Monthly Archives: January 2013

Report: DDoS attacks now MORE ANGRY, complex and targeted

Less like the Hulk, more like Iron Man The days when attackers relied on sheer bandwidth volume alone to knock out websites are over, with miscreants increasingly using application-layer and multi-vector attacks.…

View post:
Report: DDoS attacks now MORE ANGRY, complex and targeted

Muslim vid protest hackers turn web-flood hosepipe away from US banks

But Iran not behind DDoS attacks, say security bods Islamist hackers busy blasting bank websites with network traffic have suspended their assault after a controversial anti-Muslim video ceased to be available through YouTube.…

Link:
Muslim vid protest hackers turn web-flood hosepipe away from US banks

DDoS attack sizes plateau, complex multi-vector attacks on the rise

Arbor Networks released its 8th Annual Worldwide Infrastructure Security Report (WISR) offering a rare view into the most critical security challenges facing today’s network operators. Based on su…

More:
DDoS attack sizes plateau, complex multi-vector attacks on the rise

9 steps that help defend against Distributed Denial of Service (DDoS) Attacks

Most experts agree that agencies can’t defend against and mitigate the impact of denial of service attacks all by themselves, but there are step they can take to strengthen their defenses. Denial of service — DOS — is a blanket term for a variety of types of attacks, carried out in numerous ways, all directed at making online resources unavailable to the public. Attacks can be launched from multiple platforms, creating a distributed denial of service attack, or DDOS. Although they usually do not damage the target systems or compromise data, they can damage reputations, cost money and interfere with carrying out missions. Specifics will vary with each attack, but the U.S. Computer Emergency Readiness Team notes that, “In general, the best practice for mitigating DDOS attacks involves advanced preparation.” Some recommendations for advance preparation from US-CERT include: Develop a checklist for standard operating procedures to follow in the event of an attack, including maintaining a checklist of contact information for internal firewall teams, intrusion detection teams and network teams, as well as for service providers. Identify who should be contacted during an attack, what processes should be followed by each and what information is needed. ISPs and hosting providers might provide mitigation services. Be aware of the service-level agreement provisions. Identify and prioritize critical services that should be maintained during an attack so IT staff will know what resources can be turned off or blocked as needed to limit the effects of the attack. Ensure that critical systems have sufficient capacity to withstand an attack. Keep network diagrams, IT infrastructure details and asset inventories current and available to help understand the environment. Have a baseline of the daily volume, type, and performance of network traffic to help identify the type, target and vector of attack. Identify existing bottlenecks and remediation actions needed. Harden the configuration settings of the network, operating systems and applications by disabling unnecessary services and applications. Implement a bogon (bogus IP address) block list at the network boundary to drop bogus IP traffic. Employ service screening on edge routers where possible to decrease the load on stateful security devices such as firewalls. Separate or compartmentalize critical services, including public and private services; intranet, extranet, and Internet services; and create single-purpose servers for services such as HTTP, FTP, and DNS. Some additional advice for preparing yourself from Marc Gaffan, cofounder of Incapsula: Have the capacity to absorb additional traffic. It might be impractical to provision all the bandwidth needed, and the exact amount to have available will be a business decision. But a good rule of thumb would be to maintain about 150 percent of normally needed capacity. Maintain customer transparency. Ideally, people coming to the site shouldn’t know it is defending itself against an attack. “People don’t like to hang around where something bad is going on,” Gaffan said. And if a bogus connection is suspected, give the user a chance to verify. It might be impractical to use additional security such as Captcha verification for every connection during an attack, but don’t arbitrarily drop every questionable connection. Differentiate between legitimate automated traffic and DOS traffic. There can be a high volume of legitimate automated traffic generated by search engine crawls and management tools that should not be blocked. Knowing what this traffic looks like in advance can help identify DOS traffic. Be prepared to quickly identify and respond to DOS attacks so that defenses can be brought to bear quickly, minimizing downtime. For DDoS protection against your eCommerce site click here . Source: http://gcn.com/Articles/2013/01/24/9-steps-defend-against-DDOS.aspx?Page=2

Originally posted here:
9 steps that help defend against Distributed Denial of Service (DDoS) Attacks

Cutwail botnet on spam rampage, delivers Cridex worm

Since its inception some six years ago, the Cutwail / Pandex botnet experienced its fair share of setbacks, but it's still going strong. The main reason for its existence is to send out millions of…

Continue Reading:
Cutwail botnet on spam rampage, delivers Cridex worm

DOSarrest Rolls Out New Website Monitoring Service

VANCOUVER, Jan. 22, 2013 /CNW/ – DOSarrest Internet Security announced a new website monitoring service today called the “ DOSarrest External Monitoring Service ” or “ DEMS ”. This new service is a real-time geographically distributed system, capable of monitoring a number of website performance metrics from three different geographic regions, every 60 seconds, utilizing six different sensors. This service may be purchased as a stand-alone product but is free for all DOSarrest customers that are subscribed to DOSarrest’s industry leading DDoS protection service. DOSarrest’s CTO, Jag Bains states “This is a must have if you’re using a CDN or are hosting some high-end, mission critical websites, and it’s a perfect fit for our fully managed DDoS protection service. This combined with our existing traffic metrics gives us and our customers the best visibility in the DDoS protection services arena.” Jag Bains adds “Although there are similar types of services available from third parties, our customers can also choose to have the DOSarrest support staff investigate, pin-point and advise the customer on a plan of action, 24/7/365. No such service exists today that offers this type of customer support”. Mark Teolis, GM of DOSarrest comments. “It’s a very intuitive and elegant design.  I use it myself to view the status of all of our customers’ websites. At a glance and without a click, I can tell real-time if anyone is down from six different vantage points, and can easily drill down to a specific site and timeline of events for that site. Many Content Delivery Networks do not offer such a service to their customers. Their customers would have no idea if there was an issue accessing their website in a different region of the country or globe.” More information on this service can be found at:  http://www.dosarrest.com/dems About DOSarrest Internet Security: DOSarrest founded in 2007 in Vancouver, BC, Canada is one of only a couple of companies worldwide to specialize in only cloud based DDoS protection services. Their global client base includes mission critical ecommerce websites in a wide range of business segments including financial, health, media, education and government. Their innovative systems, software and exceptional service has been leading edge for over 5 years now SOURCE: DOSarrest Internet Security Limited For further information: Brian Mohammed Director of Sales and Marketing Toll free CAN/US 888 818-1344 ext. 203 Toll Free UK 0-800-635-0551 ext. 203 Mobile: 416-434-6174 www.dosarrest.com Check out our video http://www.youtube.com/watch?v=mUs0vWYEIkQ

View article:
DOSarrest Rolls Out New Website Monitoring Service

Week in review: Remote Linksys 0-day root exploit discovered, the Pobelka botnet, and a year of Microsoft patches

Here's an overview of some of last week's most interesting news, videos, reviews and articles: Looking back at a year of Microsoft patches Last year Microsoft's Patch Tuesdays featured a total of …

Follow this link:
Week in review: Remote Linksys 0-day root exploit discovered, the Pobelka botnet, and a year of Microsoft patches

Fox-IT analysts demystify the Pobelka botnet

Analysts from Dutch-based security audit firm Fox-IT have recently released examined in great detail a botnet that has been around for quite some time, and is still functioning and bringing money to i…

See the original article here:
Fox-IT analysts demystify the Pobelka botnet