Author Archives: Enurrendy

UK webhost 123-Reg in DDOS attack

Businesses using 123-Reg’s web hosting service were knocked offline on Wednesday evening following a reported distributed denial of service (DDoS) attack. 123-Reg is the UK’s largest domain provider hosting over 1.4 million websites. The company said it was hit by a DDoS style attack that caused disruption to some customers on its shared hosting packages. DDoS attacks typically use a botnet of computers in a co-ordinated attack, driving web traffic to a particular website. The attack appeared to cause patchy service for websites hosted by the company for several hours with many customers taking to Twitter to vent their frustration. UK games and mobile apps start-up Greedy Goblin Games (@GreedyGoblins) tweeted 123-Reg: “It appears your shared hosting servers are down. Can access FTP but not websites”. While IT consultant @thepaulturvey tweeted: “Is there a problem with 123-Reg shared hosting? Multiple sites not responding”. 123-Reg support staff told one UK website owner: “There has been a DDOS type of attack targeting a website from our shared hosting platform which unfortunately affected some of our customers. Our system administrators have contained the attack and the connectivity issues should shortly be resolved”. Update: I’ve received the following statement from 123-Reg confirming the attack. 123-Reg did experience a DDoS attack targeted against one particular customer domain. It was a sustained attack which we monitored closely over the course of several hours. The attack itself was from 823 different IP addresses globally. This resulted in denigrated service to our hosting platform, meaning some customer sites were running slower, but no sites were taken offline as a result of this attack. Customer impact measured in terms of support queries was minimal — and likewise our social platforms saw a handful of comments — which are being addressed on a one to one basis via our support teams. Source: http://betanews.com/2014/04/23/uk-webhost-123-reg-in-ddos-attack/

Read this article:
UK webhost 123-Reg in DDOS attack

DrDoS attacks to reach 800 Gbps in 2015

While the network time protocol (NTP) DrDoS threats that became prevalent in early 2014 have been contained, new distributed reflected denial of service threats will lead to attacks in excess of 800 G…

Read More:
DrDoS attacks to reach 800 Gbps in 2015

DOSarrest Releases Latest Generation DDoS Mitigation System Software

VANCOUVER, BRITISH COLUMBIA–(Marketwired – Apr 23, 2014) – DOSarrest has just released its latest generation of proprietary backend software that incorporates an all-new customer-facing portal. This new release will enable DOSarrest to implement changes to customer configurations in seconds, enabling them to apply custom made DDoS mitigation modules extremely quickly. It is also equipped with an Intrusion Detection System (IDS), allowing the security team to pinpoint sophisticated layer 7 attacks as well as provide cloud based Web Application Firewall (WAF) services for its customers. Mark Teolis, GM at DOSarrest said: “This upgrade is by far our largest project to date, it has taken us over 2 years of development and testing to get here. This latest generation of software is extremely powerful, and can stop the next generation of sophisticated layer 7 attacks.” DOSarrest is now able to offer additional services, including: Cloud Based Web Application Firewall (WAF) Cloud based layer 7 load balancing, Local, Global with health checks Enhanced reporting on traffic types, status codes, cache performance, etc Create virtual servers, to have us pick-up, cache and deliver content from multiple customer servers IDS engine to detect and help stop any malicious traffic “We recognised our customers’ requirements to have comprehensive security related services, rather than disparate point solutions; this new system has all the features that we need to accommodate them. The best part about this new generation of software is its flexibility at the core. What used to take days and weeks to develop and implement, can now be measured in minutes and hours,” added Jag Bains, CTO at DOSarrest. Bains went on to say: “The best part of this new release is that it enables us to quickly react and stop sophisticated attacks that have not even been created yet!” Source: http://www.reuters.com/article/2014/04/23/idUSnMKWNkbj9a+1e0+MKW20140423

See the original article here:
DOSarrest Releases Latest Generation DDoS Mitigation System Software

Blockchain.info Services Down Due to DDoS Attacks

A number of users have taken to social media to report issues with their Blockchain.info wallets on Monday. The reason, according to Blockchain, relates to what has been described as “higher than usual traffic volumes due to DDoS [distributed denial of service] attacks” on the company’s servers. Upon this writing, the website presents the following message: Blockchain.info is currently down for maintenance. For status updates please see Twitter. Apologies for any inconvenience. The company took the opportunity to remind users that their wallets were safe, but made the suggestion that all users make backups upon full service restoration. Distributed denial of service attacks target one or more machines by bombarding them with information requests, slowing down services for legitimate users. DDoS attacks are almost commonplace against larger websites, often becoming a frequent occurrence. Blockchain.info serves as the internet’s most popular bitcoin-related website. Growing tremendously fast, the service recently announced the creation of their 1.5 millionth wallet. Last week, it was announced that the company, led by Nic Cary, had signed a five-year deal to hold rights to the bitcoin.com domain name. Source: http://newsbtc.com/2014/04/21/blockchain-info-services-due-ddos-attacks/

Continue Reading:
Blockchain.info Services Down Due to DDoS Attacks

Easy-to-Use NTP Amplification Emerges as Common DDoS Attack Vector

Reflection attacks using the Network Time Protocol surge in the first quarter, as attackers shift to bandwidth-clogging floods of data. In the past year, attackers have changed focus from attacking applications to overwhelming network bandwidth using brute-force reflection attacks, according to a report published April 17 by content-delivery provider Akamai. The two most popular types of reflection attacks, which bounce network traffic off intermediate servers on the Internet, have shot up in popularity, accounting for 23 percent of all infrastructure attacks in the 2014 first quarter, Akamai stated in its Prolexic Quarterly Global DDoS Attack Report. The attacks were largely unheard of in 2013, the report stated. Much of the increase is due to easy-to-use tools, including techniques for using a vulnerability in the Network Time Protocol, or NTP, not only to reflect attacks but amplify them, Matt Mosher, director security strategy for Akamai, told eWEEK. “Reflection and amplification are easier for the attackers to do,” he said. “They don’t have to build a bot army or infect a bunch of machines.” The number of distributed denial-of-service (DDoS) attacks and the average bandwidth of an attack have both climbed, increasing by 47 percent and 39 percent, respectively, according to Akamai’s report. The jump occurred even as DDoS attacks that attempt to tie up applications with bogus requests declined 21 percent. Application layer attacks have declined since the third quarter of 2013, the report stated. “There have always been two dimensions to DDoS: the large volumetric attacks including amplification, and then there’s another set of DDoS that tries to create complexity and targets applications,” Mosher said. Attackers also focused on media and entertainment companies, which were the targets of nearly 50 percent of attacks. Software and technology companies were the second most popular target, at 17 percent, while security firms faced 12 percent of all DDoS attacks, according to Akamai. The largest attack seen by Akamai targeted a European entertainment firm, and exceeded 200G bps at its peak, the firm said. The attack lasted more than 10 hours, and amplified the attack volume through vulnerable servers using a combination of NTP and the Domain Name System (DNS) reflection. The attack also employed a tactic known as a POST flood attack, according to Akamai. Reflection attacks do not just use basic Internet protocols, but can use Web application features to inundate a target. An interesting attack in the first quarter of 2014 involved using the pingback function of WordPress sites to send data at the targeted network. “The effectiveness of this attack lies in the leveraging of victim WordPress Websites that have pingback functionality enabled,” the report stated. “This attack vector typically succeeds by exhausting the number of connections to the target site, rather than by overwhelming the target with bandwidth floods.” Computers in the United States, China, Thailand, Turkey and Germany accounted for almost three-quarters of all attacks, according to the report. Indonesia and South Korea were also in the top 10. “There was a noticeable presence of Asian countries in the top 10 source countries,” Akamai’s report noted. “Growing economies and an expanding IT infrastructure, plus large online populations, fuel DDoS attack campaigns.” Source: http://www.eweek.com/security/easy-to-use-ntp-amplification-emerges-as-common-ddos-attack-vector.html/

More:
Easy-to-Use NTP Amplification Emerges as Common DDoS Attack Vector

Lookout, DDoS Attackers Are Changing Their Techniques

In the past couple of years we’ve seen a drastic increase in the number of DDoS (distributed denial-of-service) attacks taking place, many of which are being carried out as a means of protest by various groups. The attacks are attempts to make a machine or network resource such as a website totally unavailable to anyone trying to reach it. The reasons for the attacks vary, as do the means used to carry them out. A typical attack generally consists of efforts by two or more persons, and in many cases, botnets, to temporarily or indefinitely interrupt or suspend services of a specific host connected to the Internet. Such attacks usually lead to a server overload and are implemented by either forcing the targeted computer(s) to reset, or consuming enough of its resources so that it can no longer provide its intended service, or by obstructing the communication media between the intended users and the targeted victim so that they can no longer communicate. Based on a new report, now it appears that the attackers are changing their techniques in order to launch much larger scale attacks on websites. In a Global DDoS Attack Report from the 1st quarter of 2014 released Thursday, Prolexic Technology describes seeing a new trend toward “reflection and amplification techniques” which are being used more frequently in lieu of the botnet methods. The report states, “Instead of using a network of zombie computers, the newer DDoS toolkits abuse Internet protocols that are available on open or vulnerable servers and devices. We believe this approach can lead to the Internet becoming a ready-to-use botnet for malicious actors.” Prolexic mentions that these new attack tools can deliver a much more powerful punch. In this Q1 2014 report they saw a 39 percent increase in average bandwidth and also saw the largest-ever DDoS attack, one that involved multiple reflection techniques combined with a traditional botnet-based application attack. That attack generated peak traffic of more than 200 Gbps (gigabits per second) and 53.5 Mpps (million packets per second). The report also states, “Compared to the same quarter one year ago, peak attack bandwidth increased 133% compared to Q1 last year.” The full report showed that the media and entertainment industry were the targets in more than half of the attacks in the first quarter. Prolexic Technology is owned by Akamai. Unfortunately, the new techniques are becoming all too popular with some websites now providing easy access to the services for use in launching these types of attacks. Source: http://www.slyck.com/story2396_Lookout_DDoS_Attackers_Are_Changing_Their_Techniques

Link:
Lookout, DDoS Attackers Are Changing Their Techniques

Attackers use reflection techniques for larger DDoS attacks

Akamai announced a new global DDoS attack report, which shows that in Q1, DDoS attackers relied less upon traditional botnet infection in favor of reflection and amplification techniques. “Instea…

Read More:
Attackers use reflection techniques for larger DDoS attacks

Bahrain Telecom Teams Up With DOSarrest to Offer DDoS Protection Services

VANCOUVER, BRITISH COLUMBIA–(Marketwired – April 16, 2014) – Bahrain Telecom realized the threat of DDoS attacks on their customer base and set out to explore the various options available for their business customers’ enterprise websites. After evaluating the options available, BATELCO chose the fully managed DDoS Protection service offered by DOSarrest Internet Security. The service will be offered by BATELCO to its business customers as part of its cloud portfolio. Batelco Enterprise General Manager Adel Daylami said that DOSarrest came as an answer to the increased threats in cyber space, as cyber-attacks have become a major security concern for organizations of all sizes. “The DDoS Mitigation solution is designed to protect customers’ networks against any malicious attempts by containing the harm of such attacks, thus ensuring the operational status of the organisation. The introduction of this service is in line with our repeated commitments to providing our valued customers with the most advanced products and services that meet their dynamic demands,” added Mr. Daylami. “We are honored to be providing DDoS protection services for Batelco’s business customers. We have been providing DDoS protection for a number of Bahrain-based enterprises, for over 4 years now, this announcement just cements the business association,” states Mark Teolis, General Manager of DOSarrest. About Batelco: Batelco Group is headquartered in the Kingdom of Bahrain and listed on the Bahrain Bourse. Batelco has played a pivotal role in the country’s development as a major communications hub and today is the leading integrated communications’ provider, continuing to lead and shape the local consumer market and the enterprise ICT market. Batelco has been growing overseas via investing in other market-leading fixed and wireless operators. Batelco Group has evolved from being a regional Middle Eastern operation to become a major communications company with direct and indirect investments across 14 geographies, namely Bahrain, Jordan, Kuwait, Saudi Arabia, Yemen, Egypt, Guernsey, Jersey, Isle of Man, Maldives, Diego Garcia, St. Helena, Ascension Islands and Falklands. (www.batelcogroup.com) About DOSarrest Internet Security: DOSarrest, founded in 2007 in Vancouver, BC, Canada, is one of only a couple of companies worldwide to specialize in only cloud based DDoS protection services. Their global client base includes mission critical ecommerce websites in a wide range of business segments including financial, health, media, education and government. Their innovative systems, software and exceptional service have been leading edge for over 7 years now. Source: http://www.marketwired.com/press-release/bahrain-telecom-teams-up-with-dosarrest-to-offer-ddos-protection-services-1900083.htm

See the original article here:
Bahrain Telecom Teams Up With DOSarrest to Offer DDoS Protection Services

There is no place like home gateway for DDoS attackers

Home gateway routers are being targeted by cybercriminals launching denial-of-service attacks They are standard pieces of kit, without which no home or small office can connect to the internet. And millions of them harbour a security vulnerability that threatens to do untold damage to the workings of the web. Welcome to the humble home gateway – the little routers sitting on our desks are being inducted into battle by criminals launching denial-of-service (DoS) attacks to bring down websites and hold organisations to ransom. A subtle flaw in some home gateways (they act as ‘open DNS proxies’) allows attackers to use them for ‘amplification’ where very small DNS queries (50 bytes) generate very DNS large answers (4 , 000 bytes). Attackers employ another simple trick – IP address spoofing – to disguise their own identity and cover their tracks while directing waves of traffic to any target they choose, anywhere on the internet. An amplification attack can create and send a target trillions of bytes of unwanted data over a few hours. The attack on Spamhaus in 2013 generated traffic measured at an enormous 300Gb/s. Many web resources aren’t equipped to deal with such large volumes of traffic and either become unavailable, or slow down to the point where visitors notice.  There is also considerable collateral damage to the infrastructure over which these attacks are launched. These attacks are effective because the amplification effect makes the results wildly disproportionate to the effort needed to launch them. Moreover, home gateways acting as DNS proxies make queries appear legitimate to DNS resolvers and mask the ultimate targets of attacks. As such, they are becoming the weapon of choice for those who aim to damage or hold to ransom any target they wish with impunity. Nor is there any shortage of opportunity for these criminals.  Research has found there are 24 million home gateways (home routers) that can be used for amplification attacks. These exploitable routers exist across the globe and it is not a problem limited to developing nations. For online criminals, there really is no place like ‘home’ from which to launch an attack. One of the systems most impacted by DNS amplification attacks are ISP resolvers.  The fact they’re typically provisioned with ample network bandwidth and deployed on high-performance hardware to ensure they are always responsive and highly available make them ideal for attackers, as they can piggyback on someone else’s high performance infrastructure. ISPs get drawn directly into the mire when open DNS proxies on home routers forward queries received on their WAN interface to whatever DNS resolver they are configured to use.  In most cases this is an ISP ’ s resolver (consumers may also configure alternative DNS services from Google and others), and even those who go to great lengths to protect their infrastructure can become collateral damage in the path on an attack. Bandwidth taken up by DDoS traffic causes networks to suffer from congestion and lowered performance. If quality of service falls noticeably, customers will vote with their feet and walk away to another service provider. And the ultimate recipients of the traffic, the targets themselves, often legitimately enquire about what ISP have done to limit the effects of attacks. Since this vulnerability provides enormously rich pickings for criminals at little cost, fixing it should be a priority for ISPs. As with any type of online threat, denial-of-service attacks are protean in nature; they evolve and adapt to circumvent attempts to prevent them. Unfortunately, existing perimeter defences are useless against this new generation of attacks because they’re designed to deter DDoS traffic coming into a provider network instead of traffic going out. What’s called for is the applications of DNS-based security intelligence techniques; by incorporating DNS-level security tools, organisations and ISPs can effectively counter amplification attacks. Deterrence starts with monitoring DNS query data as it is generated so suspicious activity on the network can be identified quickly. Something else that’s needed is dynamic threat lists that track special purpose-built DNS domains designed and deployed specifically for these kinds of attacks. To eliminate false positives, it’s also crucial these lists are carefully vetted. Servers should be configured with highly targeted filters to manage malicious traffic, while ensuring legitimate traffic is not affected. Additional rate limits based on response size can catch malicious traffic not caught by other filters. And, following best practice, DNS data logging is also useful for forensics and reporting. DNS-based security can be used by network operators in a layered security approach. The insidiousness of malware threats requires a defence-in-depth strategy based on various layers of firewalls, packet filters, anti-virus software, intrusion detection and prevention, and many more. Owing to its strategic place in the network, DNS-based security must be added to this portfolio of protection: observing, as it does, every Internet communication, it serves as a lightweight but powerful tool in the armoury. For far too long, people have unknowingly been hosting a serious security weakness in their houses and in their offices. With DNS-level security we can finally plug this breach, and turn the home once more into a castle. Source: http://www.information-age.com/technology/security/123457905/there-no-place-home-gateway-ddos-attackers

Read More:
There is no place like home gateway for DDoS attackers