Category Archives: DDoS Vendors

FastMail the latest victim of a sustained DDoS offensive

FastMail has been subjected to a number of distributed denial of service (DDoS) attacks, the premium email provider has revealed. The Australian-based company said that the cyber offensive first took place in the early hours of November 8th, which took some of its services offline. In response it immediately “enabled mitigation strategies”, which proved successful in bringing the DDoS attack to an end. However, the following day, at around the same time, the cybercriminal once again launched another onslaught. This second-round of attacks came with a ransom demand, which threatened FastMail with more chaos if it didn’t hand over 20 Bitcoins (worth approximately £7,500). The company said that it does not respond to attempts of extortion and will not bow to pressure from the cybercriminal. “Over the last week, several email providers, including Runbox, Zoho, Hushmail and ProtonMail have been hit by large scale DDoS attacks, accompanied by an extortion demand from the attacker to stop,” FastMail outlined. “The goal of the attacker is clearly to extort money in the hope that the services will not be prepared to deal with the disruption. “With one exception, where ProtonMail paid the criminals and was still attacked, we do not believe the extortion attempts have been successful, and we fully intend to stand up to such criminal behaviour ourselves.” The company says that it is actively working to keep its services running as best as possible and that it has utilized knowledge gained from past DDoS attacks to help it react to numerous situations. The attack on ProtonMail is one of the most high-profile cases of 2015, which the encrypted email provider has described as the “largest and most extensive cyberattack in Switzerland”. A DDoS attack is when numerous computers make repeated requests for information to one computer or device. This has the effect of ‘overwhelming’ a computer or device’s ability to deal with the requests, resulting in it slowing down or crashing. Source: http://www.welivesecurity.com/2015/11/12/fastmail-latest-victim-sustained-ddos-offensive/

See original article:
FastMail the latest victim of a sustained DDoS offensive

FastMail falls over as web service extortionists widen attacks and up their prices

Concerted assaults on five providers and counting FastMail has become the latest web services company to get taken down by distributed denial of service (DDoS) raiders who are trying to extort Bitcoins in exchange for internet access.…

Visit site:
FastMail falls over as web service extortionists widen attacks and up their prices

ProtonMail comes back online, shores up DDoS defenses

ProtonMail, the Switzerland-based encrypted email service, has found its footing again after a wild ride over the past week. The free service has said it was hit by two different groups using distributed denial-of-service attacks (DDoS) that took it offline. Now it has partnered with Radware, which offered its DDoS mitigation service for a “reasonable price,” allowing service to resume, ProtonMail wrote in a blog post on Tuesday. “The attackers hoped to destroy our community, but this attack has only served to bring us all together, united by a common cause and vision for the future,” the company wrote. The first group of attackers, which call themselves the Armada Collective, asked ProtonMail for a ransom in bitcoin before launching attacks early on Nov. 4. The Swiss Governmental Computer Emergency Response Team warned in September about blackmail attempts by the Armada Collective. They tend to launch a demo attack while demanding 10 or 20 bitcoins, and larger attacks follow if the ransom isn’t paid. Controversially, ProtonMail paid the ransom. The company wrote in a blog post that it was under pressure from other companies to pay it in order to stop the attacks. However, ProtonMail later edited the blog post, writing that paying “was clearly a wrong decision so let us be clear to all future attackers – ProtonMail will never pay another ransom.” The second group’s attack on ProtonMail had wide-ranging effects on its service providers and other companies, which also were knocked offline. The 100Gbps-attack brought down ProtonMail’s ISP, including the ISP’s routers and data center. ProtonMail suspected that the second group might be state-sponsored hackers because of the severe damage inflicted. Bizarrely, the Armada Collective told ProtonMail it wasn’t responsible for the second set of attacks. By Sunday, ProtonMail began recovering. An ISP, IP-Max, set up a direct link from ProtonMail’s data center to a major Internet connection point in Zurich in less than a day, it wrote. Level 3 Communications lent a hand with IP transit. An appeal for donations to put in better protections against DDoS has netted $50,000 so far as well. ProtonMail’s service is free, but eventually it plans to introduce paid-for premium options. ProtonMail is now using Radware’s DefensePipe, a cloud-based service. Other companies, ProtonMail said, offered their services but “attempted to charge us exorbitant amounts.” ProtonMail offers a full, end-to-end encrypted email service and has more than 500,000 users. Although it has been possible to encrypt email for decades, interest has increased since documents leaked by former U.S. National Security Agency contractor Edward Snowden showed massive data-collection operations by western spy agencies. Source: http://www.pcworld.com/article/3004157/protonmail-comes-back-online-shores-up-ddos-defenses.html

See original article:
ProtonMail comes back online, shores up DDoS defenses

ProtonMail restores services after epic DDoS attacks

After several days of intense work, Switzerland-based end-to-end encrypted e-mail provider ProtonMail has largely mitigated the DDoS attacks that made it unavailable for hours on end in the last week.

Continued here:
ProtonMail restores services after epic DDoS attacks

Swedbank smacked by DDoS attack

Website unable to process online transactions Scandi finance house Swedbank has been hit by a DDoS attack, which has taken down access to online banking via its website.…

Read the article:
Swedbank smacked by DDoS attack

ProtonMail still under attack by DDoS bombardment

Using blog site and Twitter to issue updates Secure webmail outfit ProtonMail is still fighting against a sustained DDoS attack that has left its service largely unavailable since Tuesday.…

Follow this link:
ProtonMail still under attack by DDoS bombardment

A server was DDoS-ed for 320 hours straight

Kaspersky Lab has released a new report on the evolution of distributed denial of service (DDoS) and it shows some interesting figures, including the fact that a server was targeted for 320 hours straight. The Kaspersky DDoS Intelligence Report Q3 2015 is based on the constant monitoring of botnets and observing new techniques utilised by cybercriminals. It shows that DDoS attacks remain highly localised, with 91.6 per cent of the victims’ resources are located in only ten countries around the world, although Kaspersky Lab has recorded DDoS attacks targeting servers in 79 countries total. DDoS attacks are highly likely to originate from the same countries, the security firm understands, adding that China, USA and South Korea are the highest rating countries in both sources of attack and sources of targets. According to the report, more than 90 per cent of all attacks observed in the third quarter lasted less than 24 hours, but the number of attacks lasting over 150 hours has grown significantly. At the same time, there was this one server that was hit extremely hard – 22 times. It is located in The Netherlands. Kaspersky says that even cyber-crooks go on vacation, after realising that August is the quietest month of the quarter. Linux-based botnets are significant, and account for up to 45.6 per cent of all attacks recorded by Kaspersky Lab. The main reasons for this include poor protection and higher bandwidth capacity. Looking at who the most frequent victims are, banks stand out the most, being frequent targets for complex attacks and ransom demands. Source: http://www.itproportal.com/2015/11/04/a-server-was-ddos-ed-for-320-hours-straight/

Read the article:
A server was DDoS-ed for 320 hours straight

Researchers map out hard-to-kill, multi-layered spam botnet

A dropper component sent to the Akamai researchers led them to the discovery of a spamming botnet that consists of at least 83,000 compromised systems. The botnet is multi-layered, decentralized, a…

More:
Researchers map out hard-to-kill, multi-layered spam botnet

IPv6 And The Growing DDoS Danger

IPv6 and the Internet of Things have arrived — and with them an enormous potential expansion for distributed denial-of-service (DDoS) attacks. The number of connected devices is growing exponentially, with one billion new IoT devices expected to ship this year alone. As such, IPv4 addresses have been exhausted, but IPv6 is on deck to address this concern. The new system allows for 2^128 IP addresses (in comparison, IPv4 only carried 2^32 possible IP addresses). So everything is fine, right? Sadly, no. While IPv6 will certainly aid in accommodating the growth of new connected phenomena, such as the Internet of Things (IoT), adoption at the moment is slow. And because IPv6 occupies such a relatively small space, Internet security implementations that take it into full consideration are also lagging. This leaves a lot of networks vulnerable to distributed denial of service (DDoS) attacks. DDoS attacks occur when Internet hackers use infected hosts to control connected devices remotely and make unwilling devices (bots) send malicious traffic to their target of choice. The target organizations are flooded with traffic, thus restricting or disabling service for legitimate traffic, or crashing the victim network. The most recent Verizon Data Breach Investigations Report noted: “Distributed denial-of-service attacks got worse again this year with our reporting partners logging double the number of incidents from last year…We saw a significant jump in…attacks [that] rely on improperly secured services, such as Network Time Protocol (NTP), Domain Name System (DNS), and Simple Service Discovery Protocol (SSDP), which make it possible for attackers to spoof source IP addresses, send out a bazillion tiny request packets, and have the services inundate an unwitting target with the equivalent number of much larger payload replies.” While most DDoS attacks do not, at present, involve IPv6, both the number and size of these attacks are rising, and IPv6 brings with it particular vulnerabilities. According to a recent CNET article: “First, with the relatively immature network infrastructure, many network operators don’t have the ability to scrutinize network traffic well enough to distinguish DDoS attacks from benign traffic. Second, gateways that link IPv4 and IPv6 must store lots of ‘state’ information about the network traffic they handle, and that essentially makes them more brittle.” The Internet of Things is also adding to the threat, according to an InfoSec Institute report “Internet of Things: How Much are We Exposed to Cyber Threats? The report, published earlier this year, cited the possibility of cyber criminals stealing sensitive information by hacking or compromising IoT devices to run cyberattacks against third-party entities using routers, SOHO devices or SmartTVs. “IoT devices manage a huge quantity of information, they are capillary distributed in every industry,” the report noted, “and, unfortunately, their current level of security is still low.” And therein lies the nightmare scenario. We now have IPv6, accompanied by immature visibility tools; gateways between IPv4 and IPv6 that are brittle and precarious; and the unprecedented proliferation of relatively unsecure IoT devices, replete with those brand-spanking-new IPv6 vulnerabilities, all creating ubiquitous potential fuel for botnets. The reality is precisely as desperate as it sounds. The best course of action to prepare for an onslaught of DDoS attacks exploiting IoT and IPv6 adoption is to ensure that your enterprise network security system can support the many connections from so many more connected devices. Also ensure the IPv6 support is on par with the IPv4-based feature set. Most attacks are carried out over IPv4, and by shifting over to IPv6, the attacker could bypass the defenses that only inspect IPv4 traffic. Meanwhile, IPv6-specific attack vectors have been reported IPv6 and the IoT have arrived, and with them comes an enormous expansion in DDoS attack potential. Source: http://www.darkreading.com/attacks-breaches/ipv6-and-the-growing-ddos-danger/a/d-id/1322942

Visit site:
IPv6 And The Growing DDoS Danger

China is the top target for DDoS reflection attacks

China bore the brunt of DDoS reflection attacks last month, with 61 percent of the top attack destinations observed hitting Chinese-based systems, according to Nexusguard. Of the 21,845 attack events …

More here:
China is the top target for DDoS reflection attacks