Tag Archives: stop-dos

New Bank Attacks Expected Today?

Is another wave of distributed denial of service attacks imminent? For the past two weeks, DDoS attacks that caused online outages at several major U.S. banks started on Tuesday mornings and ended by Friday afternoons, says Mike Smith, a senior security evangelist at Akamai Technologies, an Internet platform provider. Smith and other security experts are standing by to see if this week brings a third round of attacks. While they wait, these thought-leaders offer insights in response to these outstanding questions: Why were banks unable to stop the DDoS attacks from causing outages? What steps should banks and other organizations take now to prepare for additional attacks? Technology does play a role in thwarting such attacks, says Smith, who also blogged about the attacks. But a renewed focus on information sharing is the best investment an organization can make, he says. “Packet captures from the attack traffic we shared with our customers, for instance, allowed them to build IDS [intrusion detection system] signatures, so when they first start to receive that traffic, they can block it,” he says. Why Attacks Succeeded DDoS attacks are not new – they have been around since at least 2001. Simply defined, a DDoS attack usually involves an external party saturating a targeted website with traffic until the site’s servers are overloaded, ultimately rendering the site unable to respond and unavailable. This is what happened to the banks, whose customer-facing websites subsequently faced varying degrees of unavailability. Yet as Anton Chuvakin, a security analyst at Gartner, pointed out in May, DDoS attacks seem to have become a “forgotten area” of security – until the latest string of incidents. “Denial-of-service attacks, in general, cannot be stopped,” Chuvakin says. “If their entire network connection is full of traffic, nothing they do on their own will remove the flood.” The recent wave of attacks is unique for its scale, Smith says. The average online user in the United States and Western Europe uses about 1 megabyte per Internet node per second. “Even at the height of the Anonymous attacks, we saw traffic coming in from 7,000 or 8,000 people [at approximately 1 gigabyte per second] involved in attacks at any given time,” he says. “That’s a lot.” But in the most recent attacks, the traffic coming in was the equivalent to about 65 gigabytes per second, Smith says. “A typical DDoS attack waged by a hacktivist group looks much different than what we saw here,” he says. “You would expect less than 1 gbps [gigabyte per second] of attack traffic for the average hacktivist, and would expect peaks up to, maybe, 2 gbps.” Avivah Litan, fraud analyst at Gartner who blogged about the attacks, says, based on what she’s been told, the attacks together added up to 100 gigabytes of traffic. “The leading DDoS prevention software, more or less, stops working when the attacks get larger than 60-70 gigabytes,” Litan writes. “The major ISPs only have a few hundred gigabytes bandwidth for all their customers, and even if they added more on to that, the hacktivists could quickly and easily eat the additional bandwidth up.” Where Did Attacks Originate? Recent attacks have been attributed to Izz ad-Din al-Qassam. But this group, which in the past has been known to support Hamas, has not historically been affiliated with hacktivism, says Bill Wansley, a fraud expert at financial-services consultancy Booz Allen Hamilton. “All of the sudden, for them to become a hacktivist group, it’s just really interesting,” Wansley says. “We’ve never seen that before” (see More U.S. Banks Report Online Woes). Thus, determining, with any certainty, who or what is actually behind the attacks has proven difficult. “There are indications it’s an Iranian group,” Wansley says, based on the IP addresses linked to the attack and the timestamp of the attacks. These latest attacks are unlikely to be the product of traditional hacktivists, experts say, citing this evidence: The sheer number of hits seem too large to be waged by social or political hacktivists. “The volume of the traffic is far higher than what we normally see,” Smith says. During a typical hacktivist attack, variations in the site traffic are evident. “The attacks in this case were homogeneous, which is not typical,” Smith says. “The traffic looked the same.” And there wasn’t a lot of bragging going on after the attacks, either, which also is typical in a hacktivist event. “The attacks are unique and seem to have a different character than previous [hacktivist] attacks,” Wansley says. How Can Organizations Respond? Although U.S. banks have been the initial targets of the latest DDoS attacks, experts say all organizations should be on notice: They could be next. Gregory Nowak, a principal research analyst for the Information Security Forum, says security leaders need to realize that these incidents are ideological attacks against the U.S. “The attacks have nothing to do specifically with the activities of these banks – they were innocent bystanders,” Nowak says. “The message is: This can happen to any organization, and they need to consider [hacktivism response] as part of their risk management” (see Banks Under Attack: PR Missteps). So, what can organizations do to prepare? Litan says DDoS is not an issue any individual organization can control. “It’s a networking bandwidth and network security software issue,” she says. “Simply put, the DDoS prevention software can’t handle this large of an attack, in terms of the bandwidth it consumes.” Among the steps organizations can take: Protect default online pages or homepages. “This is the page most commonly attacked in a DDoS and can be easily protected with basic caching,” Smith says. Communicate with ISPs about suspicious traffic. “The [organization] has to work with its ISP, and potentially other ISPs, to see if the ISP can identify the traffic before it gets to the website and drop it earlier in its travels,” says Alex Horan of CORE Security, an online security firm that specializes in vulnerability assessment and testing. “But the [organization] doesn’t want to accidently drop legitimate traffic when doing that, so it has to be very cautious.” But organizations also must know the privacy limitations ISPs face when it comes to blocking or removing computers or users linked to attacks. “We need every ISP to be able to work together,” Horan says. “While this appears to be in the ISPs’ favor, most would be reluctant to do it, as it would mean they would have to inspect the packets sent by their customers, and it could very easily be seen as an invasion of privacy.” What’s Next? DDoS attacks occur on a daily basis, Smith notes. So Institutions and others need to focus on intrusion detection and DDoS attack identification. ISPs also should have mechanisms in place to block DDoS attacks. “That way, they limit an attack against one customer and limit the impact to their other customers,” Smith says. “The ISP is the conduit; they are at risk, and they know this. That’s why they also usually offer protective services.” If the ISP with which an institution works does offer protective services, banks and others should take advantage, Smith says. But if the ISP doesn’t offer protective services or does not have the ability to filter traffic, the institution can at least block traffic coming in from IP addresses identified as being connected to an attack. Information sharing between banking institutions and among institutions, ISPs, law enforcement and third-party vendors is critical. “The attackers will change,” Smith says. “Understanding how those attacks are changing is critical.” For now, however, experts are anxious to see if the wave of attacks that targeted banks the last two weeks will continue. “What does this week hold?” Smith asks. “We’ll soon know if the pattern will continue.” For immediate DDoS protection click here . Source: http://www.bankinfosecurity.com/new-bank-attacks-expected-today-a-5155/p-2

Continued here:
New Bank Attacks Expected Today?

DDoS attack on GoDaddy takes down millions of websites

A massive DDoS attack struck GoDaddy’s name servers today, temporarily plunging thousands of websites into the internet abyss. “GoDaddy, the massive Web hosting company, went down on Monday, taking an untold number of websites with it,” reported CNN. Mashable.com reported, “The more problematic part is that any domain registered with GoDaddy that uses its nameservers and DNS records are also down. This means that even if you host your site elsewhere, using GoDaddy for DNS means it is inaccessible.” PC World reports: “In a YouTube video (http://www.youtube.com/watch?v=SPGBZWGUE2g), secretive hacking group Anonymous has taken credit for the outage, claiming the move is a reaction to the company’s support of the U.S. government’s efforts “to censor and control the Internet,” through its support of the Stop Online Privacy Act (SOPA).” But claiming Anonymous did this attack may be false, it turns out. The apparent attacker said, himself, that he was not affiliated with the Anonymous collective: “It is not Anonymous collective it’s only me. Don’t use Anonymous collective name on it, just my name,” wrote Twitter user Anonymous Own3r. (http://www.foxnews.com/tech/2012/09/10/every-godaddy-registered-site-…) Most likely scenario? A false flag cyber security attack in order to provide the excuse for Obama to sign a freedom-killing executive order focused on “cyber security.” The attack has taken down GoDaddy’s website, DNS servers, phone support and email accounts. It’s almost as if a nuclear bomb went off at GoDaddy headquarters. This attack appears to be hugely successful from the point of view of Anonymous hackers, although it’s not clear why GoDaddy was targeted in particular. GoDaddy manages 48 million domains spanning more than 9 million customers. The failure of its DNS likely means that millions of websites were taken offline. Domain Name Servers are a known vulnerability Domain Name Servers are a well-known vulnerability of the internet infrastructure. As this attack by Anonymous has masterfully demonstrated, DNS provides a centralized single point of attack that, if penetrated, can bring down literally millions of websites. DNS also provides a single point of government seizure, where rogue governments that hate free speech can take control over websites by commandeering their DNS records. For these reasons, you need to know how to reach NaturalNews.com even if DNS is compromised There is a workaround to DNS. You can bypass it and go straight to NaturalNews by simply entering the following “IP address” into your browser: 174.132.185.226 This is the equivalent of typing “NaturalNews.com” into your browser and it will work even if Domain Name Servers are being hacked or seized. This IP address will take you right to our website. It is our “digital address” recognized by all web browsers. WRITE THIS NUMBER DOWN on a piece of paper and carry it in your wallet or purse. Even if the Domain Name Servers are illegally seized by the government in an assault on the freedom of the press — or if they’re brought down by hackers as was demonstrated today — you can still use the IP address to reach us. If NaturalNews.com appears to be unreachable during a crisis event, revert to using the numbers instead of the name, and the site will likely respond. An even better way: Subscribe to our email newsletter An even better way to make sure you can hear from us is to subscribe to our FREE email newsletter (see subscription form below). Email is virtually impossible for anyone to block. Unless there’s a nuclear holocaust or something, we will always be able to email you with the latest alerts and information, even if our web servers are hacked or physically taken offline. Even if you don’t want to read our email newsletter each day, simply staying subscribed is valuable because we will be able to reach you with urgent alerts about what’s really happening. We don’t sell email addresses to anyone. Your privacy is completely protected, and you can unsubscribe at any time. Subscribing to our email newsletter is your way of allowing us to reach you even in a crisis, a seizure, or a hack attack. For fast DDoS protection against your eCommerce site click here . Source: http://www.naturalnews.com/037140_DDoS_attack_GoDaddy_Domain_Name_Servers.html

View article:
DDoS attack on GoDaddy takes down millions of websites

Anonymous Distributed Denial of Service ‘DDoS’ Attacks Take Down 3 UK Sites

The hacktivist group Anonymous staged a number of DDoS attacks on UK government websites yesterday in an apparent show of support for the controversial WikiLeaks founder Julian Assange, who remains stuck inside his Ecuadorean embassy bolt-hole as he attempts to avoid extradition to Sweden. Anonymous, who have been associated with numerous distributed denial of service attacks in the past, yesterday claimed to have taken down a number of high profile government sites in the UK, including the Justice Department website and “Number 10”, the official website of Britain’s prime minister. In addition, it’s believed that the hacktivist collective was also responsible for taking down the UK’s Department of Work and Pensions website on the same day. The group later claimed through its @AnonIRC Twitter that the attacks were part of “#OpFreeAssange, in reference to the WiliLeaks founder that they have long supported. The Ministry of Justice later confirmed the attack in the following statement: “The Ministry of Justice website was the subject of an online attack last night at around 2000 hours. This is a public information website and no sensitive data is held on it. No other Ministry of Justice systems have been affected. Measures put in place to keep the website running mean that some visitors may be unable to access the site intermittently. We will continue to monitor the situation and will take measures accordingly.” As of this morning, it appears that the Department of Work and Pensions site is now running normally, but the Ministry of Justice said that it’s still experiencing some problems with its website, and that it cannot give a time frame for when the problems might be solved. Number10.gov.uk also remains down, with no word from the government as to when it might be back. Source: http://siliconangle.com/blog/2012/08/21/opfreeassange-anonymous-ddos-attacks-take-down-3-uk-sites/

Read the original:
Anonymous Distributed Denial of Service ‘DDoS’ Attacks Take Down 3 UK Sites

WikiLeaks Back In Business After Being Hit By A Week Of Distributed Denial of Service ‘DDoS’ attack

The WikiLeaks website came back online last Tuesday after being down for almost a week due to Distributed Denial of Service Attack (DDoS). The secret-leaking organization says it has been targeted by DDoS making its website inaccessible or sluggish for several days. The attack was said to have began at the beginning of August and has intensified to affect other affiliated sites. A group calling itself “AntiLeaks” claimed responsibility for the attacks following their post on Twitter saying that they were against Julian Assange’s intention to seek political asylum in Ecuador. DDoS attacks work by sending heavy amount of traffic to the servers of a website in the hopes to overload them and to force them to shut down. Such type of attack is the most common form of cyber attacks. According to Wiki Leaks, its servers have been flooded with 10 gigabits per second of fake traffic from thousands of different machines. Experts monitoring the issue noted that the amount of traffic is larger than the usual attacks seen in the past few years. AntiLeaks claim it has no ties to the United States government or any other governments tagged as enemies of WikiLeaks. Many people thinks the DDoS attacks on WikiLeaks was a response to the whistleblower website’s posting of documents showing how TrapWire works. TrapWire is a system being utilized in the US to counter terrorism by collecting and analyzing footages from security cameras and license plate readers around the country. Details about the counterterrorism surveillance system were revealed by Anonymous following an email hacking incident on security intelligence firm Stratfor. WikiLeaks released the documents obtained by Anonymous early this year. Observers believe that it’s a secret digital surveillance effort currently being used around the world. For fast protection for DDoS for your e-commerce website click here . Source: http://thedroidguy.com/2012/08/wikileaks-back-in-business-after-being-hit-by-a-week-of-hacking-attack/

Taken from:
WikiLeaks Back In Business After Being Hit By A Week Of Distributed Denial of Service ‘DDoS’ attack

Super-Charged Distributed Denial of Service ‘DDoS’ attack Spike In 2012

This year has seen distributed denial of service (DDoS) attackers increase the power of DDsS attacks massively, according to figures exclusively shown to TechWeekEurope. DDoS attacks see servers overwhelmed with traffic, causing a target’s website to go down. All kinds of organisations use DDoS attacks, from hacktivists like Anonymous to private companies wanting to stymie competition, and figures have shown they are upping their efforts. The average size of an attack went up 27 percent in 2012, hitting 1.56Gbps in June, compared to 1.23Gbps in 2011, second quarter data from anti-DDoS vendor Arbor Networks showed. June’s average attack speed was 82 percent up on the same month in 2011. There was also a return to growth in super-powered hits, with a 105 percent rise in the proportion of DDoS attacks measuring in at over 10Gbps. Between 2011 and 2010 that proportion was down 34 percent. Multi-vector DDoS attacks Arbor told TechWeekEurope that attackers were increasingly combining big volumetric attacks with stealthy application-level attacks, which are harder to identify due to a lower level of traffic. “We are still seeing a lot of the more stealthy application layer attacks going on out there, although now they are quite often accompanied by a volumetric attack. Attackers have learned that by generating application and volumetric attacks (multi-vector ) at the same time they can take sites and services down, and keep them down, for longer periods,” said Darren Anstee, solutions architect at Arbor. “Using multiple vectors makes it more difficult for operational security teams to figure out exactly what is going on, as different parts of the attack can impact different areas of infrastructure. Application layer attacks target the application servers, state-exhaustion attacks target firewalls, load balancers etc.” Despite the rise in DDoS power, the highest powered attacks have hit something of a plateau. The biggest monitored attack so far this year came in at 100.84Gbps, lasting 20 minutes, where 2011’s record of 101.394Gbps has not yet been surpassed in 2012. “It does appear that on the Gigabit per second side of things, right at the top end, attacks sizes may have plateaued. Why? It could be that 100Gbps of attack traffic is ‘all’ that is required to take down anything that has been targeted thus far, or, we could have reached some kind of limitation in some of the tools,” Anstee said. For the first time, the port used for Xbox Live connections (port 3074) showed up on Arbor’s findings, taking up 0.76 percent of attacks. Port 80, used by the HTTP protocol, is the prime target for DDoSers, with 29 percent of strikes hitting it in Q2. “There are unfortunately quite a lot of attacks between on-line gamers (this is multiplayer online gaming, rather than gambling). These attacks are used either to give one player an advantage over another, or avenge a defeat,” Anstee added. Botnets are a major part of the problem, as TechWeekEurope’s recent investigation into the underground DDoS market found. Law enforcement and industry firms continue to work with one another on knocking down botnets, as seen in last week’s effort to kill off super-spammer Grum. But most believe arrests are needed to truly counter the rise of malicious networks. For fast DDoS protection click here . Source: http://www.techweekeurope.co.uk/news/ddos-attacks-power2012-86926

Visit link:
Super-Charged Distributed Denial of Service ‘DDoS’ attack Spike In 2012

Distributed Denial of Service ‘DDoS’ blackmailers busted in cross-border swoop

Cyber hoodlums targeted gold and silver traders Chinese and Hong Kong cops are hailing another success in their cross-border cyber policing efforts with the scalp of a high profile DDoS blackmail gang which targeted gold, silver and securities traders in the former British colony. Six cyber hoodlums were arrested on the mainland in Hunan, Hubei, Shanghai and other locations at the end of June, according to a report in local Hong Kong rag The Standard. Some 16 Hong Kong-based firms including the Chinese Gold & Silver Exchange were targeted in the scheme designed to blackmail them to the tune of 460,000 yuan (£46,200). The gang apparently threatened to cripple their victims’ web operations with distributed denial of service (DDoS) attacks if they didn’t cough up. Four of the targeted firms transferred funds totalling 290,000 yuan (£29,150) into designated bank accounts in mainland China, the report said. A source also told The Standard that some of the victims may have been involved in some shady dealings themselves, which made them more reluctant to seek police help. Roy Ko, centre manager of the Hong Kong Computer Emergency Response Team (HKCERT) told The Reg that the arrests are an indication of improving cross-border cyber policing efforts. “Working with counterparts cross border is always a challenge because of different practices, languages, different time zones and so on. Usually, HK and the mainland maintain a good working relationship, just like the HKCERT and CNCERT,” he said. “Because we are in the same time zone, the response is usually quicker than working with the US, for example, where we have to wait until the next day to get a response.” Ko also warned that the attacks show this form of cyber threat is still a popular one for avaricious criminal gangs. “Firms have to assess whether they are a probable target of such an attack – ie whether they rely heavily on the internet to do business – and then prepare countermeasures,” he added. “Subscribing to an anti-DDoS service may be part of the protection strategy in addition to anti-malware, firewall, etc.” Hong Kong businesses have been warned before that they’re fair game to hackers from neighbouring China. Source: http://www.theregister.co.uk/2012/07/04/hong_kong_china_bust_ddos_gang_blackmail/

Excerpt from:
Distributed Denial of Service ‘DDoS’ blackmailers busted in cross-border swoop

Legal blog site suffered Distributed Denial of Service ‘DDoS’ attack

When a blog that typically attracts 30,000 visitors a day is hit with 5.35 million, its operators had better have been prepared for what seems way too big to be called a spike. The popular SCOTUSblog, which provides news and information about the United States Supreme Court, was put to this test last week after the historic healthcare ruling and it passed with flying colors, thanks to months of planning and a willingness to spend $25,000. “We knew we needed to do whatever it took to make sure we were capable of handling what we knew would be the biggest day in this blog’s history,” says Max Mallory, deputy manager of the blog, who coordinates the IT. The massive traffic spike was somewhat of a perfect storm for SCOTUSblog, which Supreme Court litigator Tom Goldstein of the Washington, D.C., boutique Goldstein & Russell founded in 2002. Not only is the site a respected source of Supreme Court news and information, but in the days leading up to the ruling, buzz about the blog itself began picking up. President Barack Obama’s press secretary named SCOTUSblog as being one source White House officials would monitor to hear news from the court. When the news broke, two of the first media organizations to report it — Fox News and CNN — got the ruling wrong. Many media outlets cited SCOTUSblog as being the first to correctly report that the Supreme Court upheld the Affordable Care Act in a 5-4 decision. But even before “decision day,” as Mallory calls it, the small team at SCOTUSblog knew Thursday would put a lot of strain on the blog’s IT infrastructure. The first indications came during the health care arguments at the Supreme Court in March, when SCOTUSblog received almost 1 million page views over the three days of deliberations. The blog’s single server at Web hosting company Media Temple just couldn’t handle the traffic. “That was enough to crash our site at various points throughout those days and it just generally kept us slow for a majority of the time the arguments were going on,” Mallory says. In the weeks leading up to the decision, Mallory worked with a hired team of developers to optimize the website’s Java code, install the latest plugins and generally tune up the site. Mallory realized that wouldn’t be enough, though. No one knew for sure when the high court would release the most anticipated Supreme Court case in years, but each day it didn’t happen there was a greater chance it would come down the next day. Traffic steadily climbed leading up to the big day: The week before the ruling the site saw 70,000 visitors. Days before the decision, the site got 100,000. “It became clear we weren’t going to be able to handle the traffic we were expecting to see when the decision was issued,” Mallory says. A week before the decision, Mallory reached out to Sound Strategies, a website optimization company that works specifically with WordPress. The Sound Strategies team worked throughout the weekend recoding the SCOTUSblog site again, installing high-end caching plugins, checking for script conflicts and cleaning out old databases from previous plugins that had been removed. The team also installed Nginx, the open source Web server, to run on the Media Temple hardware. All of the improvements helped, but when the decision did not come on Tuesday, July 26, it became clear that Thursday, July 28, the last day of the court’s term, would be decision day. Mallory was getting worried: Earlier in the week SCOTUSblog suffered a distributed denial-of-service (DDOS) attack targeting the website. That couldn’t happen on Thursday, when the court would issue the ruling. “This was our time, it just had to work,” Mallory says. The night before decision day, Mallory and Sound Strategies took drastic measures. Mallory estimated the site could see between 200,000 and 500,000 hits the next day, so the group decided to purchase four additional servers from Media Temple, which Sound Strategies configured overnight. SCOTUSblog ended up with a solution Thursday morning that had a main server acting as a centralized host of SCOTUSblog, with four satellite servers hosting cached images of the website that were updated every six minutes. A live blog providing real-time updates — which was the first to correctly report the news — was hosted by CoveritLive, a live blogging service. As 10 a.m. EDT approached, the system began being put to the test. At 10:03, the site was handling 1,000 requests per second. By 10:04 it had reached 800,000 total page views. That number climbed to 1 million by 10:10, and by 10:30 the site had received 2.4 million hits. Because of the satellite caching, Mallory says, the site was loading faster during peak traffic than it ever had before. In post-mortem reviews, Sound Strategies engineers said they found evidence of two DDoS attacks, one at 9:45 a.m. and another at 10 a.m., which the servers were able to absorb. “We built this fortress that was used basically for two hours that morning,” Mallory says. “It worked and it never slowed down.” Since the healthcare decision, SCOTUSblog has seen higher-than-normal traffic, but nowhere near the 5 million page views the site amassed on the biggest day in the blog’s history. “It was a roller coaster,” Mallory says. “You can have the best analysis, the fastest, most accurate reporting, but if your website crashes and no one can see it that moment, it doesn’t matter.” Source: http://www.arnnet.com.au/article/429473/how_legal_blog_survived_traffic_tidal_wave_after_court_healthcare_ruling/?fp=4&fpid=1090891289

Read the original post:
Legal blog site suffered Distributed Denial of Service ‘DDoS’ attack

Distributed Denial of Service `DDoS` mitigation a key component in network security

`Attacker motivations behind distributed denial-of-service attacks (DDoS) have shifted away from solely financial (for example, the extortion of online gambling sites and retailers) toward socially and politically motivated campaigns against government websites, media outlets and even small businesses. Hacktivist collectives such as Anonymous, LulzSec and others have used DDoS attacks to damage a target’s reputation or revenue since December 2010 when Anonymous began targeting corporate websites that opposed Wikileaks. At that time, attacks were conducted using botnets to flood sites’ servers with large quantities of TCP or UDP packets, effectively shutting down the sites for hours at a time. Today, botmasters have begun to use more complex strategies that focus on specific areas of the network, such as email servers or Web applications. Others divert security teams’ attention with DDoS flood attacks while live hackers obtain the actual objective, valuable corporate or personal information. This tactic was utilized in the infamous attack against Sony in 2011, according to Carlos Morales, the vice president of global sales engineering and operations at Chelmsford, Mass.-based DDoS mitigation vendor Arbor Networks Inc. Rapid growth in the sophistication of DDoS attacks combined with the prevalence of attacks across markets makes for a dangerous and fluid attack landscape. Security researchers and providers agree that it’s becoming more important for companies to protect themselves from denial-of-service attacks, in addition to implementing other measures of network security. DDoS attacks can quickly cripple a company financially. A recent survey from managed DNS provider Neustar, for example, said outages could cost a company up to $10,000 per hour. Neustar’s survey, “DDoS Survey Q1 2012: When Businesses Go Dark” (.pdf), reported 75% of respondents (North American telecommunication, travel, finance, IT and retail companies who had undergone a DDoS attack) used firewalls, routers, switches or an intrusion detection system to combat DDoS attacks. Their researchers say equipment is more often part of the problem than the solution. “They quickly become bottlenecks, helping achieve an attacker’s goal of slowing or shutting you down,” the report stated. “Moreover, firewalls won’t repel attacks on the application layer, an increasingly popular DDoS vector.” For those reasons, experts suggest companies with the financial and human resources incorporate DDoS-specific mitigation technology or services into their security strategy. Service providers such as Arbor Networks, Prolexic and others monitor traffic for signs of attacks and can choke them off before downtime, floods of customer support calls, and damage to brand or reputation occur. Purchasing DDoS mitigation hardware requires hiring and training of employees with expertise in the area, but experts say that can be even more expensive. “In general, it’s very hard to justify doing self-mitigation,” said Ted Swearingen, the director of the Neustar security operations center. All the additional steps a company has to take to implement their own DDoS mitigation tool, such as widening bandwidth, increasing firewalls, working with ISPs, adding security monitoring and hiring experts to run it all, make it a cost-ineffective strategy in the long term, he said. Three percent of the companies in Neustar’s survey reported using that type of protection. In some cases, smaller DDoS mitigation providers even turn to larger vendors for support when they find themselves facing an attack too large, too complex or too new to handle on their own. Secure hosting provider VirtualRoad.org is an example. The company provides protection from DDoS attacks for independent media outlets in countries facing political and social upheaval—places where censorship by the government or other sources is rampant, such as Iran, Burma and Zimbabwe. A specific niche like that in a narrow market with small clients doesn’t usually require extra support, but VirtualRoad.org has utilized its partnership with Prolexic a few times in the last year, according to CTO Tord Lundström. They have their infrastructure to deal with attacks, Lundström said, but they also have parameters for the volume and complexity that they can handle. When it gets to be too much, they route the traffic to Prolexic, a security firm that charges a flat fee regardless of how many times you are attacked. “It’s easy to say, ‘We’ll do it when an attack comes,’ and then when an attack comes they say, ‘Well, you have to pay us more or we won’t protect you,’” Lundström said of other services. Extra fees like that are often the reason why those who need quality DDoS protection, especially small businesses like VirtualRoad.org clients, can’t afford it, he said. The impact can be worse for companies if the DDoS attack is being used as a diversion. According to a recent survey by Arbor Networks, 27% of respondents had been the victims of multi-vector attacks. The “Arbor Special Report: Worldwide Infrastructure Security Report,” which polled 114 self-classified Tier 1, Tier 2 and other IP network operators from the U.S. and Canada, Latin/South America, EMEA, Africa and Asia, stated that not only is the complexity of attacks growing, but the size as well. In 2008, the largest observed attack was about 40 Gbps. Last year, after an unusual spike to 100 Gbps in 2010, the largest recorded attack was 60 Gbps. This denotes a steady increase in the size of attacks, but Morales of Arbor Networks believes the numbers will eventually begin to plateau because most networks can be brought down with far smaller attacks, around 10 Gbps. Even if they stop growing, however, DDoS attacks won’t stop happening altogether, Morales said. Not even the change to IPv6 will stop the barrage of daily attacks, as some were already recorded in the report. Because of the steady nature of this attack strategy, experts suggest all companies that function online prepare themselves for this type of attack by doing away with the “it won’t happen to me” attitude. Luckily, recent “hacktivist” activities have given DDoS attacks enough press that CSOs and CEOs are starting to pay attention, but that’s just the first step, Morales said. It’s important to follow through with getting the protection your business needs if you want to achieve the goal, said VirtualRoad.org’s Lundström. “The goal is to keep doing the work,” he said. Source: http://searchsecurity.techtarget.com/news/2240159017/DDoS-mitigation-a-key-component-in-network-security

Follow this link:
Distributed Denial of Service `DDoS` mitigation a key component in network security

Asia to see rise in cloud DDoS security biz

COMMUNICASIA, SINGAPORE–With the rise of cloud services adoption, businesses also have escalating security concerns over distributed denial of service (DDoS) attacks, and that presents an opportunity for carrier service providers to offer cloud-based DDoS protection, which one industry executive adds is set to gain traction in Asia. Among enterprises, the constant discussion around cloud to make it “sexy and pervasive” to customers cannot ignore the question of what happens when the cloud service becomes unavailable due to an attack, said Lau Kok Khiang, director for Asia-Pacific IP division at Alcatel-Lucent. There is hence “strong pent-up demand” for cloud-based DDoS protection, for which carrier cloud services are in a good position to provide, he said. Lau was presenting at the Telco Rising Cloud conference in CommunicAsia here Tuesday. Large attacks have become commonplace, and enterprises are basically losing the arms race in the Internet security space, Lau described. Among the various DDoS attacks in 2011 alone that saw businesses worldwide suffer a “great amount of damage” involved Sony PlayStation Network, the Hong Kong stock exchange, Visa, MasterCard, PayPal, and WordPress, he pointed out. The executive emphasized that cloud-based DDoS security was a “win-win” scenario for both the service provider and enterprise customers. For the service provider, it is a new revenue opportunity, which also complements existing enterprise services such as virtual private network (VPN) and business broadband. Additionally, this could help drive customer stickiness, Lau said. That is because from the customers’ point of view, having cloud-based DDoS protection ensures 24-by-7 availability of the cloud services they use, which mean better safeguards for their enterprise assets such as confidential client data, he added. On the event sidelines, Lau told ZDNet Asia that cloud DDoS security is set to gain traction in Asia, due to increasing awareness of the risks and prevalence of DDoS. This will prompt companies to consider cloud DDoS protection as added security measures, in order to ensure their service availabilities meet customer demands as well as industry-specific regulations. Also, apart from commercial entities, governments in the region are also pushing the message that organizations need to protect themselves from becoming the next victim of an attack, he added, referring to the massive DDoS attacks that disrupted Internet services in Myanmar in November 2010. Another speaker at the conference, Anisha Travis, partner at law firm Webb Henderson, said while the cloud has benefits and opportunities for businesess, they should go into space with “their eyes open”. In other words, they need to understand and prepare for mitigate the major risks associated with cloud, one of which is service levels, she pointed out during her presentation. It is essential that service level agreements (SLAs) are well-drafted for specific service levels and must also include “practical remedies” when there is downtime or outage, Travis advised. Customers cannot rely solely on the service provider, and should do their due diligence in clarifying ownership, consequences, and failures, she added. Source: http://www.zdnetasia.com/communicasia/asia-to-see-rise-in-cloud-ddos-security-biz-62305165.htm

More here:
Asia to see rise in cloud DDoS security biz

Indian ISPs targeted in Anonymous censorship protest

The websites of Indian government-run communications company Mahanagar Telephone Nigam and the Internet Service Providers Association of India faced DDoS (distributed denial of service) attacks from Anonymous on Wednesday as some Internet service providers continue to block file-sharing websites following a court order. ISPs are only following the orders of the court which are supreme, said Rajesh Chharia, president of ISPAI, who was doubtful that the association’s website had been affected by the hackers. The Indian arm of Anonymous previously attacked some government websites, and those of some political parties. Last month, users reported that the hackers tinkered with the service of a large ISP, Reliance Communications, redirecting its users from sites like Facebook and Twitter to a protest page. The hackers also claimed to have attacked the website and servers of Reliance, and got access to a large list of URLs blocked by the company. Reliance denied its servers were hacked. The attacks follow a March court order directing ISPs to prevent a newly released local movie from being available online in pirated versions. Some ISPs blocked some file-sharing sites altogether, rather than any offending URLs. The measures taken by the ISPs have differed depending on their interpretation of the order, Chharia said. Some websites such as The Pirate Bay continue to be blocked by some ISPs and carried the message, “This website/URL has been blocked until further notice either pursuant to Court orders or on the Directions issued by the Department of Telecommunications.” Pastebin is also not accessible through some ISPs. Internet service providers are against censorship, and also against piracy, Chharia said. “It is up to the government and various groups to come to a resolution,” he added. The responsibility of intermediaries has been a controversial issue in India, with some Internet companies including Google and Facebook sued in court late last year for objectionable content found on their sites. Their websites have been attacked as blocks on some file-sharing sites continue Anonymous meanwhile plans on June 9 what it describes as non-violent protests across many cities in India against censorship of the Internet in the country. It claims to have already received police permission for some of the protests. The scope of the protests has widened to include demands for changes in the India’s Information Technology Act, which among other things allows the government to block websites under certain conditions, and also allows the removal of online content by notice to ISPs. The government is also in the process of framing rules that will put curbs on freedom on social media, according to the hacker group. Source: http://www.computerworld.com/s/article/9227804/Indian_ISPs_targeted_in_Anonymous_censorship_protest

See more here:
Indian ISPs targeted in Anonymous censorship protest