Tag Archives: stop-ddos

DDoS attacks down in second quarter

Attacks designed to overwhelm servers with internet traffic — known as distributed denial of service (DDoS) attacks — were less frequent this spring than last, according to Akamai’s second quarter report. Akamai is a major seller of services to fight DDoS attacks. According to the company’s report, attacks declined by 18 percent between the beginning of April and end of June from the same period last year. DDoS attacks use hacked computers and internet-connected devices to send abnormal levels of traffic to a target, forcing it to slow or crash. A DDoS attack knocked out a critical internet switchboard known as Dyn, a domain name system provider, in October that rendered Twitter, Netflix and The New York Times unreachable. In May, the FCC reported a DDoS attack slammed its commenting system, though critics have questioned whether this was an attack or just a flood of commenters weighing in on the contentious issue of net neutrality. The report notes that while attacks are down year over year, attacks jumped 28 percent from the first quarter. But, it cautions quarterly data may not be the best measure of trends. It explains many attacks are tied to yearly events: “For most organizations, security events aren’t seasonal, they happen year round, without the ability to anticipate attacks. Unless you’re the security team for a merchant, in which case you need to plan for Black Friday and Cyber Monday, since they are likely to be the high water marks for attack traffic for the year.” While attacks rose from the beginning of the year, attack severity declined. “[F]or the first time in many years” Akamai observed no attacks exceeding 100 gigabits per second. The report speculates one potential cause of lower severity attacks might be international success taking the networks of hijacked computers, known as botnets, offline. Gaming companies were the victim in around 80 percent of attacks observed by Akamai in the second quarter, with one customer seeing more than 550 attacks. At the USENIX conference this year, Akamai researchers, teaming with other industry players and academics, presented research that the Dyn attack was actually intended as an attack on one of Dyn’s clients — the gaming platform PlayStation. According to that presentation, Dyn crashed as it handled requests headed to PlayStation. Source: http://thehill.com/policy/cybersecurity/347496-ddos-attacks-down-in-second-quarter

View the original here:
DDoS attacks down in second quarter

Online Extortion Campaigns Target Users, Companies, Security Researchers

During the past week, there has been a sudden surge in online extortion campaigns, against regular users and security researchers alike. The most devious of these was a campaign detected by Forcepoint security researcher Roland Dela Paz, and which tried to trick users into thinking hackers had gotten their hands on sensitive or sexually explicit images. Attackers wanted payments of $320 to a Bitcoin address or they would have sent the compromising materials to the victim’s friends. Massive spam wave delivered fake threats This attempted blackmail message was the subject of a massive spam campaign that took place between August 11 and 18. Dela Paz says attackers sent out extortion emails to over 33,500 victims. Most of the targets were from Australia and France. The extortion campaign was particularly active in Australia, where it caught the eye of officials at the Australian National University, who issued a safety warning on the topic, alerting students of the emails. The extortion attempt was obviously fake, says Dela Paz. “The scale of this campaign suggests that the threat is ultimately empty,” the expert explained. “If the actors did indeed possess personal details of the recipients, it seems likely they would have included elements (e.g. name, address, or date of birth) in more targeted threat emails in order to increase their credibility.” Dela Paz warns that the campaign is still ongoing. Users can recognize the blackmail attempts by the following subject line formats: “Three random letters: [recipient email] date and time ??n??rning ?ur yest?rday’s ??nv?rs?tion” “Three random letters: [recipient email] date and time I hav? s?m?thing that can m??? y?ur lif? w?rse” “Three random letters: [recipient email] date and time I would not li?e t? start our kn?winga?qu?int?n?? with this” “Three random letters: [recipient email] date and time I’m not h?p?y with y?ur beh?vior lately” “Three random letters: [recipient email] date and time Dont y?u thin? th?t your devi?? w?r?s w?ird?” “Three random letters: [recipient email] date and time I think th?t it is not as funny for you as it is funny for m?” Hackers tried to blackmail Swiss security researcher In addition, during the past week, there were also extortion attempts sent to organizations. A hacker group calling itself ANX-Rans tried to extort a French company. Another group calling itself CyberTeam also tried to extract a ransom payment of 5 Bitcoin (~$20,000) from Abuse.ch, the website of a prominent Swiss security researcher. These DDoS threats in the hope of extracting Bitcoin payments are called DDoS-for-Bitcoin or RDoS (Ransom DDoS) attacks. RDoS attacks have been on the rise since mid-June after a South Korean hosting provider paid a ransom of nearly $1 million after web ransomware encrypted its customer servers. Ever since then, RDoS groups became extremely active hoping for a similar payday. We’ve already covered the active groups at the time in an article here. Group posing as Anonymous targeted US companies Since then, the most prominent RDoS campaign that took place was in mid-July when a group using the name of the Anonymous hacker collective tried to extort payments from US companies under the threat of DDoS attacks. At the time, Bleeping Computer obtained a copy of the ransom email from cyber-security firm Radware, who was investigating the threats. Radware said that despite posing as Anonymous hackers, this was the same group who tried to obtain ransoms of $315,000 from four South Korean banks (for these RDoS extortions the group posed as Armada Collective, another famous hacking crew). “This is not an isolated case. This is a coordinated large-scale RDoS spam campaign that appears to be shifting across regions of the world,” Radware security researcher Daniel Smith told Bleeping Computer via email at the time. “All ransom notes received have the same expiration date,” he added. “In RDoS spam campaigns like this one the actors threaten multiple victims with a 1Tbps attack on the same day.” Most RDoS extortion attempts are empty threats The group also claimed it was in control of a Mirai botnet made up of compromised IoT devices and was capable of launching DDoS attacks of 1 Tbps. No such attacks have been observed following the ransom demands on US companies. In research presented at the USENIX security conference last week, researchers from Cisco, Akamai, Google, and three US universities revealed that despite having a reputation of being able to take down some of the largest online companies around, the most variants of the Mirai botnet were mainly used to target online gaming servers. Most of these DDoS attacks on gaming servers were also relatively small as multiple botnets broke up IoT devices (DDoS resources) among them. In addition to the group posing as Anonymous, Radware also reported on multiple RDoS extortion attempts on gaming providers that also took place in July. “We suggest companies do not pay the ransom,” Smith said at the time, a recommendation still valid today, as this encourages more blackmailers to join in. Source: https://www.bleepingcomputer.com/news/security/online-extortion-campaigns-target-users-companies-security-researchers/

PlayStation Network was the Real Target of Mirai Botnet DDoS Attack Last Year

Last year in October Mirai Botnet, a malware strain that can take control of IoT (Internet of Things) devices and use them for large cyber attacks resulting in ‘distributed denial-of-service (DDoS) — rendering the target website/server unreachable to legitimate visitors. According to new study by researchers at Google, CloudFlare, Merit Networks, Akamai and other universities, the Mirai Botnet attack last October on DNS provider Dyn might actually be targeting the PlayStation Network (PSN). The research which was presented at the Usenix Security Symposium, Vancouver, has suggested that the DDoS attack conducted via the Mirai botnet was meant to disable PlayStation Network services as all the IP addresses targeted by the attack were name servers for the PSN. These name servers were used by Dyn to connect users to the correct IP address. The Verge reported that this Mirai botnet attack which was targeted towards bringing down PSN might be the handiwork of angry gamers. “Although the first several attacks in this period solely targeted Dyn’s DNS infrastructure, later attack commands simultaneously targeted Dyn and PlayStation infrastructure, potentially providing clues towards attacker motivation,” the researchers noted. According to the researchers, it’s not only the PlayStation Network that was being targeted by the botnet. They also detected that Xbox Live, Valve Steam, and other gaming servers were attacked during the same period too. “This pattern of behavior suggests that the Dyn attack on October 21, 2016, was not solely aimed at Dyn. The attacker was likely targeting gaming infrastructure that incidentally disrupted service to Dyn’s broader customer base,” the researchers added. The researchers also pointed out that worms like Mirai botnet prosper majorly due to the absence of apt security measures for IoT devices. This results in a ‘fragile environment ripe for abuse’. “As the IoT domain continues to expand and evolve, we hope Mirai serves as a call to arms for industrial, academic, and government stakeholders concerned about the security, privacy, and safety of an IoT-enabled world,” the researchers concluded. The attack conducted using Mirai botnet in October 2016 wasn’t a standalone one. Since after the Mirai worm code was made public, 15,194 attacks were perpetrated on 5,046 victims (4,730 individual IPs, 196 subnets, 120 domain names), across 85 countries. Source: http://www.guidingtech.com/71278/playstation-network-mirai-botnet-ddos/

View post:
PlayStation Network was the Real Target of Mirai Botnet DDoS Attack Last Year

What is Pulse Wave? Hackers devise new DDoS attack technique aimed at boosting scale of assaults

The new attack method allows hackers to shut down targets’ networks for longer periods while simultaneously conducting attacks on multiple targets. Hackers have begun launching a new kind of DDoS attack designed to boost the scale of attacks by targeting soft spots in traditional DDoS mitigation tactics. Dubbed “Pulse Wave”, the new attack technique allows hackers to shut down targeted organisations’ networks for prolonged periods while simultaneously conducting attacks on multiple targets. The new attacks may render traditional DDoS mitigation tactics useless, experts say. Some of the pulse wave DDoS attacks detected lasted for days and “scaled as high as 350 Gbps”, according to security researchers at Imperva, who first spotted the new threat. “Comprised of a series of short-lived pulses occurring in clockwork-like succession, pulse wave assaults accounted for some of the most ferocious DDoS attacks we mitigated in the second quarter of 2017,” Imperva researchers said in a report. The researchers said they believe that the pulse wave technique was “purposefully designed” by “skilled bad actors” to boost hackers’ attack scale and output by taking advantage of “soft spots in hybrid ‘appliance first, cloud second’ mitigation solutions.” Traditional DDoS attacks involve a continuous barrage of assaults against a targeted network, while pulse wave involves short bursts of attacks that have a “highly repetitive pattern, consisting of one or more pulses every 10 minutes”. The new attacks last for at least an hour and can extend to even days. A single pulse is large and powerful enough to completely congest a network. “The most distinguishable aspect of pulse wave assaults is the absence of a ramp-up period — all attack resources are committed at once, resulting in an event that, within the first few seconds, reaches a peak capacity that is maintained over its duration,” the Imperva researchers said. ulse wave takes advantage of appliance-first hybrid mitigation solutions by preying on the “Achilles’ heel of appliance-first mitigation solutions”, – the devices’ incapability of dealing with sudden powerful attack traffic surges. The Imperva researchers said the emergence of pulse wave DDoS attacks indicates a significant shift in the attack landscape. “While pulse wave attacks constitute a new attack method and have a distinct purpose, they haven’t emerged in a vacuum. Instead, they’re a product of the times and should be viewed in the context of a broader shift toward shorter-duration DDoS attacks,” researchers said. The Imperva researchers predicted that such attacks will continue, becoming more persistent and growing, boosted via botnets. Source: http://www.ibtimes.co.uk/what-pulse-wave-hackers-devise-new-ddos-attack-technique-aimed-boosting-scale-assaults-1635423

Read the original post:
What is Pulse Wave? Hackers devise new DDoS attack technique aimed at boosting scale of assaults

Why DDoS attacks show no signs of slowing down

Distributed Denial of Service (DDoS) attacks caused substantial damage to organisations across APAC and the world in the past year. According to Neustar’s recent ‘Worldwide DDoS Attacks and Cyber Insights Research Report’, 84 percent organisations surveyed globally were hit by a DDoS attack in the last 12 months, with 86 percent of those organisations were hit multiple times. The code used to cause these large outages was published openly, and soon after all sorts of attacks and variants of the original code were causing havoc around the world. Detection is too slow DDoS attacks are not only occurring more frequently but are also getting more difficult to detect. Within APAC, more than half of organisations on average are taking at least three hours to detect an attack and nearly as many took another three hours to respond once an attack was detected. Alarmingly, slow detection and response can lead to huge damages financially. Around half of all organisations stand to lose an average of $100,000 per hour of peak downtime during an attack. To exacerbate this, 40 percent of organisations hit were notified by their customers of the attacks. Investment is increasing The worrying figures above help explain why 90 percent of organisations are increasing their investments in DDoS defences, compared to the previous 12 months – up from 76 percent last year- despite the fact that 99 percent already have some form of protection in place. The threats faced today, and those anticipated in the future, are clearly forcing organisations to completely reconsider the ways they are currently protecting themselves. Mitigating against DDOS attacks Effectively mitigating DDoS attacks has become crucial for organisations that want to avoid damaging financial and reputational loss. In order to combat attacks, organisations need to adequately understand the threat, quantify the risk and then create a mitigation plan that corresponds to their needs. Whether it’s a large or small scale DDoS attack, to keep up with the growing threat, companies will need newer, adaptable, and scalable defences that include new technology and methodologies. Developing a mitigation plan Paying the cost for a DDoS mitigation that exceeds their requirements is like over insuring your car – you are paying a premium for a service that does not match your level of risk/potential loss. Similarly, implementing a DDoS mitigation that does not cover the risk will likely lead to additional costs, resulting from greater organisational impact and additional emergency response activities. Once the severity of the risk is understood, there are three key critical elements of producing a good mitigation plan that must be enacted: detection, response and rehearsal. Detecting an attack Fortunately, there are several technologies out there that can be used to monitor both the physical and cloud-based environment. An example is how organisations can use Netflow monitoring on border routers to detect a volumetric attack, or provide this data to a third-party for analysis and detection. They can also look at using appliances to conduct automatic detection and response, again managed internally or by a third-party. In a cloud environment, organisations can choose between a vast array of cloud monitoring tools that allow them to identify degradation and performance, CPU utilisation and latency, giving an indication as accurate as possible of when an attack occurs. Responding to an attack The response plan to the attack must be scaled to the organisation’s risk exposure and technology infrastructure. For instance, an organisation operating in the cloud with a moderate risk exposure might decide on a cloud based solution, pay-on-occurrence model. On the other hand, a financial services company that operates its own infrastructure will be exposed to more substantial financial and reputational risk. Such a company would ideally look for a hybrid solution that would provide the best time to mitigate, low latency and near immediate failover to cloud mitigation for large volumetric attacks. Rehearsal of your mitigation plan Regardless of the protection method being deployed, it’s good practice to rehearse it periodically. Periodic testing can not only eliminate gaps or issues in responding to a DDoS attack, but can also prepare the responsible owners to perform their required actions when an actual event occurs. In summary, DDoS attacks aren’t showing any signs of slowing down anytime soon. The threats associated with DDoS attacks cannot be understated or underestimated. Moreover, by quantifying the risk to the organisation and implementing a right-sized mitigation solution, organisations can effectively and efficiently mitigate the risk of DDoS attacks. Source: https://securitybrief.com.au/story/why-ddos-attacks-show-no-signs-slowing-down/

Link:
Why DDoS attacks show no signs of slowing down

Kids these days: the 16-year-old behind 1.7 million DDoS attacks

Teenagers have typically not been known as the most motivated demographic, napping through classes and slouching through shifts at McDonald’s. While yelling at a 16-year-old four times just to get him to unload the dishwasher is annoying, consider the other end of the spectrum: the ambitious 16-year-old who earned over $500,000 USD by building a DDoS stresser responsible for 1.7 million attacks, causing millions of dollars in damages. It’s cool Brayden, you can unload the dishwasher later. Dirty dealings A successful distributed denial of service or DDoS attack is one in which a website or online service is overwhelmed by malicious traffic or requests, pushing the site or service offline so it’s unavailable to its users. DDoS attacks have been big news the last few years. Big news to website owners who have had users frustrated by downtime, to business owners who have suffered reputation damage and monetary losses, to the public at large who have been unable to use websites and services big and small because of these attacks, and big news to the media itself who have been devoting headlines to the ever-growing scourge of attacks. One of the main reasons for the increase in attacks has been DDoS for hire servers, otherwise known as booters or stressers. For as little as a few dollars, anyone with an internet connection can buy access to a service that allows them to aim a DDoS attack at the targets of their choosing. Stressers are so named because they masquerade as a legitimate tool, one that stresses a server to test its reliability. This is where Adam Mudd comes in. In the Mudd When Adam Mudd was just 16 years old he went to work on the computer in his bedroom and created what he called the Titanium Stresser. Mudd himself carried out 594 distributed denial of service attacks, including an attack against his former college, but those nearly 600 attacks were but a drop in the bucket compared to how busy his stresser got when he opened it up as a DDoS for hire service. In just over two years the Titanium Stresser racked up 112,000 registered users who launched 1.7 million DDoS attacks against 660,000 IP addresses. There were obviously many repeat targets amongst those 660,000 IP addresses, perhaps most notably the company behind the online game RuneScape which was hit 25,000 times and led to the company spending roughly $10 million in mitigation efforts. Other notable targets of the Titanium Stresser included Sony, Xbox Live, Microsoft and Team Speak. Mudd reportedly earned over $500,000 from his stresser service. It all came to an end for Mudd in March of 2015 when the police arrived at his parents’ house. Mudd refused to unlock his computer until his father intervened. He has since pleaded guilty to three charges under the United Kingdom Computer Misuse Act, and one charge of money laundering. He was sentenced to 24 months in jail. The big picture Mudd was nothing more than a teenager in the bedroom of his parents’ house, yet his stresser service caused millions of dollars in quantitative damages and untold further damages when it comes to lost productivity, lost user loyalty and lost revenue in both the short and long term. There are Adam Mudds all over the world, many more experienced, running stresser services that are just as successful as the Titanium Stresser and even more so. Further, while Mudd’s arrest and conviction is a success for law enforcement, he joins a list of recent DDoS-related arrests that include members of the famed Lizard Squad, owners of the vDos botnet, and three dozen patrons of stresser services. Hackforums, the biggest hacking forums in the world, also recently banned DDoS for hire services. All seemingly good things. Yet the number of DDoS attacks being perpetrated hasn’t gone down. When the FBI or Interpol shuts down a stresser service, another stresser service simply scoops up its customers. The lesson here has to be that DDoS attacks can be perpetrated by anyone and aren’t going anywhere anytime soon. With stresser services so affordable and accessible, almost every website on the internet is a potential target, and potentially a repeat target. Without professional DDoS protection, websites will be left picking up the pieces and paying exorbitant sums in order to do so. Source: http://www.bmmagazine.co.uk/in-business/kids-days-16-year-old-behind-1-7-million-ddos-attacks/

See the original post:
Kids these days: the 16-year-old behind 1.7 million DDoS attacks

Libertarian Site Suffers DDoS Attack After Supporting Google Worker

Quillette Magazine, a small but respected libertarian publication based in Australia, suffered a DDoS attack Tuesday after publishing an article supportive of James Damore, the fired Google memo writer. The attack, which crashed the site for a day, came after Quillette published the opinion of four scientists on the Google memo. The scientists found that the conservative Google employee’s views on gender differences were supported by substantial scientific evidence. The Google memo’s “key claims about sex differences are especially well-supported by large volumes of research across species, culture,” wrote Geoffrey Miller, a professor of evolutionary psychology at the University of New Mexico, explaining that the memo “is consistent with the scientific state of the art on sex differences.” “Among commentators who claim the memo’s empirical facts are wrong, I haven’t read a single one who understand sexual selection theory, animal behavior, and sex differences research,” Miller added. Deborah Soh, who has a PhD in sexual neuroscience and works as a Toronto-based science writer, concurred with Miller. “Sex differences between women and men—when it comes to brain structure and function and associated differences in personality and occupational preferences—are understood to be true, because the evidence for them (thousands of studies) is strong.” “This is not information that’s considered controversial or up for debate; if you tried to argue otherwise, or for purely social influences, you’d be laughed at,” Soh said. Unfortunately, liberal-hacker-activists couldn’t handle the truth, and Quillette’s website took an arrow to the knee. Claire Lehmann, the founder of Quillette, told PJ Media that her website was especially susceptible to attack. While there are many programs that can be used to protect against DDoS attacks (which are when hackers flood websites with traffic to crash it), Claire said she didn’t have any. “I’m a small site and my technical skills are not at a high level, so I was unaware that I should have had these protections. Apparently they are fairly standard,” she told PJ Media. Her site, which has received endorsements from well-known figures such as Charles Murray and Richard Dawkins, has a history of publishing science-based journalism, but this is the first time they’ve suffered a DDoS attack, Lehman says. (Disclosure: I’ve written a few articles on higher education for them. Small world.) Lehmann, whose site has been dedicated to supporting alternative viewpoints since it launched in 2016, said her work is crucial to helping people see the truth behind things. “It’s important to hear alternative viewpoints so that we can work out what is the truth, and not merely consensus,” Lehmann said. “Over the past few years, both academic and media institutions have become highly conformist. And we know that groupthink leads to blindspots, which makes us unable to see what is actually true.” Source: https://pjmedia.com/trending/2017/08/09/libertarian-site-suffers-ddos-attack-after-supporting-google-worker/

View the original here:
Libertarian Site Suffers DDoS Attack After Supporting Google Worker

Ukrainian Postal Service Knocked Offline By Repeated DDoS

Ukrposhta, the national postal service in Ukraine, was hit with a two-day DDoS attack that began on Monday, knocking some systems offline. According to the Interfax news agency, the computer systems targeted by the unknown assailants are used to track customer parcels and shipments. Ukrposhta is managed by the Infrastructure Ministry in Ukraine, and employs almost 12,000 postal officers across the country and 76,000 employees in all—meaning that disruptions could have far-reaching effects. The company gave DDoS updates via its Facebook page yesterday. The latest (in translation) reads: “During the first wave of the attack, which began yesterday in the morning, our IT services could normalize the situation, and after 5 p.m., all the services on the site worked properly. But today, hackers are at it again. Due to their actions, both the website and services are working, but slowly and with interruptions.” Igal Zeifman, director of marketing at Imperva for the Incapsula product line, said via email that it sounds like Ukrposhta is dealing with several repeat assaults, occurring in rapid succession. “Recently, such tactics had become more common due to their ability to disrupt some security measures and cause fatigue to the people in charge of the attack mitigation, forcing them to stay alert even in the quiet time between the attacks,” he said. “In the first quarter of the year, we saw the number of such repeat assaults reach an all-time-high, with over 74% of DDoS targets attacked at least twice in the span of that quarter.” This is not the first time that Ukraine’s postal service has faced significant attacks this year. The country was ground zero for the Petya/NotPetya ransomware attacks that proliferated around the globe in June, which affected not just the postal service but also banks and the state-owned power companies, Ukenergo and Kyivenergo. Source: https://www.infosecurity-magazine.com/news/ukrainian-postal-service-repeated/

Read the original:
Ukrainian Postal Service Knocked Offline By Repeated DDoS

Chinese Telecom DDoS Attack Breaks Record

A distributed denial of service siege spanning more than 11 days broke a DDoS record for the year, according to a report from Kaspersky Lab. DDoS attackers launched a 277-hour attack against a Chinese telecom company in the second quarter of 2017, registering a 131% hourly increase compared to the longest attack recorded earlier this year, according to a report released this week by Kaspersky Lab. The 2017 DDoS Intelligence Report, which culls data from botnets detected and analyzed by Kaspersky Lab, says that the Chinese telecom siege that spanned more than 11 days is also, so far, a record for the year, demonstrating that long-lasting DDoS attacks have re-emerged. But pinpointing the reason for this rise is difficult. “There is no explanation why the length grew – such fluctuation happens from time to time,” says Oleg Kupreev, lead malware and anti-botnet analyst for Kaspersky Lab. The most powerful attack that the Kaspersky report notes occurred in the second quarter. It was 20GB per second, Kupreev says, adding that it lasted about an hour and used the connectionless User Datagram Protocol (UDP). Usually, most UDP flood attackers are not more than 4GB per second, he says. According to a Corero Network Security report, low-volume DDoS attacks still represent a majority of the sieges against networks. DDoS Attack Footprint Expands During the second quarter, the number of countries facing DDoS attacks jumped to 86 countries verses 72 in the first quarter, according to the report. The top 10 countries hit with attacks include the US, China, South Korea, Hong Kong, UK, Russia, Italy, France, Canada, and the Netherlands. “Online resources in one country can often be located on servers in another country – mostly in China, US, South Korea, and this is why these countries are always among the most targeted,” Kupreev says. Italy posted a 10-fold increase in DDoS attacks while the Netherlands experienced a 1.5x increase, which pushed Vietnam and Denmark off the top 10 list, according to the Kaspersky report. Ransom Without DDoS Attacks Rise A popular twist to ransom DDoS attack threats emerged in the second quarter, says Kupreev. Cybercrimminals would distribute their ransom threats to pay up or face a DDoS attack to a large group of companies, he says. But rather than send a short-term DDoS attack to show they mean business, no demo is sent with the hope that the company will pay the ransom on the threat alone, he explains. “Any fraudster who doesn’t even have the technical knowledge or skill to organize a full-scale DDoS attack can purchase a demonstrative attack for the purpose of extortion,” adds Kirill Ilganaev, head of Kaspersky DDoS Protection at Kaspersky Lab. “These people are mostly picking unsavvy companies that don’t protect their resources from DDoS in any way and therefore, can be easily convinced to pay ransom with a simple demonstration.” Despite a growing interest by cyberthieves to conduct a DDoS-less ransom scheme or a full-fledge DDoS Ransom attack, Kupreev says he does not expect this form of extortion to overtake normal DDoS attacks anytime soon. “The share of ‘normal’ DDoS attacks will always outnumber RDDoS, as there are many other reasons behind DDoS attacks in addition to money extortion: unfair competition, political struggle, hacktivism, smokescreening etc.,” Kupreev says. “Moreover, unavailability of online resources for many companies can be even more damaging than [the] amount of extortion.” Source: https://www.darkreading.com/attacks-breaches/chinese-telecom-ddos-attack-breaks-record-/d/d-id/1329518

See the article here:
Chinese Telecom DDoS Attack Breaks Record

FCC says its cybersecurity measures to prevent DDoS attacks must remain secret

The FCC has provided a few — very few — details of the steps it has taken to prevent attacks like the one that briefly took down its comment system in May. The agency has faced criticism over its secrecy regarding the event, and shows no sign of opening up; citing “the ongoing nature of the threats,” to reveal its countermeasures would “undermine our system’s security.” These cryptic comments are the first items of substance in a letter (PDF) sent to the House Energy and Commerce and Government Reform committees. Members thereof had sent letters to the FCC in late June asking what solutions it was implementing to mitigate or prevent future attacks. A cover letter from FCC Chairman Ajit Pai emphasizes the fact that millions of comments have been filed since, including 2 million in the 4 days following the attack. He writes that the Commission’s IT staff “has taken additional steps… to ensure the ongoing integrity and resiliency of the system.” What those steps are, however, he did not feel at liberty to say, except that they involve “commercial cloud providers” and “internet-based solutions.” Since the comment filing system is commercially cloud-hosted, and the system is fundamentally internet-based, neither of these descriptions is particularly revelatory. It’s not the security, it’s the communication The issue, however, isn’t that we are deeply afraid that another hacker will take down the system. After all, basic rate limiting and some analytics seem to have done the job and allowed record numbers of comments immediately after the attack stopped. The FCC was still writing reports and calling experts at the time the system had returned to full operation. The issue is the FCC’s confusing and misleading handling of the entire thing. The nature and extent of the attack is unclear — it’s described in a previous letter to concerned senators as a “non-traditional DDoS attack.” Supposedly the API was being hammered by cloud-based providers. What providers? Don’t they have records? Who was requesting the keys necessary to do this? Very little has been disclosed, and even requests of information circumstantial to the attacks have been denied. What is so sensitive about an analysis of the network activity from that period? Petitioners seeking to see communications pertaining to the attack were told much of the analysis was not written down. Even the most naive internet user would find it hard to believe that in a major agency of a modern bureaucracy, a serious attack on its internet infrastructure, concerning a major internet policy, would fail to be discussed online. The FCC also says it consulted with the FBI and agreed that the attack was not a “significant cyber incident” as such things are defined currently in government. For the curious: A cyber incident that is (or group of related cyber incidents that together are) likely to result in demonstrable harm to the national security interests, foreign relations, or economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people. Okay, that seems reasonable. So why is it being kept under wraps? Why are the countermeasures, which are probably industry standard, unable to be disclosed? How would disclosing the details of those security countermeasures undermine those systems? If it’s the “ongoing threat,” what is the threat exactly if not the pervasive threat of hacking faced by any public website, service or API? Have there been follow-up attacks we haven’t been informed of? The investigation is also ongoing, but in that case how could it fail to produce written records for FOIA requests like those already submitted? The more the FCC drags its feet and stammers out non-answers to simple questions regarding what it itself has categorized a non-major attack that happened months ago and did not significantly affect its systems, the less we trust what it does say. Concerned senators, representatives and others are not going to stop asking, however. Let’s hope whatever the FCC seems unwilling to share comes out before it ceases to be relevant. It would be a shame, for instance, to receive a full report on hackers bent on supporting one side of the net neutrality argument… the day after the FCC votes on the issue. Source: https://techcrunch.com/2017/07/31/fcc-says-its-cybersecurity-measures-to-prevent-ddos-attacks-must-remain-secret/

See more here:
FCC says its cybersecurity measures to prevent DDoS attacks must remain secret