Arbor Networks released data on DDoS attack trends for the first half of 2013. The data shows that DDoS continues to be a global threat, with a clear increase in attack size, speed and complexity. …
Read the article:
DDoS attack size growing dramatically
Growth in external hacking attempts, DDoS and malware attacks, and internal threats to data are the key security concerns for UK businesses. 64% of respondents to a Check Point survey said that ext…
View the original here:
Security complexity and internal breaches are key concerns
While U.S. banking institutions brace for the next wave of distributed-denial-of-service attacks by Izz ad-Din al-Qassam, new cyberthreat research reminds us that no industry or global market is immune to DDoS. A new study from online security provider Neustar shows that DDoS attacks are up in the United Kingdom, just as they are in the U.S., and they’re targeting everything from e-commerce sites to government. It’s not just banking institutions that DDoS attackers want to take down – a truth we’ve been preaching for several months. But now, data proves it. Of the 381 U.K. organizations polled between May and June by Neustar, 22 percent said they suffered from some type of DDoS attack in 2012. By comparison, a survey of 704 North American organizations released in April 2012 showed that 35 percent had been targeted by DDoS within the last year. While the financial services sector has been the primary DDoS target in the U.S., telecommunications companies are the No. 1 target in the U.K., according to the Neustar survey, with 53 percent reporting attacks. Half of U.K. e-commerce companies and 43 percent of online retailers surveyed reported attacks. But only 17 percent of the U.K. financial-services organizations say they had been targeted, compared with 44 percent in the North American survey. The North American data is a bit out of date, so the percentage of financial institutions hit by DDoS is now probably even higher. And attacks aimed at U.K. organizations have been nowhere as fierce as those waged against U.S. banks since September 2012. More Attacks on Way Now that al-Qassam has just announced plans for a fourth phase of attacks, we’re all bracing for more strikes against U.S. banks (see DDoS: Attackers Announce Phase 4 ). But the new survey sends a clear message: No organization is safe from DDoS. “As in North America, U.K. companies face serious challenges as they decide on DDoS protection and attempt to mitigate losses,” Neustar writes in its survey study. “While many companies are hoping traditional defenses will suffice, given the frequency of attacks, their growing complexity and the impact when sites go dark, such hopes are badly misplaced.” U.K. organizations could learn quite a bit from the example U.S. banks have set. Experts have noted time and time again that European banks and others are not well-prepped for DDoS. Despite the fact that the attacks waged against U.S. banks have been among the largest the industry has ever seen, the percentage of U.S. organizations that experienced extended outages was much smaller than that of U.K. organizations, the surveys showed. The defenses U.S. banking institutions have put in place have set a new bar. We already knew that, but now Neustar’s survey results support it. According to Neustar, while online outages lasting about 24 hours affected about 37 percent of both North American and U.K. organizations surveyed, outages lasting more than a week affected 22 percent in the U.K. and only 13 percent in North America. Having a site down for more than a week is an embarrassment, and costly. Can you even imagine a major banking institution’s site being down that long? Banks in the U.S. are prepared for DDoS. But what about other organizations? Are non-banks getting ready for DDoS, or do they still see this as only a threat to banking institutions? What you think? Let us know in the comment section below. Source: http://www.bankinfosecurity.com/blogs/ddos-no-industry-safe-p-1524
Visit link:
DDoS: Lessons From U.K. Attacks
Keeping their botnet's C&C centers online is crucial for bot herders, so that they can keep taking advantage of the computers they zombified. But given that cyber security firms and law enforcement ag…
See the article here:
TOR-based botnets on the rise
Network Solutions said it’s fully mitigated a distributed denial of service (DDoS) attack that compromised some services last week, and that attack volumes against the company had returned to normal. “We experience DDoS attacks almost daily, but our automatic mitigation protocols usually handle the attacks without any impact to our customers,” said John Herbkersman, a spokesman for Network Solutions’ parent company, Web.com, via email. Network Solutions manages more than more than 6.6 million domains, provides hosting services, registers domain names and also sells SSL certificates, among other services. But Monday, some customers reported still experiencing domain name server (DNS) and website updating difficulties that dated to the start of the DDoS attacks. The company, however, disputed those claims. “Some customers may be experiencing issues, but they are not related to last week’s DDoS attack,” said Herbkersman. The DDoS attacks began last week, with Network Solutions at first reporting that “some Network Solutions hosting customers are reporting latency issues,” according to a “notice to customers who are experiencing hosting issues” posted to the company’s website on Tuesday, July 16. “Our technology team is aware of the problem, and they’re working to resolve it as quickly as possible. Thank you for your patience,” it said. As the week continued, the company posted updates via Twitter and to its Facebook page. By Wednesday, it said that the outages were due to a DDoS attack “that is impacting our customers as well as the Network Solutions site.” It said that the company’s technology staff were “working to mitigate the situation.” Later on Wednesday the company declared via Twitter: “The recent DDOS attack affecting customers has now been mitigated. Customer websites should be resolving normally. Thanks for your patience.” The Network Solutions website wasn’t available or updateable for the duration of the attacks. But that wasn’t apparent to all customers, who might not have turned to Facebook and Twitter seeking updates about the company’s service availability. One InformationWeek reader, who emailed Friday, accused Network Solutions of being less than forthcoming about the fact that the outages were being caused by a DDoS attack, “which they acknowledged only when calling them,” after he found only the “notice to customers who are experiencing hosting issues” post on the company’s site. “They have been trying to bury it,” he alleged. “Some sites were down for the entire day.” Herbkersman brushed off the criticism. “In addition to Facebook, we communicated via the Network Solutions’ website and via Twitter,” he said. “We also responded directly to customers who called our customer service team and those who contacted us via social media channels.” Friday, the company did publish a fuller accounting of the outage to its website. “Earlier this week, Network Solutions experienced a distributed denial of service (DDoS) attack on its servers that affected our customers. The Network Solutions technology team quickly identified the issue and implemented measures to mitigate the attack,” read a statement posted to the company’s site and cross-referenced on its Facebook page. “We apologize to our customers who were impacted.” “Are we getting refunded some money because of your 99.99% uptime guarantee?” responded one member via Facebook. “Feel free to call our support team and they will be happy to discuss,” came a reply from Network Solutions. Customers might have had to contend with more than just the DDoS attack. A Tuesday Facebook post — since deleted, which the company said it made to help direct customers to more recent information about the DDoS-driven outages — drew comments from customers reporting DNS issues. “There were multiple reports on the July 16, 2013 Facebook thread that appear to indicate customer DNS records were corrupted before the DDoS induced outage,” Craig Williams, a technical leader in the Cisco Systems threat research group, said in a blog post. The one-two punch of domain name resolution difficulties and a DDoS attack could have left numerous sites inaccessible not just during the attack, but in subsequent days, as the company attempted to identify the extent of the damage and make repairs in subsequent days. Last week’s DDoS attack was the second such attack for Network Solutions customers in less than a month. “In [the] previous outage, domain name servers were redirected away from their proper IP addresses,” said Williams. In that case, however, at least some of the DNS issues appeared to be “a result of a server misconfiguration while Network Solutions was attempting to mitigate a DDoS attack.” Herbkersman, the Web.com spokesman, said last week’s outages were entirely driven by the DDoS attacks, rather than the company’s response to those attacks. Source: http://www.informationweek.com/security/attacks/network-solutions-recovers-after-ddos-at/240158685
Read the original:
Network Solutions Recovers After DDoS Attack
Network Solutions said Wednesday it has restored services after a distributed denial-of-service (DDoS) attack knocked some websites it hosts offline for a few hours. The company, which is owned by Web.com, registers domain names, offers hosting services, sells SSL certificates and provides other website-related administration services. Network Solutions wrote on Facebook around mid-day Wednesday EDT that it was under attack. About three hours later, it said most customer websites should resolve normally. Some customers commented on Facebook, however, that they were still experiencing downtime. Many suggested a problem with Network Solutions’ DNS (Domain Name System) servers, which are used to look up domain names and translate the names into an IP addresses that can be requested by a browser. DDoS attacks are a favored method to disrupt websites and involve sending large amounts of data in hopes of overwhelming servers and causing websites to not respond to requests. Focusing DDoS attacks on DNS servers has proven to be a very effective attack method. In early June, three domain name management and hosting providers — DNSimple, easyDNS and TPP Wholesale — reported DNS-related outages caused by DDoS attacks. Hosting service DNSimple said it came under a DNS reflection attack, where DNS queries are sent to one party but the response is directed to another network, exhausting the victim network’s bandwidth. Source: http://www.pcworld.com/article/2044618/network-solutions-restores-service-after-ddos-attack.html
Continue Reading:
Network Solutions restores service after DDoS attack
Distributed-denial-of-service attacks have plagued U.S. banks since last September. But DDoS attacks pose a persistent, genuine threat to other sectors as well. Any organization with an online presence is at risk. Successful DDoS attacks can take a website offline, damaging brand image and chipping away at consumer trust. But they also can do much more. In some cases, these attacks can be used to mask fraud by distracting security and IT departments while banking accounts or confidential files are simultaneously being taken over. To provide insights on the latest DDoS threats – and effective mitigation strategies – Information Security Media Group has launched a DDoS Resource Center . The resource center, sponsored by online security firms Akamai, Fortinet, Neustar, Radware and VeriSign, includes timely interviews, in-depth features, news stories and blogs that offer insights about emerging botnets and attack techniques from those who are analyzing and battling DDoS on the frontlines. The resource center also offers expert insights on practical steps for minimizing the impact of DDoS attacks. By visiting the resource center, you’ll get the latest information on the different types of DDoS attacks, such as DNS reflection and application layer attacks, as well as the attacks’ possible links to fraud . You’ll learn about DDoS protections and mitigation services , notification and response strategies, and DDoS detection measures. Here’s a sampling of the variety of content our resource center offers: An interview with ex-FBI investigator Shawn Henry , who shares insights about cross-border and cross-industry collaboration that’s taking place behind the scenes to strengthen DDoS and cybersecurity knowledge. An analysis of a new type of DDoS strike that targeted two U.S. banks for what some say could have been a test for more attacks to come. A blog about how the botnet, known as Brobot, that’s been used in DDoS attacks against U.S. banks is being retooled to defeat common mitigation practices. And an interview with former federal banking examiner Amy McHugh about why community banks are prime targets for DDoS strikes being waged as modes of distraction to veil account takeover attempts. The DDoS Resource Center also provides research, white papers and webinars, including a session on new defense strategies for DDoS , which includes insights from Rodney Joffee of DDoS-mitigation provider Neustar and Mike Wyffels, senior vice president and chief technology officer of multibank holding company QCR Holdings Inc. Source: http://www.bankinfosecurity.com/blogs/staying-informed-about-ddos-threats-p-1506
See the original article here:
Staying Informed About DDoS Threats
SYN reflection attacks are one of the more sophisticated DDoS attack methods and typically require some skill to execute. However, they have recently grown in popularity as they’ve become available on…
Taken from:
Can DDoS attackers turn mitigation devices against you?
While some botherders have opted for the arguably much safer P2P architecture in order to assure their botnets' resilience, others are still clinging to the standard distributed C&C option. Amon…
Read the original post:
Researchers reveal tricks for Cutwail's endurance
Distributed denial of service (DDoS) attacks, a cyberattack that makes a specific resource unavailable to its intended user, are becoming more complex and sophisticated. Attackers don’t just carry out single attacks — they repeatedly test their target’s security and target their assault to achieve the highest amount of damage. Thousands and thousands of attacks occur daily, shutting down websites and network systems, essentially rendering businesses inoperable. To combat DD0S attacks, the first thing SMBs must do is assume they are going to be a target. Since the only DDoS attacks we hear about are those against large corporations, banks and the government, many SMBs don’t think they will ever be the target of digital warfare. Consequently, they don’t take the necessary precautions to prevent or mitigate attacks. “The reason for an attack could be anything,” said Vann Abernethy, senior product manager for NSFOCUS, a leading global DDoS mitigation solution provider. It could be an extortion attempt, a protest against company practices, or even an act of revenge by a disgruntled client or ex-employee. Unarmed with any technical knowledge, anyone with checkbook and a grudge or statement to make can launch an attack. “Everybody that has a measurable ROI associated with their web presence or anybody that can feel pain from their website being down is a target.” Despite the growing threat of DDoS attacks, most Web service providers will not guard your back, according to Abernethy, as it’s not common to cut off one pipe to protect the network. “If you get hit, they’ll say, ‘We’re gonna protect the rest of our customers by shutting you down.’” Therefore, Abernethy tells businesses to always read the fine print and see what their Web host’s policies are regarding DDoS attacks. While some say they will protect you, most have consumer-grade security that is not strong enough to defend your website against high-volume attacks. “SMBs really have two choices to make,” said Brian Laing, vice president of AhnLab, a security solutions provider. “The first is to use cloud-based applications which can more easily scale up to handle any DDoS attacks. The second option would be to implement a DDoS solution that can protect against both application and bandwidth (packet flooding) attacks.” Before implementing any type of DDoS defender, SMBs should investigate exactly what type of solution a vendor is providing, according to Laing. For instance, the defense mechanism should be able to recognize good traffic from bad, while also having a self-learning capability to be able to set flexible thresholds. Abernethy agrees. “We see thousands and thousands of attacks every day, so we have both detection and mitigation algorithms. They basically say, ‘That looks like an attack, it smells like an attack, let’s engage our mitigation algorithms.’ It looks at the attack traffic itself and then says, ‘Yes, that is an attack.’ We can detect those attacks and the system can be set up to go into automatic mitigation.” What SMBs need, Abernethy says, is a purpose-built DDoS defender with both detection and mitigation functions to quickly diagnose and mitigate DDoS attacks. The system should also be a “learning machine” that gets to know your environment over time for more precise detection. SMBs should also keep in mind that defending oneself from DDoS attacks doesn’t stop at prevention and mitigation. Because a DDoS attack shuts down your entire operation — and because most anti-DDoS protections are primarily concerned with simply knocking the attack down — you should have a recovery plan that either you or your providers facilitate. Pierluigi Stella, chief technology officer of Network Box USA, global managed security services provider, says that fending off an attack boils down to strategy and having the right resources for defense. “The real problem, though, is that defense is not a piece of hardware but a strategy, wherein the hardware plays an important role, but isn’t the only player,” Stella said. First, if your bandwidth is an old T1 at 1.5 Mbps, Stella advises businesses to upgrade that old Internet connection to one with a much larger bandwidth that can’t be taken down so quickly. A Disaster Recovery (DR) site should also be part of your recovery plan, Stella said. The DR site should have all your data, so it will serve as your temporary site as you work on getting the current one back up. Ryan Huber, chief architect at Risk I/O, a leader in vulnerability intelligence, says that depending on your business, a simpler option is a static page, such as product literature or other representation of your site. This will temporarily disable site functions such as online ordering, but serves its damage-control purpose of not keeping customers in the dark as you get the full site running. “This has the added benefit of helping you to keep users informed during the attack,” he said. Abernethy recommends that anyone who does business online do regular, full backups. The recovery plan should also include critical details, such as what the recovery process is, where data backups are stored and who is responsible for which tasks. Disaster-recovery planning should also be part of regular operational maintenance. “Don’t just make a plan and think you are covered,” Abernethy said. “Get into the habit of reviewing the full plan each backup cycle to ensure any changes are accounted for. It sounds like a lot of extra work, but it really isn’t if you build it into your normal routine.” As Stella says, businesses should always be in ‘prepared mode.’ “Don’t wait for the hurricane to strike.” For protection against your eCommerce site click here . Source: http://www.businessnewsdaily.com/4667-ddos-attacks-small-business.html
View original post here:
Protect Your Website: How to Fight DDoS Attacks