Tag Archives: denial of service attack

How can you prepare for a cyber attack?

Keeping your data secure is more important than ever, but it seems like there’s a new wide-scale data breach every other week. In this article, David Mytton discusses what developers can do to prepare for what’s fast becoming inevitable. Cyber security isn’t something that can be ignored anymore or treated as a luxury concern: recent cyber attacks in the UK have shown that no one is immune. The stats are worrying – in 2016, two thirds of large businesses had a cyber attack or breach, according to Government research. Accenture paints a bleaker picture suggesting that two thirds of companies globally face these attacks weekly, or even daily. According to the Government’s 2016 cyber security breaches survey, only a third of firms have cyber security policies in place and only 10% have an emergency plan. Given management isn’t handling the threat proactively, developers and operations specialists are increasingly having to take the initiative on matters of cybersecurity. This article covers some essential priorities developers should be aware of if they want their company to be prepared for attack. Know your plan There’s no predicting when a cyber attack might come, whether it be in the form of a DDoS, a virus, malware or phishing. It’s therefore important to be constantly vigilant, and prepared for incidents when they do occur. Senior leadership in your company should be proactive when laying out a plan in the event of an attack or other breach, however this might not always be the case. No matter what your position is within your company, there are preemptive actions you can take on a regular basis to ensure that you’re adequately prepared. If you’re in an Ops team, make sure you’re encouraging your team to test your backups regularly. There’s little use having backups if you’re unable to actually restore from them, as GitLab learned to their detriment earlier in the year. Use simulations and practice runs to ensure that everyone on your team knows what they’re doing, and have a checklist in place for yourself and your colleagues to make sure that nothing gets missed. For example, a DDoS attack may begin with a monitoring alert to let you know your application is slow. Your checklist would start with the initial diagnostics to pinpoint the cause, but as soon as you discover it is a DDoS attack then the security response plan should take over. If you happen to be on-call, make sure you’ve got all the tools you need to act promptly to handle the issue. This might involve letting your more senior colleagues know about the issue, as well as requesting appropriate assistance from your security vendors. Communication is always one of the deciding factors in whether a crisis can be contained effectively. As a developer or operations specialist, it’s important to be vocal with your managers about any lack of clarity in your plan, and ensure that there are clear lines of communication and responsibility so that, when the worst does occur, you and your colleagues feel clear to jump into action quickly. Remember your limits It might sound obvious, but it’s worth remembering: in a cyber attack or catastrophic incident, there is only so much you yourself can do. Too many developers and operations staff fall prey to a culture of being ‘superheroes’, encouraged (often through beer and pizza) to stay as late as they can and work as long as possible on fixes to particular issues. The truth is, humans make mistakes. Amazon’s recent AWS S3 outage is a good example: swathes of the internet were taken offline due to one typo. If you’re on-call while a cyber attack occurs there’s no denying you’re likely to work long hours at odd times of the day, and this can put a real strain on you, both mentally and physically. This strain can make it much harder for you to actually concentrate on what you’re doing, and no amount of careful contingency planning can compensate for that. At Server Density we’re keenly aware that employee health and well being is critical to maintaining business infrastructure, especially in the event of a crisis. That’s why we support movements like HumanOps, which promote a wider awareness of the importance of employee health, from the importance of taking regular breaks to ergonomic keyboards. All too often people working in IT forget that the most business-critical hardware they look after isn’t servers or routers, it’s the health and well being of the people on the front lines looking after these systems. Cyber attacks are stressful on everyone working in an organisation, and the IT teams take the brunt of the strain. However, with careful planning, clear lines of delegation and an appreciation of the importance of looking after each other’s health, developers and operations specialists should be able to weather the storm effectively and recover business assets effectively. Source: https://jaxenter.com/can-prepare-cyber-attack-133447.html

Read More:
How can you prepare for a cyber attack?

How The New York Times Handled Unprecedented Election-Night Traffic Spike

When he woke up the morning of October 21, 2016, Nick Rockwell did the same thing he had done first thing every morning since The New York Times hired him as CTO: he opened The Times’ app on his phone. Nothing loaded. The app was down along with BBC, CNN, Fox News, The Guardian, and a long list of other web services, taken out by the largest DDoS attack in history of the internet. An army of infected IP cameras, DVRs, modems, and other connected devices – the Mirai botnet – had flooded servers of the DNS registrar Dyn in 17 data centers, halting a huge number of internet services that depended on it for letting their users’ computers know how to find them online. The outage had started only about five minutes before Rockwell saw the blank screen on his phone. His team kicked off a standard process that was in place for such outages, failing over to the Times’ internal DNS hosted in two of its four data centers in the US. The mobile app and the main site were back online about 45 minutes after they had gone down. While going through the fairly routine recovery process, however, something was really worrying Rockwell. The thing was, he didn’t know whether the attack was directed at many targets or at the Times specifically. If it was the latter, the effect could be catastrophic; its internal DNS wouldn’t hold against a major DDoS for more than five seconds. “It would’ve been incredibly easy to DDoS our infrastructure,” he said in a phone interview with Data Center Knowledge. His team had been a few months deep into fixing the vulnerability, but they weren’t finished. “We were OK [in the end], but we were vulnerable during that time.” The process to fix it started as they were preparing for the 2016 presidential election. Election night is the biggest event for every major news outlet, and Rockwell was determined to avoid the 2012 election night fiasco, when the site went down, unable to handle the spike in traffic. One of the steps the team decided to do in preparation for November 2016 was to fully integrate a CDN (Content Delivery Network). CDN services, such as Akamai, CloudFlare, or CDN services by cloud providers Amazon, Microsoft, and Google, store their clients’ most popular content in data centers close to where many of their end users are located – so-called edge data centers — from where “last-mile” internet service providers deliver that content to its final destinations. A CDN essentially becomes a highly distributed extension of your network, adding to it compute, storage, and bandwidth capacity in many metros around the world. That a CDN had not been integrated into the organization’s infrastructure came as a big surprise to Rockwell, who joined in 2015, after 10 months as CTO at another big publisher, Condé Nast. While at Condé Nast, he switched the publisher from a major CDN provider to a lesser-known CDN by a company called Fastly. He has since become an unapologetically big fan of the San Francisco-based startup, which now also delivers content to The New York Times users around the world. Being highly distributed by design puts CDNs in good position to help their customers handle big traffic spikes, be it legitimate traffic generated by a big news event or a malicious DDoS attack. (Rockwell said he did wonder, as the Dyn attack was unfolding, whether it was a rehearsal for election night.) Fastly ensured that on the night Donald Trump beat Hillary Clinton, the Times rolled without incident through a traffic spike of unprecedented size for the publisher: an 8,371 percent increase in the number of people visiting the site simultaneously, according to the CTO. The CDN has also mostly absorbed the much higher levels of day-to-day traffic The Times has seen since the election as it covers the Trump administration. The six-year-old startup, which this year crossed the $100 million annualized revenue run-rate threshold, designed its platform to give users a detailed picture of the way their traffic flows through its CDN and lots of control. Artur Bergman, Fastly’s founder and CEO, said the platform enables a user to treat the edge of their network the same way they treat their own data centers or cloud infrastructure. In your own data center you have full control of your tools for improving your network’s security and performance (things like firewalls and load balancers), Bergman explained in an interview with Data Center Knowledge. While you maintain that level of control in the public cloud, you don’t necessarily have it at the edge, he said. Traditionally, CDNs have offered customers little visibility into their infrastructure, so even differentiating between a legitimate traffic spike and a DDoS attack has been hard to do quickly. Fastly gives users log access in real-time so they can see exactly what is happening to their edge nodes and make critical decisions quickly. The startup today unveiled an edge cloud platform, designed to enable developers to deploy code in edge data centers instantly, without having to worry about scaling their edge infrastructure as their applications grow. It also announced a collaboration with Google Cloud Platform, pairing its platform with the giant’s enterprise cloud infrastructure services around the world. GCP is one of two cloud providers The New York Times is using. The other one is Amazon Web Services. Today, the publisher’s infrastructure consists of three leased data centers in Newark, Boston, and Seattle, and one facility it owns and operates on its own, located in the New York Times building in Times Square, Rockwell said. The company uses a virtual private cloud by AWS and some of its public cloud services in addition to running some applications in the Google Cloud. This setup is not staying for long, however. Rockwell’s team is working to shut down the three leased data centers, moving most of its workloads onto GCP and AWS, with Fastly managing content delivery at the edge. Google’s cloud is also going to play a much bigger role than it does today. The plan is to run apps that depend on Oracle databases in AWS, while everything else, save for a few exceptions (primarily packaged enterprise IT apps), will run in app containers on GCP, orchestrated by Kubernetes. As he works to sort out what he in a conference presentation referred to as the “jumbled mess” that is The Times’ current infrastructure, Rockwell no longer worries about DDoS attacks. Luckily for his team, there was no major DDoS attack on The Times between the day he came on board and the day Fastly started delivering the publisher’s content to its readers. Whether there was one after Fastly was implemented is irrelevant to him. “It’s no longer something I have to think about.” Source: http://www.thewhir.com/web-hosting-news/how-the-new-york-times-handled-unprecedented-election-night-traffic-spike

View article:
How The New York Times Handled Unprecedented Election-Night Traffic Spike

The Short List of Who Protects Companies Against DDoS Attacks

Here’s a question: when was the last time you got something truly useful for free? Like that time it turned out your phone company was giving you mobile data even though it wasn’t included in the plan you selected, or that time you turned up at the car dealership for a major repair, and they informed you the cost was covered because you’re just such a great customer. Oh right: it was never. So why is it that so many companies seem to think somebody else is responsible for protecting them against distributed denial of service (DDoS) attacks? DDoS mitigation is an important and complex service that requires careful expertise, on-demand or always-on deployment, nearly limitless scalability and huge amounts of network bandwidth. If a company hasn’t taken the steps to invest in this kind of protection, they don’t have it. Attack overview A DDoS attack is a distributed denial of service attack, which is a cyberattack that uses a botnet, a network of internet-connected devices that have been hijacked for remote use, to direct large amounts of malicious traffic at a website that has been targeted. This traffic overwhelms the website, its server or its resources to take it offline or render it so frustratingly slow it can’t be used. Distributed denial of service attacks have been a problem for websites and organizations of all sizes for over 15 years, and the problem is becoming a crisis as DDoS for hire services steadily gain popularity, and botnets steadily gain in size due to unsecured Internet of Things devices. For larger organizations, a successful DDoS attack can cost between $20,000 and $100,000 per hour, and while unquantifiable, the loss of user trust or loyalty that can result from such an attack can be even worse. Erroneous assumptions DDoS attacks haven’t exactly been flying under the radar lately. Their frequency, as well as the threat they pose, should be well known to anyone working in online security. Yet a recent survey by Kaspersky uncovered some staggering statistics. Thirty percent of companies surveyed indicated that they haven’t taken action against the threat of DDoS attacks because they believe they won’t be targeted, 40% believe their ISP will provide protection, and a further 30% believe data centers will provide protection. Perhaps most misguided of all, 12% believe a small amount of DDoS-caused downtime would not have a negative impact on the company. Why ISPs won’t provide complete protection While some ISPs do provide complete DDoS protection as an added service that clients pay good money for, most provide only partial protection. Due to the large amounts of bandwidth an ISP has available, they can do well against large volumetric attacks, but craftier application layer attacks are a problem. Also, while ISPs can be good at identifying malicious traffic, they don’t deal with that malicious traffic efficiently, meaning that while it’s struggling to deal with an influx of malicious traffic, legitimate traffic will be caught in the bottleneck with it or even discarded alongside the bad traffic, resulting in users unable to get through to the website. In other words, while a basic DDoS attack could be thwarted by an ISP, the result – users unable to access the website – ends up being the same. Further, some DDoS attacks like the Slowloris are made up of traffic and requests that are seemingly legitimate, making them difficult to detect for even some intrusion detection systems, let alone an ISP. Perhaps the biggest problem with relying on an ISP for protection is that regardless of what type of attack is launched, there isn’t going to be a quick response from an ISP. They aren’t built for the kind of real-time monitoring and deployment that can catch an attack within seconds. Most often, it will be several hours before an ISP begins to deal with an attack. By then, the damage is done. Why data centers won’t provide complete protection either There’s a caveat here: just as with ISPs, some data centers do provide complete protection against distributed denial of service attacks, but again it is an added service that definitely adds to the data center bill. Similar to ISPs, data centers do provide some measure of DDoS protection, but it can generally only protect against basic attacks that can be stopped with rate limiters, or attacks that are not directly aimed at an application service. Large or complex attacks cannot be stopped by basic data center protection. Moreover, not only do ISPs and data centers not provide complete protection against DDoS attacks, but they also put their clients at a bigger risk of second-hand DDoS damage. If an ISP or data center is struggling with a large or complex attack, websites that weren’t targeted will nonetheless suffer the effects. A-Z protection Professional DDoS protection is built to provide the quickest, most proactive and most complete protection against distributed denial of service attacks. Cloud-based protection is especially excellent at protecting against both network-layer and application-layer attacks, and with the use of a scrubbing server, attack traffic will be kept from ever touching the target website while legitimate traffic is let through unfettered. For companies after a more bang-for-their-buck solution, it may be preferable to look into a quality content delivery network (CDN). CDNs are designed to improve site speed and performance, and all CDNs offer some level of DDoS protection due to the built-in load balancing that comes from their multi-server environments. However, CDNs will also offer additional DDoS protection on top of that. High-quality distributed denial of service protection won’t become a freebie or throw-in until the internet reaches a phase where there’s something so much worse and so much more common than DDoS attacks that they become almost after-thoughts for all the malicious cyberattackers out there. So companies can either root for that reality, or take protection into their own hands by investing in solid DDoS protection. Source: http://www.iotevolutionworld.com/iot/articles/430637-short-list-who-protects-companies-against-ddos-attacks.htm

Read More:
The Short List of Who Protects Companies Against DDoS Attacks

Russian bank Alfa Says it was Under DNS Botnet Attacks

The Russian banking giant Alfa announced, in a press statement, that hackers targeted its cyber infrastructure in a large-scale DNS Botnet attack. The purpose appears to have been to make it seem as though the bank had been communicating with the Trump Organization. The bank is now asking U.S. to assist it to uncover the culprits. On Friday, the bank revealed that their servers were under three cyber attacks targeting the domain name server (DNS) since mid-February. It is unclear who was behind these attacks; the details show unknown hackers allegedly used Amazon and Google servers to send requests to a Trump Organization server posing to look like they came from Alfa Bank, pushing the Trump server to respond back to the bank. An Alfa Bank spokesperson said: “The cyber attacks are an attempt by unknown parties to manufacture the illusion of contact between Alfa Bank’s DNS servers and ’Trump servers’’. Furthermore, Alfa Bank revealed that it is ready to work with the U.S. law enforcement agency to identify the individuals involved in the campaign. The bank has already hired Stroz Friedberg, a US-based cyber security firm to get into the depth of the matter. “The cyber attacks are an attempt by unknown parties to manufacture the illusion of contact between Alfa Bank’s DNS servers and ‘Trump servers,” an Alfa Bank representative said in a statement. “We have gone to the U.S. Justice Department and offered our complete cooperation to get to the bottom of this sham and fraud.” On February 18, 2017, the bank claims it experienced suspicious cyber activity from an unidentified third-party. Specifically, the unidentified third-party repeatedly sent suspicious DNS queries from servers in the U.S. to a Trump Organization server. The unidentified individuals made it look as though these queries originated from variants of MOSCow.ALFAintRa.nET. The use of upper and lower case indicated the human intervention in the process. Moreover, Alfa Bank says it received more than 1,340 DNS responses containing mail.trump-email.com.moscow.alfaintra.net. Last week, CNN reported that the FBI’s counterintelligence team was investigating if there was a computer server connection between the Trump Organization and Alfa Bank during the U.S. election, according to sources close to the investigation. The bank has now denied that there was ever a conversation between both parties. Mark McArdle, CTO at cyber security company eSentire commented on the issue and said that: “A botnet is typically associated with an attack that leverages scale, as it can employ thousands (potentially millions with IoT devices) of devices and use them to coordinate an attack on a target. We’ve seen this with some big DDoS attacks. We also see botnets being used as platforms for large-scale spamming. However, the number of DNS connections reported in the Alfa Bank attacks (1,340 in once case) don’t indicate massive scale. A botnet, however, can be used to add another layer of obfuscation between you and your attacker. Following the breadcrumbs back could bring you to a PVR that has been hacked and is now part of a botnet. I suspect in this case, the botnet is being used more for obfuscation of identity than scale. The attackers may be using a botnet to send spoofed DNS requests to a legitimate Trump server using a spoofed “reply-to” address inside Alfa-Bank’s infrastructure. Spoofing DNS lookups is not very difficult since DNS is not authenticated, and the ability to spoof source addresses is unfortunately still available – all you need is a system to launch your attack from that is connected to the Internet via an ISP that doesn’t filter out spoofed source addresses. While this type of attack has been around for a while, what’s new in this case is that someone is using it to try and contrive evidence of a relationship where neither party sought one. Additionally, there is also reference in Alfa Bank’s statement about Spam messages from marketing@trumphotels.com. It’s also possible to spoof email (spammers do this all the time). A spoofed email could include a reference to a legitimate Trump Org server and a real connection would be established if a user clicked on it (or selected “show images” in the email). Again, this does not mean the email came from Trump Org, just that it was sent in order to attempt to solicit “a connection” between Trump Org and Alfa-Bank.” Either way, identity is difficult to determine unless cryptographic certificates are used, and ultimate hack attribution is even more difficult. This is not the first time that allegations surrounding Trump’s relations with Russia have emerged. Some believe Russia hacked the US election to give Trump a way to win the presidency while some believe that Russian media was involved in spreading fake news against Trump’s opponent Hillary Clinton. Either way, nothing has been proven yet. Source: https://www.hackread.com/russia-alfa-bank-target-with-dns-botnet-attacks/

More:
Russian bank Alfa Says it was Under DNS Botnet Attacks

South Korean authorities worry about DDoS attacks ahead of elections

A new report from a South Korean government agency, the country is at risk of DDoS attacks ahead of the country’s possible election. South Korean authorities are reportedly worried about ramped up attacks from the country’s hostile northern neighbour. A recently released report predicted DDoS attacks, leveraging IoT botnets, would be used to attack government ministries. Authored by the state-run Korea Internet & Security Agency (KISA), the report warns of DDoS attacks just before the country’s upcoming elections. The attacks, which leverage widely insecure IoT devices, could be launched against government ministry, national infrastructure or social bodies to destabilise South Korea. Jeon Kil-soo, from KISA told South Korean news agency, Yonhap, that “there is the possibility that huge DDoS attacks could occur by using IoT devices from both home and abroad”. Kil-soo added that such attacks could be deployed against presidential candidates. Current president Park Geun-hye is currently faced with an impeachment motion, which, if adopted by Korea’s Constitutional Court, will trigger another election. The decision is expected to be made in the next two months. According to KISA’s report, such an occasion would be ripe for exploitation by, some expect, North Korea. South Korea are not the only country bracing themselves for cyber-interference in upcoming elections. Against a backdrop of accusation of Russian interference in the American election, top government officials from Germany, France and other countries have expressed fears about such threats. North Korea’s cyber-offensive activities have long been suspected. The North Korean government was reported to be behind the attacks on Sony Pictures on the eve of the 2014 release of The Interview, a comedy which satirised the country’s leader Kim Jong Un. In November 2014, Sony Pictures Entertainment was breached by a group calling itself the “Guardians of Peace”. The hackers released a slew of emails, personal information and other data from inside the company, prompting sanctions against the country. North Korean agents are also suspected to be behind the heist on the Bangladesh Central Bank. In early 2016, hackers stole US$81 million (£65 million) by impersonating legitimate money orders. The money was then laundered through Sri Lanka and the Philippines into the coffers of, some suspect, the North Korean government. This kind of activity takes on a new light when applied to South Korea. South and North Korea have technically been at war since the middle of the twentieth century. Split in two against the backdrop of the Cold War, the countries fought a war between 1950 and 1953. The war never technically ended and the countries remain separate with a Chinese backed opaque dictatorship under the Kim Jong family in the north and a liberal democratic regime in the south. The two countries exist in a state of formal hostility, and while not effectively at war are believed to regularly meddle in each other’s societies, the cyber-realm included. James Hoare, an associate fellow at Chatham House and the man formerly charged with setting up a British embassy in North Korea, “the report is all very speculative, with nothing much in the way of hard facts.” There are many such claims about North Korean cyber-attacks, “including claims of interference with aircraft landing at Inchon airport – though having watched the behaviour of people on flights into and from Inchon, I would not be surprised if some of the alleged attacks were in reality people on their mobile devices while the planes are taking off and landing.” These kinds of claims are common but “tend to be somewhat unspecific, but on at least one recent occasion, the North Korean released information that indicated that they had been approached to stage some sort of diversion at the time of an election.” Source: https://www.scmagazine.com/south-korean-authorities-worry-about-ddos-attacks-ahead-of-elections/article/633651/

See original article:
South Korean authorities worry about DDoS attacks ahead of elections

DDoS Attacks: A Threat to Businesses and Consumers

Distributed Denial of Service (DDoS) attacks are a growing concern for businesses and consumers alike. These attacks are on the rise along with all forms of cyber-attack. According to Kapersky, “43% of businesses experienced data loss in the past year due to a cyber-security incident.” While DDoS attacks threaten the reputation and the bottom line for businesses, they also threaten consumers. In many cases a DDoS attack is launched as a decoy to hide the real intentions of the hacker – to steal corporate intellectual property and financial data, as well as consumer data. DDoS attacks have been a factor in some of the largest data breaches. Dave Larson of Infosecurity Magazine reports that “in a large proportion of data breaches reported over the last few years, DDoS attacks have been occurring simultaneously, as a component of a wider strategy; meaning hackers are utilizing this technique in a significant way.” At its core a DDoS attack uses hundreds and sometimes thousands of computers to flood the business website with large volume of internet traffic to overwhelm the host server. When this happens the website often stops functioning for a period of time. Sometimes hackers will continue to randomly attack a website until the business pays a ransom – much like ransomware that targets individuals. There are three major types of DDoS attacks available to a hacker. Volumetric: Most common. Sends a large amount of internet traffic to the host server simultaneously. Amplification: Sends a high volume of traffic using large packets of data. Requires fewer “zombie” or compromised computers to accomplish the same task as a volumetric DDoS attack. Resource Depletion: Makes multiple requests through multiple ports or entry points into the targeted server until its capacity is exceeded. To find out more about these types of DDoS attacks, go to Defending Your Network against DDoS Attacks. There are a number of hardware and software tools to help defend against such attacks, but the primary methods of defense are knowledge, detection, and training. Businesses should analyze how their networks and the systems attached to that network interact with the internet to uncover and fix vulnerabilities before they are exploited by hackers. Train IT employees to recognize the hallmarks of a DDoS and other cyber-attacks, so they can react quickly. Train all employees to recognize and immediately report any unusual activity on any system connected to the internet. Train all employees to question unusual emails or texts requesting W-2’s, other personnel data, or corporate financial information. Develop specific rules for employees regarding usage of social media and the types of corporate information that can be shared online. A recent study has shown that social engineering is a precursor to 66% of cyber-attacks. Source: 7 Ways to Make Yourself Hack-Proof. For more information on Decoy DDoS attacks, check out DDoS attacks: a perfect smoke screen for APTs and silent data breaches. To report a scam, go to the BBB Scam Tracker. To find trustworthy businesses, go to bbb.org. Source: http://whnt.com/2017/01/15/ddos-attacks-a-threat-to-businesses-and-consumers/

More:
DDoS Attacks: A Threat to Businesses and Consumers

Protest Aims to ‘Take Down’ WhiteHouse.Gov on Inauguration Day

National PR service circulates—then pulls—release highlighting campaign to crash government website BY: Morgan Chalfant January 14, 2017 4:56 am A leading public-relations service blasted and then removed a news release this week highlighting a campaign to protest the inauguration of Donald Trump by crashing WhiteHouse.gov. PR Newswire, a global news-release distribution service, circulated a release on Thursday highlighting a campaign launched by Protester.io, a digital protest organizing platform, to “take down” the White House website next Friday in protest of Trump’s inauguration. “On January 20th, hundreds of thousands of Americans are going to Washington, DC to march in protest of the inauguration of Donald Trump. Millions more around the country will be joining the cause from home. If you can’t make it to Washington DC on inauguration day, you can still participate by occupying whitehouse.gov online,” the release read. “Why is it important to participate? Isn’t this just another election? We haven’t lost our democracy yet, but it is most definitely under threat. The only way we’re going to defend and revive our democracy is by mobilizing.” Protester.io describes itself as a platform that helps individuals “organize protests like a crowdfunding campaign.” A description of the Inauguration Day protest on its website, named “Occupy WhiteHouse.gov,” instructs interested parties to go to the White House website on Jan. 20 and refresh the page as often as possible throughout the day. The page also includes instructions for protesters to “automate” page refresh so that their computers do this automatically. “When enough people occupy www.WhiteHouse.gov the site will go down. Please join us and stand up against this demagogue who is threatening our democracy and our security,” the protest page states. Shortly after blasting the news release, PR Newswire issued a correction, changing the headline of the release from “Protester.io Launches Campaign to Take Down WhiteHouse.gov on Inauguration Day” to “Protester.io Launches Campaign to Voice Your Opinion at WhiteHouse.gov on Inauguration Day.” Later, the news-release service removed the press release entirely. PR Newswire was purchased by Cision, a global public relations software company based in Chicago, for $841 million from British business events organizer UBM in 2015. PR Newswire is based in New York and distributes public relations messages for companies largely located in the United States and Canada, according to the New York Times. When contacted, a spokesman for Cision confirmed to the Washington Free Beacon that the original release had been modified and later removed entirely “after further evaluation.” “The issuer modified the original release at our request, but after further evaluation, we ultimately decided to remove the release in its entirety and have requested that the rest of our network remove the content as well,” Stacey Miller, director of communication for Cision, wrote in an email Friday afternoon. An organizer for the protest did not respond to a request for comment. Federal investigators have probed what are called distributed denial of service, or DDoS, attacks, which block users from websites by overloading them with traffic. Such attacks brought down Twitter, Spotify, and Amazon last October, prompting investigations by the FBI and Department of Homeland Security. It is unclear whether the planned “Occupy WhiteHouse.gov” protest campaign would constitute a DDoS attack. Attempts to reach the FBI on Friday were unsuccessful. Several protests have been organized around Inauguration Day, including the “Women’s March on Washington” that is expected to draw some 200,000 women to the nation’s capital on Jan. 21, the day following Trump’s inauguration. Fox News reported that protesters are also planning to blockade security checkpoints at the inauguration and organize a “dance party” outside the home of Vice President-elect Mike Pence. Source: http://freebeacon.com/culture/protest-aims-take-whitehouse-gov-inauguration-day/

View post:
Protest Aims to ‘Take Down’ WhiteHouse.Gov on Inauguration Day

Dark DDoS: hacker tools and techniques – the challenges faced

In 2017 has the cyber landscape changed? What are the objectives of hackers? What are their methods? The variety of attacks used has increased, so how can you mitigate the risk? Hackers can have many different possible objectives. For instance, they may aim to interrupt business, corrupt data, steal information – or even all of these at the same time. To reach their goals, they continuously look for any vulnerability – and will use any vulnerability – to attack. They’re getting increasingly smarter and always looking for more, faster and easier ways to strike. Furthermore, their attacks are no longer designed simply to deny service but to deny security. The initial service denial attack is often used as a camouflage to mask further – and potentially more sinister – activities. These include data theft, network infiltration, data exfiltration, networks being mapped for vulnerabilities, and a whole host of other potential risks. These types of attacks are often referred to as ‘Dark DDoS’ because of initial smokescreen attack which acts to distract organisations from the real breach that’s taking place. In a large proportion of recent data breaches, DDoS (distributed denial of service attacks) have been occurring simultaneously – as a component of a wider strategy – meaning hackers are utilising this technique in a significant way. According to a report by SurfWatch Labs, DDoS attacks rose 162% in 2016. SurfWatch Labs claims this is due to the increasing use of IoT devices and the attacks on the KrebsOnSecurity.com and on domain name provider, Dyn – believed to be some of the biggest DDoS attacks ever recorded. Last year, France was also hit by one of the largest DDoS attacks when hosting company, OVH, was targeted through 174,000 connected cameras. Today’s hackers have developed a high variety of DNS attacks that fall into three main categories: Volumetric DoS attacks An attempt to overwhelm the DNS server by flooding it with a very high number of requests from one or multiple sources, leading to degradation or unavailability of the service. Stealth/slow drip DoS attacks Low-volume of specific DNS requests causing capacity exhaustion of outgoing query processing, leading to degradation or unavailability of the service. Exploits Attacks exploiting bugs and/or flaws in DNS services, protocol or on operating systems running DNS services. Often DNS threats are geared towards a specific DNS function (cache, recursive & authoritative), with precise damage objectives. This aspect must be integrated into the DNS security strategy to develop an in-depth defence solution, ensuring comprehensive attack protection. The list below of the most common attacks aims to emphasise the diversity of the threats and details the extent of the attack surfaces: Volumetric attacks Direct DNS attacks Flooding of DNS servers with direct requests, causing saturation of cache, recursion or authoritative functions. This attack is usually sent from a spoofed IP address. DNS amplification DNS requests generating an amplified response to overwhelm the victim’s servers with very large traffic. DNS reflection Attacks using numerous distributed open resolver servers on the Internet to flood victim’s authoritative servers (usually combined with amplification attacks). NXDOMAIN Flooding of the DNS servers with non-existing domains requests, implying recursive function saturation. Stealth/slow drip DoS attacks Sloth domain attacks Attacks using queries sent to hacker’s authoritative domain that very slowly answers requests – just before the time out, to cause victim’s recursive server capacity exhaustion. Phantom domain attack Attacks targeting DNS resolvers by sending them sub-domains for which the domain server is unreachable, causing saturation of cache server capacity. Random subdomain attack (RQName) Attacks using random query name, causing saturation of victim’s authoritative domain and recursive server capacity. Exploits Zero-Day vulnerability Zero-day attacks take advantage of DNS security holes for which no solution is currently available. DNS-based exploits Attacks exploiting bugs and/or flaws in DNS services, protocol or on operating systems running DNS services. DNS tunnelling The DNS protocol is used to encapsulate data in order to remotely control malware or/and the exfiltration of data. Protocol anomalies DNS Attacks based on malformed queries, intending to crash the service. DNS cache poisoning Attacks introducing data into a DNS resolver’s cache, causing the name server to return an incorrect IP address and diverting traffic to the attacker’s computer. The DNS landscape security is continuously moving and DNS attacks are becoming more and more sophisticated, combining multiple attack vectors at the same time. Today’s DDoS attacks are almost unrecognisable from the simple volumetric attacks that gave the technique its name. In 2017, they have the power to wreak significant damage – as all those affected by the Dyn breach last year will testify – they are far more sophisticated, deceptive and frequent. To keep ahead of these threats, today’s security solutions must continuously protect against a family of attacks rather than a limited list of predefined attacks that must be frequently updated or tuned. Source: http://www.information-age.com/securing-website-content-management-system-123463910/

Read the original post:
Dark DDoS: hacker tools and techniques – the challenges faced

DDoS Attacks on the Rise—Here’s What Companies Need to Do

Distributed denial-of-service (DDoS) attacks have been going on for years. But in recent months they seem to have gained much more attention, in part because of high-profile incidents that affected millions of users. For instance, in late October 2016 a massive DDoS assault on Domain Name System (DNS) service provider Dyn temporarily shut down some of the biggest sites on the Internet. The incident affected users in much of the East Coast of the United States as well as data centers in Texas, Washington, and California. Dyn said in statements that tens of millions of IP addresses hit its infrastructure during the attack. Just how much attention DDoS is getting these days is indicated by a recent blog post by the Software Engineering Institute (SEI) at Carnegie Mellon University. The post, entitled, “Distributed Denial of Service Attacks: Four Best Practices for Prevention and Response,” became SEI’s most visited of the year after just two days, said a spokesman for the institute. To help defend against such attacks, organizations need to understand that this is not just an IT concern. “While DDoS attack prevention is partly a technical issue, it is also largely a business issue,” said Rachel Kartch, analysis team lead at the CERT Division of SEI, a federally funded research and development center sponsored by the U.S. Department of Defense and operated by CMU, and author of the DDoS post. Fortunately there are steps organizations can take to better protect themselves against DDoS attacks, and Kartch describes these in the post. In general, organizations should begin planning for attacks in advance, because it’s much more difficult to respond after an attack is already under way. “While DDoS attacks can’t be prevented, steps can be taken to make it harder for an attacker to render a network unresponsive,” Kartch noted. To fortify IT resources against a DDoS attack, it’s vital to make the architecture as resilient as possible. Fortifying network architecture is an important step not just in DDoS network defense, Kartch said, but in ensuring business continuity and protecting the organization from any kind of outage. To help disperse organizational assets and avoid presenting a single rich target to an attacker. organizations should locate servers in different data centers; ensure that data centers are located on different networks; ensure that data centers have diverse paths, and ensure that the data centers, or the networks that the data centers are connected to, have no notable bottlenecks or single points of failure. For those organizations that depend on servers and Internet presence, it’s important to make sure resources are geographically dispersed and not located in a single data center, Kartch said. “If resources are already geographically dispersed, it is important to view each data center as having more than one pipe to [the] Internet, and ensure that not all data centers are connected to the same Internet provider,” she said. While these are best practices for general business continuity and disaster recovery, they will also help ensure organizational resiliency in response to a DDoS attack. The post also describes other practices for defending against DDoS. One is to deploy appropriate hardware that can handle known attack types and use the options in the hardware that can protect network resources. While bolstering resources will not prevent a DDoS attack from happening, Kartch said, doing so will lessen the impact of an attack. Certain types of DDoS attacks have existed for a long time, and a lot of network and security hardware is capable of mitigating them. For example, many commercially available network firewalls, web application firewalls, and load balancers can defend against protocol attacks and application-layer attacks, Kartch said. Specialty DDoS mitigation appliances also can protect against these attacks. Another good practice is to scale up network bandwidth. “For volumetric attacks, the solution some organizations have adopted is simply to scale bandwidth up to be able to absorb a large volume of traffic if necessary,” Kartch said. “That said, volumetric attacks are something of an arms race, and many organizations won’t be able or willing to pay for the network bandwidth needed to handle some of the very large attacks we have recently seen. This is primarily an option for very large organizations and service providers.” It’s likely that DDoS attacks will continue to be a major issue for organizations. A 2016 study by content delivery network provider Akamai said these types of incidents are rising in number as well as in severity and duration. The company reported a 125% increase in DDoS attacks year over year and a 35% rise in the average attack duration. Cyber security executives need to make it a top priority to protect their organizations against DDoS. Source: http://www.itbestofbreed.com/sponsors/bitdefender/best-tech/ddos-attacks-rise-here-s-what-companies-need-do

Originally posted here:
DDoS Attacks on the Rise—Here’s What Companies Need to Do

Tools for DDoS attacks available for free online

Distributed Denial of service or popularly known as DDoS attacks once again came to the limelight in 2016. From the attacks on Dyn servers whose architecture translates domain names into numeric addresses, hacker group Anonymous launching a DDoS campaign against Donald Trump under the banner of #OpTrump, to DDoS-for-hire service called LizardStresser using IoT botnets launching attacks on websites related to the Rio Olympics’ to hackers using 24,000 computers from around 30 countries to launch attacks on five Russian banks in early November. A DDoS attack is perpetrated by people who try and make an organizations website or services temporarily unavailable by suddenly increasing the amount of traffic from various sources to the end server.(read computers or even IoT devices from across the world). Moreover, there are many freely available tools available online for free and many hackers even sell DDoS services on Darkweb marketplaces like Alphabay, Valhalla etc. “You do not have to be a specialized hacker. Anyone nowadays can buy these services and tools by paying a small amount of money to bring down certain websites or completely put a company’s infrastructure in disarray. You can even run the attacks for weeks,” says Rahul Tyagi,Vice President – Training at Lucideus. Some of the common methods used to launch a DDoS attack are TCP connection attacks, volume attacks, fragmented attacks and application based attacks. TCP connection attacks are used against most of the end users available connections which include servers, firewalls and even load balancers. While Fragmented attacks destroy the victims system by sending TCP fragments, app attacks take down a server by using botnets. All of these can enable by tools freely available online. Let’s look at some of them. LOIC (Low Orbit Ion Canon) LOIC or popularly known as Low orbit Ion Canon is one of the more popular tools available on internet. It is primarily used to initiate a DOS attack on servers across the world by sending TCP, UDP requests to the compromised server. Even a beginner can use this tool and all he has to do enter the IP address of the victim server. This tool was earlier used by the infamous hacker group Anonymous for some of their attacks. But before you can get any ideas, just remember, this tool does not protect the hosts IP address so agencies looking out for you can trace the attack’s origin. XOIC This is another easy to use DOS attacking tool for the beginners. You can just input the IP address of or th selected ports and can be used against websites which do not generate a huge amount of traffic. HOIC HOIC or known as High Orbit Ion Cannon is an effective tool which uses booster scripts which allow users to make lists of victim IP addresses and helps the attackers remain anonymous and difficult to tracked down. It is still used by Anonymous for DDoS attacks worldwide. The tool claims it can flood up to 256 websites at once. Slowloris Slowmoris was developed by a gray hat hacker called “RSnake” which creates a slow HTTP request by sending the requests in HTTP requests in small packets in the slowest manner possible so that the victim server is forcefully made to wait for the requests. This way if multiple requests are send to the server, it will not be able to handle genuine requests. Pyloris This uses the same Slowmoris method. This tool directly attacks the service and not the hardware. Apart from these, there are many other tools available online like OWASP Switchblade, DAVOSET, GoldenEye HTTP DoS Tool, THC-SSL-DOS, DDOSIM – Layer 7 DDoS Simulator among others. All these tools are freely available online for downloads for anyone out there. Considering how mundane most cyber secuirty agencies are in dealing with attacks of such nature, there is lots which is needed to be done to defend against such DDoS attacks. Source: http://tech.economictimes.indiatimes.com/news/technology/tools-for-ddos-attacks-available-for-free-online/56297496

More:
Tools for DDoS attacks available for free online