Tag Archives: ddos

IBM botched geo-block designed to save Australia’s census

Bureau of Stats says spooks signed off IBM’s plan, but Big Blue mucked something up Australia’s Bureau of Statistics has heavily criticised IBM for the security it applied to the nation’s failed online census, which was taken offline after a distributed denial of service (DDoS) attack that battered a curiously flimsy defensive shield.…

See more here:
IBM botched geo-block designed to save Australia’s census

Hackers threaten First Securities with DDoS attacks

TAIPEI, Taiwan — First Securities (?????) was blackmailed on Thursday by hackers who threatened to completely disable its trading system with DDoS (distributed denial-of-service) attacks. The hackers asked the brokerage firm to pay 50 bitcoins (approximately NT$940,000), in an email that they sent to First Securities at around 10 a.m. on Thursday. Local newspaper Apple Daily cited an unnamed source as saying that a DDoS attack came at around 11 a.m., stopping all electronic trades. First Securities President Yeh Kuang-chang (???) confirmed that they received the blackmail email but stressed that the firm’s trading system was only slowed down but not disabled by the attacks as reported. The firm has activated a reserve system and, while a small number of investors were affected by the attacks, the system was not paralyzed, Yeh said. He said he believed the situation would be resolved by Friday. Yeh said the firm had reported the incident, which he said had caused no losses to the firm, to the authorities or to the investigation bureau. Yeh also stressed that while the firm had yet to ascertain the origin of the hackers, he had preliminary ruled out the possibility that Thursday’s DDoS attacks were related to the ATM heist aimed at its sister institution — First Commercial Bank — in July. ATMs at 41 First Bank branches were hacked in the incident, with over NT$80 million believed to have been stolen. Seventeen suspects from six countries have been identified in the heist, which involved an international crime ring. The Taiwan Stock Exchange (TWSE) issued a statement at 6 p.m. saying that First Securities suffered from an unknown online attack beginning at 10:50 a.m. and was not able to immediately recover its electronic trading system. The TWSE advised investors to use other forms of trading. TWSE Vice President Chien Lih-chung (???) said the TWSE had informed other securities firms and that no other firms had reported similar blackmail or system problems. Source: http://www.chinapost.com.tw/taiwan/national/national-news/2016/09/23/479195/Hackers-threaten.htm

Read More:
Hackers threaten First Securities with DDoS attacks

Cybersecurity is threatening America’s military supremacy

The sparsely populated Spratly Islands, a collection of hundreds of islands and reefs spread over roughly 165,000 square miles in the South China Sea, are very quickly becoming the center of one of the most contentious international disputes between world powers since the fall of the Soviet Union. Alarmingly, the use of cyber attacks in this dispute suggests we might already be in the midst of a new Cold War playing out in cyberspace — where America’s advantage is not as clear as it is with conventional armies and navies. The Spratly Islands are of economic and strategic importance. All of the countries in the region — including China, Vietnam and the Philippines — have made competing territorial claims to the region. In recent years, China has become increasingly aggressive in its claim, rapidly building artificial islands while also conducting military operations in the area. Beyond this conventional military build up, however, are complex and brazen cyber attacks by China that are leaving America and its allies increasingly concerned. A massive distributed denial of service (DDoS) attack knocked offline at least 68 Philippine government websites in July, apparently in response to an international court ruling that denied China’s territorial claims in the region. Just days later, Vietnam’s national airline and major airports were targeted in a series of attacks by the Chinese hacking group 1937CN. Those are just the latest examples of China’s years long cyber campaign related to the Spratly Islands. (In another attack, the website of the aforementioned international court was infected with malware and taken offline last year.) While these “nuisance” attacks — and continued cyber espionage by China — are serious, targeted Chinese cyber attacks designed to impact America’s physical military systems in the South China Sea are the most substantial evidence that we may be on the brink of a more tangible cyber threat to American military power. China appears to be moving forward with plans to use electronic attacks designed to either disrupt or take control of American drones. With reports that the Chinese attempted to interfere with U.S. military drones at least once in recent years, the country has shown a willingness to use GPS jamming to prevent U.S. aircraft from conducting surveillance missions in the Spratly Islands. That 2015 instance appears to fit China’s public posturing on the ways it says it could use electronic GPS jamming to disrupt U.S. drone networks. One 2013 report in the Chinese journal  Aerospace Electronic Warfare  notes in technical detail how its military can “use network warfare to attack and even control America’s network” by disrupting the connection between satellites and aircraft. This sort of GPS jamming could be the largest electronic threat to the U.S. drone program. In fact, it has been widely speculated that Iran used a similar GPS “spoofing” technique to take control of a U.S. surveillance drone in 2011. The American military says it is preparing for these sorts of attacks with its new cyber strategy released last year. In addition to outlining how cyber will be included in military planning, the report calls for a hardening of the military’s cyber defenses to prevent the theft of military technology or cyber attacks against military infrastructure and weaponry. The challenge, as any expert in the cybersecurity world would tell you, is that the capabilities and sophistication of the Chinese, Russians and other state-sponsored and non-state hackers are increasing exponentially. One only has to read the news to see nearly daily evidence of this (e.g. the recent suspected NSA breech, hacks targeting Democratic political organizations, the attack against the State Department’s email system or the theft of military intel in the OPM hack). The relatively inexpensive cyber options being employed today by both state and non-state hacking groups make it an incredibly efficient “leveler” of power. A small group of hackers using simple spear-phishing tactics, for example, can have massive impact on military installations, government operations, critical infrastructure and potentially even weapons systems. The unconventional battle playing out in the South China Sea — where cyber attacks are taking the place of conventional fighting and other forms of diplomacy — is a new model of warfare. The growing cyber threat from China may pose the most immediate threat to America and its allies because, while the U.S. continues to have a clear conventional military advantage, our advantage in cyber is not as clear. Source: https://techcrunch.com/2016/09/21/cybersecurity-is-threatening-americas-military-supremacy/

Link:
Cybersecurity is threatening America’s military supremacy

Blizzard’s Battle.net Servers Knocked Offline By Another DDoS Attack

Blizzard Entertainment became a victim of yet another distributed denial-of-service (DDoS) attack as its Battle.net servers were knocked down on Sunday, Sept. 18. The DDoS attack that rendered Battle.net’s servers offline was waged by hacking group PoodleCorp. Owing to the attack, Battle.net, which runs several popular games such as  World of Warcraft ,  Hearthstone: Heroes of Warcraft  and  Overwatch  to name a few, was left handicapped even as angry users took to social media to vent their ire. Gamers on PC, PlayStation 4 and Xbox One were all affected by the outage. Blizzard Entertainment acknowledged the situation on its official Twitter account. “We are currently monitoring a DDOS attack against network providers which is affecting latency/connections to our games,” wrote Blizzard in a tweet. The DDoS attack on Battle.net lasted for half an hour after PoodleCorp took to Twitter to state that it would halt the attack and restore the servers if the tweet below was retweeted 2,000 times. The blackmail (ransom note?) found favor with a majority of gamers as they were only too willing to retweet to have access again to the games they were playing. As promised, PoodleCorp stopped the attack once the 2,000 retweet milestone was reached. This is not the first time Blizzard Entertainment has come under the mercy of PoodleCorp. Earlier in August, we reported that it was hit with a PoodleCorp DDoS attack, which disrupted gameplay for users of Battle.net until network engineers addressed the issue. Back then however, the hacking group did not ask for retweets. Blizzard Entertainment has been the victim of a spate of DDoS attacks in the past few months. In June, an attack took down its servers as well. The outage was attributed to Lizard Squad member AppleJ4ck, who claimed responsibility and cautioned that the hack was a small part of some “preparations.” Aside from the DDoS attack, Blizzard has been having a terrible week anyway. On Sept. 14, 16 and 18, the company suffered from technical issues that prevented or delayed users from logging in and joining the game servers. However, for now, Blizzard Entertainment can breathe easy as the technical problems Battle.net was encountering owing to the DDoS attack from PoodleCorp have been resolved. Source: http://www.techtimes.com/articles/178300/20160919/blizzards-battle-net-servers-knocked-offline-by-another-ddos-attack.htm  

Visit link:
Blizzard’s Battle.net Servers Knocked Offline By Another DDoS Attack

DDoS always knocks twice

If you were DDoSed once, you will be DDoSed again, that is for sure. A company is rarely attacked by a DDoS (distributed denial of service) just once. If it happens once, it will probably happen again, which is why constant preventive measures are required, if a company wants to keep their online services operational. These are the results of a new report by Kaspersky Lab. Entitled Corporate IT Security Risks 2016, it says that one in six companies were victims of DDoS attacks in the past 12 months. The majority of those attacks were aimed against construction, IT and telecommunications companies. Almost four out of five (79 per cent) reported more than one attack, and almost half reported being attacked four times, or more. The length of these attacks is also an issue. Just above a third (39 per cent) are considered ‘short-lived’, while more than a fifth (21 per cent) lasted ‘several days’ or even ‘weeks’. Companies are usually the last to know they’re being attacked, too, with 27 per cent being informed by their customers, and in 46 per cent of cases by their third-party audit organisation. Kaspersky Lab says this is not unusual, as cyber-attackers usually go for customer portals (40 per cent), communication services (40 per cent) and websites (39 per cent). “It’s dangerous to view DDoS attacks as some rare occurrence that a company may encounter once, by accident, and with minimal damage. As a rule, if an attack is successful, the criminals will use this tool against a company over and over again, blocking its resources for prolonged periods of time. Unfortunately, even a single attack can inflict large financial and reputational losses and, considering the likelihood of a repeat attack is almost 80 per cent, you can multiply these losses two, three or more times. For a modern company, an anti-DDoS solution is just as necessary as the basic protection against malware and phishing,” says Alexey Kiselev, Project Manager on the Kaspersky DDoS Protection team. Source: http://www.itproportal.com/news/ddos-always-knocks-twice/

More:
DDoS always knocks twice

Waiting for DDoS

In football, many offensive plays are designed to trick the defense into thinking something else is about to unfold. In the world of cybersecurity, DoS (Denial of Service) or DDoS (Distributed Denial of Service) attacks often serve as a similar smokescreen or decoy to a far more sinister plot with the ulterior motive to mount a computer network breach that results in the loss of data or intellectual property. It was a DDoS attack that woke up Sony Pictures a year ago (watch the video emailed to Sony employees on the morning of the attack), even though attackers had infiltrated the company’s networks months before undetected, and eventually obliterated its computer systems. According to  Fortune , half of Sony’s global network was wiped out, erasing everything stored on 3,262 of the company’s 6,797 personal computers and 837 of its 1,555 servers. Hackers calling themselves “#GOP” (Guardians of Peace) threatened to release publicly Sony Pictures’ internal data if their demands, including “monetary compensation,” were not met. They weren’t bluffing. Sobering DDoS Statistics Recent studies show DDoS attacks growing exponentially in recent years, launched through rentable, relatively inexpensive, anonymous botnets that cost as little as $1,000 and can render an e-commerce website completely inoperable. The average denial of service (DoS) attack costs the victim $1.5 million, according to a separate Ponemon Institute survey sponsored by Akamai and published in March 2015. The 682 responding companies reported four attacks a year. AT&T also reported companies across its network were hit with four times a year with DDoS attacks and 62 percent growth in DDoS attacks over the past two years. Once an organization receives a DDoS attack, the chances of being the object of a data breach are better than 70 percent, reported Neustar Inc., a Sterling, Va.-based provider of cloud-based information services, including conducting research on cloud metrics and managing various top-level internet domains. The second quarter of 2015 set a record for the number of DDoS attacks recorded on Akamai’s Prolexic Routed network – more than double what was reported in 2014’s second quarter. Corero Networks, a Hudson, Mass.-based security services provider, reported that its clients were getting DDoS attacks an average of three times a day, and in the second quarter of 2015 daily attack volume reached an average of 4.5 attacks, a 32 percent increase from the previous quarter. More than 95 percent of the attacks combated by Corero last 30 minutes or less, and the vast majority of the attacks were less than 1 Gbps. Only 43 percent rate their organizations as highly effective in quickly containing DoS attacks, and only 14 percent claimed to have had the ability to prevent such attacks, according to the Ponemon report. The worst DDoS attack on the Akamai network peaked at 214 million packets per second (Mpps), a volume capable of taking out tier 1 routers, such as those used by internet service providers (ISPs). “It’s pretty hard to stay one step ahead of these guys,” admits Mark Tonnesen, chief information officer (CIO) and chief security officer (CSO) of Neustar. In a recent survey of 760 security professionals commissioned by Neustar and conducted by Simply Direct of Sudbury, Mass., for the U.S. market and Harris Interactive of London for the Europe, Middle East and Africa (EMEA) markets,  DDoS attacks increased in 2015 six-fold when compared to the previous year. “Every day there’s an announcement of some [DDoS attack] going on with a company caught unprepared, trying to ramp up with people and technology,” Tonnesen says. “Companies are looking for any way they can grab an edge any way in identification, detection and reaction time to eliminate the attack.” Interruption vs. Outage Those behind DDoS attacks may have ulterior motives to capture real value from the attack, such as financial gain, brand carnage, or intellectual property resold on the underground market. Any of those scenarios happen nine out of every 10 DDoS attacks, according to Neustar data. The impact on a company’s customers and the firm’s bottom line “negatively impacts everybody’s financials,” Tonnsesen points out. DDoS attacks, which can take the form of an interruption or the more serious outage, almost always serves as a smokescreen avoiding attention to an outright sinister data breach. Meanwhile, the IT staff is trying to figure out why the website isn’t working properly. “Unbeknownst to you, [the malware is] already in your network,” he explains. A DDoS  outage  is a complete slaughter of messaging to a network, such as an e-commerce platform. Effectively, the network appears to shut down completely due to the bandwidth overload, making it nearly impossible to get traffic through to the website. In contrast, a DDoS  interruption  involves attacks targeted such as to a customer service organization or intellectual property or customer records and identity. “[An interruption] certainly has a major impact, but it wouldn’t be an outage,” explains Tonnesen. “It’s more of a disruption, not a flat-out attack. The attackers are much more intelligent and organized; they know what they’re certainly looking for, such as affecting your brand and or having a financial impact. There’s an element of showcasing their capability, and the lack thereof of the company that was attacked.” As a result, IT security and network teams must be vigilant and always be on high alert. The Hybrid Solution  Some CISOs are moving to a “hybrid” approach to combating a DDoS attack of the of the Open System Interconnection (OSI) Model Application Layer 7 variety. The approach uses an on-ground client security product that links with a cloud-based mitigation tool. One argument for this approach is that attack victims can react more quickly to a specific attack on a business area, such as engineering or customer support, if they have the benefit of cloud-based updates rather than waiting for a network-based device to be updated. “Based on the customers I talk to, hybrid approaches are becoming mainstream,” says Tonnesen. Client and cloud security products work together with one or the other configured as a rules-based defense working on certain types of data attacks that affect key assets and applications.  Typically, underlying attacks involve a DNA-like sequence that lives in a lower level of an organization’s technology stack, such as malware sitting on a server some place, and begin to take over key assets. “That’s where a DDoS mitigation service can really help a weakness or attack sector,” Tonnesen says. “One approach really isn’t good enough anymore.” Mike Weber, vice president of labs of Coalfire, a cyber risk management and compliance company based in Louisville, Colo., says that “being able to diagnose a denial of service attack does take some time. Generally understanding if it’s a problem internally, such as an application malfunction, system problem or faulty hardware, those kinds of diagnostics take a while.” When Weber was fending off DDoS attacks at a former employer, a web hosting company, he received an insider’s view of old-fashioned corporate espionage. The client hosting company had known adversaries but could never pin the frequent attacks on a single entity. “They had a good idea who was behind the attacks,” he remembers. “A lot of times, it was their competition. It was used as a revenge tactic – sometimes it was intended to impact that company from a business perspective for whatever reason. Maybe it’s a page rank or advertising issue.” Attackers leverage those kinds of attacks to consume personnel/intellectual capital being used for diagnosis. While the victim attempts to identify the strategy attempting to thwart it typically sends companies under attack into a state of chaos. An attack against a website can be set to look like a denial of service interspersed with an attack that achieved the end goal of flooding log servers. Typically the obvious attack needs to be stopped before one can diagnose the other less obvious attack. “Think of that as DNS (Domain Name System) amplification – a DDoS attack where the attacker basically exploits vulnerabilities in the DNS servers to be able to turn small inquiries into large payloads, which are directed back to the victim’s server,” Weber says. “Those are a different protocol than those other attacks that are attacking different parts of the infrastructure whether they’re operating systems or applications. So typically they would be targeted towards two different parts of the client environment.” Malicious Traffic A typical approach to prevent DDoS from inflicting damage is to re-route non-malicious traffic to a cloud-based or third-party provider whose sole purpose is to mitigate denial of service-type attacks at what’s known as a “scrubbing” center. “Only clean traffic gets through,” says J.J. Cummings, managing principal of Cisco’s security incident response team. DDoS traffic then purposely gets diverted to the external provider, which takes the “brunt” of the attack and “roots out all that’s evil and bad.” Denial of service attacks are extremely challenging and can be expensive from a mitigation perspective, in terms of pipe size and technology, he admits. “At the end of the day it comes down to how critical these business applications are,” Cummings says. “How much do you want to spend to withstand an attack and an attack of what size?” The first questions that need to be addressed before, during or following a DDoS, says Cummings, “are how big is your Internet pipe and how much bandwidth has been thrown at you historically?” The answers determine a network’s required level of operational capability as well as what the needs at a bare minimum to resume the business. Security products are available from multiple vendors to help harden a company’s public-facing systems so they’re less susceptible to targeted types of attacks. “Those technologies presume you have enough of an Internet pipe to withstand that amount of bandwidth,” says Cummings. Otherwise, it’s a moot point. Detection analytics is another important tool to put DDoS mitigation measures in place. “You don’t all the sudden get a terabyte of traffic hitting. It kind of spools up, as that botnet starts to distribute the attack commands,” he adds. ISPs can know in advance to block certain IP addresses or certain traffic streams upstream. More sophisticated attacks often are focused on a profit motive and target companies with a lot of money or a gambling site that is taking bets on a major sporting event. In online video gaming or gambling, some players go to the extremes of disrupting the network where the opposition is hosted by firing off a DDoS attack. Retribution is another scenario with DDoS attacks. A former employee or student gets mad and rents a botnet to conduct the attack. A significant consequence to a denial of service attack is damage to the victim organization’s reputation, in addition to a potential dollar loss for every minute that the network is offline. Nearly two-thirds (64 percent) of respondents in the Ponemon Institute’s denial of service study say reputation damage is the main consequence of a DoS attack, with 35 percent for diminished IT staff productivity and 33 percent for revenue losses. “We try to come up with metrics on how to measure reputation loss, which is pretty significant,” says Larry Ponemon, chairman of the Ponemon Institute, the cybersecurity think tank based in Traverse City, Mich. “When people hear the bad news, what do they do? The churn can be significant from a revenue point of view. People leave, they find alternatives.” Citing research from the institute’s recent Cost of Data Breach study, Ponemon says the most expensive attack type on a unit cost per attack is DDoS, when compared to other security incidents such as phishing, because it takes a lot of effort to stop it. Meanwhile, he adds, “there’s an extraction of data while people are worrying about the website being down.” Source: http://www.scmagazine.com/waiting-for-ddos/article/523247/

Visit site:
Waiting for DDoS

Researcher believes major DDoS attacks part of military recon to shut down internet

Security researcher Bruce Schneier spotted a series of DDoS attacks which may be part of a larger effort to learn how to take down the internet on a national or even global scale. The attacks targeted major companies that provide the basic infrastructure for the internet and the incidents seem to appear to have probed the companies’ defenses to determine how well they can protect themselves, according to a Sept. 13 blog post. Schneier said he is unable to give details concerning which companies were targeted because he spoke with the companies under anonymity, but said the attack rate has increased in the last two years and that his findings are supported by a Verisign DDoS trends report. Schneier told SCMagazine.com he believes the attacks are part a foreign cyber organization doing military recon activities. The attacks are believed to be from China, but that being said Schneier said he is hesitant to point the blame at anyone. So far the targeted companies have been able to defend themselves, but when it comes to actually being able to take down the internet, Schneier said, “it does seem you can do it for small amounts of time but not permanently.” Some other experts agree. Several countries have a history of using DDoS attacks to target the U.S. and other nations so it’s safe to say that if taking down the internet will improve one’s position as a world power, someone will try to do it, Plixer CEO Michael Patterson told SCMagazine.com via emailed comments. “Consider the past attacks on our utilities and our 911 system and you can begin to appreciate the possibility of a combination of attacks that would certainly be possible with DDoS technologies,” Patterson said. “Our government needs to develop and implement a full scale back-up in the event that any one of these world players are successful in taking down the Internet.” Patterson said so much of the U.S. economy depends on the internet that its critical to have an alternative communication and digital plan in place in case something happens. However, some industry pros expressed doubt that an attacker would be able to carry out such a large scale attack. While the size, duration, and sophistication of DDoS attacks continue to grow, a complete shutdown is unlikely, Tim Matthews, Imperva Incapsula VP of marketing,  told SCMagazine.com via emailed comments. “Attacks might present temporary regional slowdowns – and annoy customers – but certainly not cause a global Internet blackout, as Mr. Schneier suggests,” Matthews said. “And with proper DDoS protections in place, most attacks like these would be stopped in their tracks.” Source: http://www.scmagazine.com/infrastructure-ddos-attacks-could-be-part-of-larger-plan-to-shut-down-internet-on-massive-scale/article/522962/

Link:
Researcher believes major DDoS attacks part of military recon to shut down internet

6 steps for defending against DDoS attacks

If your business hasn’t already faced a distributed denial-of-service (DDoS) attack, brace yourself: fake traffic is coming. Your DevOps team and IT service desk need an action plan to handle these threats. This article will take you step-by-step through the process of identifying, stopping, and responding to DDoS attacks. The Task at Hand Before we discuss how to stop DDoS attacks, we need to examine their nature. No matter who launches a DDoS assault, the functional objective is the same: to take down a web service so that it denies access to legitimate end users. Hackers launch DDoS attacks for sport. Competitors do it to hurt your business. Hacktivists use them to further a cause. Extortionists even use DDoS attacks to hold web services for ransom. Whether attackers bombard your network with traffic, target a protocol, or overload application resources, the mechanics of DDoS attacks change little. Year after year though, DDoS attacks increased in size, complexity, and frequency according to research published by Arbor Networks in July 2016. The security firm recorded an average of 124,000 DDoS events  per week  over the prior 18 months. At 579 Gbps, the largest known attack of 2016 was 73 percent larger than the 2015 record holder. Mind you, 1 Gbps is enough to take down most networks. In theory, the task at hand is simple: create a system that can absorb DDoS attacks. In practice, DDoS defense is difficult because you have to distinguish between legitimate and illegitimate sources of traffic — and cybersecurity budgets don’t grow on trees. With these considerations in mind: Set Traffic Thresholds  You probably track how many users visit your site per day, per hour, and per minute. Thus, you understand your average traffic levels and, hopefully, you’ve recorded how special events (sales, big news releases, etc.) affect visits. Based on these numbers, set thresholds that automatically flag abnormal traffic for your security team. If you expect 1,000 visitors per 10 minutes, an influx of 5,000 visitors over one minute should trigger your alert. Blacklist and Whitelist Control who can access your network and APIs with whitelists and blacklists. However, do  not automatically blacklist IP addresses that trigger alerts. You will see false positives, and overreacting is a sure way to infuriate good customers. Temporarily block traffic and see how it responds. Legitimate users usually try again after a few minutes. Illegitimate traffic tends to switch IP addresses. CDNs The best defense against DDoS attacks is a content delivery network (CDN) like Prolexic (acquired by Akamai), Incapsula, Arbor Networks, or CloudFlare. They can identify illegitimate traffic and divert it to their cloud infrastructure. The problem is that CDNs are not cheap. A typical plan costs five figures per month. Or, if you pay per incident, you might get a six-figure bill for one attack. If you run a bank, a massive ecommerce company, or a social platform that makes thousands of dollars per second, that’s a small price to pay. Most companies either can’t afford a CDN or don’t have a platform that warrants such high security. If, for instance, your company has an informational website where no one makes transactions or uses services, you don’t need a CDN. You’re not a prime target. An application or network firewall might be enough to prevent abnormal traffic. If a DDoS attack takes you down, it won’t harm customers or your reputation. The cheapest way to defend against DDoS attacks is to deploy more servers when you detect suspicious activity. That is the  least  reliable method but still better than nothing. Remember, there is no end to the amount of money you can throw at security. Depending on your budget and risk tolerance, choose the right option for your service desk. Automate Communication with Customers When a DDoS attack succeeds, you don’t want your service desk buried in emails, phone calls, social media posts, and instant messages. Create a status page that automatically displays whether your service is up or down. Also, create DDoS communications templates that you can auto-send to end users who contact you. These templates should cover any interruption to service, not just DDoS attacks. Keep it vague with something like: “Thank you for contacting [your company name]. Our platform is currently down. We are working as quickly as possible to restore service. We will post updates on our status page [hyperlinked] as soon as we have more information”. Incident Report and Root Cause Analysis After you suffer an attack, you need to reestablish credibility. Draft an incident report explaining what happened, why, and how you responded. Then, discuss how you will prevent future attacks. If you contracted a CDN, for instance, discuss how it works and how it will deter future attacks. Open the report with simple,  non -technical language. You can add a technical section for CIOs, CTOs, and others who would appreciate the details. Practice for Attacks Simulate DDoS attacks to gauge how your action plan works. You could give DevOps and the service desk warning or take them by surprise to make the simulation realistic. Companies often run simulations in a planned maintenance window to spare end users further inconvenience. If you have a CDN, you can warn the provider, or not. Obviously if you pay per incident, coordinate tests with the CDN provider. Expect the Worst DDoS attacks are inevitable. Although they range from acts of digital vandalism to full-blown cyberterrorism, all DDoS attacks follow the same principles. Your action plan should address all types of DDoS attacks, no matter who perpetrates them. Whatever you do though, do not sacrifice your end users to cybersecurity paranoia. Better to suffer an attack than throttle the business you sought to defend. Source: http://betanews.com/2016/09/15/6-steps-for-defending-against-ddos-attacks/

Visit site:
6 steps for defending against DDoS attacks

DDoS and web application attacks keep escalating

Akamai Technologies released its Second Quarter, 2016 State of the Internet / Security Report, which highlights the cloud security landscape, specifically trends with DDoS and web application attacks, as well as malicious traffic from bots. During May 2016, the number of attacks spiked, fueled by campaigns targeting the gaming industry “While attack sizes are decreasing, we continue to see an uptick in the number of attacks as launch tools grow increasingly pervasive and easy to … More ?

Visit link:
DDoS and web application attacks keep escalating

Attackers Launch DDoS Attacks And the Kitchen Sink

First off, full disclosure, I work for Akamai as my day job. I don’t want any illusion on the point as I discuss the latest State of the Internet report that I was fortunate enough to be a part of creating. That being said, it was an interesting quarter. Last quarter shed some light on some interesting developments with regards to Distributed Denial of Service (DDOS) as attackers tried their hand at various different approaches. We hear. time and again, about DDoSdistributed denial of service attacks and theis last most recent quarter gave rise to one of significant volume. This example was a rather significant attack that was a confirmed 363 Gbps of attack traffic against a media organization customer in Europe. Nothing to sneeze at to be certain. Is your organization in a position to sustain operations while weathering an attack of this magnitude? As we have seen more frequently of late, this was a multi vector attack. Tto put a fine point on it, this attack made use of multiple different vectors in the attacker’s futile attempt to take down their intended target. They made their attempt using the following vectors: SYN, UDP fragments, push, tcp, DNS and UDP floods. The only thing they forgot to throw in was the kitchen sink. Over the last few quarters Akamai has noticed an uptick in the number of attacks against sites that have DNSSEC configured domains. DNS open resolvers continue to rise and attackers are taking advantage of this by capitalizing on them to amplify their attack traffic. A great deal of this can be traced back to botnets that have been built out as the commoditization of DDoS continues to spread. Now, in addition to this type of attack, we also see that the criminal element has been leveraging tactics to obfuscate their origin and identity when launching web attacks to obfuscate their origin and identity. These attackers have been demonstrating an increased use of anonymization services to help to cover their digital footprints in the binary sand. Like with any criminal with a lick of ny sense about them, the last thing attackers they want is to get pinched by law enforcement. Subsequently we have seen an increased amount of use of attackers leveraging virtual private networks (VPNs) and proxies when launching web application attacks. When looking for resources on how to accomplish this online, we see all manner of webpage giving step by step instructions onthat steps through what an attacker would need to do. From blocking client side JavaScript to using a browser in Incognito mode and even leveraging Tor to launch attacks. All of these ideas have various levels of merit but, there are shortfalls wherein the attacker can be discovered. There are differences between the traditional VPN services and anonymizing ones. Traffic from between the client and the VPN service is encrypted and the IP address of the client is masqueraded. Pretty standard, but, when you look at an anonymization service they will promise any number of things, the most basic being like not storing any logging information on their customers. This is not always the case as one Lulzsec member discovered in September 2011 when his VPN provider was served with a court order to turn over logs, which they claimed they didn’t keep. Another thing that attackers have to contend with is the throttling of bandwidth over anonymization services. As a result, they leverage third party booted and stressor platforms to launch their attacks. These services would be paid for with Bitcoin in an effort to further obfuscate their identity and avoid detection. Be sure to check out the latest copy of the State of the Internet Report which is out today September 14, 2016. for more in-depth discussion on denial of service attacks and anonymization efforts of the attackers. Source: http://www.csoonline.com/article/3119675/security/attackers-launch-ddos-attacks-and-the-kitchen-sink.html

See original article:
Attackers Launch DDoS Attacks And the Kitchen Sink