Tag Archives: traffic

NETSCOUT Arbor Insight enhances security and operational awareness for network operators

NETSCOUT SYSTEMS introduced Arbor Insight, a technology that when combined with Arbor Sightline enhances and extends threat detection, service delivery, and network operator visibility to address the evolving threat landscape. With DDoS attack traffic continuing to exceed pre-pandemic levels and ISPs presenting a broader threat surface, network operators of all scales need unconstrained, multi-dimensional visibility into the traffic running across their networks to optimize their defenses. Combined solution set of Sightline with Insight leverages ASI, … More ? The post NETSCOUT Arbor Insight enhances security and operational awareness for network operators appeared first on Help Net Security .

More here:
NETSCOUT Arbor Insight enhances security and operational awareness for network operators

There’s NordVPN odd about this, right? Infosec types concerned over strange app traffic

Firm explains but security folk not appy with clarifications Weird things are afoot with NordVPN’s app and the traffic it generates – Reg readers have spotted it contacting strange domains in the same way compromised machines talk to botnets’ command-and-control servers.…

Read this article:
There’s NordVPN odd about this, right? Infosec types concerned over strange app traffic

Silence of the WANs: FBI DDoS-for-hire greaseball takedowns slash web flood attacks ‘by 11%’

Fed bust of massive attack network caused traffic loads to plummet in Q4 The FBI’s takedown of a group of prolific DDoS-for-hire websites has single-handedly helped to drop attack levels globally.…

More:
Silence of the WANs: FBI DDoS-for-hire greaseball takedowns slash web flood attacks ‘by 11%’

Sad-sack Anon calling himself ‘Mr Cunnilingus’ online is busted for DDoSing ex-bosses

Electronics tutor’s taunts come back to haunt him An electronics technician pleaded guilty on Wednesday to orchestrating distributed denial of service (DDoS) attacks on a former employer and other organizations – and to unlawfully possessing a firearm as a former felon.…

Link:
Sad-sack Anon calling himself ‘Mr Cunnilingus’ online is busted for DDoSing ex-bosses

Someone is trying to take down the Drudge Report, and it’s a mystery who’s behind it

The Drudge Report, the highly trafficked conservative news website, has been knocked offline for extended periods during the past two weeks, succumbing to large distributed denial of service attacks, according to its founder, Matt Drudge. And it’s a mystery who’s behind it. Drudge wrote on Twitter that a December 30 attack was the “biggest DDoS since site’s inception.” A DDoS attack is executed by using hijacked computers or electronic devices to flood a website with redundant requests, aiming to overload the website’s hosting server and render it unavailable. But, according to cybersecurity experts who spoke with Business Insider, using such a method to take down the Drudge Report would not be easy. The site is already equipped to handle a high volume of visitors and scale out to accommodate spikes in traffic. Moreover, a website that generates so many page views would most likely employ strong defense measures, the cybersecurity experts said. “The Drudge Report has a massive readership,” said Ajay Arora, the CEO and cofounder of the cybersecurity firm Vera. “Generally someone that has that kind of viewership is going to have sophisticated hosting and counter defenses against DDoS attacks.” Since emerging in 1996, the Drudge Report has been a home to conservatives who feel disenfranchised by traditional media. Drudge has marketed his site as a news destination not controlled by corporate interests or politicians. And he’s had great success. SimilarWeb, an analytics firm, continually ranks the Drudge Report as one of the five most-trafficked media publishers in the US. According to analytics posted to the site, the Drudge Report has amassed about 775 million page views in the past 31 days — all with hardly any traffic coming from social-media channels. It’s a high-prized target, one that now sees itself under attack by an unknown culprit. Drudge has pointed the finger at the US government, tweeting that the traffic that downed his website had “VERY suspicious routing [and timing].” “Attacking coming from ‘thousands’ of sources,” he wrote on Twitter. “Of course none of them traceable to Fort Meade…” Drudge seemed to imply that his site was taken down in connection with punishment leveled against Russia for election-related hacking. The first attack on his site came hours after President Barack Obama announced the US would impose sanctions against Moscow, and the Drudge Report had previously been identified in a discredited Washington Post story as responsible for spreading Russian propaganda. “Maybe they think this is a proportional counterattack to Russia,” tweeted Sharyl Attkisson, a former CBS News investigative journalist. “After all they have decided @Drudge is Russian fake news, right?” Neither the White House nor the Office of the Director of National Intelligence responded to requests for comment. But cybersecurity experts who spoke with Business Insider discounted Drudge’s claim on grounds that the government attacking a US journalist’s site would be a blatant violation of the Constitution — as well as generally improbable. “If Putin wanted to take down a website, I’m sure he could order it,” said Jared DeMott, a former security engineer for the National Security Agency who is now the chief technology officer of Binary Defense Systems. “If Obama wanted to do something like that, he’d have to go to different people. It would be a hard conversation to have.” “Maybe if there was a military reason to have it,” DeMott added. “But domestically, there is no way.” DeMott, however, posited that another nation-state could be the potential culprit. “It definitely could be a nation-state,” he said. “They do stuff like that on an ongoing basis, whether they are looking for intel or trying to destabilize a political region.” Arora of the firm Vera agreed, saying that only a “small number of groups” in the world had the sophistication necessary to execute an attack to take out the Drudge Report for extended periods. “I would say it would be a group or nation-state that has pretty sophisticated methods and means,” he said. “Given the fact it’s happened a number of times and is persistent for well over a few minutes, and it’s coming from multiple sources, against a site that would have a lot of protection, it would indicate it’s someone pretty sophisticated.” Chris Weber, the cofounder of Casaba Security, agreed that because the Drudge Report was “getting so much traffic already,” a DDoS attack would need to be on a far “greater magnitude” to be effective against it. “It does seem unlikely that the Drudge Report would be easily taken down or slowed significantly by a standard DDoS attack,” he said. He surmised that the attack that took down the site was perhaps more on the scale of the massive cyberattack that temporarily knocked out Dyn, a large DNS company, in October. WikiLeaks said its supporters were behind that attack as a show of support for the group’s founder, Julian Assange. Outside nation-states, it is equally probable that the Drudge Report has come under fire from a “hacktivist” organization, perhaps unhappy with the political views espoused by the site’s founder. Drudge has always been a controversial conservative figure, but in 2016 he went all-in for President-elect Donald Trump, often igniting controversy with inflammatory headlines emblazoned on his site. But hacktivist organizations almost always take credit after a successful attack has been executed, experts said. So far, no one has claimed credit for the attacks on the Drudge Report. And without a group taking credit, it may be impossible to determine the culprit. “Attribution has always been hard in cyber,” DeMott said. “The science is just quite not mature.” Arora said any information Drudge “can provide in terms of motives” to a cybersecurity team would be helpful in identifying the responsible party. “There’s a lot of people that don’t like Matt Drudge,” he said. “He likes to push people’s buttons. Anyone who he specifically has knowledge of, who would be out to get him.” Arora added: “It’s not just a technology question. It’s also a motive question.” Source: http://www.businessinsider.com/hackers-ddos-drudge-report-2017-1

See the article here:
Someone is trying to take down the Drudge Report, and it’s a mystery who’s behind it

Russian telecom giant repels DDoS attacks on country’s 5 largest financial institutions

Russian telecom giant Rostelecom has thwarted DDoS-attacks on the five largest banks and financial institutions in the country, the company said in a statement. All the attacks were recorded on December 5, 2016, the longest of them lasting for over two hours, Rostelecom said on Friday. “The analysis of the attack sources carried out by Rostelecom specialists revealed that the traffic was generated from the home routers of users who are usually referred to IoT devices,” Muslim Medzhlumov, director of the Cybersecurity Center for Rostelecom, said in a statement , published on the company’s website. “A distinctive feature of the attacks was that they were organized with the help of devices that support the CWMP Management Protocol (TR-069). A few weeks ago, a serious vulnerability was revealed in the implementation of this protocol on a number of devices from different manufacturers, which allows attackers [to] organize DDoS-attacks. At the beginning of last week, the largest German operator Deutsche Telecom was subjected to an attack on users’ home devices, as well as the Irish provider Eircom,” he explained. The Russian Federal Security Service (FSB) reported on December 2 that it had received intelligence of foreign intelligence services preparing large-scale cyber-attacks in Russia in the period starting from December 5, 2016, aimed at destabilizing Russia’s financial system and the activities of a number of major Russian banks. A RIA Novosti source close to the Central Bank reported that the Bank of Russia recorded several attacks on December 5 on the site of VTB Bank Group. On Tuesday, Russian President Vladimir Putin signed into effect an updated doctrine on information security. It states that the limitless flow of information has a negative impact on international security, as it can be employed to pursue geopolitical and military goals, thus favoring organized crime, extremists and terrorists. The doctrine notes that Russian government agencies, scientific centers, and military industries are being targeted by foreign intelligence services by means of electronic and cyber surveillance. To counter threats and challenges in the information environment, Russia will build “strategic deterrents” and step up efforts to “prevent armed conflicts that stem from the use of IT.” The doctrine also instructs government agencies to strengthen critical information infrastructure to protect against cyber and computer network attacks. Source: https://www.rt.com/news/369738-ddos-attacks-russia-banks/

Excerpt from:
Russian telecom giant repels DDoS attacks on country’s 5 largest financial institutions

Last month’s botnet DDoS happened because a gamer was mad at PSN

Remember last month, when a Mirai botnet attack brought down half the internet? On October 21, a Distributed Denial of service attack that employed swarms of unsecured “Internet of Things” devices was laser focused on a global DNS provider, making much of the internet unusable for many. Here’s what Dyn, the targeted DNS provider, said of the attack then: “At this point we know this was a sophisticated, highly distributed attack involving 10s of millions of IP addresses. We are conducting a thorough root cause and forensic analysis, and will report what we know in a responsible fashion. The nature and source of the attack is under investigation, but it was a sophisticated attack across multiple attack vectors and internet locations. We can confirm, with the help of analysis from Flashpoint and Akamai, that one source of the traffic for the attacks were devices infected by the Mirai botnet. We observed 10s of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack.” 10 million devices, flooding networks with garbage traffic. Why? According The Wall Street Journal, it’s because one angry gamer was pissed about Sony’s PlayStation Network. Says Dale Drew, CSO of Level 3 Communications: “We believe that in the case of Dyn, the relatively unsophisticated attacker sought to take offline a gaming site with which it had a personal grudge and rented time on the IoT botnet to accomplish this.” While Drew hasn’t said which gaming site, The Wall Street Journal has, saying that the entire outage was brought about because somebody was mad at Sony. According to Forbes, all it took was buying the attack on the deep, dark web for $7500. The attack lasted for less than a full day. Is that worth over R100 000? That’s money that could have been spent on – materialistically – moving to another platform. Source: http://www.lazygamer.net/gaming-news/last-months-botnet-ddos-happened-gamer-mad-psn/

Visit site:
Last month’s botnet DDoS happened because a gamer was mad at PSN

Could a DDoS wipe out Black Friday online sales?

Don’t miss out on Black Friday sales: why retailers must prepare for DDoS threat to online shopping. The recent spate of Distributed Denial of Service (DDoS) attacks should be a call to action for online retailers to prepare their defences in the run-up to Black Friday. DDoS attacks flood a target website with redundant traffic and take it offline. This is bad news for any company with an online presence; it can damage the company’s image in the eyes of potential customers if they attempt to access support services, for example, and find that the site is not operational. But with retail, the threat is an existential one and in the case of Black Friday could make the difference between success and bankruptcy. An example of an existential DDoS was seen earlier this month when the website of bookmaker William Hill was attacked and taken offline for around 24 hours. The threat is not new to the betting industry; in 2004, the online betting industry was hit with DDoS attacks during the Cheltenham horse races. The technical team for the website worked tirelessly to restore service, but estimates of the company’s losses are in the millions of pounds. These seem significant, but one can only imagine the losses on a peak day (not to denigrate the importance of the KAA Gent vs Shakhtar Donetsk fixture that took place during the attack). Imagine if attackers had hit the betting site during a major tournament such as the World Cup or the Olympics. Black Friday is perhaps the retail equivalent of the World Cup. In 2015, consumers in the UK spent £3.3 billion during the Black Friday and Cyber Monday weekend. According to Rubikloud, a machine intelligence platform for enterprise retailers which analysed Black Friday sales in 2015, retailers acquire 40 percent more customers on Black Friday than the average shopping day. In this context, a DDoS could be lethal to a vendor. As Martin McKeay, Akamai’s Senior Security Advocate, says, “if retailers have a DDoS hit it could mean the difference between making or failing to make their figures for the year.” The Akamai Q3 2016 State of the Internet/Security report found that DDoS capacities are increasing. In the quarter Akamai found a 58 percent year-on-year increase in attacks of over 100 Gbps. Even without a DDoS, the traffic increase to a site will be huge anyway and the chances of a website crashing are there. Analysis by cloud and CDN provider Tibus suggests that websites including those of Boots, Boohoo, John Lewis and Argos suffered service outages during last year’s Black Friday. So what is to be done if retailers are to protect the November cash cow? The first step is to evaluate what a DDoS would do to an organisation, says McKeay. “Understand your exposure and what it will cost you. If you are a merchant you can’t take the chance of being knocked offline.” Visibility is the key foundation for DDoS mitigation. Having a view of the actual volume of traffic hitting your site allows decisions to be made on policy. In terms of the architecture of a DDoS prevention solution, there are three lines of defence: the basic mitigation in network equipment, dedicated customer premises equipment (CPE) devices and finally, cloud integration. A DDoS mitigation provider will be all too happy to talk a customer through the technological aspects of DDoS mitigation, but there are also important management decisions to be made. Crucially, think about the outcome you want. “Is it better for most of the people to have some service or all of them to have none? It’s about keeping the service available, because their goal is to not have it available,” Steve Mulhearn, Fortinet’s Director of Enhanced Technologies UKI & DACH, told CBR in a recent interview. Nowhere is that more true than in retail, where a vast array of factors come into play when a customer is making a transaction. Research, including a study by Baymard in July 2016, continues to show low conversion rates for online shopping: sometimes languishing around the 25 percent mark. Retailers will need to use their own data and experience of their own site to learn how to allocate resources. For example, focus on keeping online the parts of the site enabling the actual transaction rather than auxiliary services. Black Friday should be an opportunity for retailers, not a threat – which is why a DDoS prevention strategy should be on every online vendor’s shopping list. Source: http://www.cbronline.com/news/cybersecurity/breaches/ddos-wipe-black-friday-online-sales/

Visit link:
Could a DDoS wipe out Black Friday online sales?

Web attacks increase 71% in third quarter

Dubai: After a slight downturn in the second quarter of this year, the average number of Distributed Denial of Service (DDoS) attacks increased to an average of 30 attacks per target. Fact Box description starts here Fact Box description ends here This reflects that once an organisation has been attacked, there is a high probability of additional attacks, a cyber security expert said. Fact Box description starts here Fact Box description ends here “Cybercriminals have found new attack channels to disable resources as the total DDoS attacks increased by 71 per cent year over year in the third quarter. During the third quarter, we mitigated a total of 4,556 DDoS attacks, an eight per cent decrease from second quarter,” Dave Lewis, Global Security Advocate at Akamai Technologies, told Gulf News. Fact Box description starts here Fact Box description ends here DDoS attack means an attacker sends too much traffic to a server beyond it can handle and the server goes offline. Fact Box description starts here Fact Box description ends here “We are seeing more and more of short-based attacks with limited bandwidth and consequence. There were 19 mega attacks mitigated during the quarter that peaked at more than 100Gbps, matching the first quarter high point,” he said. It’s interesting that while the overall number of attacks fell by eight per cent quarter over quarter, he said the number of large attacks, as well as the size of the biggest attacks, grew significantly. Fact Box description starts here Fact Box description ends here In contrast to previous quarters, when reflection attacks generated the traffic in the largest attacks, a single family of botnets, Mirai, accounted for the traffic during these recent attacks. Rather than using reflectors, he said that Mirai uses compromised internet of Things systems and generates traffic directly from those nodes. Fact Box description starts here Fact Box description ends here The Mirai botnet was a source of the largest attacks Akamai mitigated to date, an attack that peaked at Fact Box description starts here Fact Box description ends here 623Gbps. Mirai did not come out of nowhere. What makes Mirai truly exceptional is its use of IoT devices and several capabilities that aren’t often seen in botnets. Fact Box description starts here Fact Box description ends here The two largest DDoS attacks this quarter, both leveraging the Mirai botnet, were the biggest observed by Akamai to-date — recorded at 623Gbps and 555Gbps. Fact Box description starts here Fact Box description ends here “Attackers are generally not looking for vulnerable systems in a specific location, they are scanning the entire internet for vulnerable systems. The Mirai botnet is especially noisy and aggressive while scanning for vulnerable systems,” he said. Fact Box description starts here Fact Box description ends here He said that some clients are almost always under attack. The top target organisations saw three to five attacks every day of the quarter. However, without defences in place, these attacks could have a “substantial cumulative effect” on an organisation’s’ reputation. Fact Box description starts here Fact Box description ends here “It is becoming easier for hackers to launch attacks on commoditised platforms for lesser price than a coffee cup. The internet of Things are very good at what they are good at but security is often left out. We see these devices like DVRs with default credentials with an insecure protocol,” he said. Fact Box description starts here Fact Box description ends here According to Akamai Technologies’ Third Quarter, 2016 State of the internet/Security Report, majority of web application attacks continued to take place over http (68 per cent) as opposed to https (32 per cent), which could afford attackers some modicum of protection by encrypting traffic in transit. Fact Box description starts here Fact Box description ends here The US remained the top target for web application attacks as many organisations are headquartered in the US, with the resultant infrastructure also hosted in-country, it is expected that the US will continue to be the top target for some time. Fact Box description starts here Fact Box description ends here Brazil, the top country of origin for all web application attacks in the second quarter, experienced a 79 per cent decrease in attacks this quarter. The United States (20 per cent) and Netherlands (18 per cent) were the countries with the most web application attacks. Source: http://gulfnews.com/business/sectors/technology/web-attacks-increase-71-in-third-quarter-1.1930487

See the original post:
Web attacks increase 71% in third quarter