Tag Archives: denial of service attack

DDoS Attack Pulls Down Bitcoin Gold Website

Ever since the initiation of the hard-fork resulting into a new cryptocurrency – Bitcoin Gold (BTG) – from the bitcoin blockchain, the BTG website has been constantly under DDoS attacks and has not resumed operations ever since. Earlier in the day, a new hard fork in the Bitcoin blockchain network gave rise to a new cryptocurrency Bitcoin Gold (BTG) and ever since then the official website has been constantly under DDoS attacks. This new hard-fork which resulted into a derivative cryptocurrency of the popular Bitcoin, has been aimed for establishing a fair platform different from the Bitcoin network which is alleged to have been dominated by large companies. The existing bitcoin mining process requires high-end powerful computing hardware which is quite a lot expensive and certainly not affordable to ordinary miners. As a result the mining process is said to have got centralised into the hands of large companies. With Bitcoin Gold, the miners aim to democratise the mining process by bringing Bitcoin’s inherent value proposition of having a decentralised mode of operation. The first step of the Bitcoin Gold initiation was to take a “snapshot” of the bitcoin blockchain while creating a replica with new set of rules. Moreover, the BTG technical team has decided to release the cryptocurrency absolutely free for all those who are holding bitcoins at the time of fork. Soon after the process was initiated the BTG developer team had started reporting issues pertaining to DDoS attacks on the website. And even hours after the initiation process the attacks seem to have stopped nowhere denying enthusiasts to keep any track of the newly generated BTG cryptocurrency. Adding to the woes, the additional fact is that the new blockchain hasn’t turned public yet and the explorer and tracking tools have not been released yet. Owing to the controversial and divisive nature of cryptocurrency projects such as the Bitcoin Gold, the denial-of-service attacks have been a common phenomenon in occurrence. Jack Liao, LightningAsic CEO, who is said to be the brain behind the BTG’s creation has been quite vocal and critical about the existing mining process of Bitcoins targeting several companies which are profiting from the mining process. His open criticism could possibly be a reason for such attacks. However, in addition to this, there are other reasons attributed to the cause of criticism for Bitcoin Gold. Few developer channels are quite skeptical about BTG using a process in which the BTG will be privately created before being publicly available as an open-source project. Another cause of concern with the Bitcoin Gold is that it has not solved the risk of a “replay attack” which could possibly increase transaction complications when two completely incompatible version of the bitcoin blockchain will be unable to distinguish from each other. At the press time Bitcoin Gold (BTG) is trading at $262, according to the CoinMarketCap Index. The price of Bitcoin (BTC) took a slight hit after the hard fork, losing more than $300 of its all-time max value of  $6,000 per-coin. The Bitcoin Gold is still in the development process and we have yet to hear any official from its developer technical team regarding the future plans and its modus operandi. Source: https://www.coinspeaker.com/2017/10/24/ddos-attack-pulls-bitcoin-gold-website/

See the original article here:
DDoS Attack Pulls Down Bitcoin Gold Website

Czech Parliamentary Election Websites Hit by Cyberattacks

The Czech statistical office has reported DDoS (Distrubuted Denial of Service) attacks on websites related to the recent parliamentary elections during the vote count. A number of websites of the Czech statistical office (CZSO) have been subject to cyberattacks during the counting of votes in the Czech parliament’s lower house election, Petra Bacova, the CZSO spokeswoman, told Sputnik Sunday. “The websites related to the parliamentary elections — volby.cz and volbyhned.cz — have temporary failed to function due to DDoS attacks [Distributed Denial of Service] during the vote count on Saturday. These attacks have not affected the overall progress of the election,” Bacova said. The police along with the Czech National Cyber and Information Security Agency have already launched an investigation into the attacks. “Thanks to the rapid response, the attacks on the both aforementioned servers have been neutralized, while the work of the websites has been resumed,” Bacova said. The Czech Republic held an election to the lower house of the parliament on Friday-Saturday. The centrist ANO political party won the election, receiving 29.64 percent of votes. Czech President Milos Zeman stated that he was ready to appoint Andrej Babis, ANO’s leader, as Czech prime minister. Source: https://sputniknews.com/europe/201710231058456317-czech-election-hit-cyberattack/

Follow this link:
Czech Parliamentary Election Websites Hit by Cyberattacks

New Mirai-Like Malware Targets IoT Devices

Security researchers are warning about malware that’s been enslaving routers, webcams and DVRs across the world to create a giant botnet capable of disrupting the internet. The malware, called Reaper or IoTroop, isn’t the first to target poorly secured devices. But it’s doing so at an alarmingly fast rate, according to security firm Check Point, which noticed the malicious code last month. The malware has infected “hundreds of thousands” of devices, said Maya Horowitz, threat intelligence group manager at Check Point. Reaper brings up memories of malware known as Mirai, which formed its own giant botnet in 2016 and infected over 500,000 IoT devices, according to some estimates. It then began launching a massive distributed denial-of-service (DDoS) attack that disrupted internet access across the US. Reaper could be used to launch a similar attack, Check Point researchers said. The good news is the infected bots haven’t launched any DDoS campaigns. Instead, they’re still focused on enslaving new devices. Researchers at security firm Qihoo 360 also noticed the Reaper malware, and found evidence it was trying to infect at least 2 million vulnerable devices. Reaper even borrows some source code from Mirai, though it spreads itself differently, Qihoo said. Unlike Mirai, which relies on cracking the default password to gain access to the device, Reaper has been found targeting around a dozen different vulnerabilities found in products from D-Link, Netgear, Linksys, and others. All these vulnerabilities are publicly known, and at least some of the vendors have released security patches to fix them. But that hasn’t stopped the mysterious developer behind Reaper from exploiting the vulnerabilities. In many cases, IoT devices will remain unpatched because the security fixes aren’t easy to install. Who may have created the malware and what their motives are still isn’t known, but all the tools needed to make it are actually available online, Horowitz said. For instance, the source code to the Mirai malware was dumped on a hacking forum last year. In addition, data about the vulnerabilities Reaper targets can be found in security research posted online. “It’s so easy to be a threat actor when all these public exploits and malware can be just posted on GitHub,” she said. “It’s really easy to just rip the code, and combine, to create your own strong cyber weapon.” Unfortunately, little might be done to stop the Reaper malware. Security experts have all been warning that poorly secured IoT devices need to be patched, but clearly many haven’t. “This is another wakeup call” for manufacturers, Horowitz said. Source: https://www.pcmag.com/news/356926/new-mirai-like-malware-targets-iot-devices

Read the original post:
New Mirai-Like Malware Targets IoT Devices

Android malware on Google Play grows botnets, launches DDoS attacks

The Sockbot malware has made its way into at least eight Apps in the Google Play Store with the intent of adding devices to botnets and performing DDoS attacks. Symantec researchers said the malicious apps have each been downloaded between 600,000 and 2.6 million times respectively and has primarily targeted users in the United States although infections have been spotted in Russia, Ukraine, Brazil, and Germany, according to an Oct 18 blog post. One of the malicious apps poses as an app that will allow users to modify their Minecraft characters. The app uses a SOCKS proxy mechanism and is commanded to connect to an ad server and launch ad requests. “This highly flexible proxy topology could easily be extended to take advantage of a number of network-based vulnerabilities, and could potentially span security boundaries,” the post said. “In addition to enabling arbitrary network attacks, the large footprint of this infection could also be leveraged to mount a distributed denial of service (DDoS) attack.” Researchers contacted Google Play on Oct. 6 and the malicious apps have since been removed from the store. To prevent downloading similar malicious apps users should keep software updated, refrain from downloading apps from unfamiliar sites, only install apps from trusted sources, and pay close attention to the permissions requested by an app. Users should also install mobile security apps and make frequent backups of data. Source: https://www.scmagazine.com/sockbot-malware-adds-devices-to-botnets-executes-ddos-attacks/article/701189/

Visit site:
Android malware on Google Play grows botnets, launches DDoS attacks

Dark Web Marketplaces Go Down In Reported Mass DDoS Attack

There seems to be some turbulence going on in the murky world of the dark web, with four of its major drug marketplaces unexpectedly going offline, reports said. The dark web is a section of the internet where people contact each other anonymously without the fear of being monitored. It is usually used by criminals to sell drugs, chemicals, weapons, child abuse images and even offer assassination services. Websites The Trade Route, Tochka, Wall Street Market and Dream Market, were down without any notification or clarification from the sites’ administrators. According to some users of such markets, this might either be a DDoS attack by a hacker or a large scale action by law enforcement authorities.                     However, there are more chances of the former happening than the latter. Some dark web users have also started complaining of botnet attacks.           Another farfetched theory is that this is scam by a bunch of drug dealers — taking off with the money of their clients while not providing them with the required merchandize. With no notification or clarification from the sites’ administrators, the exact reason for the sudden disappearance of such marketplaces remains unclear. However, a user going by the name Automoderator commented on a the subreddit /r/DarkNetMarketNoobs that the WallStreetMarket is not listed currently, as it is facing “very serious issues” and warned others to avoid it all costs. Some other users on the subreddit say that the Dream Market has been working fine on all its mirrors, but, however its main site is down. At the time of writing, the marketplaces were still down, according to dark web marketplace tracker deepdotweb. Many sites on the dark web are also run by law enforcement — the Australian Police ran one of the world’s biggest child porn sites on the dark web between October 2016 and September 2017, called Child’s Play, in an effort to nab pedophiles. The police grabbed the administrator access from two cyber criminals — Benjamin Faulkner and Patrick Falte and started administering the sites. Police even posted more child porn on the site in an effort to convince the viewers that the site had not been taken over by the authorities. By the time they shut down the site, police were able to nab more than 90 pedophiles in Australia and 900 across the world. In case, the marketplaces were being taken over by law enforcement to nab drug traffickers and child porn purveyors, it might be a different case. However the development has many dark web users in a state of paranoia and many users have posted on Reddit reminding other users of such busts. Such attacks on dark web markets in the past have usually begun with large-scale DDoS attacks. In July, a massive trans-continental sting saw two of the dark web’s biggest sites at the time, AlphaBay and Hansa, being taken down. Law enforcement agencies claimed they were able to collect incriminating information on hundreds of buyers and vendors, going as far as threatening to prosecute them. Source: http://www.ibtimes.com/dark-web-marketplaces-go-down-reported-mass-ddos-attack-2601105

See the original article here:
Dark Web Marketplaces Go Down In Reported Mass DDoS Attack

Euro commissioner calls for more collaboration on cyber security

European commissioner for security union has called for greater awareness of cyber security risks and increased collaboration in defending against them. Cyber threats are one of the top security concerns for nine out of 10 European Union citizens, according to Julian King, European commissioner for security union. “In an internet-connected age that is becoming ever more dependent on internet-connected technologies, we have become more vulnerable to those who are ready to exploit those technologies to try and do us harm for financial or political motives,” he told the CyberSec European Cybersecurity Forum in Krakow, Poland. King, who has previously served as the UK ambassador to France, said that while the digital age brings “huge opportunities”, it also brings risk. But he said these risks are becoming increasingly widely understood, particularly because of events such as the WannaCry and NotPetya attacks in May and June 2017, which affected hundreds of thousands of individuals and organisations in more than 150 countries and naturally serve as a “wake-up call”. According to the latest Europol report on internet organised crime, King said the barriers to committing cyber attacks are “woefully low”, with little chance of getting caught, mainly because of the availability of a “vast range” of cyber criminal tools and services on the dark net, with some attacks costing as little as $5. “For criminals, non-state and state actors, life has never been so easy,” he said, “with an arsenal that includes ransomware, phishing tools, Trojans, distributed denial of service [DDoS] attacks, botnets and identity theft services.” In 2016, said King, European citizens were the subject of two billion data breaches, and every month, one in five industrial computers was attacked. Since 2016, more than 4,000 ransomware attacks have taken place every day across the EU – a 300% increase on 2015, he said. Aviation systems face an average of 1,000 cyber attacks a month, and card-not-present fraud is currently worth about €1bn a year in the Eurozone alone. ‘Tackle this scourge’ “If we were talking about a public health issue, then we would be using the word ‘pandemic’ to describe the scale of the challenge,” said King, “so I think it is time to shift our efforts to tackle this scourge, which is precisely what the European Commission, with the other institutions and the member states, wants to do. “We want to strengthen resilience, build effective deterrents and create durable cyber defence.” King pointed out that this work has been going on for some time, and that the European Union has had a cyber security strategy since 2013. “The Network and Information System [NIS] directive, agreed in 2016, built on that and will require [operators of] essential systems to assess risk, prepare a strategy, put in place protections, develop capabilities and competence, educate staff and the public, and share information about threats and incidents,” he said. The challenge is that the threat itself does not stand still, said King. “It continues to change and evolve, both in its nature and in terms of the expanding attack surface that we are seeking to protect and manage, with homes, hospitals, governments, electricity grids and cars becoming increasingly connected.” ‘Offline’ lives affected Another important fact to acknowledge, said King, is that cyber attacks are increasingly affecting people’s “offline” lives, such as the power outages in Ukraine caused by cyber attacks. He noted that, according to Symantec, the Dragonfly hacking group potentially still has the capacity to control or sabotage European energy systems. “The internet of things [IoT] means that tens of billions more devices will go online, and in 2016, the Mirai malware attack highlighted IoT vulnerability, with hundreds of thousands of normal devices infected and turned into the world’s biggest botnet,” he said. The internet was designed and built on trust, said King. “Our challenge today is to retro-engineer security and security awareness into the system,” he said, noting that “too often” in the rush to get new devices to market, manufacturers “forget” security or do not give it enough importance. “That means devices never lose their easy-to-guess default passwords; it means the update policy is unclear; it means encryption not being used; and it means unnecessary ports, hardware, services and code that make the attack surface larger than it needs to be,” he said. According to King, all these things are “relatively straightforward” to sort out, but when they are attacked cumulatively, it has “deeply troubling implications for our collective digital security and, as a result, cyber threats are becoming more strategic, especially with the ability to endanger critical infrastructure, and they are becoming more ‘endemic’ – spreading from IT networks to the business-critical operations of other economic sectors”. Collective response A few days after the recent State of the Union speech by European Commission president Jean Claude Junker underlining the importance of tackling cyber threats, King said the EC had presented a package of proposals intended to reinforce a collective response based on resilience, deterrence and defence. “In all of these areas, we need to strengthen co-operation and we need to focus on international governance and international co-operation,” said King. “We urgently need to become more resilient. We need to make ourselves harder to attack, and we need to be quicker to respond.” To that end, he said, the EC is proposing an EU cyber security agency based on the existing Enisa network and information security agency to help drive up cyber security standards and ensure a rapid and co-ordinated response to attacks across the whole of the EU. Member states also need to fully implement the NIS directive, said King, to extend beyond critical sectors to other sectors at risk, starting with public administration, and to resource their computer incident response teams properly. “To further reinforce these efforts, the new cyber security agency will also implement an EU standards certification framework to drive up the level of cyber security by ensuring that products on the market are sufficiently cyber resilient,” he said. “We need to move to a world in which there are no default passwords on internet-connected devices, where all companies providing internet services and devices adhere to a vulnerability disclosure policy, and where connected devices and software are updatable for their entire lifespan.” Standards certification framework King said the new standards certification framework should promote new EU-wide schemes and procedures and create a comprehensive set of rules, requirements and standards to evaluate how secure digital products and services actually are. “But, given that 95% of attacks involve some human interaction with technology, building resilience also means changing behaviours to improve cyber hygiene…and having the right skills to drive technological innovation to stay ahead of attackers,” he said, pointing out that Europe is projected to have 350,000 unfilled cyber security jobs by 2022. “We need to mainstream cyber security education and training programmes and we need to invest in innovation,” said King. As well as improving resilience, he said, there is a need to create real and credible disincentives for attackers. “We need to make attacks easier to detect, trace, investigate and punish,” he said. But attribution is often difficult, said King, and for this reason, the EC is seeking to promote the uptake of Internet Protocol Version 6 (IPv6). “Under IPv6, you will only be able to allocate a single user per IP address,” he said, adding that the EC is also seeking to increase cooperation and sharing of cyber expertise and reinforcing forensic capabilities across the EU and within Europol “so that law enforcement can keep pace with criminals”. Strengthen cyber defence When it comes to defence, said King, the EC plans to explore whether the new EU Defence Fund could help to develop and strengthen cyber defence capabilities. “We want to team up with our partners, and the EU will deepen co-operation with Nato on cyber security, hybrid threats and cyber defence,” he said. “It is in our common interest.” Finally, King said that while the internet offers “enormous opportunities” for citizens, governments and international organisations, it also offers “unprecedented opportunities” for criminals, terrorists and other hostile actors. “We need to be alive to this risk, and we need to take steps together to counter these threats because by working together, we can boost resilience, drive technological innovation, increase deterrents, and harness international co-operation to promote our collective security,” he concluded. Source: http://www.computerweekly.com/news/450427879/Euro-commissioner-calls-for-more-collaboration-on-cyber-security

Link:
Euro commissioner calls for more collaboration on cyber security

Australian companies face an increasing threat from domestic DDoS instigators

Mobile botnets, targeted DDoS attacks pose growing threat to Australian targets. Australian organisations are being hit by over 450 distributed denial of service (DDoS) attacks every day and fully a quarter of them are coming from domestic sources, analysts have warned as figures show DDoS attacks making a resurgence after nearly a year of decline. New figures from the Arbor Networks ATLAS service – which collects data on DDoS attacks and malware from 400 service providers – suggested that Australian targets suffered 14,000 attacks of various intensity in August alone. The largest of the attacks, in early August, measured 51.9 Gbps in intensity while the heaviest volume of packets – 15.8 million packets per second – came in an attack later in the month. While the United States was the largest source of the attacks – comprising 30 percent of the overall total – the lion’s share of the remainder came from Chinese (24 percent), Australian (24 percent), and UK (23 percent) sources. The August figures reinforce the resurgent threat from DDoS attacks, which flood targets with data in an effort to interrupt their operation for even a short period. They also reflect the continuing flexibility of attackers that were able to build a botnet out of mobile devices to instigate a high-impact DDoS extortion campaign against numerous travel and hospitality organisations. hat botnet, called WireX, was embedded in around 300 Google Play Store applications and had spread to estimated 130,000 to 160,000 bots that produced over 20,000 HTTP/HTTPS requests per second. On August 17 WireX was taken down through a concerted effort involving Google, Akamai, Cloudflare, Flashpoint, Oracle Dyn, RiskIQ, Team Cymru, and other organisations. Instigated by devices from over 100 countries, WireX changed quickly as the attacker “learned rapidly to try different techniques to try to thwart the defenders,” Arbor Security Engineering & Response Team (ASERT) principal engineer Roland Dobbins wrote in his analysis of the attack. WireX reflects the ingenuity being applied to the creation of DDoS attacks as identified in Akamai’s recent Q2 2017 State of the Internet Security Report. Analysing attacks remediated over Akamai’s core content distribution network, that report noted a 28 percent quarter-on-quarter increase in the total number of DDoS attacks as well as increases in infrastructure layer (by 27 percent), reflection-based (21 percent), and average number of attacks (28 percent) per target. Changing geographic distribution showed that “geographic profiling is a real and potentially imminent threat to Australia,” Akamai Asia-Pacific senior security specialist Nick Rieniets said in a statement. “When there are changes like this in the threat landscape and when new threats are released, companies need to recognise, acknowledge and assess that volatility, and change their security controls accordingly, and in a timely manner.” Akamai’s DDoS analysis suggested that the PBot botnet had been tapped once again to generate the biggest DDoS attacks observed in the second quarter. PBot – which Rieniets called “proof that the minute threat actors get access to a new vulnerability they can work out how to weaponise it” – appeared to have primarily infected around 400 Web servers, boosting the volume of data produced per device compared with previous infections such as last year’s Internet of Things-focused Mirai botnet. The range and efficacy of DDoS attack tactics have highlighted the need for businesses to remain disciplined about their protections, security experts have warned. “It’s important that organizations implement best current practices (BCPs) for their network infrastructure, application/service delivery stacks, and ancillary supporting services,” Arbor’s Dobbins writes. “This will allow the organization to maintain availability and ensure continuous service delivery even in the face of attack.” With many organisations found to not have a formal DDoS defense plan in place – and many that do, never rehearsing it – Dobbins said testing needed to become a habit: “It is critical that organizations devise and rehearse their DDoS defense plans in order to ensure that they have the requisite personnel, skills, operational processes, communications plans, and support services in place to defend their Internet properties in a timely and effective manner.” Source: https://www.cso.com.au/article/627915/australian-companies-face-an-increasing-threat-from-domestic-ddos-instigators/

Read More:
Australian companies face an increasing threat from domestic DDoS instigators

DDoS protection, mitigation and defense: 7 essential tips

Protecting your network from DDoS attacks starts with planning your response. Here, security experts offer their best advice for fighting back. DDoS attacks are bigger and more ferocious than ever and can strike anyone at any time. With that in mind we’ve assembled some essential advice for protecting against DDoS attacks. 1. Have your DDoS mitigation plan ready Organizations must try to anticipate the applications and network services adversaries will target and draft an emergency response plan to mitigate those attacks. [ Find out how DDoS attacks are evolving and bookmark CSO’s daily dashboard for the latest advisories and headlines. | Sign up for CSO newsletters. ] “Enterprises are paying more attention to these attacks and planning how they’ll respond. And they’re getting better at assembling their own internal attack information as well as the information their vendors are providing them to help fight these attacks,” says Tsantes. IBM’s Price agrees. “Organizations are getting better at response. They’re integrating their internal applications and networking teams, and they know when the attack response needs to be escalated so that they aren’t caught off guard. So as attackers are becoming much more sophisticated, so are the financial institutions,” she says. “A disaster recovery plan and tested procedures should also be in place in the event a business-impacting DDoS attack does occur, including good public messaging. Diversity of infrastructure both in type and geography can also help mitigate against DDoS as well as appropriate hybridization with public and private cloud,” says Day. “Any large enterprise should start with network level protection with multiple WAN entry points and agreements with the large traffic scrubbing providers (such as Akamai or F5) to mitigate and re-route attacks before they get to your edge.  No physical DDoS devices can keep up with WAN speed attacks, so they must be first scrubbed in the cloud.  Make sure that your operations staff has procedures in place to easily re-route traffic for scrubbing and also fail over network devices that get saturated,” says Scott Carlson, technical fellow at BeyondTrust. 2. Make real-time adjustments While it’s always been true that enterprises need to be able to adjust in real-time to DDoS attacks, it became increasingly so when a wave of attacks struck many in the financial services and banking industry in 2012 and 2013, including the likes of Bank of America, Capital One, Chase, Citibank, PNC Bank and Wells Fargo. These attacks were both relentless and sophisticated. “Not only were these attacks multi-vector, but the tactics changed in real time,” says Gary Sockrider, solutions architect for the Americas at Arbor Networks. The attackers would watch how sites responded, and when the site came back online, the hackers would adjust with new attack methods. “They are resolute and they will hit you on some different port, protocol, or from a new source. Always changing tactics,” he says. “ Enterprises have to be ready to be as quick and flexible as their adversaries.” 3. Enlist DDoS protection and mitigation services John Nye, VP of cybersecurity strategy at CynergisTek explains that there are many things enterprises can do on their own to be ready to adjust for when these attacks hit, but enlisting a third-party DDoS protection service may be the most affordable route. “Monitoring can be done within the enterprise, typically in the SOC or NOC, to watch for excessive traffic and if it is sufficiently distinguishable from legitimate traffic, then it can be blocked at the web application firewalls (WAF) or with other technical solutions. While it is possible to build a more robust infrastructure that can deal with larger traffic loads, this solution is substantially costlier than using a third-party service,” Nye says. Chris Day, chief cybersecurity officer at data center services provider Cyxtera, agrees with Nye that enterprises should consider getting specialty help. “Enterprises should work with a DDoS mitigation company and/or their network service provider to have a mitigation capability in place or at least ready to rapidly deploy in the event of an attack.” “The number one most useful thing that an enterprise can do — if their web presence is  that  critical to their business — is to enlist a third-party DDoS protection service,” adds Nye. “I will not recommend any particular vendor in this case, as the best choice is circumstantial and if an enterprise is considering using such a service they should thoroughly investigate the options.” 4. Don’t rely only on perimeter defenses Everyone we interviewed when reporting on the DDoS attacks that struck financial services firms a few years ago found that their traditional on-premises security devices — firewalls, intrusion-prevention systems, load balancers —were unable to block the attacks. “We watched those devices failing. The lesson there is really simple: You have to have the ability to mitigate the DDoS attacks before it gets to those devices. They’re vulnerable. They’re just as vulnerable as the servers you are trying to protect,” says Sockrider, when speaking of the attacks on banks and financial services a few years ago. Part of the mitigation effort is going to have to rely on upstream network providers or managed security service providers that can interrupt attacks away from the network perimeter. It’s especially important to mitigate attacks further upstream when you’re facing high-volume attacks. “If your internet connection is 10GB and you receive a 100GB attack, trying to fight that at the 10GB mark is hopeless. You’ve already been slaughtered upstream,” says Sockrider. 5. Fight application-layer attacks in-line Attacks on specific applications are generally stealthy, much lower volume and more targeted. “They’re designed to fly under the radar so you need the protection on-premises or in the data center so that you can perform deep-packet inspection and see everything at the application layer. This is the best way to mitigate these kinds of attacks,” says Sockrider. “Organizations will need a web protection tool that can handle application layer DoS attacks,” adds Tyler Shields, VP of Strategy, Marketing & Partnerships at Signal Sciences. “Specifically, those that allow you to configure it to meet your business logic. Network based mitigations are no longer going to suffice,” he says. Amir Jerbi, co-founder and CTO is Aqua Security, a container security company, explains how one of the steps you can take to protect against DDoS attacks is to add redundancy to an application by deploying it on multiple public cloud providers. “This will ensure that if your application or infrastructure provider is being attacked then you can easily scale out to the next cloud deployment,” he says. 6. Collaborate The banking industry is collaborating a little when it comes to these attacks. Everything they reveal is carefully protected and shared strictly amongst themselves, but in a limited way, banks are doing a better job at collaborating than most industries . “They’re working among each other and with their telecommunication providers. And they’re working directly with their service providers. They have to. They can’t just work and succeed in isolation,” says Lynn Price, IBM security strategist for the financial sector. For example, when the financial services industry was targeted, they turned to the Financial Services Information Sharing and Analysis Center for support and to share information about threats. “In some of these information-sharing meetings, the [big] banks are very open when it comes to talking about the types of attacks underway and the solutions they put into place that proved effective. In that way, the large banks have at least been talking with each other,” says Rich Bolstridge, chief strategist of financial services at Akamai Technologies. The financial sector’s strategy is one that could and should be adopted elsewhere, regardless of industry. 7. Watch out for secondary attacks As costly as DDoS attacks can be, they may sometimes be little more than a distraction to provide cover for an even more nefarious attack. “DDoS can be a diversion tactic for more serious attacks coming in from another direction. Banks need to be aware that they have to not only be monitoring for and defending the DDoS attack, but they also have to have an eye on the notion that the DDoS may only be one aspect of a multifaceted attack, perhaps to steal account or other sensitive information,” Price says. 8. Stay vigilant Although many times DDoS attacks appear to only target high profile industries and companies, research shows that’s just not accurate. With today’s interconnected digital supply-chains (every enterprise is dependent on dozens if not hundreds of suppliers online), increased online activism expressed through attacks, state sponsored attacks on industries in other nations, and the ease of which DDoS attacks can be initiated, every organization must consider themselves a target. So be ready, and use the advice in this article as a launching point to build your organization’s own anti-DDoS strategy. Source: https://www.csoonline.com/article/2133613/network-security/malware-cybercrime-ddos-protection-mitigation-and-defense-7-essential-tips.html

More:
DDoS protection, mitigation and defense: 7 essential tips

Google pulls 300 Android apps used for DDoS attacks

A number of security researchers teamed up to fight the WireX botnet. If a random storage manager or video player you downloaded recently has disappeared from your Android device, don’t worry: it might have been for your own good. Google has removed 300 apps from the Play store, which were apparently merely masquerading as legitimate applications. In truth, they were made to hi-jack your phone so it can be used as part of a botnet’s distributed denial of service (DDoS) attacks. WireX, as the botnet is called, pummeled several content providers and delivery networks with traffic from the devices it hi-jacked on August 17th, though it’s been active since around August 2nd. In some cases, it also acted as a ransomware, demanding money from its victim. It was content delivery network Akamai that discovered its existence following an assault on one of its clients. The company then got together with Google and several security researchers from rival companies like Cloudflare, Flashpoint, Oracle + Dyn, RiskIQ, Team Cymru and other organizations to solve the issue. Upon learning that the Play Store is inundated with hundreds of fake WireX apps hiding behind the guise of innocuous programs like storage managers and ringtones, the big G did its part and blocked them all. Here are a few samples of infected apps: In a statement, Mountain View said it’s now also in the process of removing applications from affected devices. It’s unclear how long that would take, though, since based on the team’s research, WireX compromised over 70,000 devices from over 100 countries. Source: https://www.engadget.com/2017/08/29/google-pulls-300-android-apps-wirex-ddos/

Taken from:
Google pulls 300 Android apps used for DDoS attacks

Second Quarter Reported DDoS Attacks Lasting Days, Not Minutes

What would you do if your company was hit with a DDoS attack that lasted 11 days? Perhaps a large organization could withstand that kind of outage, but it could be devastating to the SMB, especially if it relies on web traffic for business transactions. That 11-day – 277 hours to be more exact – attack did happen in the second quarter of 2017. Kaspersky Lab said it was longest attack of the year, and 131 percent longer than the longest attack in the first quarter. And unfortunately, the company’s latest DDoS intelligence report said we should expect to see these long attacks more frequently, as they are coming back into fashion. This is not the news businesses want to hear. Enduring DDoS attacks isn’t new. Igal Zeifman, senior manager at Imperva for the Incapsula product line, told me in an email comment that in 2016, the company tracked a network layer attack that lasted more than 29 days and an application layer assault that persisted for 69 days straight. However, Zeifman argued against the Kaspersky finding, saying that it doesn’t mesh with what his company has seen, despite those extended attacks from last year: For the past four quarters we continued to see a persistent decline in the average attack duration, driven by an increased number of short attack burst of 30 minutes or less. These bursts accounted for over 58 percent of all network layer attacks and more than 90 percent of all assault layer attacks in the first quarter of the year. Interesting to see such disparate results in the length of DDoS attacks . Whether days long or short bursts, one thing is certain – those initiating the attacks have very definite reasons for doing so. As the Kaspersky Lab report stated, financial extortion was a top reason for the attacks in the second quarter: This approach was dubbed “ransom DDoS”, or “RDoS”. Cybercriminals send a message to a victim company demanding a ransom of 5 to 200 bitcoins. In case of nonpayment, they promise to organize a DDoS attack on an essential web resource of the victim. Such messages are often accompanied by short-term attacks which serve as demonstration of the attacker’s power. The victim is chosen carefully. Usually, the victim is a company which would suffer substantial losses if their resources are unavailable. Political hacktivists are hard at work, too, going after news organizations, elections and, in the U.S., the FCC, likely in retaliation for wanting to abolish net neutrality. The FCC has acknowledged the attack, but reports are the agency is making its cybersecurity efforts secret . I’ll be following up more on that story later this week. Source: http://www.itbusinessedge.com/blogs/data-security/second-quarter-reported-ddos-attacks-lasting-days-not-minutes.html

Original post:
Second Quarter Reported DDoS Attacks Lasting Days, Not Minutes