Tag Archives: attacks

DDoS attack power skyrockets to 1.6 Tbps

DDoS attack trends for the second half of 2023 reveal alarming developments in their scale and sophistication, according to Gcore. The maximum attack power rose from 800 Gbps (1H 2023) to 1.6 Tbps. UDP floods continue to dominate, constituting 62% of DDoS attacks. TCP floods and ICMP attacks also remain popular at 16% and 12% of the total, respectively. All other DDoS attack types, including SYN, SYN+ACK flood, and RST Flood, accounted for a mere … More ? The post DDoS attack power skyrockets to 1.6 Tbps appeared first on Help Net Security .

See more here:
DDoS attack power skyrockets to 1.6 Tbps

Leader of pro-Russia DDoS crew Killnet ‘unmasked’ by Russian state media

Also: NXP China attack, Australia can’t deliver on ransom payment ban (yet), and Justin Sun’s very bad month Infosec in Brief   Cybercriminals working out of Russia go to great lengths to conceal their real identities, and you won’t ever find the state trying to unmask them either – as long as they keep supplying the attacks on Axis nations. It’s the reason why we found it so amusing that of all the ways the identity of an organized cybercrime gang leader could be revealed, it was Russian state media that may have recently outed someone of note.…

View post:
Leader of pro-Russia DDoS crew Killnet ‘unmasked’ by Russian state media

Attackers intensify DDoS attacks with new tactics

As we entered 2023, the cybersecurity landscape witnessed an increase in sophisticated, high-volume attacks, according to Gcore. The maximum attack power rose from 600 to 800 Gbps. UDP flood attacks were most common and amounted to 52% of total attacks, while SYN flood accounted for 24%. In third place was TCP flood. The most-attacked business sectors are gaming, telecom, and financial. The longest attack duration in Q2/Q3 was seven days, 16 hours, and 22 minutes. … More ? The post Attackers intensify DDoS attacks with new tactics appeared first on Help Net Security .

See original article:
Attackers intensify DDoS attacks with new tactics

Cybercriminals create new methods to evade legacy DDoS defenses

The number of DDoS attacks we see around the globe is on the rise, and that trend is likely to continue throughout 2023, according to Corero. We expect to see attackers deploy ever higher rate request-based or packets-per-second attacks. “DDoS attacks have historically focused around sending packets of large sizes with the aim to paralyze and disrupt the internet pipeline by exceeding the available bandwidth. Recent request-based attacks, however, are sending smaller size packets, to … More ? The post Cybercriminals create new methods to evade legacy DDoS defenses appeared first on Help Net Security .

See more here:
Cybercriminals create new methods to evade legacy DDoS defenses

Hackers can rip open your company with AI… But AI can help you fight back

How? Join our October 7 online broadcast to find the answer Webcast   Consider a world where cyber-attackers are using AI to refine, control and scale up their attacks. There is no need to stretch your imagination: sophisticated hackers are using AI techniques today to manage botnets, mount attacks, and cover up their traces, as well as to help them understand the context they’re operating in, and, naturally, increase profitability.…

See more here:
Hackers can rip open your company with AI… But AI can help you fight back

Tools for DDoS attacks available for free online

Distributed Denial of service or popularly known as DDoS attacks once again came to the limelight in 2016. From the attacks on Dyn servers whose architecture translates domain names into numeric addresses, hacker group Anonymous launching a DDoS campaign against Donald Trump under the banner of #OpTrump, to DDoS-for-hire service called LizardStresser using IoT botnets launching attacks on websites related to the Rio Olympics’ to hackers using 24,000 computers from around 30 countries to launch attacks on five Russian banks in early November. A DDoS attack is perpetrated by people who try and make an organizations website or services temporarily unavailable by suddenly increasing the amount of traffic from various sources to the end server.(read computers or even IoT devices from across the world). Moreover, there are many freely available tools available online for free and many hackers even sell DDoS services on Darkweb marketplaces like Alphabay, Valhalla etc. “You do not have to be a specialized hacker. Anyone nowadays can buy these services and tools by paying a small amount of money to bring down certain websites or completely put a company’s infrastructure in disarray. You can even run the attacks for weeks,” says Rahul Tyagi,Vice President – Training at Lucideus. Some of the common methods used to launch a DDoS attack are TCP connection attacks, volume attacks, fragmented attacks and application based attacks. TCP connection attacks are used against most of the end users available connections which include servers, firewalls and even load balancers. While Fragmented attacks destroy the victims system by sending TCP fragments, app attacks take down a server by using botnets. All of these can enable by tools freely available online. Let’s look at some of them. LOIC (Low Orbit Ion Canon) LOIC or popularly known as Low orbit Ion Canon is one of the more popular tools available on internet. It is primarily used to initiate a DOS attack on servers across the world by sending TCP, UDP requests to the compromised server. Even a beginner can use this tool and all he has to do enter the IP address of the victim server. This tool was earlier used by the infamous hacker group Anonymous for some of their attacks. But before you can get any ideas, just remember, this tool does not protect the hosts IP address so agencies looking out for you can trace the attack’s origin. XOIC This is another easy to use DOS attacking tool for the beginners. You can just input the IP address of or th selected ports and can be used against websites which do not generate a huge amount of traffic. HOIC HOIC or known as High Orbit Ion Cannon is an effective tool which uses booster scripts which allow users to make lists of victim IP addresses and helps the attackers remain anonymous and difficult to tracked down. It is still used by Anonymous for DDoS attacks worldwide. The tool claims it can flood up to 256 websites at once. Slowloris Slowmoris was developed by a gray hat hacker called “RSnake” which creates a slow HTTP request by sending the requests in HTTP requests in small packets in the slowest manner possible so that the victim server is forcefully made to wait for the requests. This way if multiple requests are send to the server, it will not be able to handle genuine requests. Pyloris This uses the same Slowmoris method. This tool directly attacks the service and not the hardware. Apart from these, there are many other tools available online like OWASP Switchblade, DAVOSET, GoldenEye HTTP DoS Tool, THC-SSL-DOS, DDOSIM – Layer 7 DDoS Simulator among others. All these tools are freely available online for downloads for anyone out there. Considering how mundane most cyber secuirty agencies are in dealing with attacks of such nature, there is lots which is needed to be done to defend against such DDoS attacks. Source: http://tech.economictimes.indiatimes.com/news/technology/tools-for-ddos-attacks-available-for-free-online/56297496

More:
Tools for DDoS attacks available for free online

Indian Bitcoin Exchange Suffers Outage as DDoS Attacks Continue

T he onslaught of DDoS attacks targeting bitcoin websites around the world isn’t showing any signs of abating as an Indian bitcoin exchange came under attack today. Indian bitcoin exchange Coinsecure saw a spike in traffic this Monday morning local time. The number of connections attempting to reach the website was enough to disrupt exchange activity. Operational delays ensued on its website, mobile application and other API-enabled platforms. In an email to customers, the bitcoin exchange revealed the reason for the delays. We were under a massive DDoS attack this morning that blocked traffic temporarily to our website, API and Android App. You may have experienced delays in withdrawals and deposits as well, this morning. The email, which reached customers afternoon in local time, confirmed that the website was fully operational again, following several hours of disruption. Bitcoin Exchanges. Ripe Targets? Bitcoin exchanges and websites are perhaps the most-obvious targets for DDoS extortionists seeking ransom in bitcoin.  Still, Kraken CEO Jesse Powell told CCN in an earlier exchange that bitcoin companies aren’t always the best targets. “Most Bitcoin companies aren’t profitable and we’re therefore not great targets,” said Powell, whose exchange suffered a DDoS attack in November last year. Thai bitcoin exchange Bitcoin Co. Ltd., also suffered a DDoS attack in November 2015, albeit from a different perpetrator. “We have received several DDOS-ransom letters to https://bx.in.th,” Bitcoin Co. Ltd Managing Director David Barnes told  CCN . “[The] last was supposedly from Armada Collective requesting 10BTC.” More importantly, he added: Attackers seem to lose interest quickly when you block them or don’t respond to their messages. CCN was also targeted in November 2015, with one extortionist communicating via email to demand 2 bitcoins in ransom. The email was ignored and we duly put up a 5 BTC reward for any information leading to a successful police report. While we came short of finding details, CCN continues to be targeted frequently with DDoS attacks. At the time in 2015, bitcoin was trading near peaks of $500 and has come a considerable way since while avoiding volatility. As the value of the cryptocurrency makes gains with stable footing, bitcoin businesses and websites continue to remain targets. A New Wave of Attacks The latest instances of DDoS disruptions could ostensibly be new wave of attacks targeting bitcoin websites. Last week, European bitcoin and altcoin exchange BTC-e was also targeted, resulting in temporary disruption of exchange activity. CCN was also the target of a DDoS attack last week. The website saw temporary disruption lasting 1-2 hours before the attacks were mitigated. Source: https://www.cryptocoinsnews.com/indian-bitcoin-exchange-suffers-outage-ddos-attacks-continue/

Continue reading here:
Indian Bitcoin Exchange Suffers Outage as DDoS Attacks Continue

New botnet launching daily massive DDoS attacks

CloudFlare spotted a new botnet in the wild which launched massive DDoS attacks aimed at the US West Coast for 10 days in a row. A new monster botnet, which hasn’t been given a name yet, has been spotted in the wild launching massive DDoS attacks. Security experts at CloudFlare said the emerging botnet is not related to Mirai, but it is capable of enormous distributed denial-of-service attacks. If this new botnet is just starting up, it could eventually be as powerful as Mirai. The company has so far spent 10 days fending off DDoS attacks aimed at targets on the US West Coast; the strongest attacks peaked at over 480 gigabits per second (Gbps) and 200 million packets per second (Mpps). CloudFlare first detected the new botnet on November 23; peaking at 400 Gbps and 172 Mpps, the DDoS attack hammered on targets “non-stop for almost exactly 8.5 hours” before the attack ended. CloudFlare’s John Graham-Cumming noted, “It felt as if an attacker ‘worked’ a day and then went home.” The botnet DDoS attacks followed the same pattern the next day, like the attacker was “someone working at a desk job,” except the attacks began 30 minutes earlier. On the third day, the attacks reached over 480 Gbps and 200 Mpps before the attacker decided to knock off a bit early from ‘work.’ Once Thanksgiving, Black Friday and Cyber Monday were over, the attacker changed patterns and started working 24 hours a day. The attacks continued for 10 days; each day the DDoS attacks “were peaking at 400 Gbps and hitting 320 Gbps for hours on end.” That’s not as powerful as the Mirai botnet made up of insecure IoT devices, but this botnet is presumably just getting started. It’s already plenty big enough to bring a site to its knees for hours on end unless it has some decent form of DDoS protection. If it were to be combined with other botnet strains, it might be capable of beating the unprecedented records set by the Mirai attacks. Although CloudFlare never elaborated on what devices the new botnet was abusing for its attacks, the company said it uses different attack software then Mirai. The emerging botnet sends very large Layer 3 and Layer 4 floods aimed at the TCP protocol. Hopefully it’s not using poorly secured internet of things devices as there seems to be an endless supply of IoT devices with pitiful-to-no security waiting to be added to botnets. That’s likely going to get worse, since IoT gadgets are expected to sell in record-breaking numbers this holiday season. It’s just a guess, but it does seem likely that the new botnet is aimed at such devices. CloudFlare posted the new botnet information on Friday, so it is unknown if the attacks have continued since the article was published. Last week, a modified version of the Mirai IoT malware was responsible for creating chaos in Germany and other worldwide locations; the hackers reportedly responsible for attempting to add routers to their botnet apologized for knocking Deutsche Telekom customers offline as it was allegedly not their intention. DDoS attacks may give a blue Christmas to gamers Regarding DDoS attacks, the most recent Akamai State of the Internet/Security Report suggested that gamers might not have the best holiday season. For the past several years, hackers have attacked and sometimes taken down Microsoft’s Xbox and Sony’s PlayStation networks, even Steam, making it impossible for seasoned gamers as well as those who received new gaming platforms for Christmas to enjoy new games and consoles. “Thanksgiving, Christmas, and the holiday season in general have long been characterized by a rise in the threat of DDoS attacks,” the Akamai report stated. “Malicious actors have new tools – IoT botnets – that will almost certainly be used in the coming quarter.” As first pointed out by Network World’s Tim Greene, Akamai added, “It is very likely that malicious actors are now working diligently to understand how they can capture their own huge botnet of IoT devices to create the next largest DDoS ever.” Let’s hope the newly discovered botnet isn’t an example of Akamai’s prediction. Source:http://www.computerworld.com/article/3147081/security/new-botnet-launching-daily-massive-ddos-attacks.html

View article:
New botnet launching daily massive DDoS attacks

What You Need to Know about the Evolution of DDoS

In an attempt to define the modern-day DDoS attack, one must understand – there is more than one type of attack. Starting with the simplest first,  network level  DDoS attacks are the easiest to launch. They are fundamentally designed to crush networks and melt down firewalls. Aimed at filling state tables and consuming the available resources of network gear, today hackers require larger and larger botnets to be successful. As organizations install bigger pipes and improve their router, firewall, and switch capacity, this type of attack is becoming less effective.  Also, due to law enforcement taking notice of the larger botnets required to be successful, attackers had to devise a better tactic. Hence, the birth of the  reflective/amplified  attack. Using open DNS, NTP, and now UPnP devices located all over the Internet, attackers have learned how to amplify their attacks, and today they’re capable of filling large numbers of 10 Gbps pipes; using botnets of only a few-thousand machines. Firewall state tables and network resources are often not consumed in this case. Instead, pipes are filled with more traffic than they can forward. Packets can only travel so fast down a wire and when they backup, outages and latency ensue. It’s not the case of more packets; it’s the case of bigger packets. As a result of the amplification factor achieved, these attacks are now being  fragmented  as well. Too many fragmented packets are often a death sentence for devices performing deep packet inspection, like next-generation firewalls and IPS. Attackers can flood them with an excessive amount of fragments, consuming vast amounts of CPU, and these devices often melt down in no time at all. Even the highest performing next-generation firewalls and IPS will feel the effects of this type of attack. From an attacker perspective, interweave repetitive  application-layer  attacks designed to consume resources on servers, and you’ve got a recipe for success. Pound the final nail in the coffin by adding  specially crafted packet  attacks designed to take advantage of weak coding, and simply put – anyone will go offline without the right defenses. Attackers today use all five categories simultaneously, making it even harder to defeat without blocking vast amounts of good traffic. However, DDoS attacks are not always about bringing organizations offline. Today’s attackers are launching short-duration, partially saturating attacks that are intended to NOT take the victim offline. Instead, they’re designed to consume time, attention, “people” resources, and log storage. If the average enterprise had to choose between suffering from a DDoS attack or a data breach – they’d likely choose a DDoS attack – taking comfort in the fact that their most valuable information would remain intact, and out of the hands of a hacker. However, DDoS is all about hiding other attacks, and your data is the true target. DDoS is a serious threat – one that has vastly evolved from the simple, easily resolved attacks of the past. Often overlooked as a nuisance, any DDoS activity should raise a red flag for IT departments. When an attack lasts for a few hours (or even a few minutes), most organizations believe the attacker got tired, gave up, or the victim’s defenses withstood the onslaught. The misconception here is a sense of invincibility. However, the real reason the DDoS attack may have subsided is because the attacker achieved their objective – access to your data. Often attackers are targeting your data the whole time, while leading many to believe they’re trying to take organizations offline. Frequently, this is not their intention at all. This is emphasized by the recent rise in Dark DDoS attacks that act as a distraction to the IT department – while a damaging hack is enacted and data is stolen. If businesses are too complacent about DDoS protection, they can be financially ruined due to brand damage and the immediate decrease in customer confidence they often experience – as a result of an attack. This leads some to the point of no return. Often hidden by the Dark DDoS attack, the losses associated with the compromise of proprietary data ends up costing more to mitigate, than the attack itself. It is quite the vicious cycle. The most targeted organizations are obviously those who thrive on Internet availability, or gain the attention of hacking groups like Anonymous. Finance, news, social networks, e-retail, hospitality, education, gaming, insurance, government services, etc. are all seriously impacted by an outage. These organizations almost always make the news when downtime occurs, which in turn leads to a loss of customer confidence. In addition, any organization that has sellable data often finds themselves in the cross hairs of a Dark DDoS attack. Remember, attackers in this case want access to your data, and will do just about anything to get it. Attackers also love notoriety. News-making attacks are often like winning a professional game of chess. Their strategies, skills, and perseverance are all tested and honed. Hacker undergrounds take notice of highly skilled attackers. Often job agreements or an offer for “a piece of the action” is the reward for those with notable skills. While all of this activity may be considered illegal in just about every country, the reward seems to outweigh the punishment. As long as that is the case, attackers will continue their activities for the foreseeable future. So, what’s the solution? Put the right defenses in place and eliminate this problem – once and for all. It begins with understanding the importance of cloud-based DDoS defenses. These defenses are designed to defeat pipe-saturating attacks closest to their source. They also reduce latency involved with DDoS mitigation, and help eliminate the needs to backhaul traffic around the globe to be cleansed or null routed. Selecting a cloud provider with the highest number of strategically located DDoS defense centers that they operate themselves, makes the absolute best sense. In addition, selecting a cloud provider who can offer  direct connectivity  to your organization where applicable is also the recommendation. Diverting incoming traffic to the cloud to be cleansed is normally done via BGP. It’s simple, fast, and effective. However, returning the “clean” traffic back to the customer represents a new set of challenges. Most cloud providers recommend GRE tunnels, but that approach is not always the best. If you can connect “directly” to your cloud provider, it will eliminate the need for GRE and the problems that accompany that approach. The result of a direct connection is quicker mitigation and more efficient traffic reinjection. Are cloud-based DDoS defenses the end-all? Not really. The industry recognizes a better method called the hybrid-approach. The thought process here is that smaller, shorter DDoS attacks are more effectively defeated by on-premises technology, while larger and longer attacks are more efficiently defeated in the cloud. The combination of the two approaches will stop all DDoS attacks in their tracks. In addition, volumetric attacks are easily defeated in the cloud, closest to the source of attack. Low-and-slow attacks are more effectively defeated closer to the devices under attack. This combined approach provides the best of both worlds. Complete visibility is another benefit of the hybrid approach. Cloud-based DDoS defense providers who have no on-premises defense technology are blind to the  attacks against their own customers . Many cloud providers attempt to monitor firewall logs and SNMP traps at the customer’s premises to help detect an attack. However, that’s comparable to using a magnifying glass to study the surface of the moon – from earth. The magnifying glass is not powerful enough, nor does it offer enough granularity to detect the subtleties of the moon’s surface. Purpose-built, on-premises DDoS defense technologies are the eyes and ears for the cloud provider. The goal here is to detect the attack  before  a customer actually knows they’re under attack. This equates to immediate DDoS detection and defense. Detection is actually the hardest part of the DDoS equation. Once an attack is detected, mitigation approaches for the most part are similar from one vendor to another. Using a set of well-defined mechanisms can eliminate nearly every attack. Most defenses are based upon a thorough understanding of the way protocols work and the behaviors of abnormal visitors. Finding a vendor who has the most tools and features in their defensive arsenal is the best practice. The final recommendation is to select a vendor who has both cloud-based and on-premises defenses, especially if those defenses use the same underlying technologies. On-premises hardware manufacturers who also offer cloud-based services are the way to go. The reasoning is simple. If the cloud defenses are quite effective, adding on-premises defenses of the same pedigree will become even more effective. In addition, the integration of the two approaches becomes streamlined when working with a single vendor. Incompatibilities will never be an issue. If the recommendations in this article are followed, DDoS will never be an issue for you again. The vulnerability is addressed, the risk is mitigated, and the network is protected. That’s what IT professionals are looking for – a complete solution. Source: http://virtual-strategy.com/2016/08/15/need-know-evolution-ddos/

Read this article:
What You Need to Know about the Evolution of DDoS

Cybersecurity: Financial Institutions Fret over DDoS Attacks

Financial institutions, especially the banks, are getting more worried about the increasing rate of a new cyber attack called Distributed Denial of Service (DDoS), that has caused huge financial losses running into billions of naira to banks. Financial institutions expressed worries about further loss of funds to DDoS attacks at a security forum organised by MainOne and Radware in Lagos this week and called for technology solutions that would address the threat. During a panel session, Head, Infrastructure Services at Skye Bank, Mr. Tagbo Nnoli, said banks suffered major attacks last year from DDoS attacks on banks and that since then, the banks started seeking solutions to address the issue. Aside DDoS attacks, Nnoli said banks also suffered attacks from phishing and social engineering last year, resulting to huge financial losses. Head, Industry Security Services, Nigeria Inter-Bank Settlement System (NIBBS), Mr. Olufemi Fadairo, who confirmed that banks suffered huge financial losses to cyber attacks last year, however said the rate of losses due to online attacks, were beginning to reduce in 2016, following proactive measures taken by the Central Bank of Nigeria (CBN) and the NIBSS to address financial losses to cyber attacks. According to Fadairo, “NIBSS tries to protect organisations and in the past five years, there has been improvement on financial security. We do benchmarking to find out any disruption of a normal pattern of an organisation. By January 2016, we discussed about DDoS attacks on banks where 63 per cent of banks said such attacks would increase, if not mitigated on time.” Following the threat, we decided to focus on data companies like MainOne that provides data solution for the financial sector, Fadairo said. The Chief Information Security Officer at MainOne, Mr. Chidi Iwe, however raised the hopes of financial institutions at the forum, when he revealed that MainOne had partnered RadWare, a global security company to mitigate DDoS attacks in the country’s financial sector, by redirecting organisation’s traffic to the MainOne DDoS mitigation platform, from where it keeps organisation data fully protected at all times and maintaining the normal operations of organisations on-premises infrastructure. He said the service could detect and mitigate zero-day attack within 18 seconds. According to Iwe, over 50 per cent of enterprise companies globally, suffered DDoS attacks at the end of 2015, and Nigerian businesses are growing in recent yeas and the focus of attacks is gradually shifting to the Nigerian space. Although he said most attacks were not reported publicly in the past, but that there has been over 600 per cent growth in reporting attacks in Nigeria in recent times, based on CBN regulation. Two weeks ago, there was DDoS Attacks in Nigeria. Attacks have caused organisations over $500 billion in recent years, and DDoS attacks are predicted to be on the rise, Iwe said. He however assured financial institutions that the security solution service agreement it signed with Radware in 2016, would address insecurity issues with DDoS attacks. MainOne solution therefore monitors DDoS attacks and create alert for the company using the solution, he said, while listing the benefits of the solution to include online reporting, which allows customers to log online to find out what the trends are. The MainOne solution also offers training for customers in partnership with Radware to boost customer experience. He said capital expenditure CAPEX and operational expenditure OPEX, are completely eliminated by the solution. The Security Solution Architect at Radware, Mr. Eran Danino, while explaining how DDoS operates, said it first attacks firewalls, destroys it before replicating itself into other components. He said most organisations are not ready to mitigate DDoS attack because they either have saturated internet pipes, or they lack the security skills to detect and mitigate attacks. “What we do at Radware is to mitigate the attacks, just as the attackers change their attacking plans regularly,” Danino said. He explained that there was need for organisations to choose the best protection and draw up a checklist to find out the assets that must be protected first. He said Radware uses two approaches to mitigate DDoS attacks, through hybrid solution and full cloud service solution by protecting data from the cloud. Source: http://www.thisdaylive.com/index.php/2016/08/04/cybersecurity-financial-institutions-fret-over-ddos-attacks/

Read the original:
Cybersecurity: Financial Institutions Fret over DDoS Attacks