Tag Archives: ddos

High schooler allegedly hired third party to DDoS his school district

A 17-year-old high school boy may face state and federal charges for allegedly having paid a third party to launch a distributed denial of service (DDoS) attack that crippled the West Ada school district in Idaho, US, for a week and a half earlier this month. Because he’s a minor, he can’t be named. A DDoS is an attack wherein the servers of a targeted online service are slowed to a crawl with loads of pointless data like email or file uploads that clog up their processing ability. KTVB reports that West Ada students suffered assorted misery because of the attack, including losing their work on the Idaho Standard Achievement tests. Some students had to take the tests multiple times. Meanwhile, online classes and textbooks weren’t available for much of the week, and faculty and staff had problems accessing administrative and business systems, including payroll. The school district’s IT staff eventually traced an IP address back to the 17-year-old, who was suspended from Eagle High. School officials are recommending that he be expelled. The sheriff’s office told the TV station that the boy will likely be charged with a felony charge of computer crime, which is punishable by up to 180 days in a juvenile detention facility. In addition, his family will be responsible for financial restitution to cover costs incurred by the school district. Operations at more than 50 schools were disrupted because of the attack. As of Wednesday, investigators were also looking into whether a younger student – one attending Eagle Middle School – attempted a similar attack this week. School officials sent parents a letter on Friday that urged them to talk with their children about the consequences of committing cyber attacks such as this one. We can assure students and parents that the consequences associated with a DDoS attack are far from trivial. Examples include two online gaming programmers from Poland who were given 5-year jail sentences in December 2013 for DDoS and cyber-extortion of a UK online marketing company and a US internet software company. In that same month, a US man was fined $183,000 (£116,772) after joining, for merely 1 minute, an Anonymous DDoS of the enormous, multinational corporation Koch Industries. When it comes to DDoS, the law doesn’t spare you if you’re a kid. In fact, a 16-year-old London schoolboy was arrested under suspicion of involvement in the 2013 DDoS attack against Spamhaus: an attack of unprecedented ferocity. He pleaded guilty in 2014. Then too, a UK teenager was arrested in January for possibly having a hand in the PlayStation/Xbox Live DDoS that Grinched up gamers’ Christmas day playing. We often hear DDoS’ers trying to justify DDoSes under the premise that really, companies should be thanking the attackers for “raising awareness” of their vulnerability. That’s an old, tired spiel that we got from Lizard Squad members after they ruined Christmas with their XBox Live/PlayStation attack. Or, in the words of a man who claimed to speak for the attackers, they did it … …to raise awareness, to amuse ourselves… But as Naked Security’s Mark Stockley said at the time, a DDoS attack isn’t a skilful hack. You don’t need elite lock-picking skills to pull it off, because you’re not picking a lock. Rather, you’re blocking the door from the outside with as much garbage as you can pile up. Is DDoSing a company, or your school, or any online service, worth the lulz? For an answer, we can ask the LulzSec guys—If they’re out of prison, maybe they can let us know. Source: https://nakedsecurity.sophos.com/2015/05/22/high-schooler-allegedly-hired-third-party-to-ddos-his-school-district/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed

Read the article:
High schooler allegedly hired third party to DDoS his school district

DDoS attack downs University of London learning platform

A harsh lesson, now stand in corridor for four hours The University of London Computer Centre fell victim to a cyber-attack on Thursday.…

Read this article:
DDoS attack downs University of London learning platform

DDoS reflection attacks are back

At the start of 2014, attackers’ favorite distributed denial of service attack strategy was to send messages to misconfigured servers with a spoofed return address – the servers would keep trying to reply to those messages, allowing the attackers to magnify the impact of their traffic. As those servers got patched, this strategy became less and less effective. But now it’s back, according to a new report from Akamai. Except this time, instead of hitting data center servers or DNS servers, the attackers are going after personal computers on misconfigured home networks. According to Eric Kobrin, Akamai’s director of information security responsible for adversarial resilience, the attackers are taking advantage of plug-and-play protocols, commonly used by printers and other peripheral devices. These attacks, known as Simple Service Discovery Protocol (SSDP) attacks, are now the single largest attack vector for DDoS attacks, accounting for 21 percent of all attacks, up from 15 percent last quarter, and less than 1 percent at this time last year. “There are infectable SSDP services all over the Internet,” he said. “As they are discovered, we help work with people to shut them down.” Although each particular device has just a fraction of the bandwidth available to data center-based servers, there are more of them. “There’s a fertile ground of home systems,” he said. “A property configured home firewall can block this, but there are many improperly configured home systems connected to the Internet – and there are also industrial systems that can be used to reflect attacks as well.” This attack source is also harder to shut down, he said. “It’s easier to go into the data center and have the service providers do the clean-up,” he said. Last quarter, SYN flood attacks – where “synchronize” messages are sent to servers – was the leading attack vector, accounting for 17 percent of all attacks, down slightly from 18 percent of all attacks at the start of 2014. There has also been a change in the size of the median attack, and the typical size range of attacks, Kobrin said, as defensive measures have improved. “The smallest effective attack size has increased, year over year,” he said. “It’s because the smallest attacks are no longer effective.” Another type of DoS attack has gained a foothold for the first time this year. SQL injections, normally used to gain access to systems for the purpose of stealing data, are now being used to shut down Web sites as well. Akamai saw more than 52 million SQL injection attacks during the first quarter of 2015, which accounted for 29 percent of all Web application attacks. The most common targets for SQL injection attacks were retail, travel and media websites. Finally, another attack vector that’s just now starting to make an impact is domain hijacking. “People are actually attacking the registries and getting their own information put in, so the big sites are losing control of their DNS infrastructure,” Korbin said. There have been a few high-profile cases so far, he said, mostly politically motivated, but not yet enough data to measure a trend. “We didn’t see it much in 2012, started seeing a little bit of it in 2013 and 2014, and seeing it more of it now,” he said. He recommended that companies switch on two-factor authentication for their email systems when available, ensure that employees don’t reuse credentials, ask their domain registrars to put a lock on their domains, and, finally, keep a close eye on traffic numbers to spot a drop-off as soon as it happens. With these domain redirects, the attackers are not only able to shut down the legitimate website, but also put up their own content under that website’s brand. Source: http://www.csoonline.com/article/2923832/business-continuity/ddos-reflection-attacks-are-back-and-this-time-its-personal.html

More:
DDoS reflection attacks are back

Hong Kong Banks Targeted By DDoS Attacks, Bitcoin Payout Demanded

On May 9, an general organisation of hackers launched distributed rejection of use (DDoS) attacks on dual of a largest financial institutions in Hong Kong. Hong Kong military reliable that they have perceived reports from a Bank of China and a Bank of East Asia claiming that a hackers demanded payments in bitcoin. “The dual institutions after perceived emails perfectionist payments in bitcoins, or there would be another turn of attacks,” a orator said. According to The Standard Hong Kong, a hackers impressed a websites of a dual banks with trade from mixed sources, causing strange spikes in Internet trade and forcing some of a websites’ resources to be unavailable. However, both banks stressed that nothing of a information and patron accounts were compromised. Finance Magnets reported that a Cyber Security and Technology Crime Bureau has personal a box as “blackmail” and has begun an investigation. The conflict imposed on a dual banks is identical to a DDoS attacks launched on a central corporate websites of banks in China and Hong Kong, many particularly a People’s Bank of China in late 2013. The investigators during a time believed that a attacks were a outcome of a distribution of new manners that taboo financial institutions from traffic with bitcoin. attack, as a response to prohibiting a use of digital currencies in China. The internal media began to assume that a new conflict instituted on a Bank of China and a Bank of East Asia competence have been launched by a organisation of hackers famous as DD4BC. The organisation is now listed on Bitcoin Bounty Hunter and has pounded several websites, including Finnish Bitcoin wallet and sell Bitalo and Bitcoin sports betting height Nitrogensports. “DD4BC threatens a Bitcoin Community with DDoS extortion, blackmailing and slander,” Bitcoin Bountry Hunter explained. “Famous Bitcoin services like Bitalo.com and Nitrogensports.com were pounded and blackmailed.” The banks declined to recover information of a emails perceived by a hackers and a volume of BTC demanded. If a DDoS attacks are continuing, a dual banks might remove adult to $100,000 an hour, American Banker reports. AMR (American Banker Reports) settled that “the normal bandwidth consumed by a DDoS conflict increasing to 7.39 gigabits per second, according to Verisign’s research of DDoS attacks in a fourth entertain of 2014.” A few days have upheld given a Cyber Security and Technology Crime Bureau began questioning a case, though a box hasn’t showed any progress. Source: http://blog.downforjust.me/hong-kong-banks-targeted-by-ddos-attacks-bitcoin-payout-demanded/

View post:
Hong Kong Banks Targeted By DDoS Attacks, Bitcoin Payout Demanded

How organisations can eliminate the DDoS attack ‘blind spot’

Most DDoS defence solutions are missing critical parts of the threat landscape thanks to a lack of proper visibility. Online organisations need to take a closer look at the problem of business disruption resulting from the external DDoS attacks that every organisation is unavoidably exposed to when they connect to an unsecured or ‘raw’ Internet feed. Key components of any realistic DDoS defense strategy are proper visualisation and analytics into these security events. DDoS event data allows security teams to see all threat vectors associated with an attack – even complex hybrid attacks that are well disguised in order to achieve the goal of data exfiltration. Unfortunately, many legacy DDoS defense solutions are not focused on providing visibility into all layers of an attack and are strictly tasked with looking for flow peaks on the network. If all you are looking for is anomalous bandwidth spikes, you may be missing critical attack vectors that are seriously compromising your business. In the face of this new cyber-risk, traditional approaches to network security are proving ineffective. The increase in available Internet bandwidth, widespread access to cyber-attack software tools and ‘dark web’ services for hire, has led to a rapid evolution of increasingly sophisticated DDoS techniques used by cyber criminals to disrupt and exploit businesses around the world. DDoS as a diversionary tactic Today, DDoS attack techniques are more commonly employed by attackers to do far more than deny service. Attack attempts experienced by Corero’s protected customers in Q4 2014 indicate that short bursts of sub-saturating DDoS attacks are becoming more of the norm. The recent DDoS Trends and Analysis report indicates that 66% of attack attempts targeting Corero customers were less than 1Gbps in peak bandwidth utilisation, and were under five minutes in duration. Clearly this level of attack is not a threat to disrupt service for the majority of online entities. And yet the majority of attacks utilising well known DDoS attack vectors fit this profile. So why would a DDoS attack be designed to maintain service availability if ‘Denial of Service’ is the true intent? What’s the point if you aren’t aiming to take an entire IT infrastructure down, or wipe out hosted customers with bogus traffic, or flood service provider environments with massive amounts of malicious traffic? Unfortunately, the answer is quite alarming. For organisations that don’t take advantage of in-line DDoS protection positioned at the network edge, these partial link saturation attacks that occur in bursts of short duration, enter the network unimpeded and begin overwhelming traditional security infrastructure. In turn, this activity stimulates un-necessary logging of DDoS event data, which may prevent the logging of more important security events and sends the layers of the security infrastructure into a reboot or fall back mode. These attacks are sophisticated enough to leave just enough bandwidth available for other multi-vector attacks to make their way into the network and past weakened network security layers undetected. There would be little to no trace of these additional attack vectors infiltrating the compromised network, as the initial DDoS had done its job—distract all security resources from performing their intended functions. Multi-vector and adaptive DDoS attack techniques are becoming more common Many equate DDoS with one type of attack vector – volumetric. It is not surprising, as these high bandwidth-consuming attacks are easier to identify, and defend against with on-premises or cloud based anti-DDoS solutions, or a combination of both. The attack attempts against Corero’s customers in Q4 2014 not only employed brute force multi-vector DDoS attacks, but there was an emerging trend where attackers have implemented more adaptive multi-vector methods to profile the nature of the target network’s security defenses, and subsequently selected a second or third attack designed to circumvent an organisation’s layered protection strategy. While volumetric attacks remain the most common DDoS attack type targeting Corero customers, combination or adaptive attacks are emerging as a new threat vector. Empowering security teams with DDoS visibility As the DDoS threat landscape evolves, so does the role of the security team tasked with protecting against these sophisticated and adaptive attacks. Obtaining clear visibility into the attacks lurking on the network is rapidly becoming a priority for network security professionals. The Internet connected business is now realising the importance of security tools that offer comprehensive visibility from a single analysis console or ‘single pane of glass’ to gain a complete understanding of the DDoS attacks and cyber threats targeting their Internet-facing services. Dashboards of actionable security intelligence can expose volumetric DDoS attack activity, such as reflection, amplification, and flooding attacks. Additionally, insight into targeted resource exhaustion attacks, low and slow attacks, victim servers, ports, and services as well as malicious IP addresses and botnets is mandatory. Unfortunately, most attacks of these types typically slide under the radar in DDoS scrubbing lane solutions, or go completely undetected by cloud based DDoS protection services, which rely on coarse sampling of the network perimeter. Extracting meaningful information from volumes of raw security events has been a virtual impossibility for all but the largest enterprises with dedicated security analysts. Next generation DDoS defense solutions can provide this capability in a turn-key fashion to organisations of all sizes. By combining high-performance in-line DDoS event detection and mitigation capabilities with sophisticated event data analysis in a state-of-the-art big data platform, these solutions can quickly find the needles in the haystack of security events. With the ability to uncover hidden patterns of data, identify emerging vulnerabilities within the massive streams of DDoS attack and security event data, and respond decisively with countermeasures, next-generation DDoS first line of defense solutions provide security teams with the tools required to better protect their organization against the dynamic DDoS threat landscape. Source: http://www.information-age.com/technology/security/123459482/how-organisations-can-eliminate-ddos-attack-blind-spot  

Read this article:
How organisations can eliminate the DDoS attack ‘blind spot’

Image failddos.png

TRD Admin On The Ransom DDoS That Is Hitting The Dark Net Markets

The admin of Therealdeal market ( http://trdealmgn4uvm42g.onion/ ) provided us with some insights about the recent  DDo’s attacks that are hitting all the major DNM’s in the past week: In the past few days, it seems like almost every DN market is being hit by DDoS attacks. Our logs show huge amounts of basic http requests aiming for dynamic pages, probably in attempt to (ab)use as many resources as possible on the server side, for example by requesting for pages that execute many sql queries or generate captcha codes. As we are security oriented we manged to halt the attack on our servers the moment it showed up in the logs. Although this required fast thinking, due to the fact that dealing with this kind of attack over tor is not the same as dealing with such attack over clearnet. New addresses? Shifting Pages? Waiting? All these did not work for other markets… Here you can see the beginning and failure, as caught by Dnstats: As you can see, our market’s response time spiked to almost 70 seconds while our market’s usual response time is insanely fast, almost like most clearnet sites. But also, you can see that the response time was back to 2-3 seconds a little after. Here is an example of a darknet market that didn’t know how to combat this problem: The flat line at 0 seconds meaning there was no response from the server. The Problem As opposed to cleanet attacks, where mitigation steps could be taken by simply blocking the offending IP addresses,when it comes to tor, the requests are coming from the localhost (127.0.0.1) IP address as everything is tunneled through tor. Another problem is the fact that the attackers are using the same user-agent of tor browser – hence we cannot drop packets based on UA strings. The attackers are also aiming for critical pages of our site – for example the captcha generation page. Removing this page will not allow our users to login, or will open the site to bruteforce attempts. Renaming this page just made them aim for the new url (almost instantly, seems very much automated). One of the temporary solutions was to run a script that constantly renamed and re-wrote the login page after 1 successful request for a captcha… Attacks then turned into POST requests aiming for the login page. Solutions If you are a DNM owner or just the security admin, check your webserver logs. There is something unique in the HTTP requests, maybe a string asking you to pay to a specific address. (assuming these are the same offenders). Otherwise there might be something else … Hint: you might need to load tcpdump during an attack. Hopefully, you are not using some kind of VPS and have your own dedicated servers and proxy servers. Or if you are using some shit VPS, then hopefully you are using KVM or XEN. (first reason being the memory is leakable and accessible by any other user of the same service). The other reason is – control on the kernel level. You can drop packets containing specific strings by using iptables, or use regex too. This is one example of a commad that we executed (amongst others) to get rid of the offenders, we cannot specify all of them, so be creative! iptables -A INPUT -p tcp –dport 80 -m string –algo bm –string “(RANSOM_BITCOIN_ADDRESS)” -j DROP Where (RANSOM_BITCOIN_ADDRESS) is the unique part of the request… To Other Market Admins: There are additional things to be done, but if we expose them, this will only start a cat and mouse game with these attackers. If you are a DNM admin feel free to sign up as a buyer at TheRealDeal Market and send us a message (including your commonly used PGP), since at the end of the day even though you might see us a competitor in a way, there are some things (like people stuck without their pain medication from mexico) that are priceless… Source: http://www.deepdotweb.com/2015/05/11/this-is-the-ransom-ddos-that-is-hitting-the-dark-net-markets/

Read More:
TRD Admin On The Ransom DDoS That Is Hitting The Dark Net Markets

Anonymous Knocks Pro-Nazi Websites Offline with DDoS Attacks

Anonymous hackers decided to commemorate the 70th anniversary of the defeat of Nazi forces in 1945, by Anonymous Sweden deciding to knock pro-Nazi websites offline in motion of the 70 year old victory. Hacktivists in Sweden took it upon themselves to celebrate the 70th anniversary of the victory over Nazi forces in Germany by knocking offline pro-Nazi affiliated domains hosted exclusively by Swedish companies. Targets were limited but extremely well known with well-over hundreds of thousands of monthly visitors. Specific targets included nordfront[dot]se and svenskarnasparti[dot]se, which were both taken offline by a large Distributed Denial of Service (DDoS) Attack and have been inaccessible for several days. The domains remain offline during the time of writing this article and were initially taken offline mid afternoon Friday. Depending on the size of the attack, the domains could remain offline and inaccessible for several days as they have been already. Anonymous Sweden announced their news on Pastebin, with a letter to pro-Nazi websites that were apart of their targeted attack, stating: Today it’s 70 years since nazi-Germany fell. But nazis is still marching in Europe.. Attacking peaceful protesters and spreading fear across the world. It is our duty to remember what happend and never let the horrors be forgotten.. It is our duty to fight nazism. Today we Will wipe the nazis of the webs! Main targets Www.nordfront.se Server info : Apache/2.2.22 (Debian) mod_fcgid/2.3.6 mod_ssl/2.2.22 OpenSSL/1.0.1e IP: 176.10.250.104 is their dotted decimal Www.svenskarnasparti.se Server info: its a worldpress site with cloudfare “Protection” We are Anonymous We do not forgive We do not forget Hitler-fan boys, its time to expect us! /Anonymous Sweden with friends! Special thanks to PH1K3 United as one divided by zero Anonymous started their attacks May 8th, and the domains are still offline nearly 48 hours later. The Swedish collective did not note any specific groups for taking part other than releasing the news via pastebin. We will keep you updated. Source: http://freedomhacker.net/anonymous-knocks-pro-nazi-websites-offline-ddos-attack-4106/

Link:
Anonymous Knocks Pro-Nazi Websites Offline with DDoS Attacks

Hacker Group DD4BC New DDos Attacks

DD4BC Launches New Wave Of DDoS Attacks The extortionist group DD4BC is believed to be connected to a new wave of distributed denial of service (DDoS) attacks against organizations based in Australia, New Zealand, and Switzerland. The group is asking for 25 BTC from those affected in exchange for giving up the flood of inbound data that has resulted in the recipient sites becoming inaccessible. Recently, DD4BC was mentioned in a warning published by the Swiss Governmental Computer Emergency Response Team (GovCERT). GovCERT is a branch of MELANI, a national agency that deals with cyber security issues. The warning read: “In the past days MELANI / GovCERT.ch has received several requests regarding a distributed denial of service (DDoS) extortion campaign related to ‘DD4BC’.” As per the New Zealand government, the extortion attempts seemingly begin with a short DDoS attack that is meant to reflect the possible impact after the ransom demand has been made. DD4BC has been linked to previous attacks on digital currency websites and businesses. The attacks include extortion attempts made against various well-known mining pool operators. GovCERT confirmed that it had so far received reports from several high profile targets, stating that some of the organizations were the victims of a wave of DDoS attacks. DD4BC’s activity has been on the rise recently, with the new wave of attacks beginning at the start of March. “ While these attacks have targeted foreign organizations in the past months, we have seen an increase of activity of DD4BC in Europe recently. Since earlier this week, the DD4BC Team expanded their operation to Switzerland, ” stated GovCERT. GovCERT also asked those affected by the attacks to not pay the ransom. Rather the agency has advised victims to file a police report and seek additional mitigation support from their Internet service provider. The news of the New Zealand attacks became public at the start of May after the New Zealand National Cyber Security Centre (NCSC) issued a warning regarding DDoS attacks on local organizations. While the agency did not specify who the perpetrator behind the attacks was, it did confirm that an investigation into the attacks was ongoing. Barry Brailey, chairman of Cybersecurity nonprofit New Zealand Internet Task Force, confirmed the link between DD4BC and the recent DDoS attacks in New Zealand. “ Yes, [the series of attacks] appears to be linked to the group/moniker ‘DD4BC’, ” he said. Other companies who have fallen victim to the group include BitBay, BitQuick, Coin Telegraph, Expresscoin, and Bitalo- who created a 100 BTC bounty after it was attacked. Source: http://bitcoinvox.com/article/1674/hacker-group-dd4bc-new-ddos-attacks

Read the original:
Hacker Group DD4BC New DDos Attacks

$7500 DDoS extortion hitting Aussie, Kiwi enterprises

Pay up or we’ll send up to 400Gbps your way New Zealand Internet Task Force (NZITF) chair Barry Brailey is warning Australian and New Zealand enterprises to be on the look out for distributed denial of service extortion attacks demanding payment of up to AU$7500.…

Follow this link:
$7500 DDoS extortion hitting Aussie, Kiwi enterprises

Enterprises must be proactive in DDoS mitigation

DDoS attacks are more prevalent than ever and enterprises can’t always rely on their service providers for protection. Learn what enterprises should do for effective DDoS mitigation. Moving unified communications applications to the cloud can simplify business operations. But cloud infrastructure can present vulnerabilities that attract malicious attacks like distributed denial of service (DDoS). And with many enterprises using service providers for their UC applications, DDoS attacks can be more damaging than ever. As the threat of DDoS attacks loom, there is a disconnect between enterprises and their service providers taking responsibility during an attack, according to a report from DDoS mitigation service provider Black Lotus Communications, which surveyed 129 service providers and the impact of DDoS on their business. According to the report, many organizations believe they can rely on their service provider to manage a DDoS attack and its impact on their business. But the reality is most providers believe they are solely responsible for making sure their infrastructure remains intact during an attack and that the direct impact of an attack is the customer’s responsibility. “Service providers with undeveloped DDoS mitigation strategies may choose to sacrifice a customer by black hole routing their traffic or recommending a different service provider in order to protect the service of other customers,” said Chris Rodriguez, network security senior analyst at Frost & Sullivan. Enterprises can lose anywhere from $100,000 to tens of millions of dollars per hour in an attack, the report found. Just over one-third of service providers reported being hit with one or more DDoS attacks weekly, according to the report. Managed hosting services, VoIP and platform as a service were the three industries most affected by DDoS. During an attack, 52% of service providers reported temporarily blocking the targeted customer, 34% reported removing the targeted customer, 32% referred customers to a partner DDoS mitigation provider and 26% encouraged an attacked customer to find a new service provider. But by removing or blocking a customer, service providers have effectively helped the attackers achieve their goal and leave enterprises suffering the consequences, according to the report. Communicating DDoS concerns Three-quarters of service providers reported feeling very to extremely confident they could withstand a catastrophic DDoS attack, and 92% of providers have protections in place. But the report found that the majority of providers use traditional protections that have become less effective in mitigating DDoS. To maximize DDoS protection, Nemertes Research CEO Johna Till Johnson offered four questions that enterprises should ask when evaluating service provider security and DDoS protection. What protections does the service provider have in place in the event of an attack? Don’t be afraid to ask service providers questions regarding the DDoS mitigation products and services they use, what their DDoS track record is or how many clients have been victims of an attack. “If they refuse to answer, it tells you something about the vendor,” Johnson said. “Any legitimate provider has this information and will share it with customers.” Is the service provider willing to put DDoS mitigation in a service-level agreement ( SLA )? The provider may already include DDoS protection or may require the enterprise to buy a service. But if a provider won’t include DDoS mitigation in an SLA, find out why. “If you’re not going to put it in black and white, you’re at risk,” she said. What third-party services does the provider recommend? Service providers may have third-party partnerships that can deliver DDoS protection. What is your organization’s stance on security? Johnson recommends having a line item in the budget for DDoS that covers a DDoS mitigation service or product. Making DDoS mitigation plans If a service provider is hit with a DDoS attack, there are two issues facing enterprises, Johnson said. The first issue is if the enterprise experienced a small hit in the attack. “If you’ve gotten a gentle probe, then attackers may be coming after you,” she said. Just like when a credit card number is stolen and the thief spends a small amount of money to test the number before making the large, fraudulent charges, attackers are testing for vulnerabilities. Enterprises should immediately figure out where they’re at risk and what they can do to protect themselves now, Johnson said. The second issue, she said, is that DDoS isn’t just an attack, it’s an earthquake. A disaster recovery plan is required so enterprises know what to do if a core application is suddenly unavailable. “DDoS attack techniques continue to change, and enterprises must be proactive in their defenses,” Rodriguez said. He said a hybrid approach to DDoS mitigation has emerged as an effective strategy. Hybrid DDoS mitigation requires an on-premises DDoS mitigation appliance to protect an enterprise’s infrastructure and a cloud-based DDoS mitigation service that routes traffic to a scrubbing center and returns clean traffic. The on-premises appliance is used during smaller attacks; and when attacks reach a certain size, the appliance can signal for the cloud-based service to take over. “This allows the organization to use the DDoS services sparingly and only when necessary, with a seamless transition between the two services,” he said. Source: http://searchunifiedcommunications.techtarget.com/news/4500245890/Enterprises-must-be-proactive-in-DDoS-mitigation

View the original here:
Enterprises must be proactive in DDoS mitigation