Because you can’t be telepresent when the bad guys are DOSing you Cisco TelePresence kit and software need patching after the company turned up vulnerabilities that open them up to remote command injection and denial of service attacks.…
View original post here:
Time to patch your Cisco TelePresence systems
Home-baked encryption followed the wrong recipe Yet another proprietary implementation of a popular protocol has turned up unexpected vulnerabilities, with SAP’s data compression software open to remote code execution and denial-of-service exploits.…
View original post here:
SAP crypto offers customers choice of remote code execution or denial of service
Most DDoS defence solutions are missing critical parts of the threat landscape thanks to a lack of proper visibility. Online organisations need to take a closer look at the problem of business disruption resulting from the external DDoS attacks that every organisation is unavoidably exposed to when they connect to an unsecured or ‘raw’ Internet feed. Key components of any realistic DDoS defense strategy are proper visualisation and analytics into these security events. DDoS event data allows security teams to see all threat vectors associated with an attack – even complex hybrid attacks that are well disguised in order to achieve the goal of data exfiltration. Unfortunately, many legacy DDoS defense solutions are not focused on providing visibility into all layers of an attack and are strictly tasked with looking for flow peaks on the network. If all you are looking for is anomalous bandwidth spikes, you may be missing critical attack vectors that are seriously compromising your business. In the face of this new cyber-risk, traditional approaches to network security are proving ineffective. The increase in available Internet bandwidth, widespread access to cyber-attack software tools and ‘dark web’ services for hire, has led to a rapid evolution of increasingly sophisticated DDoS techniques used by cyber criminals to disrupt and exploit businesses around the world. DDoS as a diversionary tactic Today, DDoS attack techniques are more commonly employed by attackers to do far more than deny service. Attack attempts experienced by Corero’s protected customers in Q4 2014 indicate that short bursts of sub-saturating DDoS attacks are becoming more of the norm. The recent DDoS Trends and Analysis report indicates that 66% of attack attempts targeting Corero customers were less than 1Gbps in peak bandwidth utilisation, and were under five minutes in duration. Clearly this level of attack is not a threat to disrupt service for the majority of online entities. And yet the majority of attacks utilising well known DDoS attack vectors fit this profile. So why would a DDoS attack be designed to maintain service availability if ‘Denial of Service’ is the true intent? What’s the point if you aren’t aiming to take an entire IT infrastructure down, or wipe out hosted customers with bogus traffic, or flood service provider environments with massive amounts of malicious traffic? Unfortunately, the answer is quite alarming. For organisations that don’t take advantage of in-line DDoS protection positioned at the network edge, these partial link saturation attacks that occur in bursts of short duration, enter the network unimpeded and begin overwhelming traditional security infrastructure. In turn, this activity stimulates un-necessary logging of DDoS event data, which may prevent the logging of more important security events and sends the layers of the security infrastructure into a reboot or fall back mode. These attacks are sophisticated enough to leave just enough bandwidth available for other multi-vector attacks to make their way into the network and past weakened network security layers undetected. There would be little to no trace of these additional attack vectors infiltrating the compromised network, as the initial DDoS had done its job—distract all security resources from performing their intended functions. Multi-vector and adaptive DDoS attack techniques are becoming more common Many equate DDoS with one type of attack vector – volumetric. It is not surprising, as these high bandwidth-consuming attacks are easier to identify, and defend against with on-premises or cloud based anti-DDoS solutions, or a combination of both. The attack attempts against Corero’s customers in Q4 2014 not only employed brute force multi-vector DDoS attacks, but there was an emerging trend where attackers have implemented more adaptive multi-vector methods to profile the nature of the target network’s security defenses, and subsequently selected a second or third attack designed to circumvent an organisation’s layered protection strategy. While volumetric attacks remain the most common DDoS attack type targeting Corero customers, combination or adaptive attacks are emerging as a new threat vector. Empowering security teams with DDoS visibility As the DDoS threat landscape evolves, so does the role of the security team tasked with protecting against these sophisticated and adaptive attacks. Obtaining clear visibility into the attacks lurking on the network is rapidly becoming a priority for network security professionals. The Internet connected business is now realising the importance of security tools that offer comprehensive visibility from a single analysis console or ‘single pane of glass’ to gain a complete understanding of the DDoS attacks and cyber threats targeting their Internet-facing services. Dashboards of actionable security intelligence can expose volumetric DDoS attack activity, such as reflection, amplification, and flooding attacks. Additionally, insight into targeted resource exhaustion attacks, low and slow attacks, victim servers, ports, and services as well as malicious IP addresses and botnets is mandatory. Unfortunately, most attacks of these types typically slide under the radar in DDoS scrubbing lane solutions, or go completely undetected by cloud based DDoS protection services, which rely on coarse sampling of the network perimeter. Extracting meaningful information from volumes of raw security events has been a virtual impossibility for all but the largest enterprises with dedicated security analysts. Next generation DDoS defense solutions can provide this capability in a turn-key fashion to organisations of all sizes. By combining high-performance in-line DDoS event detection and mitigation capabilities with sophisticated event data analysis in a state-of-the-art big data platform, these solutions can quickly find the needles in the haystack of security events. With the ability to uncover hidden patterns of data, identify emerging vulnerabilities within the massive streams of DDoS attack and security event data, and respond decisively with countermeasures, next-generation DDoS first line of defense solutions provide security teams with the tools required to better protect their organization against the dynamic DDoS threat landscape. Source: http://www.information-age.com/technology/security/123459482/how-organisations-can-eliminate-ddos-attack-blind-spot
Read this article:
How organisations can eliminate the DDoS attack ‘blind spot’
Pay up or we’ll send up to 400Gbps your way New Zealand Internet Task Force (NZITF) chair Barry Brailey is warning Australian and New Zealand enterprises to be on the look out for distributed denial of service extortion attacks demanding payment of up to AU$7500.…
Follow this link:
$7500 DDoS extortion hitting Aussie, Kiwi enterprises
DDoS attacks are more prevalent than ever and enterprises can’t always rely on their service providers for protection. Learn what enterprises should do for effective DDoS mitigation. Moving unified communications applications to the cloud can simplify business operations. But cloud infrastructure can present vulnerabilities that attract malicious attacks like distributed denial of service (DDoS). And with many enterprises using service providers for their UC applications, DDoS attacks can be more damaging than ever. As the threat of DDoS attacks loom, there is a disconnect between enterprises and their service providers taking responsibility during an attack, according to a report from DDoS mitigation service provider Black Lotus Communications, which surveyed 129 service providers and the impact of DDoS on their business. According to the report, many organizations believe they can rely on their service provider to manage a DDoS attack and its impact on their business. But the reality is most providers believe they are solely responsible for making sure their infrastructure remains intact during an attack and that the direct impact of an attack is the customer’s responsibility. “Service providers with undeveloped DDoS mitigation strategies may choose to sacrifice a customer by black hole routing their traffic or recommending a different service provider in order to protect the service of other customers,” said Chris Rodriguez, network security senior analyst at Frost & Sullivan. Enterprises can lose anywhere from $100,000 to tens of millions of dollars per hour in an attack, the report found. Just over one-third of service providers reported being hit with one or more DDoS attacks weekly, according to the report. Managed hosting services, VoIP and platform as a service were the three industries most affected by DDoS. During an attack, 52% of service providers reported temporarily blocking the targeted customer, 34% reported removing the targeted customer, 32% referred customers to a partner DDoS mitigation provider and 26% encouraged an attacked customer to find a new service provider. But by removing or blocking a customer, service providers have effectively helped the attackers achieve their goal and leave enterprises suffering the consequences, according to the report. Communicating DDoS concerns Three-quarters of service providers reported feeling very to extremely confident they could withstand a catastrophic DDoS attack, and 92% of providers have protections in place. But the report found that the majority of providers use traditional protections that have become less effective in mitigating DDoS. To maximize DDoS protection, Nemertes Research CEO Johna Till Johnson offered four questions that enterprises should ask when evaluating service provider security and DDoS protection. What protections does the service provider have in place in the event of an attack? Don’t be afraid to ask service providers questions regarding the DDoS mitigation products and services they use, what their DDoS track record is or how many clients have been victims of an attack. “If they refuse to answer, it tells you something about the vendor,” Johnson said. “Any legitimate provider has this information and will share it with customers.” Is the service provider willing to put DDoS mitigation in a service-level agreement ( SLA )? The provider may already include DDoS protection or may require the enterprise to buy a service. But if a provider won’t include DDoS mitigation in an SLA, find out why. “If you’re not going to put it in black and white, you’re at risk,” she said. What third-party services does the provider recommend? Service providers may have third-party partnerships that can deliver DDoS protection. What is your organization’s stance on security? Johnson recommends having a line item in the budget for DDoS that covers a DDoS mitigation service or product. Making DDoS mitigation plans If a service provider is hit with a DDoS attack, there are two issues facing enterprises, Johnson said. The first issue is if the enterprise experienced a small hit in the attack. “If you’ve gotten a gentle probe, then attackers may be coming after you,” she said. Just like when a credit card number is stolen and the thief spends a small amount of money to test the number before making the large, fraudulent charges, attackers are testing for vulnerabilities. Enterprises should immediately figure out where they’re at risk and what they can do to protect themselves now, Johnson said. The second issue, she said, is that DDoS isn’t just an attack, it’s an earthquake. A disaster recovery plan is required so enterprises know what to do if a core application is suddenly unavailable. “DDoS attack techniques continue to change, and enterprises must be proactive in their defenses,” Rodriguez said. He said a hybrid approach to DDoS mitigation has emerged as an effective strategy. Hybrid DDoS mitigation requires an on-premises DDoS mitigation appliance to protect an enterprise’s infrastructure and a cloud-based DDoS mitigation service that routes traffic to a scrubbing center and returns clean traffic. The on-premises appliance is used during smaller attacks; and when attacks reach a certain size, the appliance can signal for the cloud-based service to take over. “This allows the organization to use the DDoS services sparingly and only when necessary, with a seamless transition between the two services,” he said. Source: http://searchunifiedcommunications.techtarget.com/news/4500245890/Enterprises-must-be-proactive-in-DDoS-mitigation
View the original here:
Enterprises must be proactive in DDoS mitigation
Connectivity at MTN’s Gallo Manor data centre has been fully restored after the Johannesburg site was hit by a distributed denial of service (DDoS) attack earlier this afternoon. MTN alerted clients just after 3pm today that it had suffered a DDoS attack, which resulted in packet loss and a disturbance to clients’ cloud services. At the time the company said MTN Business’ network operations centre was working on resolving the problem to avoid any further attacks. This comes less than two days after a power outage at the same data centre caused loss of connectivity. MTN chief technology officer Eben Albertyn says, while the DDoS attack today hampered the company’s ability to provide connectivity services, engineers worked “fervently” to fully restore services and avert further attacks, and connectivity was restored soon after. “The interruption lasted only a few minutes and is completely unrelated to the outage experienced on Monday. MTN wishes to apologise profusely to its customers for any inconvenience caused.” On Sunday evening just after 6pm, MTN’s Gallo Manor data centre went offline, causing major disruptions to clients’ services, including Afrihost. MTN put the outage down to a power outage. The problem persisted until the next day, with services being restored around 11am on Monday. Digital Attack Map defines DDoS attack as: “An attempt to make an online service unavailable by overwhelming it with traffic from multiple sources.” The live data site notes these attacks can target a wide variety of important resources, from banks to news Web sites, and present a major challenge to making sure people can publish and access important information. Source: http://www.itweb.co.za/index.php?option=com_content&view=article&id=142968:MTN-weathers-DDOS-attack
View original post here:
MTN suffers a DDoS attack
A secondary school near Burton-on-Trent in East Staffordshire had admitted that its website was knocked offline at various points by hackers in recent weeks. The attack appears to be denial-of-service (DoS), with hactivism group Anonymous reportedly taking responsibility. Burton Mail reports that John Taylor High School’s website suffered from “significant periods of downtime during the past few weeks”, adding that a member of Anonymous had contacted the newspaper directly to claim responsibility. “It has come to our immediate attention that the security used for school systems is not up to scratch,” the member said when interviewed. “This is putting pupils at risk of being targeted by paedophiles who have acquired the skill to access data which could lead them to being able to collect information and stalk pupils.” The member continued: “We give every school in this country one month to fix their pitiful security systems. If, after that time, we can still achieve penetration at a reasonable level of attack we will personally disable their systems. “We do not expect them to be able to stop us at an advanced level, however the level of hack used on the John Taylor systems highlighted a very serious problem.” Mike Donoghue, head teacher at John Taylor, which has around 1,500 students, confirmed that they were still investigating the incident, and added that the systems are now fully functional. Speaking to SCMagazineUK.com earlier today, Donoghue drilled down into some of the details, confirming that the outage related specifically to The Vault, a virtual learning environment – developed by FROG but hosted on the school’s servers – which is used to host teaching materials, former test papers and other revision guidance. The school, a specialist ‘science and leadership academy;, was first alerted to the downtime by students, on Twitter, who were trying to access the system, with IT technicians subsequently blocking all IP address so no-one could access the service. The second outage lasted a “couple of days” over the Easter Bank Holiday weekend. Donoghue was keen to stress that there was “no breach” of sensitive student data, and said that the school continues to work with providers RM and FROG to monitor the issue, and harden their existing security controls. Students were informed of the issue during assembly, and parents have also been made aware. The principal said that the effect of the incident was “largely mitigated” because the downtime wasn’t overly long, and most of the materials could still be accessed by “just a few more clicks on Google”. He also doubted the possibility of Anonymous being behind the attack, saying that the outages stopped after students were alerted to the situation. Source: http://www.scmagazineuk.com/staffordshire-school-hit-by-suspected-denial-of-service-attack/article/412236/
Read this article:
Staffordshire school hit by suspected DDoS attack
Nefarious pervert hacks parlour cameras for heavy petting pwnage The Royal Canadian Mounted Police has nabbed a Canadian woman believed to have originated a botnet which she used to recreationally terrorise victims.…
More:
Mounties nab Canadian woman, 27, in webcam hack shenanigans bust
Walla Walla Community College is under cyberattack this week by what are believed to be foreign computers that have jammed the college’s Internet systems. Bill Storms, technology director, described it as akin to having too many cars on a freeway, causing delays and disruption to those wanting to connect to the college’s website. The type of attack is a distributed denial of service, or DDoS. They’re often the result of hundreds or even thousands of computers outside the U.S. that are programed with viruses that continually connect to and overload targeted servers. Storms said bandwidth monitors noticed the first spike of attacks on Sunday. To stop the attacks, college officials have had to periodically shut down the Web connection while providing alternative working Internet links to students and staff. The fix, so far, has only been temporary as the problem often returns the next day. “We think we have it under control in the afternoon. And we have a quiet period,” Storm said. “And then around 9 a.m. it all comes in again.” Walla Walla Community College may not be the only victim of the DDoS attack. Storm said he was informed that as many as 39 other state agencies have been the target of similar DDoS attacks. As for the reason for the attack, none was given to college officials. Storms noted campus operators did receive a number of unusual phone calls where the callers said that they were in control of the Internet. But no demands were made. “Some bizarre phone calls came in, and I don’t know whether to take them serious or not,” Storms said. State officials have been contacted and are aiding the college with the problem. Storms said they have idea how long the DDoS attack will last. Source: http://union-bulletin.com/news/2015/apr/30/community-college-targeted-ongoing-cyberattack/
Continued here:
Community college targeted ongoing DDoS attack
As the tide of DDoS attacks continues to expand, the rise of the Internet of Things (IoT) and the influx of network connected devices, such as webcams and routers, are leading to the growth of Simple …
See more here:
93% of DDoS attacks last 30 minutes