Tag Archives: ddos

Why smart companies don’t sweat the SSL stuff in DDoS defense

The average company suffers 15 DDoS attacks per year, with average attacks causing 17 hours of effective downtime, including slowdowns, denied customer access or crashes, according to a recent IDG Connect report based on a survey commissioned by A10 Networks. DDoS attacks have rapidly proliferated in terms of bandwidth (Gbps) and packets per second (pps). In the survey, 59% of organizations polled have experienced an attack over 40 Gbps. Average attack bandwidth are peaking at a staggering 30 to 40 Gbps and 77% of organizations expect multi-vector attacks, which include volumetric and application-layer attacks, to pose the greatest danger in the future. In recent years, multi-vector DDoS attacks have tunneled over encrypted SSL connections to evade cyber defenses. Some attacks have exploited the SSL protocol to cause denial of service by repeating ‘renegotiation’ in the same connection but stop short of creating a secure channel. Others flood SSL traffic over the created secure channel without being distinguished as a malicious connection. The reason is that while most organizations protect their websites and online services with SSL, many existing enterprise security products are either woefully blind to encrypted SSL traffic or debilitated when trying to decrypt and analyze it. From urgent threat to FYI notification Amid growing virtualization, cloud networking and mobility, SSL encryption requirements to protect data and secure commnuications will surge. In other words, organizations must rethink their SSL offload and SSL inspection strategies, especially in defending against DDoS attacks. The IDG Connect report shows that more than half of the organizations surveyed plan to increase DDoS prevention budgets in the next six months. “DDoS attacks are called ‘sudden death’ for good reason,” says Raj Jalan, CTO of A10 Networks. “If left unaddressed, the costs will include lost business, time-to-service restoration and a decline in customer satisfaction. The good news is our findings show that security teams are making DDoS prevention a top priority. With a better threat prevention system, they can turn an urgent business threat into an FYI-level notification.” To stop SSL at the data center perimeter, some organizations have deployed application delivery controllers (ADCs) equipped with crypto engines to help off-load SSL from servers and security appliances. Some ADCs also offer web application firewalls (WAFs) to inspect the traffic and detect attacks. To eliminate SSL blind spots in corporate defenses and enable security devices to regain their effectiveness, application networking and security leader A10 Networks introduced the Thunder SSL Insight (SSLi) standalone security product built on its  SSL inspection technology and 64-bit ACOS Harmony platform. The Thunder SSLi appliances decrypt SSL traffic and offer comprehensive inspection of multiple ciphers that deliver up to 48 Gbps of SSL inspection throughput. Their high density 1 GbE, 10 GbE and 40 GbE port options fulfill the highest networking bandwidth demands. Clear and ever present security The appliances are also complemented by intelligence-driven protection policies.  The A10 URL Classification Service monitors, blocks, or selectively bypasses specific websites to provide privacy for healthcare and financial Internet activity while the A10 Threat Intelligence Service blocks users from accessing known bad IP addresses. Well-known global manufacturer of consumer gadgets, Casio Computer Company, has seized the opportunity to enhance security by analyzing encrypted communications using A10 Networks’ SSL Insight technology. Having deployed the A10 Thunder ADCs to provide its employees smooth cloud access, Casio seeks the ability to differentiate between personal use and work-related cloud-bound traffic, according to Koji Kawade of Casio Information Systems Co Ltd’s User Support Group. A10 Networks’ ADCs are equipped with SSL acceleration hardware that provides near-parity performance to handle 4096-bit keys at high-quality production levels, providing highly scalable flow distribution and DDoS protection capabilities.. The A10 Thunder TPS Series, for example, leverages SSL security processors to detect and mitigate SSL-based attacks, such as the POODLE vulnerability, and offers a mitigation throughput capacity ranging from 10 Gbps to 1.2 Tbps (in a list synchronization cluster) to deal with the largest multi-vector DDoS attacks effectively. Clearly, A10 ADCs will continue ramping up L4 and L7 connections per second and SSL performance benchmarks to meet increasing performance and security needs against greater multi-vector DDoS attacks. Source: http://www.networksasia.net/article/why-smart-companies-dont-sweat-ssl-stuff-ddos-defense.1471880795

Continued here:
Why smart companies don’t sweat the SSL stuff in DDoS defense

DDoS attacks on the rise in Asia Pacific

The Asia Pacific region experienced 34,000 distributed denial of service (DDoS) attacks in the second quarter of 2016, according to Nexusguard’s Q2 2016 Threat Report – Asia-Pacific. The figure represents a 43 percent increase from the previous quarter. Even though Network Time Protocol (NTP) attacks dominated the type of attacks in the region (90 percent), such attacks were less common in other parts of the world (46 percent). The report also found that attack durations were longer in the Asia Pacific region as compared to global incidents, which is likely due to many scripted attack tools with set duration values. China remains as one of the top three target countries in the region. According to Nexusguard, a Chinese target was hit 41 times over the course of about a month of constant attacks. Nexusguard researchers attributed these attacks to the malware the victim had hosted over the last two years. The largest increase was observed in Hong Kong, accounting for a 57 percent rise in attacks. With hackers are experimenting with new attack methodologies, and events happening in the Asia Pacific region, Nexusguard researchers expect to see a spike in DDoS attacks in the third quarter of this year. “We expect the upward trend in the frequency of attacks to continue this year, especially with more attention on the Summer Olympics [in Brazil] and political dispute in the APAC region,” said Terrence Gareau, Chief Scientist at Nexusguard. “And as Pokémon Go gradually launches across the Asian market, Nexusguard analysts expect attack groups will launch more public attacks. This activity increases visibility and positioning as DDoS-for-hire services, the popularity of which we noted from the consistent time durations this quarter,” he added. Source: http://www.mis-asia.com/resource/security/ddos-attacks-on-the-rise-in-asia-pacific/

More:
DDoS attacks on the rise in Asia Pacific

Subverting protection into DDoS attacks

On average, DNSSEC reflection can transform an 80-byte query into a 2,313-byte response, an amplification factor of nearly 30 times, which can easily cause a network service outage during a DDoS attack, resulting in lost revenue and data breaches, according to Neustar. DNSSEC was designed to provide integrity and authentication to DNS, which it accomplishes with complex digital signatures and key exchanges. As a result, when a DNS record is transferred to DNSSEC, an extraordinary … More ?

Originally posted here:
Subverting protection into DDoS attacks

New cryptocurrency ‘DDoSCoin’ incentivizes users for participating in DDoS attacks

The number of Distributed Denial of Service (DDoS) attacks, which tries to make an online service unavailable by flooding it with traffic from multiple sources, has been rising at an alarming rate. In a new research paper, Eric Wustrow, University of Colorado Boulder, and Benjamin VanderSloot, University of Michigan, have put forward the concept of DDoSCoin – a cryptocurrency with a ‘malicious’ proof-of-work (“Proof-of-DDoS”). “DDoSCoin allows miners to prove that they have contributed to a distributed denial of service attack against specific target servers”, the paper says. Presented at the Usenix 2016 security conference, the researchers explain the DDoSCoin system which enables miners to select the victim servers by consensus using a proof-of-stake protocol. The authors note that although the malicious proof-of-DDoS only works against websites that support TLS 1.2 (Transport Layer Security), as of April 2016, over 56% of the Alexa top million websites support this version of TLS. By design, miners are incentivized to send and receive large amounts of network traffic to and from the target in order to produce a valid proof-of-work. These proofs can be inexpensively verified by others, and the original miner can collect a reward. This reward can be sold for other currencies, including Bitcoin or even traditional currencies, allowing botnet owners and other attacks to directly collect revenue for their assistance in a decentralized DDoS attack. Wustrow told Motherboard that something like DDoSCoin could encourage hacktivists to use the system to incentivize others to perform attacks on their behalf. “However, it’s probably still easier and more effective to just pay a ‘reputable’ botnet to do this for you,” he said. “On the other hand, something similar to DDoSCoin might lower the barrier to collecting rewards for DoS attacks, ultimately driving down the cost for hacktivist consumers.” The researchers admit that the paper introduces an idea that could be used to incentivize malicious behavior. To that end, they say that in demonstrating the proof-of-concept and evaluating proof-of-DDoS code, they have only “attacked” websites they have ownership and authority over. They emphasize that they are not publishing a working altcoin that uses this proof-of-DDoS, but rather a conceptual description of one. Source: http://www.econotimes.com/New-cryptocurrency-DDoSCoin-incentivizes-users-for-participating-in-DDoS-attacks-262858

Read this article:
New cryptocurrency ‘DDoSCoin’ incentivizes users for participating in DDoS attacks

Rio 2016: DoS attack made on Swimming Australia website after Mack Horton’s drug remarks

Swimming Australia’s website has been hit by a denial of service (DoS) attack. The ABC has learned the site is operating in an “under attack” mode in the wake of Olympic gold medallist Mack Horton’s comments about his Chinese competitor Sun Yang being a drug cheat. While the site has continued to operate, it has deployed software to check the veracity of every browser accessing the page to ensure they are legitimate. Horton’s social media has been bombarded with hundreds of thousands of negative comments from China. Swimming Australia is not commenting publicly but it is understood the attack has been referred to the Government for investigation. Security analyst Marco Ostini from AusCERT, a non-profit organisation that protects organisations from cyber attacks, said DoS attempts were extremely common. “It’s actually a very difficult problem to put a number on,” he said. “It’s certain though … based on all malicious metrics on the internet, it’s increasing.” Mr Ostini said without seeing the internet traffic and logs associated with Swimming Australia’s page it was hard to work out what had happened, but he doubted it was a high-level attack. “I’d be really surprised if it was [China] state-sanctioned attackers causing trouble for Swimming Australia,” he said. “It’s possibly more likely just a large amount of interested people who are expressing themselves in possibly posting comments [on the website].” Source: http://www.abc.net.au/news/2016-08-11/rio-2016-dos-attack-made-swimming-australia-website/7721848

Read the original:
Rio 2016: DoS attack made on Swimming Australia website after Mack Horton’s drug remarks

The Hidden Role of DDoS in Ransomware Attacks

Dave Larson offers advice for organisations wishing to protect themselves from the latest types of cyber-extortion Ransom demands and DDoS attacks are now, more than ever, being used together in inventive new techniques to extract money from victims. This ranges from hackers threatening to launch a DDoS attack unless a ransom is paid, to the recent reports of a multi-layered cyber-attack combining ransomware and DDoS attacks in one. But what is often less understood is the way that sub-saturating DDoS attacks are regularly being used as a precursor to ransomware incursion.  Because these attacks are so short – typically less than five minutes in duration – these low-bandwidth DDoS attacks allow hackers to test for vulnerabilities within a network, which can later be exploited through ransomware. Here we outline some of the typical methods of cyber-extortion involving DDoS attacks, and explain why automatic DDoS mitigation is such a key defence in the ongoing battle against ransomware. Extortion is one of the oldest tricks in the criminal’s book, and one of the easiest ways for today’s cyber-criminals to turn a profit.  As a result, there are a significant number of techniques that hackers will utilise to try and extract money from victims. One of the most common is DDoS ransom attacks, where attackers threaten to launch a DDoS attack against a victim unless a ransom is paid. These attacks can affect any internet-facing organisation and are often indiscriminate in nature. In May, the City of London Police warned of a new wave of ransom-driven DDoS attacks orchestrated by Lizard Squad, in which UK businesses were told that they would be targeted by a DDoS attack if they refused to pay five bitcoins, equivalent to just over £1,500.  According to the results of a recent survey, 80 percent of IT security professionals believe that their organisation will be threatened with a DDoS attack in the next 12 months – and almost half (43 percent) believe their organisation might pay such a demand. But despite the prevalence of DDoS ransom attacks, and its longevity as a technique, nothing elicits the same degree of alarm among security teams as the current threat of ransomware. This type of malware is estimated to have cost US businesses as much as US$ 18 million (£13.7 million) in a single year, and has already claimed a string of high-profile victims including hospitals and public bodies. Earlier this month, European police agency Europol launched a new ransomware advice service aimed at slowing down its exponential rise. But when it comes to protecting your organisation’s data from being encrypted and lost, most advice focuses on recovery, rather than prevention. This includes having a good backup policy, which ideally involves serialising data so that multiple versions of the files are available, in case newer versions have been encrypted. But what about taking a more proactive stance? We know that ransomware is usually delivered via email, inviting respondents to click on a link to download malware. Typically the themes of these emails include shipping notices from delivery companies or an invitation to open other documents that the recipient supposedly needs to review.  It’s true that many of these emails are sent opportunistically and on a blanket basis to a wide number of potential victims. But we are also seeing an increase in more targeted attacks, designed to gain access to a specific organisation’s networks.  After all, attacking a larger, more high-profile organisation would normally command a higher potential ransom reward, so hackers are investing an increasing amount of time researching specific victims and locating their vulnerabilities – usually through a variety of automated scanning or penetration techniques, many of which are increasingly incorporating the use of sub-saturating, low-bandwidth DDoS vectors. Most people associate the term ‘DDoS’ with system downtime, because the acronym stands for “Distributed Denial of Service”. But DDoS threats are constantly evolving, and many hackers now use them as a sophisticated means of targeting, profiling, and infiltrating networks. Short, sub-saturating DDoS attacks are typically less than five minutes in duration, meaning that they can easily slip under the radar without being detected by some DDoS mitigation systems. Five minutes may seem like an insignificant amount of time – but an appropriately crafted attack may only need a few seconds to take critical security infrastructure, like firewalls and intrusion prevention systems (IPS) offline. While IT teams are distracted by investigating what might be causing these momentary outages on the network, hackers can map the floor plan of their target’s environment, and determine any weak points and vulnerabilities that can later be exploited through other methods, such as ransomware. It is only by deploying an in-line DDoS mitigation system that is always-on, and can detect and mitigate all DDoS attacks as they occur, that security teams can protect themselves from hackers fully understanding all possible vulnerabilities in their networks. While these short DDoS attacks might sound harmless – in that they don’t cause extended periods of downtime – IT teams who choose to ignore them are effectively leaving their doors wide open for ransomware attacks or other more serious intrusions. To keep up with the growing sophistication and organisation of well-equipped and well-funded threat actors, it’s essential that organisations maintain a comprehensive visibility across their networks to spot and resolve any potential incursions as they arise. Source: http://www.scmagazineuk.com/the-hidden-role-of-ddos-in-ransomware-attacks/article/514229/

Read more here:
The Hidden Role of DDoS in Ransomware Attacks

Image 1470795736903.jpg

What are the DoS and DDoS attacks that brought down the census?

Experts believe that the electronic assault on the census site was a DDoS attack – a kind of electronic army that attacks an enemy’s website on every flank using millions of computers as soldiers.  About 2000 of these attacks occur every day across the world, said DigitalAttackMap, a website that monitors such attacks. Only days ago, this type of attack shut down US Olympic swimming Michael Phelps’ commercial website,  SCMagazine , which specialises in IT security, said.  It said the attack happened fresh after Phelps’ gold medal-winning performance in the men’s 4×100 metre freestyle relay at the Rio Games. One hacking expert told  Time  magazine that any celebrity or high-profile site should expect these attacks. “Each celebrity on our target list will be either hacked or DDoSed,” a representative of hacking group New World Hackers said. Xbox, US Republican presidential candidate Donald Trump and the BBC have been among New World Hackers’ recent targets. DigitalAttackMap, a joint venture between Google Ideas and network security firm Arbor Networks, said these attacks had hit online gaming sites, newspapers and banks; Greek banks were crippled this year. Yet its site doesn’t show a DDoS attack on the ABS census site on Tuesday, bolstering claims by some that the attack didn’t take place.  The DigitalAttackMap tracks DDoS attacks on a daily basis. The red flare over Brazil shows a serious DDoS attack.   Photo: DigitalAttackMap.com The Australian Bureau of Statistics said its census site was hit four times by denial of service (DoS) attacks. A DoS is a broad term for attacks that attempt to crash an online system so that users cannot access it. Some IT and cybersecurity professionals speculated that a DDoS (Distributed Denial of Service) attack was to blame.  A DDoS is a type of DoS attack in which hackers attempt to crash a system by flooding it with bots – or Trojan – accounts. DigitalAttackMap said attackers cripple websites, such as the ABS’ census site, by building networks of infected computers, known as botnets, by spreading malicious software through emails, websites and social media. Once infected, these machines can be controlled remotely, without their owners’ knowledge, and used like an army to launch an attack against any target. Some botnets are millions of machines  strong.   DigitalAttackMap says these botnets can generate huge floods of traffic to overwhelm a target. “These floods can be generated in multiple ways, such as sending more connection requests than a server can handle, or having computers send the victim huge amounts of random data to use up the target’s bandwidth. Some attacks are so big they can max out a country’s international cable capacity.” Adding to many people’s fears about the security of the census website before the attack, the information gained from these sites during an attack is sold on online marketplaces that specialise in information gained from these DDoS attacks, DigitalAttackMap said. “Using these underground markets, anyone can pay a nominal fee to silence websites they disagree with or disrupt an organisation’s online operations. A week-long DDoS attack, capable of taking a small organisation offline, can cost as little as $150,” the website said. Source: http://www.smh.com.au/technology/technology-news/what-are-the-dos-and-ddos-attacks-that-brought-down-the-census-20160809-gqowwp.html

Read More:
What are the DoS and DDoS attacks that brought down the census?

Census 2016 site falls to DDoS attack: ABS

As widely expected, the Census web site fell over last night — but the ABS has said it was with a little help from external players. The Australian Bureau of Statistics has continued its run of outs, scoring an own goal in the Census main event last night, after the agency claimed the site crashed thanks to four denial of service attacks. “The 2016 online Census form was subject to four Denial of Service attacks of varying nature & severity,” the ABS said on Twitterthis morning. “The first three caused minor disruption but more than 2 million Census forms were successfully submitted and safely stored. After the fourth attack, just after 7:30pm, the ABS took the precaution of closing down the system to ensure the integrity of the data.” “Steps have been taken during the night to remedy these issues, and we can reassure Australians that their data are secure at the ABS.” The agency said it would provide an update at 9am Wednesday. The ABS has launched a joint investigation with the nation’s defence intelligence agency into the assault, which ramped up on Tuesday evening as most of the population was going online to complete the survey. “It was an attack,” chief statistician David Kalisch told ABC radio on Wednesday. “It was quite clear it was malicious.” The source of the attacks is unknown but Kalisch said they came from overseas. On Tuesday, Opposition Leader Bill Shorten said that once the Census is completed, the Australian government needs to discuss with parliamentthe increasing retention of names and address data, and the reasons it is being kept. “I think we need to have a good, long look at the whole process to make sure we’re not asking for information we don’t need,” he said. “And to reassure ourselves that what information that is stored, is stored securely.” The Opposition Leader said politicians committed to boycotting the Census were grandstanding. The intrusions will put a spot light on the federal government’s AU$240 million cyber security strategy and the security of government resources online. The ABS confirmed last week that its IBM-developed online Census forms would not be able to handle names with accents or ligatures. The agency later removed a claim made by it that it was rated by the Australian National Audit Office as being in its “Cyber Secure Zone”. Source: http://www.zdnet.com/article/census-2016-site-falls-to-ddos-attack/

More:
Census 2016 site falls to DDoS attack: ABS

About 170 DDoS attacks were launched on the government bodies of Ukraine in last six months.

A representative of the State Service of Special Communications and Information Protection of Ukraine told this to Secretary of the National Security and Defence Council Oleksandr Turchynov, Ukrayinska Pravda reports. “About 15,000 events of information security events, including 170 DDoS attacks, were launched on the government bodies of Ukraine in last six months,” the representative said. According to him, “14 central executive authorities have been already connected to the State Centre for Cyber Protection, and the works to connect another 12 bodies are ongoing.” Source: http://www.ukrinform.net/rubric-crime/2062435-170-ddos-attacks-launched-on-ukrainian-government-bodies-in-six-months.html

More:
About 170 DDoS attacks were launched on the government bodies of Ukraine in last six months.

If two countries waged cyber war on each another, here’s what to expect

Imagine you woke up to discover a massive cyber attack on your country. All government data has been destroyed, taking out healthcare records, birth certificates, social care records and so much more. The transport system isn’t working, traffic lights are blank, immigration is in chaos and all tax records have disappeared. The internet has been reduced to an error message and daily life as you know it has halted. This might sound fanciful but don’t be so sure. When countries declare war on one another in future, this sort of disaster might be the opportunity the enemy is looking for. The internet has brought us many great things but it has made us more vulnerable. Protecting against such futuristic violence is one of the key challenges of the 21st century. Strategists know that the most fragile part of internet infrastructure is the energy supply. The starting point in serious cyber warfare may well be to trip the power stations which power the data centres involved with the core routing elements of the network. Back-up generators and uninterruptible power supplies might offer protection, but they don’t always work and can potentially be hacked. In any case, backup power is usually designed to shut off after a few hours. That is enough time to correct a normal fault, but cyber attacks might require backup for days or even weeks. William Cohen, the former US secretary of defence, recently predicted such a major outage would cause large-scale economic damage and civil unrest throughout a country. In a war situation, this could be enough to bring about defeat. Janet Napolitano, a former secretary at the US Department of Homeland Security, believes the American system is not well enough protected to avoid this. Denial of service An attack on the national grid could involve what is called a distributed denial of service (DDoS) attack. These use multiple computers to flood a system with information from many sources at the same time. This could make it easier for hackers to neutralise the backup power and tripping the system. DDoS attacks are also a major threat in their own right. They could overload the main network gateways of a country and cause major outages. Such attacks are commonplace against the private sector, particularly finance companies. Akamai Technologies, which controls 30% of internet traffic, recently said these are the most worrying kind of attack and becoming ever more sophisticated. Akamai recently monitored a sustained attack against a media outlet of 363 gigabits per second (Gbps) – a scale which few companies, let alone a nation, could cope with for long. Networks specialist Verisign reports a shocking 111% increase in DDoS attacks per year, almost half of them over 10 Gbps in scale – much more powerful than previously. The top sourcesare Vietnam, Brazil and Columbia. Number of attacks Verisign Scale of attacks Verisign Most DDoS attacks swamp an internal network with traffic via the DNS and NTP servers that provide most core services within the network. Without DNS the internet wouldn’t work, but it is weak from a security point of view. Specialists have been trying to come up with a solution, but building security into these servers to recognise DDoS attacks appears to mean re-engineering the entire internet. How to react If a country’s grid were taken down by an attack for any length of time, the ensuing chaos would potentially be enough to win a war outright. If instead its online infrastructure were substantially compromised by a DDoS attack, the response would probably go like this: Phase one: Takeover of network : the country’s security operations centre would need to take control of internet traffic to stop its citizens from crashing the internal infrastructure. We possibly saw this in the failed Turkish coup a few weeks ago, where YouTube and social media went completely offline inside the country. Phase two: Analysis of attack : security analysts would be trying to figure out how to cope with the attack without affecting the internal operation of the network. Phase three: Observation and large-scale control : the authorities would be faced with countless alerts about system crashes and problems. The challenge would be to ensure only key alerts reached the analysts trying to overcome the problems before the infrastructure collapsed. A key focus would be ensuring military, transport, energy, health and law enforcement systems were given the highest priority, along with financial systems. Phase four. Observation and fine control : by this stage there would be some stability and the attention could turn to lesser but important alerts regarding things like financial and commercial interests. Phase five. Coping and restoring : this would be about restoring normality and trying to recover damaged systems. The challenge would be to reach this phase as quickly as possible with the least sustained damage. State of play If even the security-heavy US is concerned about its grid, the same is likely to be true of most countries. I suspect many countries are not well drilled to cope with sustained DDoS, especially given the fundamental weaknesses in DNS servers. Small countries are particularly at risk because they often depend on infrastructure that reaches a central point in a larger country nearby. The UK, it should be said, is probably better placed than some countries to survive cyber warfare. It enjoys an independent grid and GCHQ and the National Crime Agency have helped to encourage some of the best private sector security operations centres in the world. Many countries could probably learn a great deal from it. Estonia, whose infrastructure was disabled for several days in 2007 following a cyber attack, is now looking at moving copies of government data to the UK for protection. Given the current level of international tension and the potential damage from a major cyber attack, this is an area that all countries need to take very seriously. Better to do it now rather than waiting until one country pays the price. For better and worse, the world has never been so connected. Source: http://theconversation.com/if-two-countries-waged-cyber-war-on-each-another-heres-what-to-expect-63544

Visit site:
If two countries waged cyber war on each another, here’s what to expect