reuters. The SEC’s September 22 memo reveals that its EDGAR database, containing financial reports from US public companies and mutual funds, could be at risk of “denial of service” attacks, a type of cyber intrusion that floods a network, overwhelming it and forcing it to close. The discovery came when the SEC was testing EDGAR’s ability to absorb monthly and annual financial filings that will be required under new rules adopted last year for the $18 trillion mutual fund industry. The memo shows that even an unintentional error by a company, and not just hackers with malicious intentions, could bring the system down. Even the submission of a large “invalid” form could overwhelm the system’s memory. The defect comes after the SEC’s admission last month that hackers breached the EDGAR database in 2016. The discovery will likely add to concerns about the vulnerability of the SEC’s network and whether the agency has been adequately addressing cyber threats. The mutual fund industry has long had concerns that market-sensitive data required in the new rules could be exploited if it got into the wrong hands. The industry has since redoubled its calls for SEC Chairman Jay Clayton to delay the data-reporting rules, set to go into effect in June next year, until it is reassured the information will be secure. “Clearly, the SEC should postpone implementation of its data reporting rule until the security of those systems is thoroughly tested and assessed by independent third parties,” said Mike McNamee, chief public communications officer of The Investment Company Institute (ICI), whose members manage $20 trillion worth of assets in the United States. “We are confident Chairman Clayton will live up to his pledge that the SEC will take whatever steps are necessary to ensure the security of its systems and the data it collects.” An SEC spokesman declined to comment. The rules adopted last year requiring asset managers to file monthly and annual reports about their portfolio holdings were designed to protect them in the event of a market crisis by showing the SEC and investors that they have enough liquidity to cover a rush of redemptions. During a Congressional hearing on Wednesday, Clayton testified that the agency was considering whether to delay the rules in light of the cyber concerns. He did not, however, mention anything about the denial of service attack vulnerability. Virtual vomit EDGAR is the repository for corporate America, housing millions of filings ranging from quarterly earnings to statements on acquisitions. It is a virtual treasure trove for cyber criminals who could trade on any information gleaned before it is publicly released. In the hack disclosed last month involving EDGAR, the SEC has said it now believes the criminals may have stolen non-public data for illicit trading. The vulnerability revealed in the September memo shows that even an invalid form could jam up EDGAR. The system did not immediately reject the form, the memo says. Rather, “it was being validated for hours before failing due to an invalid form type.” That conclusion could spell trouble for the SEC’s EDGAR database because it means that if hackers wanted to, they could “basically take down the whole EDGAR system” by submitting a malicious data file, said one cyber security expert with experience securing networks of financial regulators who reviewed the letter for Reuters. “The system would consume the data and essentially throw up on itself,” the person added. Source: http://gadgets.ndtv.com/internet/news/us-sec-corporate-filing-system-said-to-be-vulnerable-to-ddos-attacks-1759392

More:
US SEC Corporate Filing System Said to Be Vulnerable to DDoS Attacks

DDoS trends, DNS survey signal warnings to infosec pros

Two vendor reports out this week may be of interest to CISOs in planning their defensive strategies. —Imperva, a supplier of DDoS protection services, said it found a new attack tactic, nicknamed “pulse wave DDoS”, due to the traffic pattern it generates: A rapid succession of attack bursts that split a botnet’s attack output, enabling an offender to go after multiple targets. One such attack was also the largest network layer assault it mitigated in the second quarter peaked at 350 Gbps. –Meanwhile Infoblox Inc., which makes IP address management solutions, released a global survey finding that DNS security is often overlooked when it comes to cybersecurity strategy, with most companies inadequately prepared to defend against DNS attacks. Imperva’s announcement is included in its Q2 Global DDoS Threat Landscape report, on data from 2,618 network layer and 12,825 application layer DDoS attacks on customers’ Websites that use its services. The pulse wave DDoS tactic was described in an August blog , and researchers think it is designed to double a botnet’s output and exploit soft spots in “appliance first cloud second” hybrid mitigation solutions. “It wasn’t the first time we’ve seen attacks ramp up quickly. However, never before have we seen attacks of this magnitude peak with such immediacy, then be repeated with such precision. “Whoever was on the other end of these assaults, they were able to mobilize a 300Gbps botnet within a matter of seconds. This, coupled with the accurate persistence in which the pulses reoccurred, painted a picture of very skilled bad actors exhibiting a high measure of control over their attack resources.” Researchers suspect the tactic allows the threat actors behind it to switch targets on the fly. One suggested defence for organizations that have a DDoS mitigation provider is to double checking the ‘time to mitigation’ clause in the service level agreement. The report also notes two trends: First, the continued decline in network level attacks (at least for Imperva customers) and the continued increase (although in Q2 there was a slight dip) in application level attacks. Second, that the second quarter 75.9 percent of targets were subjected to multiple attacks—the highest percentage the company has seen. Number of targets subjected to repeat DDoS attacks. Imperva graphic The Infoblox global survey of over 1,000 security and IT professionals found respondents indicating that 86 per cent of those whose firms have DNS solutions said they failed to first alert teams of an occurring DNS attack, and nearly one-third of professionals doubted their company could defend against the next DNS attack. Twenty per cent of companies were first alerted to DNS attacks by customer complaints. In a release summarizing the survey (available here. Registration required), three out of 10 companies said they have already been victims of DNS attacks. Of those, 93 per cent have suffered downtime as a result of their most recent DNS attack. 40 percent were down for an hour or more, substantially impacting their business. Only 37 per cent of respondents said their companies were able to defend against all types of DNS attacks (hijacking, exploits, cache poisoning, protocol anomalies, reflection, NXDomain, amplification). Twenty-four per cent of respondents said their companies lost US $100,000 or more from their last DNS attack. “Most organizations regard DNS as simply plumbing rather than critical infrastructure that requires active defense,” Cricket Liu, chief DNS architect at Infoblox, said in the release. “Unfortunately, this survey confirms that, even on the anniversary of the enormous DDoS attack against Dyn—a dramatic object lesson in the effects of attacks on DNS infrastructure—most companies still neglect DNS security. Our approach to cybersecurity needs a fundamental shift: If we don’t start giving DNS security the attention it deserves, DNS will remain one of our most vulnerable Internet systems, and we’ll continue to see events like last year’s attack.” Source: https://www.itworldcanada.com/article/ddos-trends-dns-survey-signal-warnings-to-infosec-pros/397309

Visit link:
DDoS trends, DNS survey signal warnings to infosec pros

Pulse-Wave DDoS Attacks Mark a New Tactic in Q2

A new tactic for DDoS is gaining steam: the pulse wave attack. It’s called such due to the traffic pattern it generates—a rapid succession of attack bursts that split a botnet’s attack output. According to Imperva’s latest Global DDoS Threat Landscape Report, a statistical analysis of more than 15,000 network and application layer DDoS attacks mitigated by Imperva Incapsula’s services during Q2 2017, the largest network layer assault it mitigated peaked at 350Gbps. The tactic enables an offender to pin down multiple targets with alternating high-volume bursts. As such, it serves as the DDoS equivalent of hitting two birds with one stone, the company said. “A DDoS attack typically takes on a wave form, with a gradual ramp-up leading to a peak, followed by either an abrupt drop or a slow descent,” the company explained. “When repeated, the pattern resembles a triangle, or sawtooth waveform. The incline of such DDoS waves marks the time it takes the offenders to mobilize their botnets. For pulse wave attacks, a lack of a gradual incline was the first thing that caught our attention. It wasn’t the first time we’ve seen attacks ramp up quickly. However, never before have we seen attacks of this magnitude peak with such immediacy, then be repeated with such precision.” Whoever was on the other end of these assaults, they were able to mobilize a 300Gbps botnet within a matter of seconds, Imperva noted. This, coupled with the accurate persistence in which the pulses reoccurred, painted a picture of very skilled bad actors exhibiting a high measure of control over their attack resources. “We realized it makes no sense to assume that the botnet shuts down during those brief ‘quiet times’,” the firm said. “Instead, the gaps are simply a sign of offenders switching targets on-the-fly, leveraging a high degree of control over their resources. This also explained how the attack could instantly reach its peak. It was a result of the botnet switching targets on-the-fly, while working at full capacity. Clearly, the people operating these botnets have figured out the rule of thumb for DDoS attacks: moments to go down, hours to recover. Knowing that—and having access to an instantly responsive botnet—they did the smart thing by hitting two birds with one stone.” Pulse-wave attacks were carried out encountered on multiple occasions throughout the quarter, according to Imperva’s data. In the plus column, this quarter, there was a small dip in application layer attacks, which fell to 973 per week from an all-time high of 1,099 in Q1. However, don’t rejoice just quite yet. “There is no reason to assume that the minor decline in the number of application layer assaults is the beginning of a new trend,” said Igal Zeifman, Incapsula security evangelist at Imperva—noting the change was minor at best. Conversely, the quarter for the fifth time in a row saw a decrease in the number of network layer assaults, which dropped to 196 per week from 296 in the prior quarter. “The persistent year-long downtrend in the amount of network layer attacks is a strong sign of a shift in the DDoS threat landscape,” Zeifman said. “There are several possible reasons for this shift, one of which is the ever-increasing number of network layer mitigation solutions on the market. The commoditization of such services makes them more commonplace, likely driving attackers to explore alternative attack methods.” For instance one of the most prevalent trends Incapsula observed in the quarter was the increase in the amount of persistent application layer assaults, which have been scaling up for five quarters in a row. In the second quarter of the year, 75.9% of targets were subjected to multiple attacks—the highest percentage Imperva has ever seen. Notably, US-hosted websites bore the brunt of these repeat assaults—38% were hit six or more times, out of which 23% were targeted more than 10 times. Conversely, 33.6% of sites hosted outside of the US saw six or more attacks, while “only” 19.5% saw more than 10 assaults in the span of the quarter. “This increase in the number of repeat assaults is another clear trend and a testament to the ease with which application layer assaults are carried out,” Zeifman said. “What these numbers show is that, even after multiple failed attempts, the minimal resource requirement motivates the offenders to keep going after their target. Another point of interest was the unexpected spike in botnet activity out of Turkey, Ukraine and India. In Turkey, Imperva recorded more than 3,000 attacking devices that generated over 800 million attack requests, more than double the rate of last quarter. In Ukraine and India, it recorded 4,300 attacking devices, representing a roughly 75% increase from Q1 2017. The combined attack output of Ukraine and India was 1.45 billion DDoS requests for the quarter. Meanwhile, as the origin of 63% of DDoS requests in Q2 2017 and home to over 306,000 attacking devices, China retained its first spot on the list of attacking countries. Source: https://www.infosecurity-magazine.com/news/pulsewave-ddos-attacks-mark-q2/

See the original article here:
Pulse-Wave DDoS Attacks Mark a New Tactic in Q2

As US launches DDoS attacks, N. Korea gets more bandwidth—from Russia

Fast pipe from Vladivostok gives N. Korea more Internet in face of US cyber operations. As the US reportedly conducts a denial-of-service attack against North Korea’s access to the Internet, the regime of Kim Jong Un has gained another connection to help a select few North Koreans stay connected to the wider world—thanks to a Russian telecommunications provider. Despite UN sanctions and US unilateral moves to punish companies that do business with the Democratic People’s Republic of Korea, 38 North’s Martyn Williams reports that Russian telecommunications provider TransTelekom (????????????m) began routing North Korean Internet traffic at 5:30pm Pyongyang time on Sunday. The connection, Williams reported, offers a second route for traffic from North Korea’s Byol (“Star”) Internet service provider, which also runs North Korea’s cellular phone network. Byol offers foreigners in North Korea 1Mbps Internet access for €600 (US$660) a month (with no data caps). Up until now, all Byol’s traffic passed through a single link provided by China Unicom. But the new connection uses a telecommunications cable link that passes over the Friendship Bridge railway bridge—the only connection between North Korea and Russia. According to Dyn Research data, the new connection is now providing more than half of the route requests to North Korea’s networks. TransTelekom (sometimes spelled TransTeleComm) is owned by Russia’s railroad operator, Russian Railways. A Dyn Research chart showing the new routing data for North Korea’s ISP. According to a Washington Post report, The Department of Defense’s US Cyber Command had specifically targeted North Korea’s Reconnaissance General Bureau—the country’s primary intelligence agency—with a denial-of-service attack against the organization’s network infrastructure. That attack was supposed to end on Saturday, according to a White House official who spoke with the Post . While the unnamed official said the attack specifically targeted North Korea’s own hacking operations, North Korea has previously run those operations from outside its borders—from China. So it’s not clear whether the attack would have had any impact on ongoing North Korean cyberespionage operations. Source: https://arstechnica.com/information-technology/2017/10/as-us-launches-ddos-attacks-n-korea-gets-more-bandwidth-from-russia/

View post:
As US launches DDoS attacks, N. Korea gets more bandwidth—from Russia

National Lottery hit by DDoS attack – down 90 mins at peak demand time

On Saturday the UK National Lottery’s website was down – just as those players who stake online, rather than in retailers, were trying to pick their numbers and part with their cash – thanks to a DDoS attack. On Saturday the UK National Lottery’s website was down – just as those players who stake online, rather than in retailers, were trying to pick their numbers and part with their cash – thanks to a DDoS attack. Hitting a retail business causes it to loose money, but in the case of many time-sensitive events, that money can never be recouped, which was why newspaper print unions were so strong – yesterday’s news is no good tomorrow, and a bet now on last night’s lottery won’t win you much either. Both the gaming sites and the DDoS attackers know this, making gaming both highly targeted and highly defended. On the other hand, although there are other lotteries, there are not a lot of direct competitors to the National Lottery, so while it offered an apology to those customers unable to use its smartphone app or access its website, a quick fix is likely to retain their custom, but each hit is a direct revenue loss. According to downdetector, and later confirmed by the National Lottery, the cause was indeed a DDoS attack, but it is not clear if it was the subject of a ransom, or if it might have been a demonstration of capability ahead of a future threat of attack. Kirill Kasavchenko, principal security technologist at Arbor Networks emailed SC Media UK to comment: “This latest DDoS attack shows that cyber-criminals are still up to old tricks, this time deliberately targeting the National Lottery website at a time of peak demand. We can also see that response plans are often not up to scratch, with the incident lasting 90 minutes. Websites who are unable to contain a DDoS attack like this risk losing their audience to competitors if they are unable to minimise the disruption, so it is essential that organisations expect cyber-attacks and know how they will respond. “All organisations must examine their current DDoS defences, and decide whether their current processes are robust enough to ensure operations will not be halted by a DDoS attack. To guard against such attacks, organisations should implement best current practices for DDoS defence. That includes hardening network infrastructures, ensuring complete visibility of all network traffic, and implementing sufficient DDoS mitigation capacity and capabilities. Those mitigation defences ideally should be a combination of on-premises and cloud-based DDoS mitigation services. It is also crucial that organisations ensure their DDoS defence plan is kept updated and is rehearsed on a regular basis.” Source: https://www.scmagazineuk.com/national-lottery-hit-by-ddos-attack–down-90-mins-at-peak-demand-time/article/697163/

Follow this link:
National Lottery hit by DDoS attack – down 90 mins at peak demand time

US pressured North Korea by overwhelming hackers with data traffic

The US is no stranger to hacking North Korea, but it’s usually in a bid to directly thwart the country’s military ambitions. Now, however, those attacks are being used as a diplomatic strategy. The Washington Post has learned that President Trump ordered a broad pressure campaign against North Korea that led to the US conducting a denial of service attack against North Korea’s spying office, the Reconnaissance General Bureau. The move flooded the RGB’s servers with traffic that effectively strangled their internet access, including the Bureau 121 group responsible for the North’s hacking campaigns. And while it clearly didn’t change Kim Jong Un’s mind, it does appear to have had a practical effect. Reportedly, the initiative was designed to be temporary and only lasted for half a year — Trump signed the order in March, and it ended on September 30th. It wasn’t destructive, either. According to the Post ‘s sources, however, North Korean hackers were complaining about the ability to do their jobs during that period. North Korea certainly isn’t going to get much sympathy. With that said, it raises questions about the use of cyberattacks as a pressure tactic. It no doubt sends the message that the US can cripple a hostile country’s digital warfare capabilities if it wants, but there is the concern that it could escalate an already tense situation. After all, North Korea is the sort of country that claims you can declare war with a tweet — while that’s hyperbolic, it might interpret a denial of service attack as an act of aggression that merits revenge. Source: https://www.engadget.com/2017/10/01/us-launched-dos-attack-against-north-korea-hackers/

Australian companies face an increasing threat from domestic DDoS instigators

Mobile botnets, targeted DDoS attacks pose growing threat to Australian targets. Australian organisations are being hit by over 450 distributed denial of service (DDoS) attacks every day and fully a quarter of them are coming from domestic sources, analysts have warned as figures show DDoS attacks making a resurgence after nearly a year of decline. New figures from the Arbor Networks ATLAS service – which collects data on DDoS attacks and malware from 400 service providers – suggested that Australian targets suffered 14,000 attacks of various intensity in August alone. The largest of the attacks, in early August, measured 51.9 Gbps in intensity while the heaviest volume of packets – 15.8 million packets per second – came in an attack later in the month. While the United States was the largest source of the attacks – comprising 30 percent of the overall total – the lion’s share of the remainder came from Chinese (24 percent), Australian (24 percent), and UK (23 percent) sources. The August figures reinforce the resurgent threat from DDoS attacks, which flood targets with data in an effort to interrupt their operation for even a short period. They also reflect the continuing flexibility of attackers that were able to build a botnet out of mobile devices to instigate a high-impact DDoS extortion campaign against numerous travel and hospitality organisations. hat botnet, called WireX, was embedded in around 300 Google Play Store applications and had spread to estimated 130,000 to 160,000 bots that produced over 20,000 HTTP/HTTPS requests per second. On August 17 WireX was taken down through a concerted effort involving Google, Akamai, Cloudflare, Flashpoint, Oracle Dyn, RiskIQ, Team Cymru, and other organisations. Instigated by devices from over 100 countries, WireX changed quickly as the attacker “learned rapidly to try different techniques to try to thwart the defenders,” Arbor Security Engineering & Response Team (ASERT) principal engineer Roland Dobbins wrote in his analysis of the attack. WireX reflects the ingenuity being applied to the creation of DDoS attacks as identified in Akamai’s recent Q2 2017 State of the Internet Security Report. Analysing attacks remediated over Akamai’s core content distribution network, that report noted a 28 percent quarter-on-quarter increase in the total number of DDoS attacks as well as increases in infrastructure layer (by 27 percent), reflection-based (21 percent), and average number of attacks (28 percent) per target. Changing geographic distribution showed that “geographic profiling is a real and potentially imminent threat to Australia,” Akamai Asia-Pacific senior security specialist Nick Rieniets said in a statement. “When there are changes like this in the threat landscape and when new threats are released, companies need to recognise, acknowledge and assess that volatility, and change their security controls accordingly, and in a timely manner.” Akamai’s DDoS analysis suggested that the PBot botnet had been tapped once again to generate the biggest DDoS attacks observed in the second quarter. PBot – which Rieniets called “proof that the minute threat actors get access to a new vulnerability they can work out how to weaponise it” – appeared to have primarily infected around 400 Web servers, boosting the volume of data produced per device compared with previous infections such as last year’s Internet of Things-focused Mirai botnet. The range and efficacy of DDoS attack tactics have highlighted the need for businesses to remain disciplined about their protections, security experts have warned. “It’s important that organizations implement best current practices (BCPs) for their network infrastructure, application/service delivery stacks, and ancillary supporting services,” Arbor’s Dobbins writes. “This will allow the organization to maintain availability and ensure continuous service delivery even in the face of attack.” With many organisations found to not have a formal DDoS defense plan in place – and many that do, never rehearsing it – Dobbins said testing needed to become a habit: “It is critical that organizations devise and rehearse their DDoS defense plans in order to ensure that they have the requisite personnel, skills, operational processes, communications plans, and support services in place to defend their Internet properties in a timely and effective manner.” Source: https://www.cso.com.au/article/627915/australian-companies-face-an-increasing-threat-from-domestic-ddos-instigators/

How Big is Your DDoS Mitigation Gap?

The DDoS mitigation industry is scaling up capacity following a consistent increase in the number of DDoS attacks and recent indications that IoT-based DDoS attacks are expected to grow significantly. The DDoS attack vector continues to wreak havoc in 2017, with a reported 380% spike in the number of DDoS attacks identified in Q1, compared to the same period last year. A recent study shows a year on year increase of 220% in the number of different types of malware designed to hijack IoT devices. DDoS Mitigation providers are taking heed, with Arbor dedicated to quadrupling their capacity to 8Tbps by the end of 2017, and both Neustar and OVH committing to capacities of over 10Tbps. A DDoS mitigation Gap occurs whenever DDoS traffic bypasses a company’s DDoS mitigation defenses, and penetrates the target network. The reasons for such gaps vary from some types of DDoS attacks that are completely unnoticed by DDoS mitigation, to a range of configuration issues that let through traffic that should be mitigated. However the problem is that visibility of DDoS mitigation gaps is currently nonexistent to those cybersecurity practitioners who are responsible for production uptime. Companies do not know how well their mitigation is performing, or where their configuration problems are, leaving them and their vendors to troubleshoot issues at the very worst possible time, that is, when systems are down at the height of a DDoS attack. Results from over 500 DDoS tests run by MazeBolt on companies from a wide range of industries, shows that on their first test, companies failed 41% (on average) of DDoS tests – simulations of real DDoS attacks conducted in a highly controlled manner to help companies understand their mitigation gap so they can strengthen their mitigation proactively. This means that after a company has deployed their DDoS mitigation strategy, on average it will stop only six out of ten attacks. To solve this, with insight about where their DDoS mitigation posture was leaking, companies could go back to vendors to reconfigure settings and harden their DDoS mitigation posture. As depicted in the bar chart below, by repeating the testing cycle only three times, companies were able to reduce their mitigation gap from an average of 41% in the first test to an average of 25% in the second and only 15% in the third – reflecting a 65% strengthening of their DDoS mitigation. Paraphrasing Heraclitus one might say you can never test the same DDoS mitigation twice, but our data clearly shows that testing it three times will strengthen it considerably. Source: https://www.infosecurity-magazine.com/opinions/big-ddos-mitigation-gap/

Continued here:
How Big is Your DDoS Mitigation Gap?