What is Pulse Wave? Hackers devise new DDoS attack technique aimed at boosting scale of assaults

The new attack method allows hackers to shut down targets’ networks for longer periods while simultaneously conducting attacks on multiple targets. Hackers have begun launching a new kind of DDoS attack designed to boost the scale of attacks by targeting soft spots in traditional DDoS mitigation tactics. Dubbed “Pulse Wave”, the new attack technique allows hackers to shut down targeted organisations’ networks for prolonged periods while simultaneously conducting attacks on multiple targets. The new attacks may render traditional DDoS mitigation tactics useless, experts say. Some of the pulse wave DDoS attacks detected lasted for days and “scaled as high as 350 Gbps”, according to security researchers at Imperva, who first spotted the new threat. “Comprised of a series of short-lived pulses occurring in clockwork-like succession, pulse wave assaults accounted for some of the most ferocious DDoS attacks we mitigated in the second quarter of 2017,” Imperva researchers said in a report. The researchers said they believe that the pulse wave technique was “purposefully designed” by “skilled bad actors” to boost hackers’ attack scale and output by taking advantage of “soft spots in hybrid ‘appliance first, cloud second’ mitigation solutions.” Traditional DDoS attacks involve a continuous barrage of assaults against a targeted network, while pulse wave involves short bursts of attacks that have a “highly repetitive pattern, consisting of one or more pulses every 10 minutes”. The new attacks last for at least an hour and can extend to even days. A single pulse is large and powerful enough to completely congest a network. “The most distinguishable aspect of pulse wave assaults is the absence of a ramp-up period — all attack resources are committed at once, resulting in an event that, within the first few seconds, reaches a peak capacity that is maintained over its duration,” the Imperva researchers said. ulse wave takes advantage of appliance-first hybrid mitigation solutions by preying on the “Achilles’ heel of appliance-first mitigation solutions”, – the devices’ incapability of dealing with sudden powerful attack traffic surges. The Imperva researchers said the emergence of pulse wave DDoS attacks indicates a significant shift in the attack landscape. “While pulse wave attacks constitute a new attack method and have a distinct purpose, they haven’t emerged in a vacuum. Instead, they’re a product of the times and should be viewed in the context of a broader shift toward shorter-duration DDoS attacks,” researchers said. The Imperva researchers predicted that such attacks will continue, becoming more persistent and growing, boosted via botnets. Source: http://www.ibtimes.co.uk/what-pulse-wave-hackers-devise-new-ddos-attack-technique-aimed-boosting-scale-assaults-1635423

Read the original post:
What is Pulse Wave? Hackers devise new DDoS attack technique aimed at boosting scale of assaults

Why DDoS attacks show no signs of slowing down

Distributed Denial of Service (DDoS) attacks caused substantial damage to organisations across APAC and the world in the past year. According to Neustar’s recent ‘Worldwide DDoS Attacks and Cyber Insights Research Report’, 84 percent organisations surveyed globally were hit by a DDoS attack in the last 12 months, with 86 percent of those organisations were hit multiple times. The code used to cause these large outages was published openly, and soon after all sorts of attacks and variants of the original code were causing havoc around the world. Detection is too slow DDoS attacks are not only occurring more frequently but are also getting more difficult to detect. Within APAC, more than half of organisations on average are taking at least three hours to detect an attack and nearly as many took another three hours to respond once an attack was detected. Alarmingly, slow detection and response can lead to huge damages financially. Around half of all organisations stand to lose an average of $100,000 per hour of peak downtime during an attack. To exacerbate this, 40 percent of organisations hit were notified by their customers of the attacks. Investment is increasing The worrying figures above help explain why 90 percent of organisations are increasing their investments in DDoS defences, compared to the previous 12 months – up from 76 percent last year- despite the fact that 99 percent already have some form of protection in place. The threats faced today, and those anticipated in the future, are clearly forcing organisations to completely reconsider the ways they are currently protecting themselves. Mitigating against DDOS attacks Effectively mitigating DDoS attacks has become crucial for organisations that want to avoid damaging financial and reputational loss. In order to combat attacks, organisations need to adequately understand the threat, quantify the risk and then create a mitigation plan that corresponds to their needs. Whether it’s a large or small scale DDoS attack, to keep up with the growing threat, companies will need newer, adaptable, and scalable defences that include new technology and methodologies. Developing a mitigation plan Paying the cost for a DDoS mitigation that exceeds their requirements is like over insuring your car – you are paying a premium for a service that does not match your level of risk/potential loss. Similarly, implementing a DDoS mitigation that does not cover the risk will likely lead to additional costs, resulting from greater organisational impact and additional emergency response activities. Once the severity of the risk is understood, there are three key critical elements of producing a good mitigation plan that must be enacted: detection, response and rehearsal. Detecting an attack Fortunately, there are several technologies out there that can be used to monitor both the physical and cloud-based environment. An example is how organisations can use Netflow monitoring on border routers to detect a volumetric attack, or provide this data to a third-party for analysis and detection. They can also look at using appliances to conduct automatic detection and response, again managed internally or by a third-party. In a cloud environment, organisations can choose between a vast array of cloud monitoring tools that allow them to identify degradation and performance, CPU utilisation and latency, giving an indication as accurate as possible of when an attack occurs. Responding to an attack The response plan to the attack must be scaled to the organisation’s risk exposure and technology infrastructure. For instance, an organisation operating in the cloud with a moderate risk exposure might decide on a cloud based solution, pay-on-occurrence model. On the other hand, a financial services company that operates its own infrastructure will be exposed to more substantial financial and reputational risk. Such a company would ideally look for a hybrid solution that would provide the best time to mitigate, low latency and near immediate failover to cloud mitigation for large volumetric attacks. Rehearsal of your mitigation plan Regardless of the protection method being deployed, it’s good practice to rehearse it periodically. Periodic testing can not only eliminate gaps or issues in responding to a DDoS attack, but can also prepare the responsible owners to perform their required actions when an actual event occurs. In summary, DDoS attacks aren’t showing any signs of slowing down anytime soon. The threats associated with DDoS attacks cannot be understated or underestimated. Moreover, by quantifying the risk to the organisation and implementing a right-sized mitigation solution, organisations can effectively and efficiently mitigate the risk of DDoS attacks. Source: https://securitybrief.com.au/story/why-ddos-attacks-show-no-signs-slowing-down/

Link:
Why DDoS attacks show no signs of slowing down

World of Warcraft, Overwatch, Hearthstone and other games hit by DDoS

Games company Blizzard has reported on Twitter that: “We are currently monitoring a DDOS attack against network providers which is affecting latency/connections to our games.”  World of Warcraft, Overwatch, Hearthstone and other game servers are believed to have been hit. At about 5pm last night Blizzard noticed Down Detector – which monitors online outages  -logging a huge upsurge of problems and 2800+ reports for Overwatch, World of Warcraft and several other Blizzard gaming services. Commenting on the way that even failure to bring a service down completely has a severe impact on online games ,   Igal Zeifman, director at Imperva Incapsula said in an email to SC: “Competitive online games are an attractive target for any DDoS offender looking to create large-scale mayhem in hope of some Internet notoriety. Moreover, such gaming networks are also particularly vulnerable to denial of service assaults because, unlike many other targets, they don’t need to be taken offline to become unusable. “In the case of a real-time online game, even a small amount of  latency–as a result of a technically “failed” attacks–is enough to cause major disruption to gamers looking for a completely responsive and immersive experience. This is exactly what is happening in this case. Even if some users are able to log in, the latency they experience still makes Overwatch unplayable.” Source: https://www.scmagazineuk.com/world-of-warcraft-overwatch-hearthstone-and-other-games-hit-by-ddos/article/681508/

View post:
World of Warcraft, Overwatch, Hearthstone and other games hit by DDoS

Kids these days: the 16-year-old behind 1.7 million DDoS attacks

Teenagers have typically not been known as the most motivated demographic, napping through classes and slouching through shifts at McDonald’s. While yelling at a 16-year-old four times just to get him to unload the dishwasher is annoying, consider the other end of the spectrum: the ambitious 16-year-old who earned over $500,000 USD by building a DDoS stresser responsible for 1.7 million attacks, causing millions of dollars in damages. It’s cool Brayden, you can unload the dishwasher later. Dirty dealings A successful distributed denial of service or DDoS attack is one in which a website or online service is overwhelmed by malicious traffic or requests, pushing the site or service offline so it’s unavailable to its users. DDoS attacks have been big news the last few years. Big news to website owners who have had users frustrated by downtime, to business owners who have suffered reputation damage and monetary losses, to the public at large who have been unable to use websites and services big and small because of these attacks, and big news to the media itself who have been devoting headlines to the ever-growing scourge of attacks. One of the main reasons for the increase in attacks has been DDoS for hire servers, otherwise known as booters or stressers. For as little as a few dollars, anyone with an internet connection can buy access to a service that allows them to aim a DDoS attack at the targets of their choosing. Stressers are so named because they masquerade as a legitimate tool, one that stresses a server to test its reliability. This is where Adam Mudd comes in. In the Mudd When Adam Mudd was just 16 years old he went to work on the computer in his bedroom and created what he called the Titanium Stresser. Mudd himself carried out 594 distributed denial of service attacks, including an attack against his former college, but those nearly 600 attacks were but a drop in the bucket compared to how busy his stresser got when he opened it up as a DDoS for hire service. In just over two years the Titanium Stresser racked up 112,000 registered users who launched 1.7 million DDoS attacks against 660,000 IP addresses. There were obviously many repeat targets amongst those 660,000 IP addresses, perhaps most notably the company behind the online game RuneScape which was hit 25,000 times and led to the company spending roughly $10 million in mitigation efforts. Other notable targets of the Titanium Stresser included Sony, Xbox Live, Microsoft and Team Speak. Mudd reportedly earned over $500,000 from his stresser service. It all came to an end for Mudd in March of 2015 when the police arrived at his parents’ house. Mudd refused to unlock his computer until his father intervened. He has since pleaded guilty to three charges under the United Kingdom Computer Misuse Act, and one charge of money laundering. He was sentenced to 24 months in jail. The big picture Mudd was nothing more than a teenager in the bedroom of his parents’ house, yet his stresser service caused millions of dollars in quantitative damages and untold further damages when it comes to lost productivity, lost user loyalty and lost revenue in both the short and long term. There are Adam Mudds all over the world, many more experienced, running stresser services that are just as successful as the Titanium Stresser and even more so. Further, while Mudd’s arrest and conviction is a success for law enforcement, he joins a list of recent DDoS-related arrests that include members of the famed Lizard Squad, owners of the vDos botnet, and three dozen patrons of stresser services. Hackforums, the biggest hacking forums in the world, also recently banned DDoS for hire services. All seemingly good things. Yet the number of DDoS attacks being perpetrated hasn’t gone down. When the FBI or Interpol shuts down a stresser service, another stresser service simply scoops up its customers. The lesson here has to be that DDoS attacks can be perpetrated by anyone and aren’t going anywhere anytime soon. With stresser services so affordable and accessible, almost every website on the internet is a potential target, and potentially a repeat target. Without professional DDoS protection, websites will be left picking up the pieces and paying exorbitant sums in order to do so. Source: http://www.bmmagazine.co.uk/in-business/kids-days-16-year-old-behind-1-7-million-ddos-attacks/

See the original post:
Kids these days: the 16-year-old behind 1.7 million DDoS attacks

Libertarian Site Suffers DDoS Attack After Supporting Google Worker

Quillette Magazine, a small but respected libertarian publication based in Australia, suffered a DDoS attack Tuesday after publishing an article supportive of James Damore, the fired Google memo writer. The attack, which crashed the site for a day, came after Quillette published the opinion of four scientists on the Google memo. The scientists found that the conservative Google employee’s views on gender differences were supported by substantial scientific evidence. The Google memo’s “key claims about sex differences are especially well-supported by large volumes of research across species, culture,” wrote Geoffrey Miller, a professor of evolutionary psychology at the University of New Mexico, explaining that the memo “is consistent with the scientific state of the art on sex differences.” “Among commentators who claim the memo’s empirical facts are wrong, I haven’t read a single one who understand sexual selection theory, animal behavior, and sex differences research,” Miller added. Deborah Soh, who has a PhD in sexual neuroscience and works as a Toronto-based science writer, concurred with Miller. “Sex differences between women and men—when it comes to brain structure and function and associated differences in personality and occupational preferences—are understood to be true, because the evidence for them (thousands of studies) is strong.” “This is not information that’s considered controversial or up for debate; if you tried to argue otherwise, or for purely social influences, you’d be laughed at,” Soh said. Unfortunately, liberal-hacker-activists couldn’t handle the truth, and Quillette’s website took an arrow to the knee. Claire Lehmann, the founder of Quillette, told PJ Media that her website was especially susceptible to attack. While there are many programs that can be used to protect against DDoS attacks (which are when hackers flood websites with traffic to crash it), Claire said she didn’t have any. “I’m a small site and my technical skills are not at a high level, so I was unaware that I should have had these protections. Apparently they are fairly standard,” she told PJ Media. Her site, which has received endorsements from well-known figures such as Charles Murray and Richard Dawkins, has a history of publishing science-based journalism, but this is the first time they’ve suffered a DDoS attack, Lehman says. (Disclosure: I’ve written a few articles on higher education for them. Small world.) Lehmann, whose site has been dedicated to supporting alternative viewpoints since it launched in 2016, said her work is crucial to helping people see the truth behind things. “It’s important to hear alternative viewpoints so that we can work out what is the truth, and not merely consensus,” Lehmann said. “Over the past few years, both academic and media institutions have become highly conformist. And we know that groupthink leads to blindspots, which makes us unable to see what is actually true.” Source: https://pjmedia.com/trending/2017/08/09/libertarian-site-suffers-ddos-attack-after-supporting-google-worker/

View the original here:
Libertarian Site Suffers DDoS Attack After Supporting Google Worker

Ukrainian Postal Service Knocked Offline By Repeated DDoS

Ukrposhta, the national postal service in Ukraine, was hit with a two-day DDoS attack that began on Monday, knocking some systems offline. According to the Interfax news agency, the computer systems targeted by the unknown assailants are used to track customer parcels and shipments. Ukrposhta is managed by the Infrastructure Ministry in Ukraine, and employs almost 12,000 postal officers across the country and 76,000 employees in all—meaning that disruptions could have far-reaching effects. The company gave DDoS updates via its Facebook page yesterday. The latest (in translation) reads: “During the first wave of the attack, which began yesterday in the morning, our IT services could normalize the situation, and after 5 p.m., all the services on the site worked properly. But today, hackers are at it again. Due to their actions, both the website and services are working, but slowly and with interruptions.” Igal Zeifman, director of marketing at Imperva for the Incapsula product line, said via email that it sounds like Ukrposhta is dealing with several repeat assaults, occurring in rapid succession. “Recently, such tactics had become more common due to their ability to disrupt some security measures and cause fatigue to the people in charge of the attack mitigation, forcing them to stay alert even in the quiet time between the attacks,” he said. “In the first quarter of the year, we saw the number of such repeat assaults reach an all-time-high, with over 74% of DDoS targets attacked at least twice in the span of that quarter.” This is not the first time that Ukraine’s postal service has faced significant attacks this year. The country was ground zero for the Petya/NotPetya ransomware attacks that proliferated around the globe in June, which affected not just the postal service but also banks and the state-owned power companies, Ukenergo and Kyivenergo. Source: https://www.infosecurity-magazine.com/news/ukrainian-postal-service-repeated/

Read the original:
Ukrainian Postal Service Knocked Offline By Repeated DDoS

The IoT Botnet Wars: How to Harden Linux Devices from DoS Attacks

While fighting botnets like Mirai and BrickerBot with another botnet, Hajime, may help prevent denial-of-service attacks on the IoT, the best defense is a basic system security-hardening plan. An ongoing battle being waged is leveraging insecure Linux-based Internet of Things (IoT) devices. BrickerBot (see “Beware BrickerBot, the IoT Killer”) is a recent malware strain attacking connected devices and causing them to “brick,” making an electronic device completely useless in a permanent denial-of-service (PDoS) attack. It may be a case of grey hat hacking and a direct response to the Mirai botnet distributed denial-of-service (DDoS) attack that enslaved IoT devices. The Mirai botnet consisted of connected printers, IP cameras, residential gateways, and baby monitors that flooded DNS servers. Mirai was behind the largest DDoS attack of its kind ever in October 2016, with an estimated throughput of 1.2 terabits per second. It leveraged these enslaved devices to bring down large portions of the internet, including services such as Netflix, GitHub, HBO, Amazon, Reddit, Twitter, and DIRECTV. BrickerBot’s goal appears to counter Mirai’s: Bricking insecure Linux devices so that malware such as Mirai can’t subjugate these devices in another DDoS attack. An internet service provider in Southern California, Sierra Tel, experienced widespread outages due to this battle. Its Zyxel modems were victim to BrickerBot and another malware, possibly Mirai. It took nearly two weeks to replace all customers’ modems. This was the same modem model that Mirai infected and took out a German ISP’s network, an outage that affected a population size larger than San Francisco. Hajime is another Mirai-like worm that has been spreading during the past several months with similar goals as BrickerBot: Thwarting malware such as Mirai in exploiting poorly secured IoT devices to do their bidding. Hajime accesses devices by scanning the internet and trying a set of default credentials, and then injecting a malicious program. However, Hajime tries to harden the security of these devices by blocking four ports that Mirai is known to attack (23, 7547, 5555, 5358) to deflect further subjugation for DDoS attacks or even Bitcoin mining. Unfortunately, once the Hajime-infected device reboots, it returns to its vulnerable state with these ports open. Thus, Hajime is merely a temporary band-aid. The only real cure is to deploy a software update with new credentials. Leading computer-security expert Gene Spafford said “The only true secure system is one that is powered off, cast in a block of concrete, and sealed in a lead-lined room with armed guards—and even then I have my doubts.” While this may be true, basic security hardening would have helped protect against many of the attacks from malware targeting Linux devices. We will cover some basic system-hardening concepts in the context of these attacks, including closing unused open network ports , intrusion detection systems , enforcing password complexity and policies , removing unnecessary services , and frequent software updates to fix bugs and patch security vulnerabilities. Basic Security Would Deflect Malicious Mirai Malware The Mirai malware caused major outages across the internet by attacking DNS provider Dyn’s servers. The malware infected vulnerable devices by using open Telnet ports to target ARM, MIPS, PPC, and x86 devices that run on Linux. It scanned the internet for the IP address of IoT devices and identified vulnerable ones by using a table of more than 60 common factory credentials. As the malware is stored in memory, the device remains infected until it’s rebooted. Even if the device is rebooted, it can be re-infected in minutes unless the login credentials are changed immediately. Once the device is infected by Mirai, it tries to remove any competing malware and sits idle long enough as a way to avoid detection from security tools. After an extended period, it contacts its Command and Control server for further instruction. Enforcing complex password policies instead of keeping published factory-default credentials would have helped prevent Mirai from enslaving these devices. The challenge of securing consumer-facing IoT is that manufacturers are relying on consumers to change the password from a factory-default login, which typically requires the process of logging into the admin panel and manually changing the password. Will Dormann, senior vulnerability analyst at the CERT Coordination Center, says “Instead of hard-coding credentials or setting default usernames and passwords that many users will never change, hardware makers should require users to pick a strong password when setting up the device.” The ability to deploy software updates is another mandatory capability to fix bugs and patch known security vulnerabilities. In the software-development book Code Complete , author Steve McConnell states that there are 1-25 bugs and vulnerabilities per 1,000 lines of code, where the variable is determined by the practices of the team. Consumer electronics, such as many of the devices listed on Krebs (see figure) , are at the high end of the scale due to the higher focus on features and time-to-market with little security oversight. Many of these devices are already running on thin margins, so having an over-the-air (OTA) update capability with minimal development effort by the manufacturer is an important consideration. These are the known infected devices by Mirai published on Krebs on Security. “When it comes to software updates, automatic updates are good,” says Dormann. “Simple updates that notify the user and require intervention are okay. Updates that require the user to dig around to find and install manually are next to worthless. Devices that don’t have updates at all are completely worthless.” The software update process itself is complex with many security considerations to take into account to protect against things like man-in-the-middle (MitM) attacks. There is also the danger of a device bricking because it loses power mid-update or has intermittent network connectivity. For this reason, updates need to be atomic, meaning the update fully completes or not at all (no partial updates)—even in cases of power loss at any time during the update process. Manufacturers have open-source options available to deploy software updates to devices. SWUpdate is a well-known and flexible open-source Linux update agent, while Mender.io (disclaimer: the open-source project I am involved with) provides an end-to-end solution (both agent and management server) to deploy OTA updates fleet-wide. Software updates for IoT has become a hot topic, even getting the attention of the U.S. government and Congress. And Bill Woods from the Atlantic Council international think tank noted that two billion IoT devices currently out there have a 12-year-old secure-shell (SSH) flaw that enables them to be turned into a botnet. Vigilante Hacking In the early 2000s, the Blaster worm was spreading on computers running operating systems such as Windows XP and Windows 2000. DDoS attacks were launched in 2003, causing damages totaling hundreds of millions of dollars. The Welchia worm was a response to Blaster, which exploited a vulnerability in Microsoft’s remote procedure call (RPC) service much like Blaster. However, after infecting a system, it would instead delete Blaster if it existed there, and then tried to download and install security patches from Microsoft that would prevent further infection. Similar to Welchia, Hajime is going head-to-head with Mirai and its malicious variants to minimize the damage they can do. Hajime appears to be a much more advanced botnet, taking steps to camouflage its processes and files, making detection of it much more difficult. And it’s much more refined in cycling through credentials as it parses through information to identify the device manufacturer and uses their combinations by default. For example, when it attacked the MikroTik router, Hajime attempted to log in initially with the factory-default according to MikroTik documentation, and reduced the number of invalid passwords as it tried to reduce the chances of being blacklisted. Hajime closes known network ports that Mirai exploits to secure those devices—a strategy that device manufacturers should use: Closing unnecessary ports reduce their attack surface. Intrusion detection systems (IDS) are also helpful in monitoring unusual network activity. There are two types of network IDS: Signature detection and Anomaly detection. Many open-source solutions are available; Snort and Suricata are popular options. BrickerBot is the first malware of its kind whose goal is to cause a PDoS by bricking devices not fully secure, with the seeming goal of removing them as potential victims of malware that will enslave them for DDoS attacks. There have been multiple versions of BrickerBot, and the suspected author of it claims to have bricked over 2 million devices. BrickerBot 1 targets devices running Linux with BusyBox and an exposed Telnet service. They usually have an older version of Dropbear SSH, and most were identified as Ubiquiti network devices running outdated firmware. BrickerBot 2 targets Linux-based devices more widely using a similar tactic of leveraging an exposed Telnet service with a default or hard-coded password. The most secure software is one that is not installed. All services and applications running on your device should have a fundamental reason to be there. Adding unnecessary features increases the attack surface of your device and will, by definition, make it less secure. Applying Basic Security Principles Will Help Some fundamental system hardening can be the deciding factor on whether a device will be an actor in a DDoS attack or bricked. The results of vigilante hacking, like that of Hajime and BrickerBot, to combat the Mirai-driven DDoS attacks has generated much debate. There are arguments on both sides, with many insisting the amount of warnings on the lack of IoT security has fallen on deaf ears to manufacturers and consumers. And they argue that malware such as BrickerBot is a drastic but necessary measure to hit them where it hurts, and in the process, disable insecure devices from being a part of another DDoS attack. There have been discussions online about a scenario where a consumer would be under warranty from the manufacturer if their devices do get bricked. The cost to the manufacturer to replace it would be too high to ignore security, forcing them to take security much more seriously. A common counter-argument of vigilante hacking is “Why should the consumers be punished? Where is the line someone can cross to anonymously take the law into their own hands?” There is neither accountability nor certainty that the authors of BrickerBot or Hajime are completely well-meaning, or if there’s something nefarious the public has yet to discover. They also use the same techniques that black hats use, potentially leading to a proliferation of more malicious hackers. Another potential scenario is a vigilante malware can brick a device that may potentially kill someone despite it being far from the original intent. Something as simple as an IoT refrigerator can be hacked and bricked without the owner’s knowledge. Subsequently, a person could proceed to unknowingly eat spoiled food that may cause illness and even death. And we know there are much more health-sensitive devices than a refrigerator being connected, such as connected cars, insulin pumps, heart implant devices, and much more. In fact, the FDA recently became involved with Abbott Labs and its new acquisition, St. Jude Medical. St. Jude Medical devices had vulnerable software that allowed unauthorized external control, which could run down the battery or deliver a series of shocks at the wrong time (these devices included defibrillators and pacemakers). The latest correspondence indicates the FDA isn’t satisfied with parent company Abbott Labs’ response to the issue, despite St. Jude’s claims they had developed a software patch that could be applied to remove the vulnerability. While we briefly covered some basic security-hardening concepts, it’s not comprehensive. But these should be a start to conform to industry best practice for securing IoT systems. These steps would have helped to protect or at least mitigate the effects of the malware discussed. Although there’s no silver bullet and security can never be “perfect,” it’s clear that implementing existing solutions to cover basic security around credentials, open ports, and enabling automated software updates will have a massive impact. Source: http://www.electronicdesign.com/industrial-automation/iot-botnet-wars-how-harden-linux-devices-dos-attacks

Continue Reading:
The IoT Botnet Wars: How to Harden Linux Devices from DoS Attacks

Former FCC security employee destroys agency’s claims of DDoS Attacks Following John Oliver Net Neutrality Segments

Bombshell story from Gizmodo underscores need for FCC to address serious issues with its public comment process before making any decision on net neutrality. 15,000+ people call on lawmakers to demand that FCC comply with transparency laws In a bombshell story from Gizmodo today, a former FCC security employee lays waste to the agency’s claims that a pair of DDoS attacks took down the FCC comment website at the exact moments when large amounts of pro net neutrality comments would have been flooding into the docket following viral segments from comedian John Oliver in 2014 and 2017. The agency’s inability to maintain a functional way for the public to comment on its net neutrality proceedings has become an issue of concern for members of Congress overseeing the agency, and raises questions about how it can or should move forward with its rulemaking process. The security expert who spoke to Gizmodo reveals that the FCC security team concluded that there had not been a malicious attack after the John Oliver segment in 2014. But until-recent FCC CIO David Bray told reporters that anyway, despite the fact there was no evidence of it, and he did not even have access to the types of logs and information that could have led him to that conclusion. The source also leaked a photo of the FCC’s server room to Gizmodo, revealing a mess of wires that would make any competent IT professional cringe. When pressed, Bray admitted to being the source of news reports about the made up “hacking” attack, but he never reported the incident to the Department of Homeland Security, who require that government agencies notify them of such attacks. With the backing of the FCC press office, Bray fed reporters that exact same story when the agency’s comment system collapsed again this year, preventing large numbers of people from making their voices heard in the agency’s proceeding. Evan Greer, campaign director of Fight for the Future, said: “These latest revelations are outrageous. A senior FCC official intentionally misled the public and invented cyber attacks to cover up the fact that the agency is failing at their responsibility to maintain a functioning system to receive feedback about an issue that affects every single person using the Internet. The FCC must address these serious issues with their comment process before moving forward, or it will be clear that this is a rogue agency that answers only to large telecom companies, and not to the American people.” The news comes after more than 15,000 people have signed a petition calling on their lawmakers to instruct the FCC to comply with transparency laws as the agency moves ahead with its unpopular plan to gut net neutrality protections that prevent ISPs from charging extra fees, throttling, or blocking content online. The agency is currently facing multiple lawsuits for refusing to release information related to the now-debunked DDoS claims, Chairman Ajit Pai’s discussions with telecom companies,  large amounts of fake comments using real people’s names and addresses without their permission. “Members of Congress need to understand that this is not an issue they can ignore or hide from,” Greer added,  “Voters from across the political spectrum overwhelmingly support the current net neutrality rules, and want their Senators and Representatives to do their job and speak out to ensure that the FCC is listening to the will of the public, not just to lobbyists from giant telecom companies. Lawmakers from both sides of the aisle need to exercise their oversight and demand that the FCC act transparently during this proceeding.” Fight for the Future has been working to inform the public about the serious issues surrounding the FCC’s comment process. The group organized a letter from dozens of people whose names and addresses were used to submit anti net neutrality comments without their permission, as well as several petitions garnering tens of thousands of signatures calling on the agency to come clean about the alleged DDoS attack that prevented concerned citizens from submitting comments. Fight for the Future was also one of the leading organizations behind the historic Internet-Wide Day of Action for Net Neutrality on July 12, which drove a record breaking 2 million+ comments to the FCC and Congress in a single day. Learn more at fightforthefuture.org Source: https://www.commondreams.org/newswire/2017/08/07/breaking-former-fcc-security-employee-destroys-agencys-claims-ddos-attacks

Read More:
Former FCC security employee destroys agency’s claims of DDoS Attacks Following John Oliver Net Neutrality Segments

Second Quarter Reported DDoS Attacks Lasting Days, Not Minutes

What would you do if your company was hit with a DDoS attack that lasted 11 days? Perhaps a large organization could withstand that kind of outage, but it could be devastating to the SMB, especially if it relies on web traffic for business transactions. That 11-day – 277 hours to be more exact – attack did happen in the second quarter of 2017. Kaspersky Lab said it was longest attack of the year, and 131 percent longer than the longest attack in the first quarter. And unfortunately, the company’s latest DDoS intelligence report said we should expect to see these long attacks more frequently, as they are coming back into fashion. This is not the news businesses want to hear. Enduring DDoS attacks isn’t new. Igal Zeifman, senior manager at Imperva for the Incapsula product line, told me in an email comment that in 2016, the company tracked a network layer attack that lasted more than 29 days and an application layer assault that persisted for 69 days straight. However, Zeifman argued against the Kaspersky finding, saying that it doesn’t mesh with what his company has seen, despite those extended attacks from last year: For the past four quarters we continued to see a persistent decline in the average attack duration, driven by an increased number of short attack burst of 30 minutes or less. These bursts accounted for over 58 percent of all network layer attacks and more than 90 percent of all assault layer attacks in the first quarter of the year. Interesting to see such disparate results in the length of DDoS attacks . Whether days long or short bursts, one thing is certain – those initiating the attacks have very definite reasons for doing so. As the Kaspersky Lab report stated, financial extortion was a top reason for the attacks in the second quarter: This approach was dubbed “ransom DDoS”, or “RDoS”. Cybercriminals send a message to a victim company demanding a ransom of 5 to 200 bitcoins. In case of nonpayment, they promise to organize a DDoS attack on an essential web resource of the victim. Such messages are often accompanied by short-term attacks which serve as demonstration of the attacker’s power. The victim is chosen carefully. Usually, the victim is a company which would suffer substantial losses if their resources are unavailable. Political hacktivists are hard at work, too, going after news organizations, elections and, in the U.S., the FCC, likely in retaliation for wanting to abolish net neutrality. The FCC has acknowledged the attack, but reports are the agency is making its cybersecurity efforts secret . I’ll be following up more on that story later this week. Source: http://www.itbusinessedge.com/blogs/data-security/second-quarter-reported-ddos-attacks-lasting-days-not-minutes.html

Original post:
Second Quarter Reported DDoS Attacks Lasting Days, Not Minutes