Monthly Archives: September 2017

What is Machine Learning?

Machine Learning can appear in many different forms and guises, but a general definition of Machine Learning usually incorporates something about computers learning without explicit programming and being able to automatically adapt. And while Machine Learning has been around for decades as a concept, it’s become more of a reality as computational power continues to increase, and the proliferation of Big Data platforms making it easier to capture floods of data. These developments have made ML practical and garnered a lot of interest, as evidenced by the large number of articles in the last two years surrounding AI and machine Learning However despite all this, the adoption of this Machine Learning is still relatively low amongst companies in the tech landscape (Gartner estimating that fewer than 15 percent of enterprises successfully get machine learning into production). And even when you hear about Company X adopting a machine learning strategy, it’s often conflated with another strategy or service within that company, and not truly realizing the automated ‘adaptiveness’ inherent within ML. Those companies that do realize a proper machine learning strategy, understanding and grooming their data as well as identifying the appropriate model/s can see real benefits to their operations, which is why DOSarrest has been developing such a strategy over the last year. Here at DOSarrest, we’ve been focusing on building an Anomaly Detection engine, focusing on the constantly evolving sophisticated application layer attacks. We collect huge amounts of data from disparate sources (e.g. Customized web logs, snmp and flow data, IDS logs, etc.), even when customers are not under attack. This provides an opportunity to identify baselines even in a multi tenant environment. As you would expect, there is a high degree of cardinality within some of the data fields, which can be challenging to work with when working with data in motion, but can have great benefits. With these huge structured data sets, we are able to identify KPI’s (Key Performance Indicators) and statistics that can be leveraged by the engine to identify anomalous behavior and brought to the attention of the Security Ops team, who are then able to investigate and act on the identified pattern. The engine continues to refine the probability of a metric, becoming more accurate over time in determining the severity of an anomaly. The strategy holds great promise, and further developments and refinements to this model will continue to evolve the best Security Operations Center in the business. A more detailed view of an anomaly – this shows a single IP requesting more than 60 times more frequently than a normal visitor. This screen gives an overview of any anomalies, organized by relevant factors. In this case the remote IP address of the requestor. Jag Bains CTO, DOSarrest Internet Security Source: https://www.dosarrest.com/ddos-blog/machine-learning-in-the-dosarrest-operations

Machine Learning in the DOSarrest Operations

Read the article:
Machine Learning in the DOSarrest Operations

Bigger Online Super Series Cancelled due to DDoS Attacks

The Winning Poker Network has cancelled the third leg of its OSS Cub3d series – the Bigger Online Super Series – due to the threat of further DDoS attacks. The Winning Poker Network´s Bigger Online Super Series (BOSS) was scheduled to be a superb finale to a hugely successful three-tiered OSS Cub3d tournament series. The series had started incredibly well, with events in the Mini Online Super Series beating their guarantees by an average of 67% and the “meat in the sandwich” – the Online Super Series – performing much better than had been expected . However, towards the end of last week, a series of DDoS attacks disrupted the series. Connection issues resulted in the cancellation of tournaments – not only the feature events in the Online Super Series, but also many qualifying satellites for the Million Dollar Sunday. Fortunately, the Million Dollar Sunday event was able to go ahead but, due to fears of further disruption, the Winning Poker Network has decided to cancel the remaining events in the OSS Cub3d schedule. New OSS Cub3d Series Scheduled for Later this Month Announcing the cancellation of the Bigger Online Super Series via the Americas Cardroom Twitch stream, the Winning Poker Network´s CEO – Phil Nagy – explained that the measures needed to be put in place to mitigate the threat of further DDoS would not be completed by Wednesday (the start date for the Bigger Online Super Series). He said rather than risk further frustration and disappointment , he was cancelling the series and rescheduling it for later in the month. Rather than just run the seventeen events cancelled from this week, the Winning Poker Network´s CEO announced a whole new OSS Cub3d series that will run from September 24th to October 22nd and feature two Million Dollar Sunday events – one with a half-price buy-in of just $265.00. Nagy said he would also honour the current finishing positions in the OSS Cub3d leaderboard promotion and give Punta Cana Poker Classic packages to the players occupying the top three positions. New Software and Updated Servers will Help Mitigate DDoS Threat Nagy is confident the rescheduled OSS Cub3d series will be able to go ahead without players suffering the disconnection issues that disrupted last weekend´s events. Within two weeks, new software will be released on updated servers that should be able to withstand DDoS attacks . The long-awaited WPN V2 poker client should also provide players with a more enjoyable online poker experience as many of the bugs that exist with the current version of the software have reportedly been fixed. Nagy also announced the Americas Cardroom mobile app is due to be released next week. First put into development in January, and expected to take between nine and twelve weeks, the app will support games of Jackpot Poker and Sit & Go 2.0 . It is not known whether the app will be available for all skins on the Winning Poker Network so, players wanting to play these games on the go may have to create an account with Americas Cardroom in order to access them. Bad Pelican Takes Million Dollar Sunday for $269,800 The fact that the Million Dollar Sunday event was able to go ahead last weekend was good news for “Bad Pelican”. The infrequent visitor to the Winning Poker Network topped a field of 2,698 to collect the $269,800 first prize after fourteen hours of play . The massive field ensured the million dollar guarantee was met and, in total, 405 players cashed in the event. The volume of players on the Winning Poker Network also ensured guarantee-busting prize pools for most of the weekend´s tournaments. Hopefully the next OSS Cub3d series should go without a hitch. As sites on the Winning Poker Network continue to add new features and player benefits, there will be huge expectations for the next OSS Cub3d series , and it will be a huge disappointment – not least for CEO Phil Nagy – if any of the tournaments have to be cancelled due to DDoS attacks or other connection issues. Source: http://www.pokernewsreport.com/bigger-online-super-series-cancelled-due-to-ddos-attacks-21870

Link:
Bigger Online Super Series Cancelled due to DDoS Attacks

#CLOUDSEC2017: DDoS: Large Attacks Shake the Internet but Modest Attacks Cause More Business Damage

Speaking at CLOUDSEC 2017 today Ashley Stephenson, CEO of Corero, explored innovation in DDoS mitigation and ways to defeat the modern day DDoS attack. Stephenson said that whilst, in the last five years, there have been various large-scale DDoS attacks that have made national or even global headline news, these are not good examples of the types of attacks that companies are suffering from day-to-day. Instead, he explained that it is the frequent, modestly sized, short duration modern DDoS attacks that are the real problem as they actually cause organizations the most damage regularly, and it’s those types of attacks that businesses should be focusing on. “The headline-grabbing attacks aren’t always the ones that you really have to worry about with regards to improving your security posture for your business,” Stephenson argued. “Those high-profile attacks are really just the tip of the iceberg. There is much more activity that ends up in real terms doing more harm to businesses below the waterline. If you’re not doing something today to protect your business against these types of threats, then you are exposed.” The reality is, he added, protecting against the everyday types of attacks is something you can do a lot about and you can inform yourselves much more clearly about the consequences and the types of vectors being used through the use of good technology products that are aimed at DDoS specifically. “The very large, internet-overpowering events that occur might make the internet itself creak in certain geographies or services, but there’s very little you can do as an individual corporation to deal with those issues,” Stephenson concluded. Source: https://www.infosecurity-magazine.com/news/cloudsec2017-ddos-large-attacks/

See the original post:
#CLOUDSEC2017: DDoS: Large Attacks Shake the Internet but Modest Attacks Cause More Business Damage

America’s Cardroom, WPN Hit by DDoS Attack Again

It had been a while, but America’s Cardroom seemed due for another cyber attack. Yup, leading into the Labor Day weekend, ACR and its network, the Winning Poker Network, were hit with a Distributed Denial of Service (DDoS) attack, something that is unfortunately not a unique event for either the online poker room or the network. The attack began Thursday evening, affecting, among many other games, ACR’s Online Super Series (OSS) Cub3d. Problems continued all the way through Saturday. America’s Cardroom initially tweeted about the issues at about quarter after eight Thursday night, writing, “We are currently experiencing a DDOS attack, all running tournaments have been paused. Will keep you updated.” A half hour later, ACR announced that it was cancelling all tournaments in progress and providing refunds per the site’s terms and conditions. At about 9:00pm, the site was back up, but the DDoS attacks continued, causing poker client interruptions less than two and a half hours later. Problems continued well into Friday morning until ACR and WPN finally got things under control (temporarily) close to noon. The pattern continued that evening, with games going down after 6:00pm Friday and then resuming, and going down again after 7:00pm. Finally, around noon Saturday, ACR’s techs seemed to get a handle on things “for good.” In a Distributed Denial of Service attack, the attacker (or attackers) floods a server with millions of communications requests at once. It’s not a virus or a hack or anything malicious like that, but the communications overwhelm the server and grind it to a halt. Think of it like the traffic jam to end all traffic jams. It wouldn’t be THAT big of a deal if the attack was coming from one source, but since it is “distributed,” the attacker arranges it so that it originates from literally millions of IP addresses. It makes defending one’s network insanely difficult. To use another brilliant illustration, if you are trapped in a house and a zombie horde is coming for your juicy brains, it’s scary and awful, but if all the zombies decide to come in through the front door, you can probably handle it if properly equipped. If they surround you and just crash in through every door, window, and mouse hole like in Night of the Living Dead, might as well develop a taste for human flesh because you’re screwed. As with other DDoS attacks, the network was contacted by the aggressor, who demanded a ransom of some sort. WPN CEO Phil Nagy went on Twitch and said he refused to cave to any demands. He even posted a brief series of messages from the attacker, who said he was doing it on behalf of a competing poker room (all spelling mistakes what-not his): this is my job anouther site give me money for doos you and i ddos you this is my job Nagy said that he hoped that by at least making it public that it may be another site responsible for the DDoS attack that it will make someone nervous that they could get caught and the attacks will subside. WPN first experienced a major DDoS attack in December 2014, during its Million Dollar Sunday tournament, when it caused disconnections, lag, and registration problems. It happened again in September 2015 and again in October 2015. The network will be re-running many of the tournaments, including the OSS and MOSS, and will cut the buy-in of the million dollar guaranteed OSS tourney in half as well as add an extra Sunday Million. Source: https://www.pokernewsdaily.com/americas-cardroom-wpn-hit-ddos-attack-30342/

Week in review: Cyber threat hunting, Android DDoS botnet, drone bug bounty

Here’s an overview of some of last week’s most interesting news, podcasts and articles: New, custom ransomware delivered to orgs via extremely targeted emails Ransomware campaigns are usually wide-flung affairs: the attackers send out as many malicious emails as possible and hope to hit a substantial number of targets. But more targeted campaigns are also becoming a trend. Getting a start on cyber threat hunting We live in a world where the adversaries will persist … More ?

View article:
Week in review: Cyber threat hunting, Android DDoS botnet, drone bug bounty

Whitepaper: Understanding pulse wave DDoS attacks

Pulse wave DDoS is a new attack tactic, designed to double the botnet’s output and exploit soft spots in “appliance first cloud second” hybrid mitigation solutions. Comprised of a series of short-lived bursts occurring in clockwork-like succession, pulse wave assaults accounted for some of the most ferocious DDoS attacks we ever mitigated. Reading this whitepaper will help you: Understand the nature of pulse wave DDoS attacks See how they are used to pin down multiple … More ?

More here:
Whitepaper: Understanding pulse wave DDoS attacks