The increasing number and size of DDoS attacks and their costly and devastating effects on brand perception have not passed unnoticed by North American businesses, most of which have heightened their …
Read More:
DDoS threat recognized by all members of the C-suite
Many will be familiar with the term bot, short for web-robot. Bots are essential for effective operation of the web: web-crawlers are a type of bot, automatically trawling sites looking for updates and making sure search engines know about new content. To this end, web site owners need to allow access to bots, but they can (and should) lay down rules. The standard here is to have a file associated with any web server called robots.txt that the owners of good bots should read and adhere too. However, not all bots are good; bad bots can just ignore the rules! Most will also have heard of botnets, arrays of compromised users devices and/or servers that have illicit background tasks running to send spam or generate high volumes of traffic that can bring web servers to their knees through DDoS (distributed denial of service) attacks. A Quocirca research report, Online Domain Maturity, published in 2014 and sponsored by Neustar (a provider of DDoS mitigation and web site protection/performance services), shows that the majority of organisations say they have either permanent or emergency DDoS protection in place, especially if they rely on websites to interact with consumers. However, Neustar’s own March 2015, EMEA DDoS Attacks and Protection Report, shows that in many cases organisations are still relying on intrusion prevention systems (IPS) or firewalls rather than custom DDoS protection. The report, which is based on interviews with 250 IT managers, shows that 7-10% of organisations believe they are being attacked at least once a week. Other research suggests the situation may actually be much worse than this, but IT managers are simply not aware of it. Corero (another DDoS protection vendor) shows in its Q4 2014 DDoS Trends and Analysis report, which uses actual data regarding observed attacks, that 73% last less than 5 minutes. Corero says these are specifically designed to be short lived and go unnoticed. This is a fine tuning of the so-called distraction attack. Arbor (yet another DDoS protection vendor) finds distraction to be the motivation for about 19-20% of attacks in its 2014 Worldwide Infrastructure Security Report. However, as with Neustar, this is based on what IT managers know, not what they do not know. The low level, sub-saturation, DDoS attacks, reported by Corero are designed to go unnoticed but disrupt IPS and firewalls for just long enough to perpetrate a more insidious targeted attack before anything has been noticed. Typically it takes an IT security team many minutes to observe and respond to a DDoS attack, especially if they are relying on an IPS. That might sound fast, but in network time it is eons; attackers can easily insert their actual attack during the short minutes of the distraction. So there is plenty of reason to put DDoS protection in place (other vendors include Akamai/Prolexic, Radware and DOSarrest ). However, that is not the end of the bot story. Cyber-criminals are increasingly using bots to perpetrate another whole series of attacks. This story starts with another, sometimes, legitimate and positive activity of bots – web scraping; the subject of a follow on blog – The rise and rise of bad bots – part 2 – beyond web scraping. Source: http://www.computerweekly.com/blogs/quocirca-insights/2015/04/the-rise-and-rise-of-bad-bots.html
Continued here:
The rise and rise of bad bots – little DDoS
Patches cooked for five versions of Cisco’s IOS Remote attackers can send some Cisco routers into a continuous denial of service funk by rebooting network processor chips with a crafted attack. The high-severity hole (CVE-2015-0695) affects the IOS XR software in Cisco ASR 9000 Series Aggregation Services routers running Typhoon-based cards, the second-generation of line cards. The Borg says exploitation could cause “a lockup and eventual reload of a network processor chip and a line card that is processing traffic, leading to a denial of service condition”. “The vulnerability is due to improper processing of packets that are routed via the bridge-group virtual interface when any of the following features are configured: Unicast Reverse Path Forwarding, policy-based routing, quality of service, or access control lists,” Cisco says in an advisory. “An attacker could exploit this vulnerability by sending IPv4 packets through an affected device that is configured to route them via the BVI interface.” Users should apply the patches for five versions as there are no workarounds for the flaw. Software newer than version 4.3.0 are unaffected. The Borg does not know of any in-the-wild attacks using the vulnerabilities and has offered some techniques for admins to identity exposure. Source: http://www.theregister.co.uk/2015/04/16/borg_routers_open_to_repeat_remote_dos_attack/ http://whitepapers.theregister.co.uk/paper/view/3715/cyber-risk-report-2015.pdf
Cisco has patched a vulnerability that affects Cisco ASR 9000 Series Aggregation Services Routers and can be exploited by a remote, unauthenticated attacker to effectively mount a denial of service at…
Read More:
Cisco splats router bug that can lead to persistent DoS
The website of the Media Holding Asia-Plus has been hit with distributed denial-of-service (DDoS) attack again. The Asia-Plus’s website was hit with the DDoS attack on April 14. Over the past ten days, it has already been the third attempt to make the website unavailable to its subscribers. The first DDoS attack o the Asia-Plus’s website was conducted on April 3 and it was conducted practically from all domestic Internet service providers. Restoration of a stable work of the web-resource took nearly three days. The reasons for these DDoS attacks are still unknown because it is not clear who is behind these DDoS attacks. However, it cannot be ruled out that a group of hackers has appeared who want to “test” steadiness of the site. In computing, a denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users. A DoS attack generally consists of efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. As clarification, distributed denial-of-service attacks are sent by two or more people, or bots, and denial-of-service attacks are sent by one person or system. As of 2014, the frequency of recognized DDoS attacks had reportedly reached an average rate of 28 per hour. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root name servers. Denial-of-service threats are also common in business, and are sometimes responsible for website attacks. This technique has now seen extensive use in certain games, used by server owners, or disgruntled competitors on games. Denial-of-service attacks are considered violations of the Internet Architecture Board’s Internet proper use policy, and also violate the acceptable use policies of virtually all Internet service providers. They also commonly constitute violations of the laws of individual nations. Source: news.tj/en/news/asia-plus-s-website-hit-ddos-attack-again
Rossel, a Belgian media group, experienced a distributed denial of service (DDoS) attack that stretched out for several hours Sunday. One of Belgium’s largest French-speaking newspapers, La Soir , along with others sites were affected and were temporarily shut down, according to report by Deutsche Welle . The attack occurred just days after pro-ISIS sympathizers launched a cyberattack against a French television network and Tunisian extremists took over a Belgian regional government website. Didier Hamann, director of Le Soir , tweeted that the perpetrator hadn’t yet been identified. Currently no evidence has been uncovered that links the attack to the one that crippled French TV station TV5 Monde. Hamann also noted that the station was regularly targeted by cyber threats, but “this time the firewall is not working as normal.” Source: http://www.scmagazine.com/ddos-attack-on-belgian-media-group-lasts-hours/article/408998/
See the original post:
Belgian media company experiences DDoS attack
Customer of Betfair and PokerStars have been left enraged after the software of both gambling giants suffered from major connectivity issues over the weekend. Betfair’s sportsbook, betting exchange and websites were unavailable for more of April 13 after the firm’s servers came under attack from a Distributed Denial-of-Service (DDoS) attack . Betfair’s customer service team, manning the @BetfairHelpDesk Twitter account, confirmed to customers that a DDoS attack was the cause of the problems and reassured worried punters that their details and funds were safe. The attack seems to be either over or under control as I was able to log into all Betfair products on April 14. A DDoS attack is designed to temporarily or indefinitely interrupt or suspend the services offered by the targeted website. One way of achieving this is to bombard the site’s servers with so much bogus information and requests that it is overloaded and cannot respond to legitimate traffic requests. This appears to be what happened to Betfair on April 13. You may recall that partypoker was targeted by numerous DDoS attacks in October 2014 that resulted in some of its Pokerfest events being cancelled. The attacks at partypoker resurfaced in early December 2014 and saw the site effectively taken offline for several hours while its technicians and its Internet Service Provider (ISP) in Gibraltar combated the problem. Around the same time, 888poker was suffering similar connectivity problems – its servers are also in Gibraltar – but the London Stock Exchange (LSE) listed company refused to comment on whether or not it had been targeted by the same DDoS attacks that plagued partypoker. Poker sites are often reluctant to announce they are suffering from a hacker’s attempt to cause a DDoS because of the possible widespread panic the mention of a hacker could and would cause. Usually, the so-called hacker isn’t interested in attempting to obtain information – major online poker and gambling sites have these details secure under state-of-the-art systems – they are attempting to disrupt the targeted site’s business. Although neither confirmed or denied by its management team, rumours of PokerStars being under a DDoS attack have been doing the rounds on various forums, including Two Plus Two. Players have been reporting major lag (low response when clicking buttons etc) and connectivity problems when attempting to play at PokerStars since April 9. The problems seem to be global, although resident of Belgium seem to be more severely affected judging by tweets from various Belgians including Friend of PokerStars Pierre Neuville and PokerStars’ Belgian Twitter account on April 12, although a more recent update claims all problems Pokerstars.be were facing are now resolved. While PokerStars does appear to be on top of the problems now, its Network Status panel shows it has Very Good connection at five of the six listed hosts, although Manx Telecom, Isle of Man has 0% connection and all packets of data being sent to it are currently being lost. Source: http://uk.pokernews.com/news/2015/04/betfair-and-pokerstars-suffer-major-connectivity-problems-17360.htm?utm_medium=feed&utm_campaign=homefeed&utm_source=rss
See the article here:
Online gambling sites taken out by DDoS attacks
Xbox boss Phil Spencer has been talking with his rivals to see how they can avoid a repeat of the Christmas Xbox Live and PSN downtime. It’s very rare for console manufacturers to work together on anything, but the DDoS attacks on Xbox Live and PSN over Christmas have been enough for Microsoft to initiate conversations with its two rivals. ‘I don’t think it’s great when PSN goes down,’ Spencer told Game Informer. ‘It doesn’t help me. All it does is put the fear and distrust from any gamer that’s out there, so I look at all of us together as this is our collective opportunity to share what we can about what we’re learning and how things are growing. Those conversations happen, which I think is great.’ He added that the Christmas attacks had been a ‘learning experience’ and that, ‘Our commitment to Xbox One customers is to make sure our service is robust and reliable’. Although Xbox Live seemed to recover more quickly from the attacks than Sony, and Nintendo weren’t affected at all, there is no easy defence against DDoS as they’re not really hacking (no data was stolen or accessed) and simply involve overloading a server with requests. As a result it’s not clear what defences Spencer was discussing with Sony and Nintendo, but it is good to know they’re at least talking. Source: http://metro.co.uk/2015/03/06/microsoft-sony-and-nintendo-collaborating-to-stop-ddos-attacks-5091159/
More:
Microsoft, Sony, and Nintendo collaborating to stop DDoS attacks
A student at Monroe High School in Monroe, Michigan, was recently caught conducting a distributed denial of service attack (DDoS), and Monroe Public Schools Superintendent Barry Martin says the district will be pressing charges. Over a period of two weeks, the unnamed student managed to take the network down for ten to fifteen minutes at a time during the school day. This had a heightened effect on the district, as modern-day high schools rely heavily on the Internet for administration as well as classroom instruction. “We are so reliant on the Internet that we can’t afford to have down time,” said Stephen McNew, the superintendent of the district in which the student attended school. No Sensitive Data Compromised Despite having success at being disruptive, an act that the student considered to be a prank, no sensitive documents, e-mails, or files were ever compromised, which should contribute greatly to his defense. Merely disrupting communications is far less of a crime than is stealing sensitive information about other students or private communications between staff members. “A Good Student” Barry Martin called the alleged hacker “a good student” in comments to the Monroe News but said that this act could not be tolerated, and charges would be filed. DDoS is a federal felony, but from the sounds of it, the FBI has not yet been involved in the case. It is taken very seriously when the targets are larger organizations or government institutions, and ordinarily those who are serious about conducting DDoS attacks are careful to cover their tracks. It is not yet evident how the student was found to be a suspect in the case, but in the town of roughly 20,000 people, the pool of likely suspects is rather slim. The profile would be a student with high grades and extreme computer aptitude. This would make the pool of likely suspects even smaller. The way that high schools often conduct such investigations, the student would have been brought in front of a police officer and interrogated until he confessed. Like as not, school officials would pretend to know already that he was guilty, and he would confess. Equally as likely, the student bragged about it to another student, who then turned him in. Another thing that the administrators said about the student was that he probably didn’t know the seriousness of what he was doing. This is in line with existing research that has concluded that adolescents are less likely to consider the consequences of their actions before taking them. Locals Have Mixed Feelings Many locals on the Monroe News Facebook page felt that a felony would be too stern a response for the gifted student’s prank. After all, in the end, the one thing he illustrated was that the school district had a weak network infrastructure that needs upgrading. Especially if, as administrators have said, they are extremely reliant on the Internet in daily teaching. Source: https://hacked.com/michigan-high-school-student-facing-charges-ddosing-school-network/
View post:
Michigan High School Student Facing Charges After lauching DDoS attack on School Network
The number of DDOS attacks using anonymous proxies has increased The number of distributed denial of service attacks using anonymous proxies has increased dramatically over the past year, according to a new research report, as attackers use these proxies to create an instant pseudo-botnet. Ofer Gayer, security researcher at Redwood Shores, CA-based Incapsula Inc., said he first spotted the trend about a year ago. Incapsula was working on creating a database of IP addresses spotted attempting malicious activity, and discovered that attackers were abusing anonymous proxies to turn a regular single-origin denial of service attack into a distributed denial of service attack with traffic flowing through thousands — or tens of thousands — different IP addresses. A year ago, fewer than 5 percent of DDOS attacks came through anonymous proxies. Today, the number is close to 20 percent, Gayer said. “The trend intensified over the past two months,” Gayer said. “Currently, 20 percent of all application-layer attacks are originating from these proxy servers.” Of those, nearly 45 percent came from the TOR network of anonymous routers, and, of those, 60 percent used the TOR Hammer DoS tool. On average, a single attacker would direct traffic from 1,800 different IP addresses, with 540,000 requests per instance. According to Incapsula product evangelist Igal Zeifman, what this means is that an attacker could be sitting at home, on a single computer, and route traffic to a list of anonymous proxies to create an instant botnet-style attack. All it takes is a proxy harvesting script and a publicly-available DOS toolkit. Anonymous proxies, or anonymizers, can serve a useful purpose, preventing identity theft, protecting search histories, avoiding geographical marketing and access restrictions, and allowing activists to bypass Internet censorship of repressive regimes. They also offer several benefits to DDOS attackers. First, they mask the source of an attack and help the attackers evade security measures based on access control lists. They also help the attacker avoid geo-blacklisting, since the attack can be spread among proxies in many different countries. Second, since each proxy is only passing along a small number of messages, it helps the attackers avoid counter-measures based on limiting the number of messages from a single source. Finally, proxies make slight changes to message headers. That helps the attackers avoid signature-based defenses. “You can Google to find several options to generate lists of these servers,” said Zeifman. “And these servers accept requests from anyone.” Each of the anonymous proxies can be used to forward a small amount of traffic, that, together, add up to enough to take down an application. “It’s like a thousand needles, stinging all at the same time,” said Zeifman. Since the attackers are going after application, not much traffic is required. “Very few server operators think about over-provisioning their CPUs,” he said. “Even a small overhead of 100 requests per second is enough to take down a dedicated server environment.” Source: http://www.csoonline.com/article/2903939/application-security/anonymous-proxies-now-used-in-a-fifth-of-ddos-attacks.html
Visit link:
Anonymous proxies now used in a fifth of DDOS attacks