Tag Archives: ddos

Struggles with iOS 8 upgrades, traffic surges mimic DDoS attacks

Users upgrading devices to iOS 8 are struggling with long waits – while networks are being flooded by traffic (NASDAQ:AAPL, NASDAQ:AAPL) Apple users are frustrated with difficulty in upgrading to iOS 8, as download times are painfully long. To make matters worse, some networks are being slammed by so much traffic, it’s almost like they are under distributed denial-of-service (DDoS) attack. Networking company Procera Networks found one CIS mobile network that saw its network traffic jump an incredible 4000 percent than normal – an astronomical traffic amount for non-video applications. Everything from Apple’s iPhone models to its smartwatch were criticized – but anytime there is a new iOS release, Apple fans quickly flock to download the latest operating system. However, after just a few days, adoption for iOS 8 has been slower than that of iOS 6 or iOS 7, according to analysts. The iOS 8 upgrade requires 5.8GB of storage space, forcing some users to delete photos, videos, and other data to free up space to upgrade. Source: http://www.tweaktown.com/news/40240/struggles-with-ios-8-upgrades-traffic-surges-mimic-ddos-attacks/index.html

Continued here:
Struggles with iOS 8 upgrades, traffic surges mimic DDoS attacks

How to Protect Your Blog From an Advanced DDoS Attack Read

Although it’s pretty much unlikely that any high profile hacktivists are going to be targeting your website via a Distributed Denial of Service (DDoS) attack anytime soon, that’s not necessarily grounds for sitting back relaxed and complacent without a backup / protection plan. DDoS attacks are becoming more prevalent and much easier to execute thanks improvement in technology, bandwidth and accessibility to tools and information on how to do it. We continue to see big brands like Sony get brought down momentarily by these attacks, and even the CIA’s website suffered this pain in 2012. It’s a serious threat. For clarification, DDoS attacks happen through an overpowering of numerous computers, usually through the use of bots, that continuously send traffic to an IP address or website. As simple as this might seem, the effects can be brutal to a website. What’s worse is that the typical common security protocols that are set up to defend against hacking and intrusion just don’t work against DDoS attacks and taking matters into your own hands, whether it’s through WordPress security plugins or code tweaks and improvements are not sufficient. Luckily, there are a couple ways to protect a website from DDoS attacks. Using a Cloud Security Provider Using proprietary technologies, a number of web security companies have begun releasing different forms of protection from DDoS. These include the likes of Prolexic, for example, which has a fairly decent track record of mitigating web security threats. However, much of what these products do happens behind the scenes. In the push for full disclosure, more companies and website owners are relying more on cloud security providers, like Incapsula, who not only provide free usage of their CDN but also powerful DDoS protection at fairly reasonable pricing for anyone serious about their website’s security. Where other services just kind of tell us that things are being handled, Incapsula offers some pretty slick monitoring options that take your website security a step further than a service: It’s a tool. Going beyond just DDoS traffic mitigation, Incapsula protects against other forms of attacks and site outages (both malcontent and accidental) while simultaneously offering a speed boost through those same site mitigation channels; along with pretty much guaranteeing 100% up-time for complex applications through load balancing and failover, spread across multiple servers. What’s even better is that they provide visual and trackable insights into the site’s performance and health. Sophisticated web threat protection is becoming more available and affordable and it’s a valid inclusion among tools bloggers and other marketers normally utilize. Self-Protected Domain Infrastructure Bearing in mind that DDoS mitigation is not for the faint of heart or the modest wallet, I know there are some DIY admin types who live for the thrill of getting their hands dirty. Protecting against a DDoS attack on your own is a massive undertaking that’s easy to get wrong, which would leave you just as unprotected as if you had done nothing at all. But, if you’re up for the task and have the skillset required (seriously, be honest with yourself on this one, you or your client’s product is at stake here), the following Cisco reading material will get you moving in the right direction… if you really know what you’re doing: Discuss Options with Your Hosting Service Of the many web hosts online offering bottom dollar deals to get your website up and running , a vast majority of them don’t have the infrastructure set up to properly deflect a DDoS attack. This doesn’t necessarily mean that your cost-effective host, whichever it may be, doesn’t have protection, but that doesn’t mean that they do, either. Simply put, you should be contacting your preferred host(s) directly to determine precisely what they have in place to protect your site/sites from malicious attackers. Additionally, you absolutely need to know what their policy is on how to deal with sites that are suffering attacks that break through or overwhelm their servers. The punishment of a week or two of downtime from your host can be more damaging than the original attack itself since it’s more likely that your account will be blacklisted or suspended rather than the company taking full responsibility. Your best bet for protection via a web host is going with a premium provider like WP Engine who pride themselves on running very secure and well managed hosting environments. The most important thing you should keep in mind is that, for relatively little time invested, you can set a site up to be guarded against incredibly expensive attacks. There’s no reason to find yourself in a situation where you’re looking for protection after a DDoS is launched. The risk for loss of traffic and in some cases, sales, is much too great. Source: http://www.blogherald.com/2014/09/18/protect-blog-advanced-ddos-attack/

View original post here:
How to Protect Your Blog From an Advanced DDoS Attack Read

The Escapist #GamerGate Forums Brought Down In DDoS Attack

Earlier this week, Milo Yiannopoulos of Breitbart London published an article containing emails between a group of video game journalists, all members of an email list called GameJournoPros. The Breitbart piece suggested collusion between these journalists to provide a specific spin on news during the early days of the Zoe Quinn scandal, which has now blossomed into the broader #GamerGate movement, and to clamp down on discussion of the topic across sites and forums. Yiannopolous also published the full exchange of emails, which provided a more nuanced look at the situation. In the emails various game writers discuss the Quinn scandal and how to approach it. Some suggest sending a note of solidarity, while others push back against this idea, citing the need for professional distance between journalists and their subjects. All told, it appears to be a largely civil conversation between professionals. But two moments in the thread ought to raise eyebrows. In one, writer Ryan Smith asks questions about where other writers and publications draw the line on writing about the private lives of subjects. He is quickly shouted down. More important is an exchange between Polygon writer Ben Kuchera and The Escapist’s Editor-in-Chief Greg Tito. Kuchera urges Tito to shut down The Escapist forum where the discussion of Quinn was occurring, but Tito refuses, arguing that a place for discussion is a healthy thing. “The conversation may be distasteful to some of us,” Tito writes in response to Kuchera and others, “but I don’t know if the answer is to delete the thread. The Escapist is not giving harassment a home, but allowing civil discussion on a matter that people are emotional about.” Since these emails took place, #GamerGate has been born and even the release of Bungie’s popular video game  Destiny hasn’t dampened the voices on both sides. However, it appears that many forums where discussion of #GamerGate has been occurring have been clamping down. Both reddit and 4chan have been banning users and shutting down forums related to the topic. One of the only places outside of Twitter where any discussion has been occurring has been at The Escapist. This morning The Escapist came under a DDoS (denial of service) attack, according to the co-founder and GM of the site Alexander Macris. “A DDOS attack is currently underway against @TheEscapistMag. The attackers are specifically targeting the GamerGate forum thread,” Macris tweeted this morning. After a brief interlude the attacks began again, and eventually the publication was forced to take down the forums temporarily. The attack consists of “a large number of IP addresses targeted the GamerGate thread for reload many times per second.” At this point there is no information of the perpetrator of the attack though The Escapist is working to find out. The timing of the attack, following the revelations in the GameJournoPros emails, does raise questions. We will continue to follow this story and update as more information comes to light. If anyone has information about the attacks please don’t hesitate to reach out. Source: http://www.forbes.com/sites/erikkain/2014/09/20/the-escapist-forums-brought-down-in-ddos-attack/

Continued here:
The Escapist #GamerGate Forums Brought Down In DDoS Attack

Japanese Teen Sent to Prosecutors over DDoS Attack

Japanese police sent papers on a 16-year-old boy to public prosecutors Thursday over a suspected distributed denial of service (DDoS) attack on an online game company. It was the first criminal accusation by police in the country against a DDoS attack, which entails saturating a particular server or computer with large amounts of data, according to Tokyo’s Metropolitan Police Department. The high school student in the southwestern city of Kumamoto has admitted the charges, sources familiar with police investigations said. He told investigators that he was frustrated after the game company froze his game account and that he had a lot of fun to make numerous attacks, according to the sources. He is suspected of carrying out similar attacks on two other companies as well, the sources said. Source: http://jen.jiji.com/jc/i?g=eco&k=2014091800573

Read the article:
Japanese Teen Sent to Prosecutors over DDoS Attack

DDoS Attack on RT News Website

The RT news website has undergone the most powerful Distributed Denial of Service (DDoS) attack in its history, the press service of the channel reported Wednesday. “Thanks to the website’s reliable technical protection, RT.com was unavailable just for a few minutes,” the statement reads. According to the channel’s press service, RT.com has been repeatedly subjected to DDoS-attacks. One of the most powerful hacker attacks occurred on February 18, 2013. The website was unavailable for about 6 hours. In 2012 the channel’s English and Spanish websites also came under attack. The attack was claimed by anti-WikiLeaks hacker group AntiLeaks. A DDoS-attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. The RT network’s first channel was launched in December 2005 and now consists of three global news channels broadcasting in English, Spanish and Arabic. RT has 22 bureaus in 19 countries and territories. RT reaches over 644 million people in more than 100 countries. Source: http://en.ria.ru/society/20140918/193035597/Hackers-Attack-RT-News-Website.html

View original post here:
DDoS Attack on RT News Website

DDoS Attack on Russia Today News Website

The RT news website has undergone the most powerful Distributed Denial of Service (DDoS) attack in its history, the press service of the channel reported Wednesday. “Thanks to the website’s reliable technical protection, RT.com was unavailable just for a few minutes,” the statement reads. According to the channel’s press service, RT.com has been repeatedly subjected to DDoS-attacks. One of the most powerful hacker attacks occurred on February 18, 2013. The website was unavailable for about 6 hours. In 2012 the channel’s English and Spanish websites also came under attack. The attack was claimed by anti-WikiLeaks hacker group AntiLeaks. A DDoS-attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. The RT network’s first channel was launched in December 2005 and now consists of three global news channels broadcasting in English, Spanish and Arabic. RT has 22 bureaus in 19 countries and territories. RT reaches over 644 million people in more than 100 countries. Source: http://en.ria.ru/society/20140918/193035597/Hackers-Attack-RT-News-Website.html

Read the original:
DDoS Attack on Russia Today News Website

DDoS Attacks: Why Hosting Providers Need to Take Action

With no shortage of distributed denial-of-service (DDoS) attacks overwhelming the news headlines, many businesses have been fast to question whether they are well protected by their current DDoS mitigation strategy and are turning to their cloud and hosting providers for answers. Unfortunately, the sheer size and scale of hosting or data center operator network infrastructures and their massive customer base presents an incredibly attractive attack surface due to the multiple entry points and significant aggregate bandwidth that acts as a conduit for a damaging and disruptive DDoS attack. As enterprises increasingly rely on hosted critical infrastructure or services, they are placing themselves at even greater risk from these devastating cyber threats – even as an indirect target. The indirect target: secondhand DDoS The multi-tenant nature of cloud-based data centers can be less than forgiving for unsuspecting tenants. A DDoS attack, volumetric in nature against one tenant, can lead to disastrous repercussions for others; a domino effect of latency issues, service degradation and potentially damaging and long-lasting service outages. The excessive amount of malicious traffic bombarding a single tenant during a volumetric DDoS attack can have adverse effects on other tenants, as well as the overall data center operation. In fact, it is becoming more common that attacks on a single tenant or service can completely choke up the shared infrastructure and bandwidth resources, resulting in the entire data center being taken offline or severely slowed – AKA, secondhand DDoS. A crude defense against DDoS attacks Black-holing or black-hole routing is a common, crude defense against DDoS attacks, which is intended to mitigate secondhand DDoS. With this approach, the cloud or hosting provider blocks all packets destined for a domain by advertising a null route for the IP address(es) under attack. There are a number of problems with utilizing this approach for defending against DDoS attacks: Most notably is the situation where multiple tenants share a public IP address range. In this case, all customers associated with the address range under attack will lose all service, regardless of whether they were a specific target of the attack. In effect, the data center operator has finished the attacker’s job by completely DoS’ing their own customers. Furthermore, injection of null routes is a manual process, which requires human analysts, workflow processes and approvals; increasing the time to respond to the attack, leaving all tenants of the shared data center suffering the consequences for extended periods of time, potentially hours. DDoS attacks becoming increasingly painful The growing dependence on the Internet makes the impact of successful DDoS attacks – financial and otherwise – increasingly painful for service providers, enterprises, and government agencies. And newer, more powerful DDoS tools promise to unleash even more destructive attacks in the months and years to come. Enterprises that rely on hosted infrastructure or services need to start asking the tough questions of their hosting or data center providers, as to how they will be properly protected when a DDoS attack strikes. As we’ve seen on numerous occasions, hosted customers are simply relying on their provider to ‘take care of the attacks’ when they occur, without fully understanding the ramifications of turning a blind eye to this type of malicious behavior. Here are three key steps for providers to consider to better protect their own infrastructure, and that of their customers: Eliminate the delays incurred between the time traditional monitoring devices detect a threat, generate an alert and an operator is able to respond; reducing initial attack impact from hours to seconds by deploying appliances that both monitor and mitigate DDoS threats automatically. Your mitigation solution should allow for real-time reporting alert and event integration with back-end OSS infrastructure for fast reaction times and the clear visibility needed to understand the threat condition and proactively improve DDoS defenses. Deploy your DDoS mitigation inline. If you have out-of-band devices in place to scrub traffic, deploy inline threat detection equipment quickly that can inspect, analyze and respond to DDoS threats in real-time. Invest in a DDoS mitigation solution that is architected to never drop good traffic. Providers should avoid the risk of allowing the security equipment to become a bottleneck in delivering hosted services and always allowing legitimate traffic to pass un-interrupted, a “do no harm” approach to successful DDoS defense. Enterprises rely on their providers to ensure availability and ultimately protection against DDoS attacks and cyber threats. With a comprehensive first line of defense against DDoS attacks deployed, you are protecting your customers from damaging volumetric threats directed at or originating from or within your networks. Source: http://www.datacenterknowledge.com/archives/2014/09/17/ddos-attacks-hosting-providers-need-take-action/

View original post here:
DDoS Attacks: Why Hosting Providers Need to Take Action

Image Silk-rd-20-Screenshot-Ddos-630x367.jpg

Silk Road 2.0 Hit by ‘Sophisticated’ DDoS Attack

Online black market Silk Road 2.0 experienced a distributed denial-of-service (DDoS) attack last week, which forced the site’s administrators to temporarily suspend services. News of the attack broke on bitcoin forums hours after it started, with the Silk Road team soon confirming the news via its own forums. For reasons that are less clear, black market Agora has faced outage issues problems of its own in the last few days. Silk Road remains defiant Silk Road 2.0 moderator ‘Defcon’ issued a statement saying that the site was facing a “very sophisticated” DDoS attack using the most advanced methods the site has experienced to date. The moderator said: “The dev team is working around the clock to get marketplace service restored, as well as watch the security of our systems closely. Much of the downtime you have seen is intentional on our part: if this is an attempt to locate our servers through packet analysis, we do not want to make it easy for our adversary and would rather be offline while we adapt our defences.” As the attack continued, Silk Road 2.0 remained offline. Defcon eventually issued a second update, indicating that the team is trying out different approaches to blocking the inbound DDoS. He stressed that the site is still processing withdrawals, although these have been delayed by the attacks. Silk Road 2.0 is aware that cashflow is very important and the site is therefore prioritising delayed withdrawals, the moderator added. Defcon ended the update on a defiant note: “To our adversaries: you cannot stop us. We will overcome every attack.” Questions persist Silk Road 2.0 vendors started reporting problems earlier last week, before the site was finally forced to shut down. Despite official updates, the outage prompted a number vendors to raise questions about the impact of the attack. Silk Road 2.0 was targeted by hackers in the past: last February, the site lost 4,476 BTC to an alleged hack, worth over $2.6m at the time. The attack was blamed on a transaction malleability exploit used by one of the vendors. The site decided to compensate affected customers and, by late May, it said more than 80% of bitcoins stolen in the alleged heist have been repaid to the victims. The source and goal of the latest attack remains unclear. Speculation is mounting that the attack was in fact launched by law enforcement in an attempt to ascertain the location of Silk Road 2.0 servers, while other users believe the attack was launched by criminals or competitors. Following the February hack, Silk Road 2.0 said it would introduce a multi-signature wallet system to replace its previous escrow platform. A multisig system should be less vulnerable to hackers, but has not been fully implemented yet. Online black market Agora faces outage Silk Road 2.0 is not the only black market suffering outage issues. While Silk Road 2.0 was struggling to restore services, which it eventually did late on Friday, competing market Agora went offline. Agora users started reporting intermittent problems on Saturday. The site was out of action over  much of the weekend and had still not become available by press time  (12:15 BST, Monday). The reason for the outage remains unclear. Earlier this month, Agora confirmed that it was suffering from availability issues on a regular basis. However, the team offered an extensive explanation into the inner workings of the market and the need for security, saying it considers that more important than around-the-clock availability. The Agora team said at the time: “Our primary goal is to stay hidden from law enforcement agencies and secure from hackers. We implement much more security measures than many others, which causes problems with availability.”   Source: http://www.coindesk.com/silk-road-2-0-shrugs-sophisticated-ddos-attack/

Read the article:
Silk Road 2.0 Hit by ‘Sophisticated’ DDoS Attack

How Boston Children’s Hospital Hit Back at Anonymous

Hackers purportedly representing Anonymous hit Boston Children’s Hospital with phishing and DDoS attacks this spring. The hospital fought back with vigilance, internal transparency and some old-fashioned sneakernet. That – and a little bit of luck – kept patient data safe. On March 20, Dr. Daniel J. Nigrin, senior vice president for information services and CIO at Boston Children’s Hospital, got word that his organization faced an imminent threat from Anonymous in response to the hospital’s diagnosis and treatment of a 15-year-old girl removed from her parent’s care by the Commonwealth of Massachusetts. The hospital’s incident response team quickly convened. It prepared for the worst: “Going dark” – or going completely offline for as long as the threat remained. Luckily, it never came to that. Attacks did occur, commencing in early April and culminating on Easter weekend – also the weekend of Patriot’s Day, a Massachusetts holiday and the approximate one-year anniversary of the Boston Marathon bombings – but slowed to a trickle after, of all things, after a front-page story about the incident ran in The Boston Globe . No patient data was compromised over the course of the attacks, Nigrin says, thanks in large part to the vigilance of Boston Children’s (and, when necessary, third-party security firms). The organization did learn a few key lessons from the incident, and Nigrin shared them at the recent HIMSS Media Privacy and Security Forum. As Anonymous Hit, Boston Children’s Hit Back As noted, the hospital incident response team – not just the IT department’s – planned for the worst. Despite that fact that the information Anonymous claimed to have, such as staff phone numbers and home addresses, is the stuff of “script kiddies,” Nigrin says Children’s took the threat seriously. Attacks commenced about three weeks after the initial March 20 warning. Initially, the hospital could handle the Distributed Denial of Service (DDoS) attacks on its own. Anonymous changed tactics. Children’s responded. The hackers punched. The hospital counterpunched. As the weekend neared, though, DDoS traffic hit 27 Gbps – 40 times Children’s typical traffic – and the hospital had to turn to a third-party for help. The attacks hit Children’s external websites and networks. (Hackers also pledged to hit anyone linked to Children’s – including the energy provider NStar, which played no role in the child custody case at all but sponsors Children’s annual walkathon.) In response, Nigrin took down all websites and shut down email, telling staff in person that email had been compromised. Staff communicated using a secure text messaging application the hospital had recently deployed. Internal systems were OK, he says, so Children’s electronic health record (EHR) system, and therefore its capability to access patient data, wasn’t impacted. In contrast to this internal transparency, Children’s, at the urging of federal investigators, didn’t communicate anything externally. Nonetheless, word got to The Boston Globe , which ran its front-page story on April 23. Nigrin, again, prepared for the worst. He didn’t have to. After the article came out, the Twitter account @YourAnonNews took notice, urging hackers to stop targeting a children’s hospital. Attacks continued, but at a much smaller clip. 6 Quick Tips for Beating Back Hackers In reflecting on the Anonymous attack, Nigrin offers the following security lessons that Boston Children’s learned. DDoS countermeasures are crucial. “We’re not above these kinds of attacks,” Nigrin says. Know which systems depend on external Internet access. As noted, the EHR system was spared, but the e-prescribing system wasn’t. Get an alternative to email. In addition to secure testing, Children’s used Voice over IP communications. In the heat of the moment, make no excuses when pushing security initiatives. Children’s had to shut down email, e-prescribing and external-facing websites quickly. “Don’t wait until it’s a fire drill,” Nigrin says. Secure your teleconferences. Send your conference passcode securely, not in the body of your calendar invite. Otherwise, the call can be recorded and posted on the Internet before you even hang up, he says. Separate signals from noise. Amid the Anonymous attack, several staff members reported strange phone calls from a number listed as 000-000-0000. At the time, it was hard to tell if this was related, and it made the whole incident that much harder to manage. Above all, Nigrin says healthcare organizations need to pay attention to the growing number of security threats the industry faces. “There are far more than we have seen in the past,” he says. Source: http://www.cio.com/article/2682872/healthcare/how-boston-childrens-hospital-hit-back-at-anonymous.html

Read the original:
How Boston Children’s Hospital Hit Back at Anonymous