Akamai announced a new global DDoS attack report, which shows that in Q1, DDoS attackers relied less upon traditional botnet infection in favor of reflection and amplification techniques. “Instea…
Read More:
Attackers use reflection techniques for larger DDoS attacks
VANCOUVER, BRITISH COLUMBIA–(Marketwired – April 16, 2014) – Bahrain Telecom realized the threat of DDoS attacks on their customer base and set out to explore the various options available for their business customers’ enterprise websites. After evaluating the options available, BATELCO chose the fully managed DDoS Protection service offered by DOSarrest Internet Security. The service will be offered by BATELCO to its business customers as part of its cloud portfolio. Batelco Enterprise General Manager Adel Daylami said that DOSarrest came as an answer to the increased threats in cyber space, as cyber-attacks have become a major security concern for organizations of all sizes. “The DDoS Mitigation solution is designed to protect customers’ networks against any malicious attempts by containing the harm of such attacks, thus ensuring the operational status of the organisation. The introduction of this service is in line with our repeated commitments to providing our valued customers with the most advanced products and services that meet their dynamic demands,” added Mr. Daylami. “We are honored to be providing DDoS protection services for Batelco’s business customers. We have been providing DDoS protection for a number of Bahrain-based enterprises, for over 4 years now, this announcement just cements the business association,” states Mark Teolis, General Manager of DOSarrest. About Batelco: Batelco Group is headquartered in the Kingdom of Bahrain and listed on the Bahrain Bourse. Batelco has played a pivotal role in the country’s development as a major communications hub and today is the leading integrated communications’ provider, continuing to lead and shape the local consumer market and the enterprise ICT market. Batelco has been growing overseas via investing in other market-leading fixed and wireless operators. Batelco Group has evolved from being a regional Middle Eastern operation to become a major communications company with direct and indirect investments across 14 geographies, namely Bahrain, Jordan, Kuwait, Saudi Arabia, Yemen, Egypt, Guernsey, Jersey, Isle of Man, Maldives, Diego Garcia, St. Helena, Ascension Islands and Falklands. (www.batelcogroup.com) About DOSarrest Internet Security: DOSarrest, founded in 2007 in Vancouver, BC, Canada, is one of only a couple of companies worldwide to specialize in only cloud based DDoS protection services. Their global client base includes mission critical ecommerce websites in a wide range of business segments including financial, health, media, education and government. Their innovative systems, software and exceptional service have been leading edge for over 7 years now. Source: http://www.marketwired.com/press-release/bahrain-telecom-teams-up-with-dosarrest-to-offer-ddos-protection-services-1900083.htm
See the original article here:
Bahrain Telecom Teams Up With DOSarrest to Offer DDoS Protection Services
In this interview, Jag Bains, CTO of DOSarrest, talks about various types of DDoS attacks and why a cloud-based solution is a good fit for most organizations. Despite being an old threat, DDoS atta…
See more here:
Blocking DDoS attacks with a cloud-based solution
DDoS reaches 300,000 connections a minute. Botnet operators in the criminal underground are launching large denial of service attacks against each other in a bid to knock out rivals in the race to compromise computers. Security researchers have discovered command and control servers owned by operators of Zeus botnets were blasted by those running a rival Cutwail botnet in a distributed denial of service attack reaching 300,000 connections a minute. The infamous Zeus malware was a trojan often used to steal banking information and install cyrptolocking software. The Zeus family was considered to be the largest botnet operating on the internet. Cutwail is also an established botnet which is typically involved in sending spam via the Pushdo trojan, at its peak pushing out millions of emails a day. University researchers said in a paper that Cutwail, known to spammers as ’0bulk Psyche Evolution’, was rented to spam affiliates who pay fees to the botmasters totalling hundreds of thousands of dollars, in order to launch spam campaigns (pdf). RSA researchers found a hit list of new dynamically generated domain names within a Cutwail botnet which served as infrastructure targets of the operator’s rivals. A senior threat researcher that runs under the handle ‘Fielder’ wrote he was surprised to find evidence of the continual fighting. “This is an incredibly interesting finding as it suggests some fierce competition within the criminal underground,” Fielder said. “This was quite literally a live action view of botmasters attacking one another.” The research team examined the attacked IP addresses and found that each was related to Zeus and Zbot (Zeus) command and control hosts. The attacker’s IP addresses were tracked since August and linked to Zeus and kryptik trojans and variants, as well as Bitcoin mining activity. These addresses were also embroiled in a “long history” of malware campaigns including those foisting the formerly infamous BlackHole exploit kit, spam campaigns and an effort to serve malware over IRC and BitTorrent. Source: http://www.itnews.com.au/News/382411,bot-masters-in-cut-throat-ddos-fight.aspx?utm_source=feed&utm_medium=rss&utm_campaign=editors_picks
DDoS bots are evolving, developing immunity to cookie and JavaScript challenges along the way. A raft of next-generation DDoS attacks have marked the first months of 2014, says a new report from Incapsula, which notes that large-scale SYN floods attacks now account for a hefty 51.5 percent of all large-scale attacks. The research – which covers the whole of 2013 and the first two months of 2014 – says that 81 percent of DDoS attacks seen in 2014 are now multi-vectored, with almost one in every three attacks now above 20 Gbps in data volume terms. The analysis – entitled the `2013-2014 DDoS Threat Landscape Report’ – says that application (Layer 7) DDoS attacks are becoming a major headache for IT professionals as this year progresses, with DDoS bot traffic up by 240 percent in the three months to the end of February this year. Interestingly, Incapsula says that 29 per cent of botnets have been seen attacking more than 50 targets a month. The analysis – which is based on 237 network DDoS attacks that exceeded 5 Gbps and targeting Web sites on Incapsula’s network – concludes that DDoS bots are evolving, developing immunity to cookie and JavaScript challenges along the way. In fact, says Incapsula, during the final quarter of 2013, the firm’s research team reported the first encounter with browser-based DDoS bots that were able to bypass both JavaScript and Cookie challenges – the two most common methods of bot filtering. The problem, concludes the report, is that the DDoS attack perpetrators are now looking to raise the stakes even higher by introducing new capabilities, many of which are specifically designed to abuse the weaknesses of traditional anti-DDoS solutions. As a result, in 2014, the research predicts, many IT organisations will need to re-think their security strategies to respond to latest Layer 3-4 and Layer 7 DDoS threats. According to Barry Shteiman, Director of Security Strategy with Imperva, the report exposes advancements in both network and application layers. The most interesting take-out from the report, he says, is that the application DDoS attacks are now originating in botnets. “Last year we wrote extensively about the trend on CMS hacking for industrialised cybercrime where attackers use botnets in order to turn onboard infected machines into botnets and then use those as platforms for network and application attacks,” he said. “For DDoS attacks, it just makes sense. When a hacker has the power of masses with a large botnet, there are great opportunities to disrupt service. When servers are being infected rather than user’s computers, it’s even worse, just because of the bandwidth and computing power that becomes available to the hacker,” he added. Ashley Stephenson, CEO of Corero Network Security, said that it is essential that the governments take a more active role in encouraging private sector organisations to address the issue of DDoS attacks – and to put in place the appropriate plans to deal with these unavoidable security risks to their business and the nation’s financial infrastructure. “As consumers saw in late 2012 and early 2013, in both the US and UK, banks and financial institutions were successfully targeted by attacks which compromised their online services,” he told SCMagazineUK.com . The Corero CEO went on to say that his company believes that mandated controls – like those recently proposed by the Federal Financial Institutions Examination Council (FFIEC) – will drive organisations to take pro-active steps to regaining control of their online presence. “These mandates, at a minimum, offer guidance for financial institutions for appropriate DDoS activity monitoring and adequate incident response planning, this will ultimately lead to the deployment of more effective DDoS defence solutions,” he explained. Source: http://www.scmagazineuk.com/ddos-attacks-bigger-badder-and-nastier-than-last-year/article/342078/
Read More:
DDoS attacks: Bigger, Badder and Nastier than last year
Distributed denial of service (DDoS) attacks are not limited to enterprises; we have recently seen a string of DDoS attacks hitting the gaming industry, says senior engineer at F5 Networks, Martin Walshaw. “The attacks have become more frequent, particularly in the professional gaming scene where large sums of money are available,” explains Walshaw, adding that this presents a fresh concern for competitive gamers, as Internet protocol addresses of individual players, as well as servers, being increasingly targeted. DDoS attacks are designed to make a service unavailable to its intended users, according to Walshaw, they typically target banking sites and credit card payment gateways, but lately there has been a marked increase in attacks targeting gaming sites. “InfoSecurity Magazine reports that in February the number of network time protocol (NTP) amplification attacks increased 371.43%. The average peak DDoS attack volume increased a staggering 807.48%, prompting Prolexic Technologies to issue a high alert threat advisory on NTP amplification DDoS attacks – but it was too late for Wurm and League of Legends.” Walshaw cites a recent article on BBC News, which revealed that Wurm is among the latest games to have been hit, with an attack knocking the multiplayer servers offline for two days between 18 and 20 February. For the developer, this is a major inconvenience, he says, as the main selling point of the game is its multiplayer content – the more prolonged the attack, the more damage it does to the brand. “For most gamers, these attacks are frustrating and inconvenient. Wurm’s creators were forced to migrate to new servers and offered a bounty of €10 000 for information that would lead to the perpetrator/s. Also in February, the League of Legends site suffered two DDoS attacks in 24 hours, described as the “biggest [attack] of its kind” against the game since its inception.” However, notes Walshaw, in electronic sports competitions, which offer professional gamers considerable sums of money in tournaments, DDoS attacks are more than just an inconvenience; they can have a significant impact on the results of a game. Last year, several rounds of a popular DOTA 2 tournament had to be postponed after persistent DDoS attacks in qualifying rounds. In competitions where reactions delayed by a fraction of a second can result in failure and lost funds, a slow connection can be a serious issue. “DDoS attacks are increasingly prevalent and show no signs of losing popularity with cyber criminals. Experts expect these enormous volumetric attacks will gain popularity due to the fact that they leverage existing DNS servers on the Internet – there is no need to recruit one’s own botnet, or even rent one,” he states. “Large cyber-attacks are capable of knocking out business-critical applications that generate revenue and facilitate communications, which can have severe business impacts. Organisations that depend on their online presence for survival absolutely need to invest in security solutions that protect themselves, staff, customers and end-users against these attack vectors.” According to John Grady, research manager for security products at IDC, DDoS attack methods have become much stealthier and are increasing in frequency, volume and application specificity. To ensure protection against these threats, he urges organisations to consider a defence-in-depth posture for DDoS defence. Grady adds that one important component is the on-premises appliance, key in detecting and mitigating advanced application, SSL and volumetric attacks. “Whether these kinds of DDoS attacks are the work of mischief makers, sore losers or even attempts to sabotage rivals, is unclear. What is clear is that defending against DDoS attacks is not just the province of private and public sector businesses,” observes Walshaw. He concludes that these attacks have become more prevalent and have amplified over the last year; we can expect to see a lot more of them, with even greater power, across different sectors, throughout this year. Source: http://www.itweb.co.za/index.php?option=com_content&view=article&id=111708:DDoS-attacks-target-online-gaming&catid=218
Continue Reading:
DDoS attacks target online gaming
Researchers have uncovered a recent denial-of-service attack that employed an unusual, if not unprecedented, technique to surreptitiously cause thousands of everyday Internet users to bombard the target with a massive amount of junk traffic. The attack worked by exploiting a Web application vulnerability on one of the biggest and most popular video sites on the Web, according to a blog post published recently by researchers at security firm Incapsula, which declined to identify the site by name. Malicious JavaScript embedded inside the image icons of accounts created by the attackers caused anyone viewing the users’ posts to run attack code that instructed their browser to send one Web request per second to the DoS victim. In all, the technique caused 22,000 ordinary Web users to unwittingly flood the target with 20 million GET requests. “Obviously one request per second is not a lot,” Incapsula researchers Ronen Atias and Ofer Gayer wrote. “However, when dealing with video content of 10, 20, and 30 minutes in length, and with thousands of views every minute, the attack can quickly become very large and extremely dangerous. Knowing this, the offender strategically posted comments on popular videos, effectively created a self-sustaining botnet comprising tens of thousands of hijacked browsers, operated by unsuspecting human visitors who were only there to watch a few funny cat videos.” The novel attack was made possible by the presence of a persistent cross-site scripting (XSS) vulnerability in the video site, which Incapsula didn’t identify except to say it fell in the Alexa top 50 list. XSS exploits effectively allow attackers to store malicious JavaScript on a website that gets invoked each time someone visits. The booby-trapped user icons contained an iframe tag that pulled malicious instructions off an attacker-controlled command and control server. The malicious instructions caused browsers to surreptitiously flood the DDoS target with an unusually high number of GET requests. Incapsula was able to mitigate the effects of the attack using a combination of progressive challenges and behavior-based security algorithms. Remember the Samy Worm? The attack is only the latest to harness the tremendous power of XSS vulnerabilities. The technique came into vogue in 2005 with the advent of the Samy worm. Named after its creator, a hacker named Samy Kamkar, the XSS exploit knocked MySpace out of commission for a day by forcing anyone who viewed his profile to become a MySpace friend. In less than 24 hours, Kamkar, who later served time in jail for the stunt, gained more than one million followers. “The nature and beauty of persistent XSS is that the attacker doesn’t need to target specific users,” Matt Johansen, senior manager of Whitehat Security’s threat research center, told Ars. “The malicious JavaScript is stored on the website and replayed to anybody who visits this in the future. This particular JavaScript forced each browser that was running it to make a request in one-second intervals.” Last year, Johansen and other colleagues from Whitehat Security demonstrated a proof-of-concept ad network that created a browser-based botnet using a technique that’s similar to the one Incapsula observed exploiting the XSS weakness. “The delivery mechanism [in the Incapsula-observed attack] was different as it was from persistent XSS in the site instead of an ad network,” Johansen explained. “The only difference there was how the malicious JavaScript was rendered in the user’s (bot’s) browser. The code that is quoted in the [Incapsula] article is using a very similar technique to the code we wrote for our talk. Instead of using (image) tags like we did, this attacker is using tags which then make one request per second. We were just loading as many images as possible in the time our JavaScript was running.” Incapsula’s discovery comes three months after criminals were observed using another novel technique to drastically amplify the volume of DDoS attacks on online game services and other websites. Rather than directly flooding the targeted services with torrents of data, an attack group sent much smaller sized data requests to time-synchronization servers running the Network Time Protocol. By manipulating the requests to make them appear as if they originated from one of the gaming sites, the attackers were able to vastly increase the firepower at their disposal. The technique abusing the Network Time Protocol can result in as much as a 58-fold increase or more. Miscreants have long exploited unsecured domain name system servers available online to similarly amplify the amount of junk traffic available in DDoS attacks. Incapsula’s finding underscores the constantly evolving nature of online attacks. It also demonstrates how a single weakness on one party’s website can have powerful consequences for the Internet at large, even for those who don’t visit or otherwise interact with the buggy application. Source: http://arstechnica.com/security/2014/04/how-a-website-flaw-turned-22000-visitors-into-a-botnet-of-ddos-zombies/
Visit site:
How a website flaw turned 22,000 visitors into a botnet of DDoS zombies
Media websites continue to be attacked by cyber criminals with reports now emerging that titles in the Czech Republic have been targeted. Three of the country’s most widely-read sites – ihned.cz, idnes.cz, and novinky.cz – have confirmed the slowing or crashing of their web pages according to Reuters, though it is not clear who is responsible for the hacks at present. Indicating the use of commonly-deployed Distributed Denial of Service (DDoS) attacks, Lucie Tvaruzkova, the head of business daily ihned.cz, said, “We are receiving great numbers of requests at our servers, which is a typical way to attack.” The incident follows other well-documented cyber-assaults on major media outlets this year, with both the New York Times and Wall Street Journal revealing their networks were breached in attacks they believed originated in China. Elsewhere, security researchers said last week that hackers have been targeting government agencies across a number of European countries, including the Czech Republic, Ireland, and Romania. A flaw in Adobe Systems ADBE.O software has apparently been exploited in the attacks. Source: http://www.itproportal.com/2013/03/04/media-hacking-continues-as-czech-news-sites-suffer-ddos-attacks/#ixzz2yBakJKEu
Read more here:
Media hacking continues as Czech news sites suffer DDoS attacks
Here's an overview of some of last week's most interesting news, reviews and articles: Cost of Advanced Evasion Techniques in recent data breaches A new report by McAfee examines the controversy…
Read More:
Week in review: AET costs, Windows XP deadline, routers expose ISPs to DNS-based DDoS attacks
DNS-based DDoS amplification attacks have significantly increased in the recent months, targeting vulnerable home routers worldwide. A simple attack can create 10s of Gbps of traffic to disrupt provid…
Continued here:
24 million routers expose ISPs to DNS-based DDoS attacks