IBM announced a new cloud solution that combines software analytics and cloud security services to fend off web-based DDoS attacks for organizations doing business on the web and in the cloud. The new…
View the original here:
IBM unveils new cloud solution
Project Shield guards activists, charities from web storms Google will shelter charities and activists from distributed denial-of-service attacks by wrapping their websites in its protection technologies.…
More:
If there’s somethin’ strange in your network ‘hood. Who y’gonna call? Google’s DDoS-busters
If there was ever a riddle asking the listener to name something that has become bigger and shorter at the same time, distributed denial-of-service attacks (DDoS) would be an acceptable answer. According to a new report from Arbor Networks about the third quarter of 2013, the average attack size now stands at 2.64 Gbps for the year, an increase of 78 percent from 2012. The number of attacks monitored by the firm that are more than 20 Gbps experienced massive growth, to the tune of a 350 percent increase so far this year. Meanwhile, the length of the vast majority of attacks (87 percent) has gone down to less than an hour. “Shorter duration attacks are not inherently harder to detect, but they can be harder to mitigate,” says Gary Sockrider, solutions architect for the Americas, Arbor Networks. “Many organizations today rely on network- or cloud-based mitigation of DDoS attacks. Because they rely on rerouting attack traffic to scrubbing centers, there is a small delay in mitigation while routing or domain name changes propagate. “Ideally you want to have mitigation capabilities on your own network that can react immediately without the need for redirection. I think it’s safe to say that if you have absolutely no mitigation capabilities, then shorter attacks are better. However, if your only protection has inherent delays, then shorter attacks potentially cannot be stopped.” Barrett Lyon, founder of DDoS mitigation firm Prolexic Technologies and now CTO of Defense.net, says that shorter DDoS attacks also have the added benefit of minimizing an attacker’s exposure. “The longer it runs, the more things are obviously clogged up and the more reactive network engineers become,” he observes. “When network engineers start researching a problem like that — congestion in their network or why is this computer slow — it exposes the botnet and makes it much vulnerable than it would be otherwise. So if it’s a short attack but big, [attackers] can kind of quickly see and size up their target. They can quickly determine … what’s the best bang for the buck when it comes to attacking.” A clear trend of increasing attack sizes has emerged during the past several years, Sockrider says. “I believe there [is] a combination of factors enabling this trend,” he says. “First, there is increased availability of simple-to-use tools for carrying out attacks with little skill or knowledge. Second, there is a growing proliferation of DDoS-for-hire services that are quite inexpensive. Third, increasingly powerful workstations and servers that get compromised also have significantly faster connections to the Internet from which to generate attacks.” The largest monitored and verified attack size during the quarter was 191 Gbps, according to the firm. Fifty-four percent of attacks this year are more than 1 Gbps, up from 33 percent in 2012. Some 37 percent so far this year are between 2 Gbps and 10 Gbps. Another general trend is of attacks moving to the application layer. In fact, while volumetric attacks are still common, they are now frequently combined with application-layer and state exhaustion attacks, Sockrider says. In some cases, DDoS attacks have served as diversions meant to draw attention from other activities, such as bank fraud. For example, a report published in April by Dell SecureWorks noted how DDoS attacks were launched after fraudulent wire and automatic clearing house (ACH) transfers. “Most people that follow DDoS trends are aware of the really high-profile attacks against government and financial institutions, but in reality the most common targets are actually business and e-commerce sites,” Sockrider says. “We’re also seeing increased attacks in the online gaming industry, where attacks are waged for competitive advantage. Additionally, some organizations are taking collateral damage because they reside in a data center, and they happen to share infrastructure with a high-profile target. The bottom line is that in the current environment, every organization is a potential target.” Source: http://www.darkreading.com/attacks-breaches/ddos-attacks-grow-shorter-but-pack-more/240162741
See more here:
DDoS Attacks Grow Shorter But Pack More Punch
Does the Internet of Things scare you? It probably should. This DerbyCon video discusses why embedded device security is laughably bad, handling vendor notification, and setting up a dev environment t…
See the original post:
The Internet of Things: Vulns, botnets and detection
Arbor Networks released data on global DDoS attack trends for the first three quarters of 2013. The data shows that DDoS continues to be a global threat, with alarming increases in attack size this ye…
Continued here:
DDoS attack size accelerating rapidly
What Is a DDoS Attack? Before we can understand just how groundbreaking this recent attack was, let’s first go over exactly what a denial of service attack is. It is one of the least complicated attacks that a hacker can pull off. Basically the goal is to shut down a webserver or connection to the internet. Hackers accomplish this by flooding the server with an extremely large amount of traffic. It would be like taking a wide open freeway and packing it full of the worst rush hour traffic you could imagine. Every connection to and from the freeway would grind to a halt. This would make visiting the website (or the road) next to impossible, or at the least extremely slow! In some cases, the server might overload and shut down completely. When this happens, it doesn’t mean that the website was necessarily hacked. It just means that the website was kicked off the internet for a period of time. This may not sound like that big of a deal, but if your company relies heavily on its online presence, this interruption of service could take a huge cut out of profits. DoS v. DDoS The next item to be clarified is the difference between a DoS (Denial of Service) attack and a DDoS or (Distributed Denial of Service) attack. This distinction is pretty simple: a DoS attack comes from one network or computer whereas a DDoS comes from multiple computers or networks. DDoS attacks are most always bigger than a DoS attack because the strength of the attack can be multiplied by a huge amount of computers. Source: http://www.scientificamerican.com/article.cfm?id=what-is-ddos-attack
Read More:
What Is a DDoS Attack?
Many security professionals have heard about Command & Control botnets, even more have been infected by them. Very few have had the opportunity to actually look inside the server control panel of a C&…
Continue reading here:
Video: DIY Command & Control for fun and no profit
Not everyone despaired over the Distributed Denial of Service (DDoS) attacks that hit some of the Web’s biggest e-commerce sites in February. Security consultants and developers of security tools seized the opportunity to spotlight their solutions. Simple DoS attacks are not new. During one, a hacker floods a system with packets of useless requests, making the system so busy it denies access to legitimate users. What’s new are the hacker tools that enable DDoS attacks, in which a hacker uses dozens or hundreds of machines to worsen the attack. The hacker uses client software on one PC to install ‘zombie’ or ‘back door’ programs on other servers, which then flood a target system with useless packets. Zombie programs, including TFN (Tribal Flood Network), Trin00, TFN2K (Tribal Flood Network 2K) and Stacheldraht (Barbed Wire), arrived last fall destined for Solaris, Linux and Windows NT servers. Until recently, most security packages designed to thwart such attacks were aimed at the Unix environment. Now, however, hundreds of programs are being designed for Windows NT, ranging from Internet Security Systems’ (ISS) award-winning SAFEsuite software to BindView Corp.’s free and downloadable Zombie Zapper. Some programs scan the addresses of outgoing messages, intercepting wayward messages before they swamp a potential victim. Others allow administrators to block fake messages from entering a system, or stop the echo functions that help create the constant data flood in a DoS attack. While the programs for NT are good news, the task of evaluating them can easily overwhelm an IS staff, according to Aberdeen Group, a consultancy in Boston. Adding pressure are unresolved issues of liability when one’s computers have been compromised because of lax security. To organize efforts and provide a modicum of legal defense, leading security practitioners suggest these guidelines: Perform a security audit or risk assessment of critical systems using system- and network-based vulnerability tools. Identify and empower an Incident Response Team. Establish an Emergency Response and Escalation Plan. Install Intrusion Detection and Response systems. Examine legal liability exposure. If systems are under attack: Alert your Incident Response Team. Contact your ISP; often, hosts can shut down your access line, stopping the attack. Notify CERT/CC. Notify law enforcement authorities at the FBI and the National Infrastructure Protection Center (NIPC). Monitor systems during the attack using network and host-based intrusion detection systems. Enable detailed firewall logging. Collect forensics to prosecute hackers later. Source: http://networksasia.net/article/preparing-ddos-attacks-960134400
Read the article:
Preparing for DDoS attacks
The U.S. has brought criminal charges against 13 persons, said to be members of the hacker group Anonymous, for their alleged participation in cyberattacks as part of a campaign called Operation Payback.The defendants and other members of Anonymous allegedly launched or attempted to launch cyberattacks against government entities, trade associations, individuals, law firms and financial institutions, according to a federal grand jury indictment released Thursday in the U.S. District Court for the Eastern District of Virginia, Alexandria division. Among the organizations targeted were the Recording Industry Association of America, the Motion Picture Association of America, the United States Copyright Office of the Library of Congress, Visa, MasterCard, and Bank of America. The method of attack was DDoS (distributed denial of service) which floods web sites with spurious Internet traffic so that they become unavailable, and the weapon of choice was the freely-available and downloadable network stress testing program known as the Low Orbit Ion Cannon or LOIC, according to the indictment. The 13 persons have been charged with one count of “conspiracy to intentionally cause damage to a protected computer” from about Sept. 16, 2010 to at least Jan. 2, 2011. All are from the U.S. and in their 20s with the exception of Geoffrey Kenneth Commander, a 65-year-old man from Hancock, New Hampshire, and Dennis Owen Collins, a man from Toledo, Ohio born in 1960. Members of Anonymous launched Operation Payback on about September 2010 to retaliate against the discontinuation of The Pirate Bay, a controversial file-sharing website in Sweden, according to the indictment. On December 4, 2010, Operation Payback planned DDoS attacks on the websites of entities that were either critical of whistle-blower website WikiLeaks or had refused to process payments for WikiLeaks, including Amazon and U.S. Senator Joseph Lieberman. The hacker group thereafter launched attacks on the website of PostFinance, a Swiss payments, e-finance, and electronic account management organization, the Swedish prosecutor’s office and a Swedish law firm. This was followed by an attack on the website of MasterCard, which cost the payment firm at least US$5,000 in losses during a one-year period, according to the indictment. Anonymous has attacked sites in the U.S. and abroad for a number of ideological reasons ranging from censorship of the Internet, the takedown of file-sharing site Megaupload, and Israel military action against Hamas. Source: http://www.pcworld.com/article/2052360/us-indicts-13-anonymous-members-for-ddos-attacks.html
Read the original:
US charges 13 Anonymous members for DDoS attacks
An analyst has confirmed that several, unnamed financial institutions have suffered losses in the “millions” owing to distributed denial-of-service (DDoS) attacks. According to Avivah Litan , VP and distinguished analyst at research firm Gartner , three U.S. banks were hit by short-lived DDoS attacks in recent months after fraudsters targeted a wire payment switch, a central wire system at banks, to transfer funds. » A phishing attack enabled hackers to modify the DNS records for several domains of media sites, including those run by The New York Times , Twitter and the Huffington Post U.K. Investigations revealed that the companies were not even the ones targeted by the attackers, who claimed to be the Syrian Electronic Army , a band of pro-Assad hacktivists responsible for a number of IT takedowns in recent months. In order to commandeer the major media sites, intruders compromised a reseller account that had access to the IT systems of Melbourne IT , an Australian registrar, and targeted an employee using an emailed spear phishing ruse. » The PCI Security Standards Council gave merchants a first look at changes to its credit card data and payment application security guidelines that could be introduced later this year. In mid-August, the council released the “3.0 Change Highlights” document, a preview to the updated PCI Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA DSS), which are set to be published Nov. 7. Expected changes in version 3.0 include a new requirement that merchants draw up a current diagram showing how cardholder data flows through organizations’ systems, and added guidance on protecting point-of-sale (POS) terminals from attacks, as well as educational explanations of why the 12 core security requirements have been included in the standard. » Saboteurs have introduced a rare breed of banking trojan capable of infecting Linux users. The malware, called Hand of Thief, is being sold on Russian underground forums and will soon offer a “full-blown” suite of malicious features, making it comparable to other major, commercially available financial malware, RSA researchers discovered. Hand of Thief’s price tag could reach $3,000 once criminals add a suite of web injections to its existing form grabber and backdoor infection vectors. » Around 14,000 former and present employees at the U.S. Department of Energy (DOE) had their personally identifiable information (PII) accessed by an unauthorized party who gained access to the agency’s network. The breach, which may have happened in late July, did not impact classified data, the DOE revealed. But, the incident could mean that sensitive data linkable to an individual was exposed. » In late August, the National Institute of Standards and Technology (NIST) released a preliminary draft framework in support of President Obama ‘s executive order, “Improving Critical Infrastructure Cybersecurity.” Earlier in August, NIST also released revisions to two of its security-related manuals, the first amendments since NIST released them in 2005, reflecting evolving malware threats and the trend of organizations using automated patch management. » Errata : Our apologies to Steve Lee , who we quoted in an insider threats story in August, for erroneously placing the office of his company, Steve Lee and Associates, in Texas, rather than Los Angeles. Source: http://www.scmagazine.com/news-briefs-the-latest-on-major-ddos-and-phishing-attacks-and-more/article/311635/
See more here:
The latest on major DDoS and phishing attacks, and more