Category Archives: DDoS Criminals

Distributed Denial of Service (DDoS) attacks recovery costs an average of $3,000 per day for businesses

Organizations citing cybersecurity costs as an impediment to implementing a layered defense should rethink their priorities: Denial of service (DDoS) and malware infection recovery costs range into the thousands of dollars – per day. According to a report from Solutionary, organizations are spending a staggering amount of money in the aftermath of an attack: as much as $6,500 per hour to recover from DDoS attacks and more than $3,000 per day for up to 30 days to mitigate and recover from malware attacks. All of those third-party consultants, PR crews, incident response teams, mitigation software and other immediate investments add up, apparently. But other damages need to be considered as well: the report numbers don’t include revenue that may have been lost due to related systems downtime, or lost productivity. Nor do they include the intellectual property-related costs. “Cyber criminals are targeting organizations with advanced threats and attacks designed to siphon off valuable corporate IP and regulated information, deny online services to millions of users and damage brand reputation,” said Don Gray, chief security strategist with Solutionary. Unfortunately, the likelihood of suffering such an attack is, of course, going up. They’re also becoming focused on certain arenas. For instance, in addition to traditional network-layer attacks, a full 75% of DDoS attacks target Secure Socket Layer (SSL) protected components of web applications, the report found. The downside is that detecting and blocking attacks in encrypted protocols primarily used for legitimate traffic can be more complex than responding to historical TCP/UDP-based DDoS attacks. Malware attacks, meanwhile, are becoming vertical-specific. The report found that 80% of attempts to infect organizations with malware are directed at financial (45%) and retail (35%) organizations. These forays frequently arrive as targeted spam email, which attempts to coerce the recipient to execute an attachment or click on an infected link. Unfortunately, a full 54% of malware typically evades anti-virus detection. Only 46% of samples tested via VirusTotal by Solutionary were detected by anti-virus – indicating a clear need for companies to invest in multiple malware detection mechanisms. The report also found that Java is the most targeted software in exploit kits, replacing Adobe PDF exploits. Almost 40% of total exploits in exploit kits now target Java. When it comes to where attacks are originating, domestic IP addresses are the largest source of attacks against US organizations. “While there has been considerable discussion about foreign-based attacks against US organizations, 83% of all attacks against them originate from US IP address space, and the absolute quantity of these attacks vastly outnumbers attacks seen from any other country,” the company said. “One contributing factor is foreign attackers using compromised machines near attack targets in the US to help evade security controls. This attack localization strategy has also been observed in attacks on targets in other countries.” Attackers from other countries focus on different industry targets – 90% of all attack activity from China-based IP addresses is directed against the business services, technology and financial sectors. And a full 85% of all attack activity from Japan-based IP addresses identified by Solutionary was focused against the manufacturing industry. However, attacks targeting the financial sector appear to originate fairly evenly from attackers in many countries across the world. Attack techniques also vary significantly by country of origin. Among the top four non-US source countries, the majority of attack traffic from China is indicative of communication with already-compromised targeted devices, while Japanese and Canadian attackers appear to focus more on application exploit attempts. Attacks originating from Germany involve more botnet Command and Control (C&C) activity. For DDoS protection click here . Source: http://www.infosecurity-magazine.com/view/31247/malware-attack-recovery-costs-an-average-of-3000-per-day/

Read more here:
Distributed Denial of Service (DDoS) attacks recovery costs an average of $3,000 per day for businesses

GitHub Hit With Another DDoS Attack, Second In Two Days, And “Major Service Outage”

Services on code-sharing site GitHub have been disrupted for over an hour in what started as a “major service outage” because of a “brief DDoS attack.” This is the second DDoS attack in as many days and at least the third in the last several months: Yesterday, GitHub also reported a DDoS incident. And in October 2012, the service also went down due to malicious hackers. Today, the distributed denial of service incident has affected the site for at least an hour, starting at 10.43AM GMT with a major service outage. GitHub noted that the cause was a “another brief DDoS attack” and that service should be returning to normal. At 11.11AM, the site reported that some systems were still being affected. “Access to downloadable source code archives and uploaded files is temporarily down. We’re working to restore it asap,” it noted. There has been some debate over security at GitHub, with several people recently revealing the amount of sensitive information like passwords and private keys stored on publicly-accessible pages. On a code-sharing repository, this is not like blasting information as you might see in a display ad, but it’s the kind of information that can be found if you know how and where to look. And the DDoS attacks against GitHub go back some way. In Feburary 2012, for example, the site revealed a sustained attack that lasted for nearly a week. “This attack is global, and has been very intense at times. Yesterday morning, for example, github.com suddenly received requests from 10,000 times the number of clients it had handled the minute before,” Jesse Newland wrote on GitHub’s blog. That only resulted in an hour of total downtime. He also wrote that GitHub was putting in place measures to better protect against DDoS attacks in the future — although clearly not eliminate them completely. GitHub has had a lot of success in the last few years. With some 3 million developers using the site to post and share code; a recent $100 million round from Andreessen Horowitz; and other accolades, it exemplifies the wider trend of the rise of the enterprise startup — a status that likely also brings positive as negative attention. Update : Three hours later, everything is back up and working normally. We have reached out to ask whether GitHub has any more information about the incidents. Source: http://techcrunch.com/2013/03/10/github-hit-with-another-ddos-attack-second-in-two-days-and-major-service-outage/

Read the original:
GitHub Hit With Another DDoS Attack, Second In Two Days, And “Major Service Outage”

Czech finance sector hit by Distributed Denial of Service (DDoS) Attacks

The Czech financial sector was targeted in cyber attacks on Wednesday, with the national bank and stock exchange websites disrupted by dedicated denial of service (DDOS) attacks. The Czech financial sector was targeted in cyber attacks on Wednesday, with the national bank and stock exchange websites disrupted by dedicated denial of service (DDOS) attacks. The Czech National Bank’s official website was the victim of a “massive cyber attack” on the external server hosting its site, before being brought back online later that day. The attacks overloaded servers with thousands of requests, making them inaccessible to the central bank’s customers. However, the bank said in a statement that its internal IT systems were unaffected by the disruptions. “We apologise for any difficulties experienced by visitors to the CNB website due to the outage,” said CNB spokesman Marek Petru in a statement. Other major banks were also targeted, including CSOB, Ceska Sporitelna and Komercni Banka, as well as a number of smaller banks. It is not believed that customer data has been compromised. The Prague Stock Exchange also had its website taken down on Wednesday. according to Reuters, with a spokesman claiming that a “co-ordinated” attack by hackers was likely to be responsible. Earlier this week a number of Czech news outlets were targeted by the cyber attacks, with the website of the broadsheet newspaper DNES taken down. There have been a number of DDOS attacks against banks across the world in recent months. Earlier this week the Izz ad-Din al-Qassam Cyber Fighters group promised to continue a series of attack against US banks which began in October with DDOS attacks against JPMorgan Chase, Bank of America, CapitalOne and Citibank among others. The group indicated it would cease its campaign of attacks in January. In January two members of Anonymous were jailed in the UK for their part in DDOS attacks against a number of financial services companies including Visa and Mastercard. Last month Anonymous posted personal details of 4,000 bankers, after breaching defences of the US Federal Reserve. Source: http://computerworld.co.nz/news.nsf/security/czech-finance-sector-hit-by-cyber-attacks

See the original article here:
Czech finance sector hit by Distributed Denial of Service (DDoS) Attacks

Raspberry Pi Foundation gets hit by a Distributed Denial of Service (DDoS) Attack

Attacked by a million node botnet Raspberry Pi’s website went black after unknown hackers brought it down with a distributed denial of service attack (DDoS). The website has since been restored. “For those interested, this one’s quite hardcore: We’re seeing a SYN flood from a botnet that seems to have about a million nodes,” said Raspberry Pi on Twitter. “This is the second attack in a couple of days. We haven’t had the blackmail email yet. It’s getting plonked when it arrives.” During the attack, the company actively tweeted accounts of the attack, saying they were unable to trace it back to its creator. This, according to Raspberry Pi, is due to the attackers using a “SYN flood” to mask their identities. It believes the attacker is likely an “angry and confused kid” who won’t be able to hold up an expensive attack like this for very much longer. The company is also unable to get in touch with its host given that it is nighttime in the U.K., where Raspberry Pi is based. The general question on Twitter concerning the DDoS is “Why?” Raspberry Pi creates cheap micro PCs, which has caught the eye of many. Its foundation arm is also focused on bringing computer science education to children and is involved in other charities. When asked about why it might be a target, Raspberry Pi tweeted, “Well, we *are* horrid, what with our focus on education and charity and everything. Boo to irritating do-gooders.” Source: http://venturebeat.com/2013/03/05/raspberry-pi-ddos/

Visit link:
Raspberry Pi Foundation gets hit by a Distributed Denial of Service (DDoS) Attack

Distributed Denial of Service (DDoS) Protection Hardware for the Data Centre… Or Not!

Earlier this month, Juniper Networks purchased Webscreen Systems from Accumuli a UK-based IT security specialist. With this acquisition, Juniper is furthering a strategy to try to deal with distributed denial of service (DDoS) attacks from within a data centre by adding more hardware. While one can understand why a company that produces and sells hardware would see hardware as the best fix, there are several reasons why this is the wrong solution for most consumers, and could actually unnecessarily cost you time, money and brand integrity. Given the varied range in DDoS hardware protection options out there, it seems that many feel this is the strongest solution to protect their online presence from a DDoS attack. However, after more than 15 years in the industry, I can think of five good reasons why using DDoS hardware protection in a data centre hosting environment is a flawed strategy. REASON #1 Increased costs passed on to customers. With DDoS hardware protection, the expense of purchasing, updating and maintaining the hardware, plus the necessary staff to manage it in a data centre hosting environment, will be high. These costs will be passed on to you, the hosting customer. REASON #2 More points of failure. By adding another piece of hardware, you are adding yet another point of failure. In all things networking, keeping your number of points of potential failure low is a key to success. Studies show that firewalls, IDS and other similar hardware protection platforms have over a 42 percent chance of failing. [Arbor Worldwide Infrastructure Security Report 2011 ] Do you want to be on that platform when it fails? REASON #3 Someone else’s problem becomes your problem. In a data centre environment, multiple customers often share resources (whether they know it or not). Platforms like servers, switches, routers and firewalls are often provisioned with more than one client. If you are sharing DDoS hardware protection, you become vulnerable to the problems of other clients sharing that device. REASON #4 One size never really fits all. A solution for a data centre will try to be generic enough to fit all clients’ needs, which means it probably won’t be specific enough for your exact requirements, or robust enough to handle more sophisticated attacks. REASON #5 How focused are the people watching your gear? Even with the best DDoS hardware protection out there, you might as well try to protect your websites with a toaster if there isn’t a proficient team dedicated to administering and managing the hardware. In a hosting environment, the operations team has many responsibilities, of which managing DDoS hardware is a low priority one. Even if someone is paying attention and able to divert their focus to your servers for a short while during a DDoS attack, it won’t be for long, and repeated DDoS attacks would likely go unmitigated, or your IP would be null-routed to save resources and minimize collateral damage. With so many vendors offering DDoS hardware protection, it might be tempting to conclude that it’s a safer option that will serve your business well. However, cloud-based DDoS protection offers many benefits that are not possible with DDoS hardware solutions, with few of the risks. To learn more about DOSarrest cloud-based DDoS protection and mitigation services, click here . Jag Bains, CTO, DOSarrest Internet Security (Formerly Director of Network Engineering and Operations for Peer1 Hosting)

See the original post:
Distributed Denial of Service (DDoS) Protection Hardware for the Data Centre… Or Not!

Radware launches cloud-based DDoS attack mitigation system

At RSA Conference 2013 in San Francisco, Radware announced DefensePipe, an integrated and comprehensive solution to help mitigate volumetric DDoS attacks which threaten to saturate a customer's Intern…

View the original here:
Radware launches cloud-based DDoS attack mitigation system

Helping ISPs defend customers against bot infections

At RSA Conference 2013 Kindsight announced the Kindsight Botnet Security service to help Internet service providers detect botnet activity in the network and protect subscribers against bot infections…

Read More:
Helping ISPs defend customers against bot infections

Predictions for Distributed Denial of Service (DDoS) Attacks in 2013 will be application based

Twenty-five percent of distributed denial of service (DDoS) attacks that occur in 2013 will be application-based, according to Gartner, Inc. During such incidents, attackers send out targeted commands to applications to tax the central processing unit (CPU) and memory and make the application unavailable. “2012 witnessed a new level of sophistication in organized attacks against enterprises across the globe, and they will grow in sophistication and effectiveness in 2013,” said Avivah Litan, vice president and distinguished analyst at Gartner. “A new class of damaging DDoS attacks and devious criminal social-engineering ploys were launched against U.S. banks in the second half of 2012, and this will continue in 2013 as well-organized criminal activity takes advantage of weaknesses in people, processes and systems.” High-bandwidth DDoS attacks are becoming the new norm and will continue wreaking havoc on unprepared enterprises in 2013. A new class of damaging DDoS attacks was launched against U.S. banks in the second half of 2012, sometimes adding up to 70 Gbps of noisy network traffic blasting at the banks through their Internet pipes. Until this recent spate of attacks, most network-level DDoS attacks consumed only five Gbps of bandwidth, but more recent levels made it impossible for bank customers and others using the same pipes to get to their websites. Hackers use DDoS attacks to distract security staff so that they can steal sensitive information or money from accounts. People continue to be the weakest link in the security chain, as criminal social engineering ploys reach new levels of deviousness in 2013. In 2012, several different fraud scams that took social engineering tactics to new heights of deviousness have been reported, including criminals approaching people in person as law enforcement or bank officers to help them through account migration that then comprised their bank accounts. Source: http://timesofindia.indiatimes.com/tech/enterprise-it/security/25-of-DDoS-attacks-to-be-application-based-in-2013/articleshow/18613476.cms

Excerpt from:
Predictions for Distributed Denial of Service (DDoS) Attacks in 2013 will be application based

Malicious URLs eclipsing botnets as malware distribution leader

McAfee Labs revealed that sophisticated attacks originally targeting the financial services industry are now increasingly directed at other critical sectors of the economy, while an emerging set of ne…

Visit site:
Malicious URLs eclipsing botnets as malware distribution leader

25% of DDoS attacks in 2013 will be application-based

Twenty-five percent of distributed denial of service (DDoS) attacks that occur in 2013 will be application-based, according to Gartner. During such incidents, attackers send out targeted commands to a…

View article:
25% of DDoS attacks in 2013 will be application-based