Monthly Archives: September 2016

Why a massive DDoS attack on a blogger has internet experts worried

Someone on the internet seems very angry with cybersecurity blogger Brian Krebs. On 20 September, Krebs’ website was hit with what experts say is the biggest Distributed Denial of Service (DDoS) attack in public internet history, knocking it offline for days with a furious 600 to 700 Gbps (Gigabits per second) traffic surge. DDoS attacks are a simple way of overloading a network router or server with so much traffic that it stops responding to legitimate requests. According to Akamai (which had the unenviable job of attempting to protect his site last week), the attack was twice the size of any DDoS event the firm had ever seen before, easily big enough to disrupt thousands of websites let alone one. So why did someone expend time and money to attack a lone blogger in such a dramatic way? Krebs has his own theories, and the attack follows Krebs breaking a story about the hacking and subsequent takedown of kingpin DDoS site vDOS, but in truth nobody knows for certain and probably never will. DDoS attacks, large and small, have become a routine fact of internet life. Many attacks are quietly damped down by specialist firms who protect websites and internet services. But the latest attack has experts worried all the same. Stop what you’re doing DDoS attacks first emerged as an issue on the public internet in the late 1990s, and since then have been getting larger, more complex and more targeted. Early motivations tended towards spiteful mischief. A good example is the year 2000 attacks on websites including Yahoo, CNN and Amazon by ‘MafiaBoy’, who later turned out to be 15-year old Canadian youth Michael Calce. Within weeks, he was arrested. Things stepped up a level in 2008 when hacktivist group Anonymous started an infamous series of DDoS attacks with one aimed at websites belonging to the Church of Scientology. By then, professional cybercriminals were offering DDoS-for-hire ‘booter’ and ‘stresser’ services that could be rented out to unscrupulous organizations to attack rivals. Built from armies of ordinary PCs and servers that had quietly been turned into botnet ‘zombies’ using malware, attacks suddenly got larger. This culminated in 2013 with a massive DDoS attack on a British spam-fighting organization called Spamhaus that was measured at a then eye-popping 300Gbps. These days, DDoS is now often used in extortion attacks where cybercriminals threaten organizations with crippling attacks on their websites unless a ransom is paid. Many are inclined to pay up. The Krebs effect The discouraging aspect of the Krebs attack is that internet firms may have thought they were finally getting on top of DDoS at last using techniques that identify rogue traffic and more quickly cut off the botnets that fuel their packet storms. The apparent ease with which the latest massive attack was summoned suggests otherwise. In 2015, Naked Security alumnus and blogger Graham Cluley suffered a smaller DDoS attack on his site so Krebs is not alone. Weeks earlier, community site Mumsnet experienced a DDoS attack designed to distract security engineers as part of a cyberattack on the firm’s user database. At the weekend, Google stepped in and opened its Project Shield umbrella over Krebs’ beleaguered site. Project Shield is a free service launched earlier in 2016 by Google, specifically to protect small websites such as Krebs’ from being silenced by DDoS attackers. For now it looks like Google’s vast resources were enough to ward off the unprecedented attack, but it’s little comfort to know that nothing short of the internet’s biggest player was the shield that one simple news site needed. With criminals apparently able to call up so much horsepower, the wizards of DDoS defence might yet have to rethink their plans – and fast. Source: https://nakedsecurity.sophos.com/2016/09/29/why-a-massive-ddos-attack-on-a-blogger-has-internet-experts-worried/

View post:
Why a massive DDoS attack on a blogger has internet experts worried

Web Host Hit by DDoS of Over 1Tbps

A French web hoster is claiming his firm has been hit by the biggest DDoS attack ever seen, powered by an IoT botnet with an estimated capacity of 1.5Tbps. Octave Klaba, the founder and CTO of OVH, took to Twitter late last week to reveal his firm was under attack from a stream of DDoS blitzes creeping towards and eventually past the 1Tbps mark. He claimed the botnet in question was initially comprised of around 145,000 internet-connected cameras and digital video recorders with an estimated 1-30Mbps capacity each – that’s a potential 1.5Tbps in total. In further updates this week Klaba said the botnet had increased by first another 6857 devices and then 15,654 more. The news follows reports last week that Akamai was forced to withdraw its  pro bono  DDoS protection of the KrebsOnSecurity site after it was allegedly hit by an attack measuring 665Gbps, then the largest on record. Dave Larson, CTO and COO at Corero Network Security, claimed the recent attacks are beginning to change the way IT security professionals view DDoS. “The internet is a powerful tool, and must be viewed with security and protection first and foremost,” he added. “Motivations for attacks, and the tools and devices used to execute the attacks, are readily available to just about anyone; combining this with almost complete anonymity creates a recipe to break the Internet.” Roland Dobbins, principal engineer at Arbor Networks, argued that IoT botnets are increasingly favored by hackers because they frequently ship with insecure defaults, are often connected to high speed internet and are rarely patched to fix bugs. “Embedded IoT devices are often low-interaction – end-users don’t spend much time directly interfacing with them, and so aren’t given any clues that they’re being exploited by threat actors to launch attacks,” he told  Infosecurity . “Organizations can defend against DDoS attacks by implementing best current practices for DDoS defense, including hardening their network infrastructure; ensuring they’ve complete visibility into all traffic from their networks; having sufficient DDoS mitigation capacity and capabilities either on premise or via cloud-based DDoS mitigation services or both; and by having a DDoS defense plan which is kept updated and is rehearsed on a regular basis.” Source: http://www.infosecurity-magazine.com/news/web-host-hit-by-ddos-of-over-1tbps/

More:
Web Host Hit by DDoS of Over 1Tbps

Here’s how security cameras drove the world’s biggest DDoS attack ever

DDoS attacks are reaching monster levels that pose a massive threat The record for the biggest DDoS attack ever seen has been broken once again, with an absolute monster of distributed denial of service firepower managing to almost reach the not-so-magic 1Tbps mark. Technically this was actually two concurrent attacks, although the majority of the traffic was concentrated in one, which is the largest ever recorded single blast of DDoS. As the Register reported, Octave Klaba, the founder and CTO of OVH.com, the French hosting company which suffered the attack, said that the assault consisted of two simultaneous barrages of 799Gbps and 191Gbps, for a total of 990Gbps. The previous largest DDoS was the recent 620Gbps effort that hit ‘Krebs On Security’, the website of security researcher Brian Krebs, which was driven by the same botnet of some 150,000+ compromised Internet of Things devices, routers, DVRs and security cameras responsible for this latest volley. Krebs said he was hit in retaliation to an article posted on his blog, although it isn’t clear why OVH.com came under fire. Massive attacks As Klaba said on Twitter, though, it’s hardly uncommon for his company to experience DDoS, and a tweet outlining the attacks suffered by the organisation over a period of four days this month showed 25 separate attacks which all exceeded 100Gbps (including the two mentioned here). Several others were simultaneous (or near-simultaneous) pairs of attacks, too. He further noted that the botnet in question could potentially up its firepower by some 50% compared to the assault his  company  was hit by, tweeting: “This botnet with 145,607 cameras/dvr (1-30Mbps per IP) is able to send > 1.5Tbps DDoS.” Not only are DDoS attacks getting larger in size, but they are also becoming much more frequent according to a VeriSign report we saw back in the spring – this observed that the number of attacks had almost doubled in the final quarter of 2015, compared to the same period in the previous year. Source: http://www.techradar.com/news/internet/here-s-how-security-cameras-drove-the-world-s-biggest-ddos-attack-ever-1329480

Originally posted here:
Here’s how security cameras drove the world’s biggest DDoS attack ever

No wonder we’re being hit by Internet of Things botnets. Ever tried patching a Thing?

Akamai CSO laments pisspoor security design practices Internet of Things devices are starting to pose a real threat to security for the sensible part of the web, Akamai’s chief security officer Andy Ellis has told The Register .…

More:
No wonder we’re being hit by Internet of Things botnets. Ever tried patching a Thing?

152k cameras in 990Gbps record-breaking dual DDoS

Hacked low-powered cameras and internet-of-things things The world’s largest distributed denial of service (DDoS) attack has been clocked from the same network of 152,463 compromised low-powered cameras and internet-of-things devices which punted a media outlet off the internet.…

See the original article here:
152k cameras in 990Gbps record-breaking dual DDoS

DDOS attacks: An old nemesis returns to cripple your network

Once considered a cybersecurity threat of the past, Distributed Denial of Service (DDoS) attacks have re-emerged with a vengeance. DDoS attacks are wreaking havoc on enterprises and end users with alarming frequency. Distributed Denial of Service is a cyberattack where multiple systems are compromised, often joined with a Trojan, and used to target a single system to exhaust resources so that legitimate users are denied access to resources. Websites or other online resources become so overloaded with bogus traffic that they become unusable. A well-orchestrated DDoS carried out by automated bots or programs has the power to knock a website offline. These attacks can cripple even the most established and largest organisations. An e-commerce business can no longer conduct online transactions, jeopardising sales. Emergency response services can no longer respond, putting lives in danger. According to the VeriSign Distributed Denial of Service Trends Report, DDoS activity increased by 85 percent in one year. The report also suggested that cyber attackers are beginning to hit targets repeatedly, with some organisations the target of DDoS attacks up to 16 times in just three months. If you think your organisation is obscure and can fly under the cyber attacker radar – forget it. Every industry is vulnerable. If an increase in attacks isn’t troubling enough, the size and the amount of damage DDoS attacks can do is also disturbing. The fastest flood attack detected by Verisign occurred during the fourth quarter of 2015, targeting a telecommunications company by sending 125 million packets per second (Mpps), and driving a volumetric DDoS attack of 65 gigabits per second (Gbps). The end result – the site imploded and was temporarily knocked out of service. Why DDos attacks are back in vogue The reason why DDoS attacks are back is simple – it is relatively easy to launch a sustained attack and cripple any organisation connected to the Internet. Botnets, a group of computers connected for malicious purposes, can actually be acquired as a DDoS for hire service. The ability to acquire destructive assets demonstrates how easy it is for someone with little technical knowledge to attack any organisation. DDoS attacks typically hit in three ways – Application Order, Volumetric, and Hybrid. Application orders cripple networks by potentially creating hundreds of thousands of connections at a time; volumetric attacks seek to overload a site with traffic; hybrid attacks can deliver the double whammy of knocking a business offline. The real danger of DDoS attacks is that they are often an end around. While technicians are pre-occupied with trying to get the website back up, attackers can often plant a backdoor in others areas of the network to eventually steal information. How to prevent DDoS attacks Prevention is nearly impossible, since there is no effective control of hackers in the outside world. A DDoS appliance protecting the Internet connection is the first line of defence. This will help to mitigate an attack. Appliances from vendors such as Fortinet or Radware are placed on customer premise as close to their Internet edge as possible. These devices can help to identify and block most DDoS traffic. However, this solution falls short with a DDoS attack that is attempting to flood Internet circuits. The only way to protect against this type of attack is to have a device at the service provider or in the cloud. A managed security services provider (MSSP) can offer on-demand services that are both cost effective and architected with a cloud focus in mind, in order to effectively protect against each type of attack. A number of companies offer tools to analyse network traffic for signs of malicious activity, which can often weed out unwanted network connections. Infrastructure Access Control Lists (IACLs) can also be installed in routers and switches to detect suspicious traffic patterns and keep unwanted traffic off servers. Many companies believe they can thwart attacks by hiding behind a firewall, but these general purpose tools are typically the first to fall. Firewalls offer some protection, but they can be easily hacked. Organisations expose themselves to attack when they use technology as a crutch. Winning the DDoS war requires organisations to look at their operations as a critical network and seek ways to defend it with talented individuals and technology that stay one step ahead of the attackers. A firewall is important but not a panacea. The major drawback to do-it-yourself solutions is that they are reactive. Attackers can easily modify their methods and come at a business from disparate sources using different vectors. This keeps an organisation always in a defensive position, having to repeatedly deploy additional configurations, while simultaneously attempting to recover from any downtime events. Many organisations have limited expertise and resource bandwidth to deal with the complexities of security and compliance. Managed security services providers with the ability to monitor, manage and protect control systems fill that cybersecurity gap. Detecting a DDoS attack requires specialised hardware capable of sending alerts via email or text. The goal is to report and respond to the incident before the attacker makes resources unavailable. An MSSP who employs both technology and on-site personnel can monitor and act as a full operations team. If a DDoS attack is suspected, it is probably affecting the ISP as well. The security team should immediately contact the ISP to see if they can detect a DDoS attack and re-route traffic. Inquire whether any DDoS protective services are available, and consider a backup ISP as a contingency. DDoS attacks will continue in the future due to the ease of execution. Companies must ensure they are prepared, constantly monitor the network, and have a game plan if an attack is under way. The daily headlines prove that no organisation is immune. With a little foresight it is possible to both thwart an attack and defend against future ones. Source: http://www.itproportal.com/features/ddos-attacks-an-old-nemesis-returns-to-cripple-your-network/

Visit site:
DDOS attacks: An old nemesis returns to cripple your network

IoT-based DDoS attacks on the rise

Cybercriminal networks are increasingly taking advantage of lax Internet of Things device security to spread malware and create zombie networks, or botnets, unbeknownst to their device owners. When lax security becomes a huge problem Symantec’s Security Response team has discovered that cybercriminals are hijacking home networks and everyday consumer connected devices to help carry out DDoS attacks on more profitable targets, usually large companies. To succeed, they need cheap bandwidth and get it by stitching … More ?

View the original here:
IoT-based DDoS attacks on the rise

Security man Krebs’ website DDoS was powered by hacked Internet of Things botnet

Internet of Amazingly Insecure Tat? That’s the one The huge distributed denial of service (DDoS) attack which wiped security journalist Brian Krebs’ website from the internet came from a million-device-strong Internet of Things botnet.…

Originally posted here:
Security man Krebs’ website DDoS was powered by hacked Internet of Things botnet

Google rushes in where Akamai fears to tread, shields Krebs after world’s-worst DDoS

600 Gbps traffic flood overwhelmed CDN Google has provided free distributed denial of service attack (DDoS) mitigation services to security publication Krebs on Security , stepping in after Akamai withdrew support.…

Continue reading here:
Google rushes in where Akamai fears to tread, shields Krebs after world’s-worst DDoS

IBM botched geo-block designed to save Australia’s census

Bureau of Stats says spooks signed off IBM’s plan, but Big Blue mucked something up Australia’s Bureau of Statistics has heavily criticised IBM for the security it applied to the nation’s failed online census, which was taken offline after a distributed denial of service (DDoS) attack that battered a curiously flimsy defensive shield.…

See more here:
IBM botched geo-block designed to save Australia’s census