The beginning of 2014 saw 1.5 times the number of attacks over 20GB/sec, compared to the rest of 2013, according to new stats released by Arbor Networks today. At the Infosecurity Europe 2014, t…
Read the article:
Spike in DDoS attack size driven by NTP misuse
A programmer has divulged how the Facebook Notes feature can be used to launch distributed denial-of-service (DDoS) attacks against websites. In a blog post this weekend, researcher Chaman Thapa said that the DDoS abuse is possible due to Facebook’s protocol of allowing HMTL image tags in notes. “Facebook Notes allows users to include tags,” Thapa wrote in the Sunday blog post. “Whenever a tag is used, Facebook crawls the image from the external server and caches it. Facebook will only cache the image once, however, [and by] using random GET parameters the cache can be bypassed and the feature can be abused to cause a huge HTTP GET flood.” By creating a list of unique image tags, and using m.facebook.com to create notes, Thapa was able to create several notes, which were each responsible for sending an influx of HTTP request to the target server, he wrote. In only a couple of seconds, he was able to send thousands of GET requests to the designated server. Thapa disclosed the issue to Facebook’s bug bounty program on March 3, but after being alerted to the issue, the company ultimately said that the attack scenario was “interesting/creative,” – but one the company didn’t intend to fix due to the logistics involved. Thapa posted the email correspondence with Facebook (which occurred April 11) in his blog post. “In the end, the conclusion is that there’s no real way to us fix this that would stop ‘attacks’ against small consumer grade sites without also significantly degrading the overall functionality,” Facebook told Thapa. “Unfortunately, so-called ‘won’t fix’ items aren’t eligible under the bug bounty program, so there won’t be a reward for this issue. I want to acknowledge, however, both that I think your proposed attack is interesting/creative and that you clearly put a lot of work into researching and reporting the issue last month. That IS appreciated and we do hope that you’ll continue to submit any future security issues you find to the Facebook bug bounty program.” In a Friday email to SCMagazine.com, a Facebook spokesperson further explained the company’s decision on addressing the bug. “Ultimately, we decided against making changes to avoid disrupting intended and desirable functions,” the spokesperson wrote. Via his blog, Thapa also revealed that similar DDoS abuse can be carried out using Google’s Feedfetcher tool. According to a Google support page, Feedfetcher allows Google to grab RSS or Atom feeds when users add them to their Google homepage or Google Reader. Source: http://www.scmagazine.com/researcher-reveals-how-facebook-notes-can-be-used-to-ddos-sites/article/344271/
Continue Reading:
Researcher reveals how Facebook Notes can be used to DDoS sites
VANCOUVER, BRITISH COLUMBIA–(Marketwired – Apr 23, 2014) – DOSarrest has just released its latest generation of proprietary backend software that incorporates an all-new customer-facing portal. This new release will enable DOSarrest to implement changes to customer configurations in seconds, enabling them to apply custom made DDoS mitigation modules extremely quickly. It is also equipped with an Intrusion Detection System (IDS), allowing the security team to pinpoint sophisticated layer 7 attacks as well as provide cloud based Web Application Firewall (WAF) services for its customers. Mark Teolis, GM at DOSarrest said: “This upgrade is by far our largest project to date, it has taken us over 2 years of development and testing to get here. This latest generation of software is extremely powerful, and can stop the next generation of sophisticated layer 7 attacks.” DOSarrest is now able to offer additional services, including: Cloud Based Web Application Firewall (WAF) Cloud based layer 7 load balancing, Local, Global with health checks Enhanced reporting on traffic types, status codes, cache performance, etc Create virtual servers, to have us pick-up, cache and deliver content from multiple customer servers IDS engine to detect and help stop any malicious traffic “We recognised our customers’ requirements to have comprehensive security related services, rather than disparate point solutions; this new system has all the features that we need to accommodate them. The best part about this new generation of software is its flexibility at the core. What used to take days and weeks to develop and implement, can now be measured in minutes and hours,” added Jag Bains, CTO at DOSarrest. Bains went on to say: “The best part of this new release is that it enables us to quickly react and stop sophisticated attacks that have not even been created yet!” Source: http://www.reuters.com/article/2014/04/23/idUSnMKWNkbj9a+1e0+MKW20140423
See the original article here:
DOSarrest Releases Latest Generation DDoS Mitigation System Software
Reflection attacks using the Network Time Protocol surge in the first quarter, as attackers shift to bandwidth-clogging floods of data. In the past year, attackers have changed focus from attacking applications to overwhelming network bandwidth using brute-force reflection attacks, according to a report published April 17 by content-delivery provider Akamai. The two most popular types of reflection attacks, which bounce network traffic off intermediate servers on the Internet, have shot up in popularity, accounting for 23 percent of all infrastructure attacks in the 2014 first quarter, Akamai stated in its Prolexic Quarterly Global DDoS Attack Report. The attacks were largely unheard of in 2013, the report stated. Much of the increase is due to easy-to-use tools, including techniques for using a vulnerability in the Network Time Protocol, or NTP, not only to reflect attacks but amplify them, Matt Mosher, director security strategy for Akamai, told eWEEK. “Reflection and amplification are easier for the attackers to do,” he said. “They don’t have to build a bot army or infect a bunch of machines.” The number of distributed denial-of-service (DDoS) attacks and the average bandwidth of an attack have both climbed, increasing by 47 percent and 39 percent, respectively, according to Akamai’s report. The jump occurred even as DDoS attacks that attempt to tie up applications with bogus requests declined 21 percent. Application layer attacks have declined since the third quarter of 2013, the report stated. “There have always been two dimensions to DDoS: the large volumetric attacks including amplification, and then there’s another set of DDoS that tries to create complexity and targets applications,” Mosher said. Attackers also focused on media and entertainment companies, which were the targets of nearly 50 percent of attacks. Software and technology companies were the second most popular target, at 17 percent, while security firms faced 12 percent of all DDoS attacks, according to Akamai. The largest attack seen by Akamai targeted a European entertainment firm, and exceeded 200G bps at its peak, the firm said. The attack lasted more than 10 hours, and amplified the attack volume through vulnerable servers using a combination of NTP and the Domain Name System (DNS) reflection. The attack also employed a tactic known as a POST flood attack, according to Akamai. Reflection attacks do not just use basic Internet protocols, but can use Web application features to inundate a target. An interesting attack in the first quarter of 2014 involved using the pingback function of WordPress sites to send data at the targeted network. “The effectiveness of this attack lies in the leveraging of victim WordPress Websites that have pingback functionality enabled,” the report stated. “This attack vector typically succeeds by exhausting the number of connections to the target site, rather than by overwhelming the target with bandwidth floods.” Computers in the United States, China, Thailand, Turkey and Germany accounted for almost three-quarters of all attacks, according to the report. Indonesia and South Korea were also in the top 10. “There was a noticeable presence of Asian countries in the top 10 source countries,” Akamai’s report noted. “Growing economies and an expanding IT infrastructure, plus large online populations, fuel DDoS attack campaigns.” Source: http://www.eweek.com/security/easy-to-use-ntp-amplification-emerges-as-common-ddos-attack-vector.html/
More:
Easy-to-Use NTP Amplification Emerges as Common DDoS Attack Vector
Akamai announced a new global DDoS attack report, which shows that in Q1, DDoS attackers relied less upon traditional botnet infection in favor of reflection and amplification techniques. “Instea…
Read More:
Attackers use reflection techniques for larger DDoS attacks
VANCOUVER, BRITISH COLUMBIA–(Marketwired – April 16, 2014) – Bahrain Telecom realized the threat of DDoS attacks on their customer base and set out to explore the various options available for their business customers’ enterprise websites. After evaluating the options available, BATELCO chose the fully managed DDoS Protection service offered by DOSarrest Internet Security. The service will be offered by BATELCO to its business customers as part of its cloud portfolio. Batelco Enterprise General Manager Adel Daylami said that DOSarrest came as an answer to the increased threats in cyber space, as cyber-attacks have become a major security concern for organizations of all sizes. “The DDoS Mitigation solution is designed to protect customers’ networks against any malicious attempts by containing the harm of such attacks, thus ensuring the operational status of the organisation. The introduction of this service is in line with our repeated commitments to providing our valued customers with the most advanced products and services that meet their dynamic demands,” added Mr. Daylami. “We are honored to be providing DDoS protection services for Batelco’s business customers. We have been providing DDoS protection for a number of Bahrain-based enterprises, for over 4 years now, this announcement just cements the business association,” states Mark Teolis, General Manager of DOSarrest. About Batelco: Batelco Group is headquartered in the Kingdom of Bahrain and listed on the Bahrain Bourse. Batelco has played a pivotal role in the country’s development as a major communications hub and today is the leading integrated communications’ provider, continuing to lead and shape the local consumer market and the enterprise ICT market. Batelco has been growing overseas via investing in other market-leading fixed and wireless operators. Batelco Group has evolved from being a regional Middle Eastern operation to become a major communications company with direct and indirect investments across 14 geographies, namely Bahrain, Jordan, Kuwait, Saudi Arabia, Yemen, Egypt, Guernsey, Jersey, Isle of Man, Maldives, Diego Garcia, St. Helena, Ascension Islands and Falklands. (www.batelcogroup.com) About DOSarrest Internet Security: DOSarrest, founded in 2007 in Vancouver, BC, Canada, is one of only a couple of companies worldwide to specialize in only cloud based DDoS protection services. Their global client base includes mission critical ecommerce websites in a wide range of business segments including financial, health, media, education and government. Their innovative systems, software and exceptional service have been leading edge for over 7 years now. Source: http://www.marketwired.com/press-release/bahrain-telecom-teams-up-with-dosarrest-to-offer-ddos-protection-services-1900083.htm
See the original article here:
Bahrain Telecom Teams Up With DOSarrest to Offer DDoS Protection Services
DDoS reaches 300,000 connections a minute. Botnet operators in the criminal underground are launching large denial of service attacks against each other in a bid to knock out rivals in the race to compromise computers. Security researchers have discovered command and control servers owned by operators of Zeus botnets were blasted by those running a rival Cutwail botnet in a distributed denial of service attack reaching 300,000 connections a minute. The infamous Zeus malware was a trojan often used to steal banking information and install cyrptolocking software. The Zeus family was considered to be the largest botnet operating on the internet. Cutwail is also an established botnet which is typically involved in sending spam via the Pushdo trojan, at its peak pushing out millions of emails a day. University researchers said in a paper that Cutwail, known to spammers as ’0bulk Psyche Evolution’, was rented to spam affiliates who pay fees to the botmasters totalling hundreds of thousands of dollars, in order to launch spam campaigns (pdf). RSA researchers found a hit list of new dynamically generated domain names within a Cutwail botnet which served as infrastructure targets of the operator’s rivals. A senior threat researcher that runs under the handle ‘Fielder’ wrote he was surprised to find evidence of the continual fighting. “This is an incredibly interesting finding as it suggests some fierce competition within the criminal underground,” Fielder said. “This was quite literally a live action view of botmasters attacking one another.” The research team examined the attacked IP addresses and found that each was related to Zeus and Zbot (Zeus) command and control hosts. The attacker’s IP addresses were tracked since August and linked to Zeus and kryptik trojans and variants, as well as Bitcoin mining activity. These addresses were also embroiled in a “long history” of malware campaigns including those foisting the formerly infamous BlackHole exploit kit, spam campaigns and an effort to serve malware over IRC and BitTorrent. Source: http://www.itnews.com.au/News/382411,bot-masters-in-cut-throat-ddos-fight.aspx?utm_source=feed&utm_medium=rss&utm_campaign=editors_picks
Having issues with BTC-e today? You’re not the only one. A number of users in the bitcoin community have reported issues with the exchange, raising fears about the service and whether or not it was operating as-should or not. The root of those issues are a distributed denial of service attack (DDoS), confirms the exchange on their official Twitter account. This isn’t the first time this has taken place (nor the last time, we reckon), and it certainly does highlight the community’s sensitivity when it comes to service disruptions. You can’t blame them, either. After the Mt. Gox debacle, it’s become difficult to trust some of these large-scale operations, particularly an exchange that has established itself as mostly secretive. That secrecy has allowed BTC-e to not require verification checks, making it a go-to spot for individuals looking to stay under the radar. As of this writing, it appears services are back to normal. Source: http://newsbtc.com/2014/04/13/btc-e-reports-ddos-attack-server/
Continue Reading:
BTC-e Reports DDoS Attack Against Their Server
DDoS bots are evolving, developing immunity to cookie and JavaScript challenges along the way. A raft of next-generation DDoS attacks have marked the first months of 2014, says a new report from Incapsula, which notes that large-scale SYN floods attacks now account for a hefty 51.5 percent of all large-scale attacks. The research – which covers the whole of 2013 and the first two months of 2014 – says that 81 percent of DDoS attacks seen in 2014 are now multi-vectored, with almost one in every three attacks now above 20 Gbps in data volume terms. The analysis – entitled the `2013-2014 DDoS Threat Landscape Report’ – says that application (Layer 7) DDoS attacks are becoming a major headache for IT professionals as this year progresses, with DDoS bot traffic up by 240 percent in the three months to the end of February this year. Interestingly, Incapsula says that 29 per cent of botnets have been seen attacking more than 50 targets a month. The analysis – which is based on 237 network DDoS attacks that exceeded 5 Gbps and targeting Web sites on Incapsula’s network – concludes that DDoS bots are evolving, developing immunity to cookie and JavaScript challenges along the way. In fact, says Incapsula, during the final quarter of 2013, the firm’s research team reported the first encounter with browser-based DDoS bots that were able to bypass both JavaScript and Cookie challenges – the two most common methods of bot filtering. The problem, concludes the report, is that the DDoS attack perpetrators are now looking to raise the stakes even higher by introducing new capabilities, many of which are specifically designed to abuse the weaknesses of traditional anti-DDoS solutions. As a result, in 2014, the research predicts, many IT organisations will need to re-think their security strategies to respond to latest Layer 3-4 and Layer 7 DDoS threats. According to Barry Shteiman, Director of Security Strategy with Imperva, the report exposes advancements in both network and application layers. The most interesting take-out from the report, he says, is that the application DDoS attacks are now originating in botnets. “Last year we wrote extensively about the trend on CMS hacking for industrialised cybercrime where attackers use botnets in order to turn onboard infected machines into botnets and then use those as platforms for network and application attacks,” he said. “For DDoS attacks, it just makes sense. When a hacker has the power of masses with a large botnet, there are great opportunities to disrupt service. When servers are being infected rather than user’s computers, it’s even worse, just because of the bandwidth and computing power that becomes available to the hacker,” he added. Ashley Stephenson, CEO of Corero Network Security, said that it is essential that the governments take a more active role in encouraging private sector organisations to address the issue of DDoS attacks – and to put in place the appropriate plans to deal with these unavoidable security risks to their business and the nation’s financial infrastructure. “As consumers saw in late 2012 and early 2013, in both the US and UK, banks and financial institutions were successfully targeted by attacks which compromised their online services,” he told SCMagazineUK.com . The Corero CEO went on to say that his company believes that mandated controls – like those recently proposed by the Federal Financial Institutions Examination Council (FFIEC) – will drive organisations to take pro-active steps to regaining control of their online presence. “These mandates, at a minimum, offer guidance for financial institutions for appropriate DDoS activity monitoring and adequate incident response planning, this will ultimately lead to the deployment of more effective DDoS defence solutions,” he explained. Source: http://www.scmagazineuk.com/ddos-attacks-bigger-badder-and-nastier-than-last-year/article/342078/
Read More:
DDoS attacks: Bigger, Badder and Nastier than last year
Here's an overview of some of last week's most interesting news, reviews and articles: Cost of Advanced Evasion Techniques in recent data breaches A new report by McAfee examines the controversy…
Read More:
Week in review: AET costs, Windows XP deadline, routers expose ISPs to DNS-based DDoS attacks