Tag Archives: ddos news

DDoS Attacks Grow Shorter But Pack More Punch

If there was ever a riddle asking the listener to name something that has become bigger and shorter at the same time, distributed denial-of-service attacks (DDoS) would be an acceptable answer. According to a new report from Arbor Networks about the third quarter of 2013, the average attack size now stands at 2.64 Gbps for the year, an increase of 78 percent from 2012. The number of attacks monitored by the firm that are more than 20 Gbps experienced massive growth, to the tune of a 350 percent increase so far this year. Meanwhile, the length of the vast majority of attacks (87 percent) has gone down to less than an hour. “Shorter duration attacks are not inherently harder to detect, but they can be harder to mitigate,” says Gary Sockrider, solutions architect for the Americas, Arbor Networks. “Many organizations today rely on network- or cloud-based mitigation of DDoS attacks. Because they rely on rerouting attack traffic to scrubbing centers, there is a small delay in mitigation while routing or domain name changes propagate. “Ideally you want to have mitigation capabilities on your own network that can react immediately without the need for redirection. I think it’s safe to say that if you have absolutely no mitigation capabilities, then shorter attacks are better. However, if your only protection has inherent delays, then shorter attacks potentially cannot be stopped.” Barrett Lyon, founder of DDoS mitigation firm Prolexic Technologies and now CTO of Defense.net, says that shorter DDoS attacks also have the added benefit of minimizing an attacker’s exposure. “The longer it runs, the more things are obviously clogged up and the more reactive network engineers become,” he observes. “When network engineers start researching a problem like that — congestion in their network or why is this computer slow — it exposes the botnet and makes it much vulnerable than it would be otherwise. So if it’s a short attack but big, [attackers] can kind of quickly see and size up their target. They can quickly determine … what’s the best bang for the buck when it comes to attacking.” A clear trend of increasing attack sizes has emerged during the past several years, Sockrider says. “I believe there [is] a combination of factors enabling this trend,” he says. “First, there is increased availability of simple-to-use tools for carrying out attacks with little skill or knowledge. Second, there is a growing proliferation of DDoS-for-hire services that are quite inexpensive. Third, increasingly powerful workstations and servers that get compromised also have significantly faster connections to the Internet from which to generate attacks.” The largest monitored and verified attack size during the quarter was 191 Gbps, according to the firm. Fifty-four percent of attacks this year are more than 1 Gbps, up from 33 percent in 2012. Some 37 percent so far this year are between 2 Gbps and 10 Gbps. Another general trend is of attacks moving to the application layer. In fact, while volumetric attacks are still common, they are now frequently combined with application-layer and state exhaustion attacks, Sockrider says. In some cases, DDoS attacks have served as diversions meant to draw attention from other activities, such as bank fraud. For example, a report published in April by Dell SecureWorks noted how DDoS attacks were launched after fraudulent wire and automatic clearing house (ACH) transfers. “Most people that follow DDoS trends are aware of the really high-profile attacks against government and financial institutions, but in reality the most common targets are actually business and e-commerce sites,” Sockrider says. “We’re also seeing increased attacks in the online gaming industry, where attacks are waged for competitive advantage. Additionally, some organizations are taking collateral damage because they reside in a data center, and they happen to share infrastructure with a high-profile target. The bottom line is that in the current environment, every organization is a potential target.” Source: http://www.darkreading.com/attacks-breaches/ddos-attacks-grow-shorter-but-pack-more/240162741

See more here:
DDoS Attacks Grow Shorter But Pack More Punch

What Is a DDoS Attack?

What Is a DDoS Attack? Before we can understand just how groundbreaking this recent attack was, let’s first go over exactly what a denial of service attack is. It is one of the least complicated attacks that a hacker can pull off. Basically the goal is to shut down a webserver or connection to the internet. Hackers accomplish this by flooding the server with an extremely large amount of traffic. It would be like taking a wide open freeway and packing it full of the worst rush hour traffic you could imagine. Every connection to and from the freeway would grind to a halt. This would make visiting the website (or the road) next to impossible, or at the least extremely slow! In some cases, the server might overload and shut down completely. When this happens, it doesn’t mean that the website was necessarily hacked. It just means that the website was kicked off the internet for a period of time. This may not sound like that big of a deal, but if your company relies heavily on its online presence, this interruption of service could take a huge cut out of profits. DoS v. DDoS The next item to be clarified is the difference between a DoS (Denial of Service) attack and a DDoS or (Distributed Denial of Service) attack. This distinction is pretty simple: a DoS attack comes from one network or computer whereas a DDoS comes from multiple computers or networks. DDoS attacks are most always bigger than a DoS attack because the strength of the attack can be multiplied by a huge amount of computers. Source: http://www.scientificamerican.com/article.cfm?id=what-is-ddos-attack

Video: DIY Command & Control for fun and no profit

Many security professionals have heard about Command & Control botnets, even more have been infected by them. Very few have had the opportunity to actually look inside the server control panel of a C&…

Continue reading here:
Video: DIY Command & Control for fun and no profit

GitHub Struggles With Second Day Of DDoS Attacks

Code sharing site GitHub has been fending off large distributed denial of service (DDoS) attacks for two days now, with the site repeatedly taken offline. The attacks started at around 8pm yesterday, when a “large scale DDoS attack” hit. It didn’t last long as GitHub was back online less than an hour later. GitHub downed by DDoSers again But today problems emerged again. From 10.30am, another DDoS has taken GitHub down. “We’re doing everything we can to restore normal service as soon as possible,” a GitHub spokesperson told TechWeekEurope . GitHub has been keeping users updated on its status page. “We’re simultaneously working on deflecting the attack and restoring affected services,” read a post at 11.17am. “We’re working to re-establish connectivity after the attack disrupted our primary internet transit links,” another post from 11.48am read. The site was functioning at 12pm today, but there was no update on the status page. The site has been battered by DDoS attacks throughout this year. In August, a “very large” strike was reported and it was hit twice in two days in March. Source: http://www.techweekeurope.co.uk/news/github-ddos-attacks-128704

More:
GitHub Struggles With Second Day Of DDoS Attacks

The latest on major DDoS and phishing attacks, and more

An analyst has confirmed that several, unnamed financial institutions have suffered losses in the “millions” owing to distributed denial-of-service (DDoS) attacks. According to Avivah Litan , VP and distinguished analyst at research firm Gartner , three U.S. banks were hit by short-lived DDoS attacks in recent months after fraudsters targeted a wire payment switch, a central wire system at banks, to transfer funds. » A phishing attack enabled hackers to modify the DNS records for several domains of media sites, including those run by The New York Times , Twitter and the Huffington Post U.K. Investigations revealed that the companies were not even the ones targeted by the attackers, who claimed to be the Syrian Electronic Army , a band of pro-Assad hacktivists responsible for a number of IT takedowns in recent months. In order to commandeer the major media sites, intruders compromised a reseller account that had access to the IT systems of Melbourne IT , an Australian registrar, and targeted an employee using an emailed spear phishing ruse. » The PCI Security Standards Council gave merchants a first look at changes to its credit card data and payment application security guidelines that could be introduced later this year. In mid-August, the council released the “3.0 Change Highlights” document, a preview to the updated PCI Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA DSS), which are set to be published Nov. 7. Expected changes in version 3.0 include a new requirement that merchants draw up a current diagram showing how cardholder data flows through organizations’ systems, and added guidance on protecting point-of-sale (POS) terminals from attacks, as well as educational explanations of why the 12 core security requirements have been included in the standard. » Saboteurs have introduced a rare breed of banking trojan capable of infecting Linux users. The malware, called Hand of Thief, is being sold on Russian underground forums and will soon offer a “full-blown” suite of malicious features, making it comparable to other major, commercially available financial malware, RSA researchers discovered. Hand of Thief’s price tag could reach $3,000 once criminals add a suite of web injections to its existing form grabber and backdoor infection vectors. » Around 14,000 former and present employees at the U.S. Department of Energy (DOE) had their personally identifiable information (PII) accessed by an unauthorized party who gained access to the agency’s network. The breach, which may have happened in late July, did not impact classified data, the DOE revealed. But, the incident could mean that sensitive data linkable to an individual was exposed. » In late August, the National Institute of Standards and Technology (NIST) released a preliminary draft framework in support of President Obama ‘s executive order, “Improving Critical Infrastructure Cybersecurity.” Earlier in August, NIST also released revisions to two of its security-related manuals, the first amendments since NIST released them in 2005, reflecting evolving malware threats and the trend of organizations using automated patch management. » Errata : Our apologies to Steve Lee , who we quoted in an insider threats story in August, for erroneously placing the office of his company, Steve Lee and Associates, in Texas, rather than Los Angeles. Source: http://www.scmagazine.com/news-briefs-the-latest-on-major-ddos-and-phishing-attacks-and-more/article/311635/

See more here:
The latest on major DDoS and phishing attacks, and more

London schoolboy cuffed for BIGGEST DDOS ATTACK IN HISTORY

Bet his parents wish he’d been playing computer games A British police investigation into the massive DDoS attack against internet watchdog Spamhaus has led to the arrest of a 16-year-old London schoolboy who, it is claimed, is part of an international gang of cyber-crooks.…

Tor-using Mevade botnet is stealthy new version of old threat

The Mevade Trojan and botnet have gained unexpected notoriety when it turned out that the majority of the recent, sudden and massive uptick in Tor users was the result of it adding Tor as a method of …

Distributed Denial-of-Service Attacks and Midsize Firms

A distributed denial-of-service (DDoS) attack occurs every two minutes, and the number of victims that suffered from more than one attack has risen substantially, according to a new report released by security firm NSFOCUS in SecurityWeek. These attacks are not just high profile any longer, and that is a wake-up call to midsize firms, which are a key target for hackers for many reasons. DDoS Too Often NSFOCUS’s research found that 1.29 DDoS attacks strike somewhere online every two minutes. More than 90 percent of the attacks last less than half an hour. NSFOCUS ascertained that attacks generally remained short and did not go past the rate of 50 Mbps. The number of victims suffering more than one DDoS attack went up 30 percent in just a year, rising to 70 percent. Victims who suffered from only one attack went down from 51 percent last year to 31 percent this year. Interestingly, the study found that hacktivism was the key driver behind more than 91 percent of attacks. Also, online gaming communities and financial services are often targets. What Fuels It The survey also found that a lack of sufficient security, including poor passwords, has fueled the success of DDoS attacks. IT professionals at midsize firms have DDoS attacks on their radar screens since reports in the past few years have shown that the attacks are not just for high-profile purposes. Easily executed attacks that can do the most damage are ideal for today’s cybercriminals; that means midsize firms are at risk. Midsize firms are constantly concerned about having sufficient resources, personnel, money and time to remain competitive, so security must be a top priority for IT professionals, and those who work with third-party data centers should inquire what kind of DDoS protection is provided. Those that manage their own data centers must take the right precautions against botnets and application-layer DDoS attacks on the premises of the network. Also, by working with trusted and experienced security vendors, midsize firms can bring their own security to the next level. When all is said and done, firewalls no longer provide enough protection. A Worthy Investment Distributed denial-of-service attacks are growing, and midsize companies are falling victim. Cybercriminals know that they can successfully hit a lot of growing firms at once and make easy money. They know that some midsize firms do not take security seriously because it might be too costly or time-consuming to consider. In the end, the unprepared midsize firm loses resources, time and money to the costly consequences of a DDoS attack. IT professionals must prioritize security to maintain their company’s competitive edge. Source: http://midsizeinsider.com/en-us/article/distributed-denial-of-service-attacks-an

Originally posted here:
Distributed Denial-of-Service Attacks and Midsize Firms

Amateur hacker behind DDoS attack on China?

When, in late August, China's Domain Name Service was targeted by a huge DDoS attack which ultimately lead to many websites being completely inaccessible for a period of time, the questions everybody …

View post:
Amateur hacker behind DDoS attack on China?

Telstra to DNS-block botnet C&Cs with unknown blacklist

What could possibly go wrong other than a C&C net sharing your colo barn’s IP address? Telstra is preparing to get proactive with malware, announcing that it will be implementing a DNS-based blocker to prevent customer systems from contact known command-and-control servers.…

Taken from:
Telstra to DNS-block botnet C&Cs with unknown blacklist