Tag Archives: web-development

Majority of UK firms unprepared for DDoS attacks, study finds

New research released by Neustar suggests that the majority of UK businesses are unprepared to cope with the threat of DDoS attacks. Distributed Denial of Service (DDoS) attacks are a common method for cyberattacks to disrupt an online businesses. A DDoS attack uses compromised computer systems to attack a single target, sending traffic from multiple points of origin in a flow, which often overwhelms a system, causing it to deny authentic traffic access to services. According to research released by Neustar, a third of UK businesses estimate losses of £240,000 per day when hit with DDoS attacks. After surveying 331 companies in the United Kingdom across numerous industries including financial services, technology, and the public sector, the analytics provider says larger DDoS attacks are becoming more frequent with a 200 percent increase in attacks affecting bandwidth between 1-20Gbps, in addition to a significant increase in attacks on bandwidth with a magnitude of 100Gbps or more. Neustar’s report, “ United Kingdom DDoS Attacks & Impact Report. 2014: The Danger Deepens ,” also states that DDoS attacks are a “growing threat to organisations with potentially calamitous consequences for companies” without proper protection. Not only can DDoS attacks have an immediate impact on sales and business revenue, they can have long-lasting detrimental effects on brand value, customer trust, and public reputation. Key findings from the survey include: DDoS attacks often disrupt multiple business units, with public-facing areas like call centres, customer service, and marketing absorbing over 40 percent of DDoS-attack related costs. Over 35 percent more UK companies were hit by DDoS attacks in 2013 compared with 2012. In 2013, there was an increased number of longer attacks, with 28 percent lasting up to two days or more. Once attacked, there is an estimated 69 percent chance of a repeat attack. While 31 percent of these companies were DDoS-attacked once, over 48 percent were targeted two to 10 times. In 2013, attacks requiring over six people to mitigate rose to 39 percent compared to 25 percent in 2012, a 56 percent increase. In addition, Neustar’s research highlights an increase in a trend dubbed “smokescreening.” These types of DDoS attacks are used by cybercriminals in order to divert IT department attention while malware and viruses are inserted within a business network, with the overall aim of stealing valuable data or funds. Rodney Joffe, Senior Vice President and Technology Fellow at Neustar commented: Organisations must remain constantly vigilant and abreast of the latest threats. As an example, Neustar’s UltraDNS network suffered an attack just last week peaking at over 250Gbps — a massive attack by industry standards. Even with proper mitigations in place, the attack caused an upstream ripple. It is a constantly changing threat landscape. In February, Web performance company CloudFlare reported the mitigation of a DDoS attack on a French website which reached a record-setting attack of at least 325Gbps, and a potential reach of 400Gbps. Source: http://www.zdnet.com/majority-of-uk-firms-unprepared-for-ddos-attacks-study-finds-7000029178/

More:
Majority of UK firms unprepared for DDoS attacks, study finds

Infosecurity Europe: Are cybercriminals winning the security game?

One of the hot topics at the Infosecurity Europe show – held in London this week – is the scale and complexity of the latest attacks against corporates. Whilst several research operations and vendors competed with each other to come up with reports on how bad the attack landscape is at the moment, the real question that C level executives attending the event want to know is: how bad are the attacks really – and what can I do to defend against the threat? According to Ian Pratt, the co-founder of Bromium Labs, the threats situation is potentially quite serious, as his research team has uncovered a new type of attack vector called the Kernel Kracker, which is what some experts call a layered attack. The attack exploits a vulnerability in the Windows operating system kernel and allows the attacker to gain admin/system level privileges on the host system, so allowing them effectively peel away the various layers of security the company has installed. Having said this, Pratt says that the use of multiple layers of security to protect an organisation’s IT resources is still a very viable defence approach, as, although no set of security layers is ever going to reach 100 percent protection, the use of multiple layers is still a lot better than the old single-suite option of yesteryear. “The underlying problem is that all commodity operating systems are now too big to protect in their entirety,” he said, adding that – as an example – Windows XP had more than 100 patches applied to it last year by Microsoft. Against this backdrop, Pratt argues that the best solution is create virtual instances of a given operating system environment, taking the concept of virtual machines to its logical conclusion. This means, he says, that even if the defences fail and an attack succeeds, its effects are severely limited to the privileges assigned to the given Web browser session. After the session on a given Web resource finishes, the virtual machine collapses the session and a fresh one is started for the set Web site. “You can let the exploit happen, and its effects are limited,” he explained, adding that he fully expects cybercriminals to come up with new attack vectors on a constant basis. Will there ever come a time when it ceases to become viable for the cybercriminals to develop new attack vectors to attack corporate IT systems, we asked him. That time, he replied, is still a very long way off, as new methodologies will arrive all the time. “Over the last 18 months, it’s all been about Java. That is going to change, and you will see a new set of security threats being used,” he said. Jag Bains, CTO of DOSArrest, agreed that the threat landscape will continue to evolve from its current mix of DDoS attacks and operating system-specific vectors. “Today you’re seeing customised Javascript DDoS attacks – I think this attack vector is going to continue to evolve, as hackers continue to have the motivation to attack a corporate system,” he explained. David Gibson, vice president of Varonis Systems, agreed that cybercriminal attack vectors are evolving, but cautioned that the fundamental problem remains the volume of data to which users of IT systems  have access. “We had a meeting with a client recently where users had the same levels of access rights [to data] as their high level management. As a result, we discovered that volumes of company data were being exfiltrated from the system, despite their use of multiple layers of security,” he said. It’s against this backdrop, he told SCMagazineUK.com , that he fully expects attacks to evolve for the foreseeable future, but he adds that the inside attacker is likely to be the “next big thing” in the security attacks arena. “For this reason, I am of the opinion that companies must continue to develop the technical controls required to protect the data in their organisation, as well as evolving the security being used to defend the IT resource,” he concluded. Source: http://www.scmagazineuk.com/infosecurity-europe-are-cybercriminals-winning-the-security-game/article/344740/

View post:
Infosecurity Europe: Are cybercriminals winning the security game?

UltraDNS Dealing with DDoS Attack

UltraDNS said it has mitigated a distributed denial of service (DDoS) attack for most of its customers after the service was held down for most of the day. “Currently, only customers utilizing a segment of UltraDNS Name Server addresses are experiencing resolution latency due to intermittent network saturation in the Western US,” said Neustar director of product management, security solutions, Jim Fink in an email to Threatpost. “We continue to aggressively refine mitigations for these customers and hope to have the issue resolved shortly. We have been and will continue to provide regular updates to our UltraDNS customers via our usual customer notification process.” UltraDNS is a Neustar company. The SANS Institute’s Internet Storm Center said this afternoon that it received multiple reports of outages and DNS resolution issues, reportedly because of a 100 Gbps DDoS attack against one of UltraDNS’ customers that resulted in latency issues for others. “One reporting party did indicate that they learned that the management of UltraDNS had said that one of their customers was being attacked and that they black-holed that customer to get back on trend,” wrote ISC handler Russ McRee. “Resolver nodes around the world are resetting.” DDoS attacks the size of this one are quickly becoming the norm. A report from Arbor Networks this week said it has already tracked more than 70 DDoS attacks of 100 Gbps or more of bad traffic, topping out at 325 Gbps. The largest attacks on public record were recorded by traffic optimization and security provider CloudFlare Most volumetric attacks rely on some kind of amplification such as DNS reflection or Network Time Protocol amplification attacks where the requesting IP address is spoofed as the target’s and massive amounts of traffic is returned at relatively little cost to the attacker. With DNS amplification attacks, attackers take advantage of any number of the 28 million open DNS resolvers on the Internet to launch large-scale DDoS attacks. The motivations are varied. Ideological hackers use them to take down services in protest, while profit-motivated criminals can use DDoS as a cover for intellectual property theft and financial fraud. Beginning with the DDoS attacks against large U.S. banks early last year, the spike in these attacks merited a mention in the recent Verizon Data Breach Investigations Report. “We’re seeing a growing trend of combining DDoS with APT campaigns,” said Arbor Networks’ Gary Sockrider said. “Go back a few years, and DDOs was thought of more as a takedown mechanism, not for data exfiltration. Now we’re seeing it more frequently combined with APT, prolonged campaigns where an attacker is on your network and now need to get the data out, they’ll initiate a DDoS attack. It’s the equivalent of a natural disaster and while you’re dealing with it, that’s when they’ll exfiltrate data.” Source: http://threatpost.com/ultradns-dealing-with-ddos-attack/105806

See the original article here:
UltraDNS Dealing with DDoS Attack

France Getting Battered By DDoS Attacks

France is seeing massive amounts of DDoS traffic going through its networks, thanks to sizeable hits on the country’s popular hosting providers As the UK enjoys a relatively low volume of distributed denial of service (DDoS) attacks, France is seeing deluges of traffic hitting organisations frequently, according to research. Major hosting providers, including the hugely-polular, OVH have attracted DDoSers to France, which was only outdone by the US in terms of the amount of DDoS traffic passing through the countries’ networks, according to Arbor Networks. A record 325Gbps attack hit France this year, but it is not known who was involved. DDoS threat getting bigger and bigger Darren Anstee, director of solutions architects at Arbor, said France was being attacked largely because of the popularity of those hosting providers. “They’ve got a lot of big hosting providers and some of those are used by the gaming industry [which is subject to significant sized attacks],” he told TechWeekEurope . Arbor spotted an unprecedented rise in DDoS attacks over the first quarter of 2014. It saw 72 attacks larger than 100Gbps and 1.5 times the number of attacks over 20Gbps as in the whole of 2013. The epic increase in attack size has come as a result of what’s known as amplification. Protocols such as Network Time Protocol can be used to generate massive DDoS attacks with relatively little effort on behalf of the offenders. They can abuse vulnerable NTP servers by spoofing the IP address of a target, sending small requests and getting massive responses. The target IP is then flooded with that traffic. Even protocols used by popular gaming services, from Quake to the Steam protocol, can be abused for amplification purposes. Source: http://www.techweekeurope.co.uk/news/ddos-france-gaming-hosting-companies-144777

View the original here:
France Getting Battered By DDoS Attacks

How to abuse Facebook feature to conduct powerful DDoS attack

A researcher discovered a flaw in the section “notes” of the social network Facebook that could be exploited by anyone to conduct a powerful DDoS attack. The Security researcher Chaman Thapa, also known as chr13, discovered a vulnerability in the   section ‘Notes’ of the popular social network Facebook that could be exploited by anyone to launch the distributed denial-of-service (DDoS) attack of more than 800 Mbps Bandwidth on any website. Chaman Thapa demonstrated that simply reading a ‘Note’ created by anyone on the Facebook platform an attacker could automatically generate malicious traffic against a target. The researcher published a blog post to describe the vulnerability, he exploited the possibility to include  tags inside the post to allow the creation of notes that have images from any source. The attack scenario is very simple, Facebook downloads external images from the original source for the first time only, to improve the performance it stores them in the cache for successive uses. If the image url has dynamic parameters, Facebook is not able to store the image in cache and practically it download all the images included in a note each time whenever anybody view the note. “Facebook Notes allows users to include tags. Whenever a tag is used, Facebook crawls the image from the external server and caches it. Facebook will only cache the image once however using random get parameters the cache can be by-passed and the feature can be abused to cause a huge HTTP GET flood.” Let’s see the DDoS attack scenario described by Chaman Thapa, let’s chose the target website “ target.com”  which include a large image on its server (e.g. 1Mb).  The researcher creates a  Facebook Note  which includes the above image multiple times with dynamic parameters, and some text. Facebook servers are forced to download 1 MB  of file 1000 times in one page view (It has been estimated that each note is now responsible for 1000+ http requests).  If 100 Facebook users are reading the same note at the same time, then Facebook servers will be forced to download  1 x 1000 x 100 = 100,000 Mb or 97.65Gb  bandwidth within few seconds from the targeted servers. In the image below is reported the graph for the 400 Mbps traffic generated from 127 Facebook servers in the proof-of-concept made by Thapa by attacking on his own web server. Following the description provided in the post by the Chaman Thapa. Steps to re-create the bug as reported to Facebook Bug Bounty on March 03, 2014. Step 1. Create a list of unique img tags as one tag is crawled only once .. Step 2. Use m.facebook.com to create the notes. It silently truncates the notes to a fixed length. Step 3. Create several notes from the same user or different user. Each note is now responsible for 1000+ http request. Step 4. View all the notes at the same time. The target server is observed to have massive http get flood. Thousands of get request are sent to a single server in a couple of seconds. Total number of facebook servers accessing in parallel is 100+. The researcher explained that the amplification factor of the DDoS attack depends on the dimension of the image downloaded, it could be even higher if the attacker includes in the note a pdf or a video. “A scenario of traffic amplification: when the image is replaced by a pdf or video of larger size, Facebook would crawl a huge file but the user gets nothing.” “Each Note supports 1000+ links and Facebook blocks a user after creating around 100 Notes in a short span. Since there is no captcha for note creation, all of this can be automated and an attacker could easily prepare hundreds of notes using multiple users until the time of attack when all of them is viewed at once.” noted Chaman Thapa. There is the concrete risk that a bad actor creates hundreds of notes with specially crafted script using multiple users at the same time, resulting a powerful DDoS attack. The alarming news is that the flaw is still unpached and Facebook has no plans to fix it. “ In the end, the conclusion is that there’s no real way to us fix this that would stop attacks against small consumer grade sites without also significantly degrading the overall functionality, ” replied Facebook to the researcher. Click here to read the entire article. Source: http://www.arie.co.za/how-to-abuse-facebook-feature-to-conduct-powerful-ddos-attack/

Follow this link:
How to abuse Facebook feature to conduct powerful DDoS attack

Researcher reveals how Facebook Notes can be used to DDoS sites

A programmer has divulged how the Facebook Notes feature can be used to launch distributed denial-of-service (DDoS) attacks against websites. In a blog post this weekend, researcher Chaman Thapa said that the DDoS abuse is possible due to Facebook’s protocol of allowing HMTL image tags in notes. “Facebook Notes allows users to include tags,” Thapa wrote in the Sunday blog post. “Whenever a tag is used, Facebook crawls the image from the external server and caches it. Facebook will only cache the image once, however, [and by] using random GET parameters the cache can be bypassed and the feature can be abused to cause a huge HTTP GET flood.” By creating a list of unique image tags, and using m.facebook.com to create notes, Thapa was able to create several notes, which were each responsible for sending an influx of HTTP request to the target server, he wrote. In only a couple of seconds, he was able to send thousands of GET requests to the designated server. Thapa disclosed the issue to Facebook’s bug bounty program on March 3, but after being alerted to the issue, the company ultimately said that the attack scenario was “interesting/creative,” – but one the company didn’t intend to fix due to the logistics involved. Thapa posted the email correspondence with Facebook (which occurred April 11) in his blog post. “In the end, the conclusion is that there’s no real way to us fix this that would stop ‘attacks’ against small consumer grade sites without also significantly degrading the overall functionality,” Facebook told Thapa. “Unfortunately, so-called ‘won’t fix’ items aren’t eligible under the bug bounty program, so there won’t be a reward for this issue. I want to acknowledge, however, both that I think your proposed attack is interesting/creative and that you clearly put a lot of work into researching and reporting the issue last month. That IS appreciated and we do hope that you’ll continue to submit any future security issues you find to the Facebook bug bounty program.” In a Friday email to SCMagazine.com, a Facebook spokesperson further explained the company’s decision on addressing the bug. “Ultimately, we decided against making changes to avoid disrupting intended and desirable functions,” the spokesperson wrote. Via his blog, Thapa also revealed that similar DDoS abuse can be carried out using Google’s Feedfetcher tool. According to a Google support page, Feedfetcher allows Google to grab RSS or Atom feeds when users add them to their Google homepage or Google Reader. Source: http://www.scmagazine.com/researcher-reveals-how-facebook-notes-can-be-used-to-ddos-sites/article/344271/

Continue Reading:
Researcher reveals how Facebook Notes can be used to DDoS sites

UK webhost 123-Reg in DDOS attack

Businesses using 123-Reg’s web hosting service were knocked offline on Wednesday evening following a reported distributed denial of service (DDoS) attack. 123-Reg is the UK’s largest domain provider hosting over 1.4 million websites. The company said it was hit by a DDoS style attack that caused disruption to some customers on its shared hosting packages. DDoS attacks typically use a botnet of computers in a co-ordinated attack, driving web traffic to a particular website. The attack appeared to cause patchy service for websites hosted by the company for several hours with many customers taking to Twitter to vent their frustration. UK games and mobile apps start-up Greedy Goblin Games (@GreedyGoblins) tweeted 123-Reg: “It appears your shared hosting servers are down. Can access FTP but not websites”. While IT consultant @thepaulturvey tweeted: “Is there a problem with 123-Reg shared hosting? Multiple sites not responding”. 123-Reg support staff told one UK website owner: “There has been a DDOS type of attack targeting a website from our shared hosting platform which unfortunately affected some of our customers. Our system administrators have contained the attack and the connectivity issues should shortly be resolved”. Update: I’ve received the following statement from 123-Reg confirming the attack. 123-Reg did experience a DDoS attack targeted against one particular customer domain. It was a sustained attack which we monitored closely over the course of several hours. The attack itself was from 823 different IP addresses globally. This resulted in denigrated service to our hosting platform, meaning some customer sites were running slower, but no sites were taken offline as a result of this attack. Customer impact measured in terms of support queries was minimal — and likewise our social platforms saw a handful of comments — which are being addressed on a one to one basis via our support teams. Source: http://betanews.com/2014/04/23/uk-webhost-123-reg-in-ddos-attack/

Read this article:
UK webhost 123-Reg in DDOS attack

DOSarrest Releases Latest Generation DDoS Mitigation System Software

VANCOUVER, BRITISH COLUMBIA–(Marketwired – Apr 23, 2014) – DOSarrest has just released its latest generation of proprietary backend software that incorporates an all-new customer-facing portal. This new release will enable DOSarrest to implement changes to customer configurations in seconds, enabling them to apply custom made DDoS mitigation modules extremely quickly. It is also equipped with an Intrusion Detection System (IDS), allowing the security team to pinpoint sophisticated layer 7 attacks as well as provide cloud based Web Application Firewall (WAF) services for its customers. Mark Teolis, GM at DOSarrest said: “This upgrade is by far our largest project to date, it has taken us over 2 years of development and testing to get here. This latest generation of software is extremely powerful, and can stop the next generation of sophisticated layer 7 attacks.” DOSarrest is now able to offer additional services, including: Cloud Based Web Application Firewall (WAF) Cloud based layer 7 load balancing, Local, Global with health checks Enhanced reporting on traffic types, status codes, cache performance, etc Create virtual servers, to have us pick-up, cache and deliver content from multiple customer servers IDS engine to detect and help stop any malicious traffic “We recognised our customers’ requirements to have comprehensive security related services, rather than disparate point solutions; this new system has all the features that we need to accommodate them. The best part about this new generation of software is its flexibility at the core. What used to take days and weeks to develop and implement, can now be measured in minutes and hours,” added Jag Bains, CTO at DOSarrest. Bains went on to say: “The best part of this new release is that it enables us to quickly react and stop sophisticated attacks that have not even been created yet!” Source: http://www.reuters.com/article/2014/04/23/idUSnMKWNkbj9a+1e0+MKW20140423

See the original article here:
DOSarrest Releases Latest Generation DDoS Mitigation System Software

Lookout, DDoS Attackers Are Changing Their Techniques

In the past couple of years we’ve seen a drastic increase in the number of DDoS (distributed denial-of-service) attacks taking place, many of which are being carried out as a means of protest by various groups. The attacks are attempts to make a machine or network resource such as a website totally unavailable to anyone trying to reach it. The reasons for the attacks vary, as do the means used to carry them out. A typical attack generally consists of efforts by two or more persons, and in many cases, botnets, to temporarily or indefinitely interrupt or suspend services of a specific host connected to the Internet. Such attacks usually lead to a server overload and are implemented by either forcing the targeted computer(s) to reset, or consuming enough of its resources so that it can no longer provide its intended service, or by obstructing the communication media between the intended users and the targeted victim so that they can no longer communicate. Based on a new report, now it appears that the attackers are changing their techniques in order to launch much larger scale attacks on websites. In a Global DDoS Attack Report from the 1st quarter of 2014 released Thursday, Prolexic Technology describes seeing a new trend toward “reflection and amplification techniques” which are being used more frequently in lieu of the botnet methods. The report states, “Instead of using a network of zombie computers, the newer DDoS toolkits abuse Internet protocols that are available on open or vulnerable servers and devices. We believe this approach can lead to the Internet becoming a ready-to-use botnet for malicious actors.” Prolexic mentions that these new attack tools can deliver a much more powerful punch. In this Q1 2014 report they saw a 39 percent increase in average bandwidth and also saw the largest-ever DDoS attack, one that involved multiple reflection techniques combined with a traditional botnet-based application attack. That attack generated peak traffic of more than 200 Gbps (gigabits per second) and 53.5 Mpps (million packets per second). The report also states, “Compared to the same quarter one year ago, peak attack bandwidth increased 133% compared to Q1 last year.” The full report showed that the media and entertainment industry were the targets in more than half of the attacks in the first quarter. Prolexic Technology is owned by Akamai. Unfortunately, the new techniques are becoming all too popular with some websites now providing easy access to the services for use in launching these types of attacks. Source: http://www.slyck.com/story2396_Lookout_DDoS_Attackers_Are_Changing_Their_Techniques

Link:
Lookout, DDoS Attackers Are Changing Their Techniques

Bahrain Telecom Teams Up With DOSarrest to Offer DDoS Protection Services

VANCOUVER, BRITISH COLUMBIA–(Marketwired – April 16, 2014) – Bahrain Telecom realized the threat of DDoS attacks on their customer base and set out to explore the various options available for their business customers’ enterprise websites. After evaluating the options available, BATELCO chose the fully managed DDoS Protection service offered by DOSarrest Internet Security. The service will be offered by BATELCO to its business customers as part of its cloud portfolio. Batelco Enterprise General Manager Adel Daylami said that DOSarrest came as an answer to the increased threats in cyber space, as cyber-attacks have become a major security concern for organizations of all sizes. “The DDoS Mitigation solution is designed to protect customers’ networks against any malicious attempts by containing the harm of such attacks, thus ensuring the operational status of the organisation. The introduction of this service is in line with our repeated commitments to providing our valued customers with the most advanced products and services that meet their dynamic demands,” added Mr. Daylami. “We are honored to be providing DDoS protection services for Batelco’s business customers. We have been providing DDoS protection for a number of Bahrain-based enterprises, for over 4 years now, this announcement just cements the business association,” states Mark Teolis, General Manager of DOSarrest. About Batelco: Batelco Group is headquartered in the Kingdom of Bahrain and listed on the Bahrain Bourse. Batelco has played a pivotal role in the country’s development as a major communications hub and today is the leading integrated communications’ provider, continuing to lead and shape the local consumer market and the enterprise ICT market. Batelco has been growing overseas via investing in other market-leading fixed and wireless operators. Batelco Group has evolved from being a regional Middle Eastern operation to become a major communications company with direct and indirect investments across 14 geographies, namely Bahrain, Jordan, Kuwait, Saudi Arabia, Yemen, Egypt, Guernsey, Jersey, Isle of Man, Maldives, Diego Garcia, St. Helena, Ascension Islands and Falklands. (www.batelcogroup.com) About DOSarrest Internet Security: DOSarrest, founded in 2007 in Vancouver, BC, Canada, is one of only a couple of companies worldwide to specialize in only cloud based DDoS protection services. Their global client base includes mission critical ecommerce websites in a wide range of business segments including financial, health, media, education and government. Their innovative systems, software and exceptional service have been leading edge for over 7 years now. Source: http://www.marketwired.com/press-release/bahrain-telecom-teams-up-with-dosarrest-to-offer-ddos-protection-services-1900083.htm

See the original article here:
Bahrain Telecom Teams Up With DOSarrest to Offer DDoS Protection Services