DDoS aggression and the evolution of IoT risks

Few organizations globally are being spared DDoS attacks, according to a Neustar survey of over 1,000 IT professionals across six continents. With the bombardment fairly constant throughout 2015, it is no longer a matter of if or when attacks might happen, but how often and how long the attack will last. Faced with this ongoing onslaught, the report demonstrates that increasingly DDoS-defense savvy organizations are now arming themselves accordingly. The research results show that although … More ?

View the original here:
DDoS aggression and the evolution of IoT risks

Image 15689_Outage-costs3.png

The rising cost of DDoS

Data centers may be more reliable, but failures due to malicious attacks are increasing. Their cost is also rising, says Michael Kassner Some cost accountants would cringe at his methodology, but after a 2013 DDoS attack on Amazon, Network World journalist Brandon Butler took a simple route to come up with an attention-grabbing headline: “Amazon.com suffers outage – nearly $5M down the drain?” Did Amazon really lose this much money? Or did it lose more? Butler worked backward from the company’s reported quarterly earnings: “Amazon.com’s latest (2013) earnings report shows the company makes about $10.8 billion per quarter, or about $118 million per day and $4.9 million per hour.”  The DDoS outage lasted nearly an hour, hence the almost $5 million figure. That is a truly staggering amount to lose in one hour of unplanned maliciously-caused downtime. And Butler’s methodology seems logical on the surface. But could we get a more accurate idea of the actual cost? The Ponemon way of estimating If the Ponemon Institute is known for anything, it is the company’s diligence in providing accurate accounting of issues on the company’s radar – in particular security issues. Its areas of interest happen to include the cost of data center outages, which it covers in a regular report series. The executive summary of the latest, January 2016, report says: “Previously published in 2010 and 2013, the purpose of this third study is to continue to analyze the cost behavior of unplanned data center outages. According to our new study, the average cost of a data center outage has steadily increased from $505,502 in 2010 to $740,357 today (or a 38 percent net change).” To reach those conclusions the Ponemon researchers surveyed organizations in various industry sectors (63 data centers) that experienced an unplanned data center outage during 2015. Survey participants held positions in the following categories: Facility management Data center management IT operations and security management IT compliance and audit The Ponemon researchers used something called activity-based costing to come up with their results. Harold Averkamp at AccountingCoach.com describes activity-based costing as follows: “Activity-based costing assigns manufacturing overhead costs to products in a more logical manner than the traditional approach of simply allocating costs on the basis of machine hours. Activity-based costing first assigns costs to the activities that are the real cause of the overhead. It then assigns the cost of those activities only to the products that are actually demanding the activities.” Following Averkamp’s definition, Ponemon analysts came up with nine core process-related activities that drive expenditures associated with a company’s response to a data outage (see Box). It’s a detailed list, and includes lost opportunity costs. Key findings The research report goes into some excruciating detail, and significant real information can be gleaned from the survey’s key findings. For example, the maximum cost of a data center outage has more than doubled since Ponemon Institute started keeping track, from $1 million in 2010 to more than $2.4 million in 2016. Overall outage costs Source: Ponemon Institute “Both mean and median costs increased since 2010 with net changes of 38 and 24 percent respectively,” says the report. “Even though the minimum data center outage cost decreased between 2013 and 2016, this statistic increased significantly over six years, with a net change of 58 percent.” The report also found that costs varied according to the kind of interruption, with more complexity equalling more cost. “The cost associated with business disruption, which includes reputation damages and customer churn, represents the most expensive cost category,” states the report. The least expensive costs, the report says involve “the engagement of third parties such as consultants to aid in the resolution of the incident.” The Ponemon report looked at 16 different industries, and the financial services sector took top honors with nearly a million dollars in costs per outage. The public sector had the lowest cost per outage at just under $500,000 per outage. Primary causes of outages Source: Ponemon Institute Next, the Ponemon team looked at the primary cause of outages. UPS system failure topped the list, with 25 percent of the companies surveyed citing it. Twenty-two percent selected accidental or human error and cyber attack as the primary root causes of the outage. Something of note is that all root causes, except cyber crime, are becoming less of an issue, whereas cybercrime represents more than a 160 percent increase since 2010. One more tidbit from the key findings: complete unplanned outages, on average, last 66 minutes longer than partial outages. The Ponemon researchers did not determine the cost of an outage per hour; deciding to look at the price per outage and per minute, and how those numbers have changed over the three survey periods. The cost per outage results are considerably less than that reported for the Amazon incident, but an average of $9,000 per minute or $540,000 per hour is still significant enough to make any CFO take note. DDoS is not going away Data centers can only increase in importance, according to the Ponemon analysts, due in large part to cloud computing (30 percent CAGR between 2013 and 2018) and the IoT market (expected to reach 1.7 trillion dollars by 2020). “These developments mean more data is flowing across the internet and through data centers—and more opportunities for businesses to use technology to grow revenue and improve business performance,” write the report’s authors. “The data center will be central to leveraging those opportunities.” An interesting point made by the report is how costs continue to rise and the reasons for data center downtime today are mostly not that different from six years ago. The one exception is the rapid and apparently unstoppable growth in cyber attacks. The report authors are concerned about this very large increase in cyber attack outages, and they make a stark warning that the problem is not going away soon.   Components of cost: Detection cost Activities associated with the initial discovery and subsequent investigation of an outage incident. Containment cost Activities and associated costs that allow a company to prevent an outage from spreading, worsening, or causing greater disruption. Recovery cost Activities and associated costs related to bringing the organization’s networks and core systems back to normal operation. Ex-post response cost All after-the-fact incidental costs associated with business disruption and recovery. Equipment cost The cost of equipment, new purchases, repairs, and refurbishment. IT productivity loss The lost time and expenses associated with IT personnel downtime. USER productivity loss The lost time and expenses associated with end-user downtime. Third-party cost The cost of contractors, consultants, auditors, and other specialists engaged to help resolve unplanned outages. Lost revenues Total revenue loss from customers and potential customers because of their inability to access core systems during the outage. Business disruption Total economic loss of the outage, including reputational damages, customer churn, and lost business opportunities. Source: http://www.datacenterdynamics.com/security-risk/the-rising-cost-of-ddos/96060.article http://www.datacenterdynamics.com/magazine

Read More:
The rising cost of DDoS

Image armada-collective-scam-email-640x748.png

Businesses pay $100,000 to DDoS extortionists who never DDoS anyone

In less than two months, online businesses have paid more than $100,000 to scammers who set up a fake distributed denial-of-service gang that has yet to launch a single attack. The charlatans sent businesses around the globe extortion e-mails threatening debilitating DDoS attacks unless the recipients paid as much as $23,000 by Bitcoin in protection money, according to a blog post published Monday by CloudFlare, a service that helps protect businesses from such attacks. Stealing the name of an established gang that was well known for waging such extortion rackets, the scammers called themselves the Armada Collective. “If you don’t pay by [date], attack will start, yours service going down permanently price to stop will increase to increase to 20 BTC and will go up 10 BTC for every day of the attack,” the typical demand stated. “This is not a joke.” Except that it was. CloudFlare compared notes with other DDoS mitigation services and none of them could find a single instance of the group acting on its threat. CloudFlare also pointed out that the group asked multiple victims to send precisely the same payment amounts to the same Bitcoin addresses, a lapse that would make it impossible to know which recipients paid the blood money and which ones didn’t. Despite the easily spotted ruse, many businesses appear to have fallen for the scam. According to a security analyst contacted by CloudFlare, Armada Collective Bitcoin addresses have received more than $100,000. “The extortion emails encourage targeted victims to Google for the Armada Collective,” CloudFlare CEO Matthew Prince wrote. “I’m hopeful this article will start appearing near the top of search results and help organizations act more rationally when they receive such a threat.” Source: http://arstechnica.com/security/2016/04/businesses-pay-100000-to-ddos-extortionists-who-never-ddos-anyone/

Continue Reading:
Businesses pay $100,000 to DDoS extortionists who never DDoS anyone

Website extortionists rake in over $100,000 without lifting a finger

‘Armada Collective’ threatens to carry out DDoS attacks, never actually attacks Reputation is everything in business: it appears a bunch of canny scammers have stolen the identity of a hacking squad to make some serious bank.…

See the original post:
Website extortionists rake in over $100,000 without lifting a finger

KKK Website Shut Down by Anonymous Ghost Squad’s DDoS Attack

Anonymous Ghost Squad’s DDoS Attack Closes Down KKK Website The Anonymous vs. Ku Klux Klan (KKK) cyber war is well known to all of us. In continuation of that war, Anonymous affiliate Ghost Squad brought down one of major website belonging to the KKK members. In a series of powerful distributed denial-of-service (DDoS) attacks just a few hours ago, Anonymous has shut down the official website of Loyal White Knights of the Ku Klux Klan (KKK). Ghost Squad, the group said to be behind this attack works with the online hacktivist Anonymous. The reason for attacking the KKK is the “blunt racism” in the name of free speech. In an exclusive conversation with one of the attackers, HackRead was told that: “We targeted the KKK due to our hackers being up in their face, we believe in free speech but their form of beliefs is monolithic and evil. We stand for constitutional rights but they want anyone who is not Caucasian removed from earth so we targeted the KKK official website to show love for our boots on the ground and to send a message that all forms of corruption will be fought. We are not fascist but we certainly do not agree with the KKK movement. They are the Fascists and they are the Racists.” An error message “The kkkknights.com page isn’t working” is displayed for those visiting the website. KKK has not for the first time come under attacks by Anonymous. Earlier, the hacktivists disclosed personal information of KKK members. In October 2015, the group also carried out DDoS attacks on KKK’s website, as one of the Klan members apparently harassed a woman on Twitter. This is not it. In 2014, the official website of a Mississippi-based white supremacist organization “The Nationalist Movement” (nationalist.org) was also spoiled with messages like “Good night white pride.” The KKK Knights website is still offline across the world as shown in the screenshot below: Source: http://www.techworm.net/2016/04/kkk-website-shut-anonymous-ghost-squads-ddos-attack.html

Originally posted here:
KKK Website Shut Down by Anonymous Ghost Squad’s DDoS Attack

Anonymous Launches DDoS attacks Against Denver Police Website Against Fatal Shooting

Anonymous NWH targets Denver police department domain with DDoS attack to register protest against the fatal shooting of 39-year-old Dion Avila An Anonymous-linked team of attackers called New World Hacking  (NWH)   has conducted a series of powerful distributed denial-of-service ( DDoS ) attacks on Denver city, county and police website earlier today forcing the site to go offline — The reason for targeting the site was last week’s (Tuesday 14th April)   police shooting in which Dion Avila Damon was allegedly killed inside his parked car near the Denver Art Museum. In an exclusive conversation with two of the NWH attackers (Sad Prophet and SinfulHazeCE) behind this attack, HackRead told that: “We see how Denver police don’t care so if they don’t care about killing and innocent; we don’t care about continuous attacks on Denver.” The attackers also hint for a database leak within a week or so depending on the response from Denver police department. However, Fox news reported that Police is investigating an officer-involved in the shooting. Remember, the NWH is the same group who claimed responsibility for shutting down Xbox online service , BBC news servers , HSBC UK’s online banking, the official website for Donald Trump’s election campaign, Salt Lake city Police and airport websites . At the time of publishing this article, the Denver police department website was down. Source: https://www.hackread.com/anonymous-shut-denver-police-website/    

View post:
Anonymous Launches DDoS attacks Against Denver Police Website Against Fatal Shooting

Anonymous whales on Denmark, Iceland with OpKillingBay DDoS

Anti-dolphin-munching mission DDoSed car-maker Nissan A pair of Akamai researchers are warning that entities using the name and iconography of hacker collective Anonymous will soon expand a six-year distributed denial of service (DDoS) attack campaign against Japan to other whale-and-dolphin-eating nations.…

Visit site:
Anonymous whales on Denmark, Iceland with OpKillingBay DDoS

South Korea no 1 origin point for DDoS attacks

South Korea has taken the top spot as the largest origin point for DDoS attacks in 2016. Imperva documented DDoS attacks coming out of South Korea at a rate nearly triple that of Russia, which came in second. In fact, South Korea attained a proportion of global DDoS responsibility greater than the next three countries combined. DDoS attacks are one of the more popular tools in the hacker’s toolkit. DDoS, or distributed denial of service attacks, work by essentially flooding the target with traffic. Attackers will normally employ botnets to do this, making it seem as though millions of people are all visiting the same site at the exact same second. Though a favourite of hacktivists, the attack is also employed by cyber-criminals, often using it as a smokescreen to distract defenders while stealing information from the parts of networks that are left undefended. The blackmail group DD4BC, for example, would relentlessly DDoS websites until the unfortunate victims coughed up a couple of bitcoins. Ewan Lawson, a Royal United Services Institute fellow and expert in cyber-security, offered insight as to why South Korea might have reached this zenith. Lawson told SCMagazineUK.com , “It feels like it is in part a reflection of the networked nature of [South Korea] but there are other countries with similar degrees of penetration or greater.” South Korea has one of the highest internet penetration rates in the world and also enjoys one of the faster internet speeds, last year rated at an average of 23.6 Mbps. “It would therefore suggest”, said Lawson, “that there is some vulnerability in the gateways and/or servers that are being exploited by the DDoS enabling malware.” Igal Zeifman, senior manager at Imperva, told SC , “As a rule, botnets thrive either in regions with high Internet connectivity or in emerging Internet markets with a high prevalence of unsecured connected devices.” Zeifman added, “South Korea certainly fits the former scenario, with botnet shepherds benefiting from the organic evolution in connection speeds—something that also improves the attacking (upload) capabilities of compromised devices.” Botnets have been growing rapidly in South Korea over the past year. The South Korean DDoS activity primarily comes from two botnets – Nitol and PCRat – both of which offer remote control over the infected devices. Where they differ is their attack traffic signatures, Zeifman told SC. Nitol, for example, is a Chinese botnet and will probably send out attack disguised as search engine crawlers from Baidu, an immensely popular Chinese website. Jarno Limnell, professor of cyber-security at Aalto university in Finland, explained to SC that both of these botnets are Windows based: “A typical ‘member’ of a botnet is, therefore, a Windows PC. The easiest way to do it – non-updated (and possibly illegal) Windows with the appropriate vulnerability. I guess that in South Korea there a lot of these kind of PCs available to build botnets.” Russia and Ukraine came second and third respectively. Though beaten by South Korea, Zeifman told SC that the two countries owe much of their increased activity to “the emergence of new botnets built out of Windows OS devices compromised with the Generic!BT malware”. Zeifman added this may be indicative of poor security in those countries: “The fact that a known, and pretty outdated, type of malware is successfully being used points to inefficient security measures on the part of device owners.” Meanwhile, and perhaps unsurprisingly, the United States was the most DDoSed country in the world over the last quarter, far outpacing the combined total of the other nine most DDoSed countries. Some of the report’s other findings included the fact that DDoS attacks, are “upping their game” when it comes to botnets. Imperva’s report says this, “this was best exemplified by an increase in the number of DDoS bots with an ability to slip through standard security challenges, commonly used to filter out attack traffic.” Over the first quarter of this year, the number of these kinds of bots “mushroomed” from 6.1 percent to 36.6 percent, as a proportion of total bots. What makes them different is that some of these bots can hold cookies while others can spot javascript, making for a deadly combination. DDoS attackers are also narrowing their gazes. Imperva notes that while DDoS attacks may have once been brutish and crude, the company is seeing far more finesse in the deployment. Attackers have been experimenting with new methods and vectors, which the reports says suggests “that more perpetrators are now re-prioritising and crafting attacks to take down DDoS mitigation solutions, rather than just the target.” Source: http://www.scmagazineuk.com/south-korea-no-1-origin-point-for-ddos-attacks/article/491220/

More:
South Korea no 1 origin point for DDoS attacks

ISPs are putting their enterprise customers at risk of DDoS attacks

The vast majority of enterprise end users (85%) want their ISPs to offer more comprehensive DDoS protection-as-a-service, according to Corero Network Security. The research, which polled over 100 ISPs and 75 enterprise customers about their DDoS mitigation strategies, revealed that an alarming proportion of ISPs are still relying on outdated technologies to protect their customers. For example, forty-six per cent divert DDoS traffic through a scrubbing centre – an expensive and notoriously slow technique which … More ?

View the original here:
ISPs are putting their enterprise customers at risk of DDoS attacks

Academic network Janet clobbered with DDoS attacks – again

Funny how it always gets targeted at the end of term… Blighty’s government-funded educational network Janet has once again been hit by a cyber attack, with a fresh wave of DDoS attacks launched against the network this morning.…

See the article here:
Academic network Janet clobbered with DDoS attacks – again