Tag Archives: domain-name

Akamai Shield NS53 protects on-prem and hybrid DNS infrastructure

Akamai launched Akamai Shield NS53, a product that protects on-premises (on-prem) Domain Name System (DNS) infrastructure from resource exhaustion attacks. These attacks overwhelm servers to the point that they can no longer respond to valid DNS queries. The new offering complements Akamai Edge DNS, which is a comprehensive cloud-based DNS solution, and Akamai Prolexic, a distributed denial-of-service (DDoS) protection platform for Layer 3 and Layer 4 attacks. Over the past three years, there has been … More ? The post Akamai Shield NS53 protects on-prem and hybrid DNS infrastructure appeared first on Help Net Security .

More:
Akamai Shield NS53 protects on-prem and hybrid DNS infrastructure

Pwn goal: Hackers used the username root, password root for botnet control database login

These are not the criminal geniuses you were expecting An IoT botnet has been commandeered by white hats after its controllers used a weak username and password combination for its command-and-control server.…

Originally posted here:
Pwn goal: Hackers used the username root, password root for botnet control database login

Dark DDoS: hacker tools and techniques – the challenges faced

In 2017 has the cyber landscape changed? What are the objectives of hackers? What are their methods? The variety of attacks used has increased, so how can you mitigate the risk? Hackers can have many different possible objectives. For instance, they may aim to interrupt business, corrupt data, steal information – or even all of these at the same time. To reach their goals, they continuously look for any vulnerability – and will use any vulnerability – to attack. They’re getting increasingly smarter and always looking for more, faster and easier ways to strike. Furthermore, their attacks are no longer designed simply to deny service but to deny security. The initial service denial attack is often used as a camouflage to mask further – and potentially more sinister – activities. These include data theft, network infiltration, data exfiltration, networks being mapped for vulnerabilities, and a whole host of other potential risks. These types of attacks are often referred to as ‘Dark DDoS’ because of initial smokescreen attack which acts to distract organisations from the real breach that’s taking place. In a large proportion of recent data breaches, DDoS (distributed denial of service attacks) have been occurring simultaneously – as a component of a wider strategy – meaning hackers are utilising this technique in a significant way. According to a report by SurfWatch Labs, DDoS attacks rose 162% in 2016. SurfWatch Labs claims this is due to the increasing use of IoT devices and the attacks on the KrebsOnSecurity.com and on domain name provider, Dyn – believed to be some of the biggest DDoS attacks ever recorded. Last year, France was also hit by one of the largest DDoS attacks when hosting company, OVH, was targeted through 174,000 connected cameras. Today’s hackers have developed a high variety of DNS attacks that fall into three main categories: Volumetric DoS attacks An attempt to overwhelm the DNS server by flooding it with a very high number of requests from one or multiple sources, leading to degradation or unavailability of the service. Stealth/slow drip DoS attacks Low-volume of specific DNS requests causing capacity exhaustion of outgoing query processing, leading to degradation or unavailability of the service. Exploits Attacks exploiting bugs and/or flaws in DNS services, protocol or on operating systems running DNS services. Often DNS threats are geared towards a specific DNS function (cache, recursive & authoritative), with precise damage objectives. This aspect must be integrated into the DNS security strategy to develop an in-depth defence solution, ensuring comprehensive attack protection. The list below of the most common attacks aims to emphasise the diversity of the threats and details the extent of the attack surfaces: Volumetric attacks Direct DNS attacks Flooding of DNS servers with direct requests, causing saturation of cache, recursion or authoritative functions. This attack is usually sent from a spoofed IP address. DNS amplification DNS requests generating an amplified response to overwhelm the victim’s servers with very large traffic. DNS reflection Attacks using numerous distributed open resolver servers on the Internet to flood victim’s authoritative servers (usually combined with amplification attacks). NXDOMAIN Flooding of the DNS servers with non-existing domains requests, implying recursive function saturation. Stealth/slow drip DoS attacks Sloth domain attacks Attacks using queries sent to hacker’s authoritative domain that very slowly answers requests – just before the time out, to cause victim’s recursive server capacity exhaustion. Phantom domain attack Attacks targeting DNS resolvers by sending them sub-domains for which the domain server is unreachable, causing saturation of cache server capacity. Random subdomain attack (RQName) Attacks using random query name, causing saturation of victim’s authoritative domain and recursive server capacity. Exploits Zero-Day vulnerability Zero-day attacks take advantage of DNS security holes for which no solution is currently available. DNS-based exploits Attacks exploiting bugs and/or flaws in DNS services, protocol or on operating systems running DNS services. DNS tunnelling The DNS protocol is used to encapsulate data in order to remotely control malware or/and the exfiltration of data. Protocol anomalies DNS Attacks based on malformed queries, intending to crash the service. DNS cache poisoning Attacks introducing data into a DNS resolver’s cache, causing the name server to return an incorrect IP address and diverting traffic to the attacker’s computer. The DNS landscape security is continuously moving and DNS attacks are becoming more and more sophisticated, combining multiple attack vectors at the same time. Today’s DDoS attacks are almost unrecognisable from the simple volumetric attacks that gave the technique its name. In 2017, they have the power to wreak significant damage – as all those affected by the Dyn breach last year will testify – they are far more sophisticated, deceptive and frequent. To keep ahead of these threats, today’s security solutions must continuously protect against a family of attacks rather than a limited list of predefined attacks that must be frequently updated or tuned. Source: http://www.information-age.com/securing-website-content-management-system-123463910/

Read the original post:
Dark DDoS: hacker tools and techniques – the challenges faced

OpEdNews Attacked by DDoS Denial of Service Attack

OpEdNews was victim of an aggressive DDoS denial of service attack yesterday. OpEdNews was victim of an aggressive DDoS denial of service attack yesterday. The attack came in the form of tens of thousands of emails bombarding our server. These took up all our bandwidth resources and caused the site to either shut down or run very slowly. We don’t know who initiated the attack, but it shut down our server several times yesterday and has caused some problems with our view tracking. Senior OEN editor Josh Mitteldorf observed, “We might start by asking whose lies are we undermining? What powers are we speaking truth to?” At the same time the DDoS attack was going on, we’ve been in the middle of transferring OpEdnews to a new, much better, faster, higher bandwidth server– shifting from two to 32 gigabytes of RAM, with a much faster processor and faster SSD hard drive. OpEdNews hope to have the transition to the new server finished by tomorrow, after which we’ll be able to better sort out the problem with article view tracking. There may be a brief time, during the transfer, when you can’t submit content– articles, comments. That will pass as soon as the DNS servers shift the site from the old server to the new server. This varies with your location. In simpler language, the pause in the ability to submit will last until the site domain name has been fully shifted to be pointed to the new server. Source: http://www.opednews.com/Diary/OpEdNews-Attacked-by-dDOS-by-Rob-Kall-Distributed-Denial-Of-Service-Attack-DDOS_OpEdNews-161215-445.html

View article:
OpEdNews Attacked by DDoS Denial of Service Attack

Is government regulation the way to blunt DDoS attacks?

Government regulation is a sticky issue in any industry, perhaps even more in cyber security. Every time the government creates a rule or an obligation, goes the argument, it merely opens a hole to be exploited. Exhibit number one is the call for makers of any product with encryption to create a secure back door police and intelligence agencies can use to de-crypt possibly criminal communications. Of course there’s no such thing as an absolutely secure  back door, so it will end up being used by criminals or nation states. I raise this because last week security expert Bruce Schneier again raised the issue of whether governments should step in to help give more protection against distributed denial of service DDoS attacks. It’s easy for attackers to build powerful DDoS botnets that leverage insecure Internet connected devices like consumer webcams, he argues, the most recent of which was the attack last month on U.S. domain name service provider Dyn Inc., which temporarily impaired the ability of a number of online businesses including Twitter. It doesn’t matter, Schneier argues, if DDoS attacks are state-based or not. The fact the software is so easily available to their build a botnot or buy it as a service that can pour 1 TB and more of data at a target is the threat. “The market can’t fix this because neither the buyer nor the seller cares,” he has written. One logical place to block DDoS attacks is on the Internet backbone, he says, but providers have no incentive to do it because “they don’t feel the pain when the attacks occur and they have no way of billing for the service when they provide it.” So when the market can’t provide discipline, Schneier says, government should. He offers two suggestions: –impose security regulations on manufacturers, forcing them to make their devices secure; –impose liabilities on manufacturers of insecure Internet connected devices, allowing victims to sue them. Either one of these would raise the cost of insecurity and give companies incentives to spend money making their devices secure, he argues. I’m not sure. For one thing litigation is a long and expensive process. How do I sue a company headquartered in another country (say, China) that sells devices used by a person in a third country (say, Brazil) which is part of a botnet assembled by a person in another country (say, the U.S.) used to attack me in Canada? There’s also the problem of defining secure. What can a manufacturer do if it forces creation a long password for a device, but users insist on insecure passwords (like “password123456879.”) Still, we need to discuss short-term solutions because, as Schneier points out, with the huge number of insecure Internet connected devices out there the DDoS problem is only going to get worse. Let us know what you think in the comments section below. Source: http://www.itworldcanada.com/article/is-government-regulation-the-way-to-blunt-ddos-attacks/388238

Link:
Is government regulation the way to blunt DDoS attacks?

?How to defend against the internet’s doomsday of DDoS attacks

Last week assault on Dyn’s global managed DNS services was only the start. Here’s how to fend off hackers’ attacks both on your servers and the internet. We knew major destructive attacks on the internet were coming. Last week the first of them hit Dyn, a top-tier a major Domain Name System (DNS) service provider, with a global Distributed Denial of Service (DDoS)attack. As Dyn went down, popular websites such as AirBnB, GitHub, Reddit, Spotify, and Twitter followed it down. Welcome to the end of the internet as we’ve known it. Up until now we’ve assumed that the internet was as reliable as our electrical power. Those days are done. Today, we can expect massive swaths of the internet to be brought down by new DDoS attacks at any time. We still don’t know who was behind these attacks. Some have suggested, since Dyn is an American company and most of the mauled sites were based in the US, that Russia or Iran was behind the attack. It doesn’t take a nation, though, to wreck the internet. All it takes is the hundreds of millions of unsecured shoddy devices of the Internet of Things (IoT). In the Dyn onslaught , Kyle York, Dyn’s chief strategy officer said the DDoS attack used “tens of millions” devices. Hangzhou Xiongmai Technology, a Chinese technology company, has admitted that its webcam and digital video recorder (DVR) products were used in the assault. Xiongmai is telling its customers to update their device firmware and change usernames and passwords. Good luck with that. Quick: Do you know how to update your DVR’s firmware? The attack itself appears to have been made with the Mirai botnet. This open-source botnet scans for devices using their default username and password credentials. Anyone can use it — China, you, the kid next door — to generate DDoS attacks. For truly damaging DDoS barrages, you need to know something about the internet’s architecture, but that’s not difficult. Or, as Jeff Jarmoc, a Salesforce security engineer, tweeted, “In a relatively short time we’ve taken a system built to resist destruction by nuclear weapons and made it vulnerable to toasters.” That’s funny, but it’s no joke. Fortunately, you can do some things about it. Securing the Internet of Things First, and this unfortunately is a long-term solution, IoT vendors must make it easy to update and secure their devices. Since you can’t expect users to patch their systems — look at how well they do with Windows — patching must be made mandatory and done automatically. One easy way to do this is to use an operating system, such as Ubuntu with Snap, to update devices quickly and cleanly. These “atomic” style updating systems make patches both easier to write and deploy. Another method is to lock down IoT applications and operating systems. Just like any server, the device should have the absolute minimum of network services. Your smart TV may need to use DNS, but your smart baby monitor? Not so much. That’s all fine and dandy and it needs to be done, but it’s not going to help you anytime soon. And, we can expect more attacks at any moment. Defending your intranet and websites First, you should protect your own sites by practicing DDoS prevention 101. For example, make sure your routers drop junk packets. You should also block unnecessary external protocols such as Internet Control Message Protocol (ICMP) at your network’s edge. And, as always, set up good firewalls and server rules. In short, block everything you can at your network edge. Better still, have your upstream ISP block unnecessary and undesired traffic. For example, your ISP can make your life easier simply by upstream blackholing. And if you know your company will never need to receive UDP traffic, like Network Time Protocol (NTP) or DNS, your ISP should just toss garbage traffic into the bit bin. You should also look to DDoS mitigation companies to protect your web presence. Companies such as Akamai, CloudFlare, and Incapsula offer affordable DDoS mitigation plans for businesses of all sizes. As DDoS attacks grow to heretofore unseen sizes, even the DDoS prevention companies are being overwhelmed. Akamai, for example, had to stop trying to protect the Krebs on Security blog after it was smacked by a DDoS blast that reached 620 Gbps in size. That’s fine for protecting your home turf, but what about when your DNS provider get nailed? You can mitigate these attacks by using multiple DNS providers. One way to do this is to use Netflix’s open-source program Denominator to support managed, mirrored DNS records. This currently works across AWS Route53, RackSpace CloudDNS, DynECT, and UltraDNS, but it’s not hard to add your own or other DNS providers. This way, even when a DDoS knocks out a single DNS provider, you can still keep your sites up and running. Which ones will work best for you? You can find out by using Namebench. This is an easy-to-use, open-source DNS benchmark utility. Even with spreading out your risk among DNS providers, DNS attacks are only going to become both stronger and more common. DNS providers like Dyn are very difficult to secure. As Carl Herberger, vice president for security solutions at Radware, an Israeli-based internet security company, told Bloomberg, DNS providers are like hospitals: They must admit anyone who shows up at the emergency room. That makes it all too easy to overwhelm them with massive — in the range of 500 gigabits per second — attacks. In short, there is no easy, fast fix here. One way you can try to keep these attacks from being quite so damaging is to increase the Time to Live (TTL) in your own DNS servers and caches. Typically, today’s local DNS servers have a TTL of 600 seconds, or 5 minutes. If you increased the TTL to say 21,600 seconds, or six hours, your local systems might dodge the DNS attack until it was over. Protecting the internet While the techniques might help you, they don’t do that much to protect the internet at large. DNS is the internet’s single point of total failure. That’s bad enough, but as F5, a top-tier ISP notes, DNS is historically under-provisioned. We must set up a stronger DNS system. ISPs and router and switch vendors should also get off their duffs and finally implement Network Ingress Filtering, better known as Best Current Practice (BCP)-38. BCP-38 works by filtering out bogus internet addresses at the edge of the internet. Thus, when your compromised webcam starts trying to spam the net, BCP-38 blocks these packets at your router or at your ISP’s router or switch. It’s possible, but unfortunately not likely, that your ISP has already implemented BCP-38. You can find out by running Spoofer. This is a new, open-source program that checks to see how your ISP handles spoofed packets. So why wasn’t it implemented years ago? Andrew McConachie, an ICANNtechnical and policy specialist, explained in an article that ISPs are too cheap to pay the small costs required to implement BCP-38. BCP-38 isn’t a cure-all, but it sure would help. Another fundamental fix that could be made is response rate limiting (RRL). This is a new DNS enhancement that can shrink attacks by 60 percent. RRL works by recognizing that when hundreds of packets per second arrive with very similar source addresses asking for similar or identical information, chances are they’re an attack. When RRL spots malicious traffic, it slows down the rate the DNS replies to the bogus requests. Simple and effective. Those are some basic ideas on how to fix the internet. It’s now up to you to use them. Don’t delay. Bigger attacks are on their way and there’s no time to waste. Source: http://www.zdnet.com/article/how-to-defend-against-the-internets-doomsday-of-ddos-attacks/  

View article:
?How to defend against the internet’s doomsday of DDoS attacks

Twitter, Amazon, other top websites shut in cyber attack

Major internet services including Twitter, Spotify and Amazon suffered service interruptions and outages on Friday as a US internet provider came under a cyber attack. The internet service company Dyn, which routes and manages internet traffic, said that it had suffered a distributed denial of service (DDoS) attack on its domain name service shortly after 1100 GMT. The service was restored in about two hours, Dyn said. The attack meant that millions of internet users could not access the websites of major online companies such as Netflix and Reddit as well as the crafts marketplace Etsy and the software developer site Github, according to media reports. The website Gizmodo said it had received reports of difficulty at sites for media outlets including CNN, The Guardian, Wired, HBO and People as well as the money transfer service PayPal. Dyn, which is headquartered in New Hampshire, said the attack went after its domain name service, causing interruptions and slowdowns for internet users. “This morning, October 21, Dyn received a global DDoS attack on our Managed DNS infrastructure in the east coast of the United States,” Scott Hilton, executive vice president for products at Dyn, said in a statement. “We have been aggressively mitigating the DDoS attack against our infrastructure.” The company said it was continuing to investigate. A map published by the website downdetector.com showed service interruptions for Level3 Communications, a so-called “backbone” internet service provider, across much of the US east coast and in Texas. Amazon Web Services, which hosts some of the most popular sites on the internet, including Netflix and the homestay network Airbnb, said on its website that users experienced errors including “hostname unknown” when attempting to access hosted sites but that the problem had been resolved by 1310 GMT. Domain name servers are a crucial element of internet infrastructure, converting numbered Internet Protocol addresses into the domain names that allow users to connect to internet sites. Distributed denial of service or DDoS attacks involve flooding websites with traffic, making them difficult to access or taking them offline entirely. Attackers can use them for a range of purposes, including censorship, protest and extortion. The loose-knit hacktivist network Anonymous in 2010 targeted the DNS provider EveryDNS among others in 2010 as retribution for denying service to the anti-secrecy organization WikiLeaks. “The internet continues to rely on protocols and infrastructure designed before cyber security was an issue,” said Ben Johnson, a former engineer at the National Security Agency and founder of the cybersecurity company Carbon Black. He said that growing interconnection of ordinary devices to the internet, the so-called “internet of things,” increased the risks to networks. “DDoS, especially with the rise of insecure IOT devices, will continue to plague our organizations. Sadly, what we are seeing is only the beginning in terms of large scale botnets and disproportionate damage done.” Source: http://phys.org/news/2016-10-twitter-spotify-websites-ddos.html

Read the article:
Twitter, Amazon, other top websites shut in cyber attack

Waiting for DDoS

In football, many offensive plays are designed to trick the defense into thinking something else is about to unfold. In the world of cybersecurity, DoS (Denial of Service) or DDoS (Distributed Denial of Service) attacks often serve as a similar smokescreen or decoy to a far more sinister plot with the ulterior motive to mount a computer network breach that results in the loss of data or intellectual property. It was a DDoS attack that woke up Sony Pictures a year ago (watch the video emailed to Sony employees on the morning of the attack), even though attackers had infiltrated the company’s networks months before undetected, and eventually obliterated its computer systems. According to  Fortune , half of Sony’s global network was wiped out, erasing everything stored on 3,262 of the company’s 6,797 personal computers and 837 of its 1,555 servers. Hackers calling themselves “#GOP” (Guardians of Peace) threatened to release publicly Sony Pictures’ internal data if their demands, including “monetary compensation,” were not met. They weren’t bluffing. Sobering DDoS Statistics Recent studies show DDoS attacks growing exponentially in recent years, launched through rentable, relatively inexpensive, anonymous botnets that cost as little as $1,000 and can render an e-commerce website completely inoperable. The average denial of service (DoS) attack costs the victim $1.5 million, according to a separate Ponemon Institute survey sponsored by Akamai and published in March 2015. The 682 responding companies reported four attacks a year. AT&T also reported companies across its network were hit with four times a year with DDoS attacks and 62 percent growth in DDoS attacks over the past two years. Once an organization receives a DDoS attack, the chances of being the object of a data breach are better than 70 percent, reported Neustar Inc., a Sterling, Va.-based provider of cloud-based information services, including conducting research on cloud metrics and managing various top-level internet domains. The second quarter of 2015 set a record for the number of DDoS attacks recorded on Akamai’s Prolexic Routed network – more than double what was reported in 2014’s second quarter. Corero Networks, a Hudson, Mass.-based security services provider, reported that its clients were getting DDoS attacks an average of three times a day, and in the second quarter of 2015 daily attack volume reached an average of 4.5 attacks, a 32 percent increase from the previous quarter. More than 95 percent of the attacks combated by Corero last 30 minutes or less, and the vast majority of the attacks were less than 1 Gbps. Only 43 percent rate their organizations as highly effective in quickly containing DoS attacks, and only 14 percent claimed to have had the ability to prevent such attacks, according to the Ponemon report. The worst DDoS attack on the Akamai network peaked at 214 million packets per second (Mpps), a volume capable of taking out tier 1 routers, such as those used by internet service providers (ISPs). “It’s pretty hard to stay one step ahead of these guys,” admits Mark Tonnesen, chief information officer (CIO) and chief security officer (CSO) of Neustar. In a recent survey of 760 security professionals commissioned by Neustar and conducted by Simply Direct of Sudbury, Mass., for the U.S. market and Harris Interactive of London for the Europe, Middle East and Africa (EMEA) markets,  DDoS attacks increased in 2015 six-fold when compared to the previous year. “Every day there’s an announcement of some [DDoS attack] going on with a company caught unprepared, trying to ramp up with people and technology,” Tonnesen says. “Companies are looking for any way they can grab an edge any way in identification, detection and reaction time to eliminate the attack.” Interruption vs. Outage Those behind DDoS attacks may have ulterior motives to capture real value from the attack, such as financial gain, brand carnage, or intellectual property resold on the underground market. Any of those scenarios happen nine out of every 10 DDoS attacks, according to Neustar data. The impact on a company’s customers and the firm’s bottom line “negatively impacts everybody’s financials,” Tonnsesen points out. DDoS attacks, which can take the form of an interruption or the more serious outage, almost always serves as a smokescreen avoiding attention to an outright sinister data breach. Meanwhile, the IT staff is trying to figure out why the website isn’t working properly. “Unbeknownst to you, [the malware is] already in your network,” he explains. A DDoS  outage  is a complete slaughter of messaging to a network, such as an e-commerce platform. Effectively, the network appears to shut down completely due to the bandwidth overload, making it nearly impossible to get traffic through to the website. In contrast, a DDoS  interruption  involves attacks targeted such as to a customer service organization or intellectual property or customer records and identity. “[An interruption] certainly has a major impact, but it wouldn’t be an outage,” explains Tonnesen. “It’s more of a disruption, not a flat-out attack. The attackers are much more intelligent and organized; they know what they’re certainly looking for, such as affecting your brand and or having a financial impact. There’s an element of showcasing their capability, and the lack thereof of the company that was attacked.” As a result, IT security and network teams must be vigilant and always be on high alert. The Hybrid Solution  Some CISOs are moving to a “hybrid” approach to combating a DDoS attack of the of the Open System Interconnection (OSI) Model Application Layer 7 variety. The approach uses an on-ground client security product that links with a cloud-based mitigation tool. One argument for this approach is that attack victims can react more quickly to a specific attack on a business area, such as engineering or customer support, if they have the benefit of cloud-based updates rather than waiting for a network-based device to be updated. “Based on the customers I talk to, hybrid approaches are becoming mainstream,” says Tonnesen. Client and cloud security products work together with one or the other configured as a rules-based defense working on certain types of data attacks that affect key assets and applications.  Typically, underlying attacks involve a DNA-like sequence that lives in a lower level of an organization’s technology stack, such as malware sitting on a server some place, and begin to take over key assets. “That’s where a DDoS mitigation service can really help a weakness or attack sector,” Tonnesen says. “One approach really isn’t good enough anymore.” Mike Weber, vice president of labs of Coalfire, a cyber risk management and compliance company based in Louisville, Colo., says that “being able to diagnose a denial of service attack does take some time. Generally understanding if it’s a problem internally, such as an application malfunction, system problem or faulty hardware, those kinds of diagnostics take a while.” When Weber was fending off DDoS attacks at a former employer, a web hosting company, he received an insider’s view of old-fashioned corporate espionage. The client hosting company had known adversaries but could never pin the frequent attacks on a single entity. “They had a good idea who was behind the attacks,” he remembers. “A lot of times, it was their competition. It was used as a revenge tactic – sometimes it was intended to impact that company from a business perspective for whatever reason. Maybe it’s a page rank or advertising issue.” Attackers leverage those kinds of attacks to consume personnel/intellectual capital being used for diagnosis. While the victim attempts to identify the strategy attempting to thwart it typically sends companies under attack into a state of chaos. An attack against a website can be set to look like a denial of service interspersed with an attack that achieved the end goal of flooding log servers. Typically the obvious attack needs to be stopped before one can diagnose the other less obvious attack. “Think of that as DNS (Domain Name System) amplification – a DDoS attack where the attacker basically exploits vulnerabilities in the DNS servers to be able to turn small inquiries into large payloads, which are directed back to the victim’s server,” Weber says. “Those are a different protocol than those other attacks that are attacking different parts of the infrastructure whether they’re operating systems or applications. So typically they would be targeted towards two different parts of the client environment.” Malicious Traffic A typical approach to prevent DDoS from inflicting damage is to re-route non-malicious traffic to a cloud-based or third-party provider whose sole purpose is to mitigate denial of service-type attacks at what’s known as a “scrubbing” center. “Only clean traffic gets through,” says J.J. Cummings, managing principal of Cisco’s security incident response team. DDoS traffic then purposely gets diverted to the external provider, which takes the “brunt” of the attack and “roots out all that’s evil and bad.” Denial of service attacks are extremely challenging and can be expensive from a mitigation perspective, in terms of pipe size and technology, he admits. “At the end of the day it comes down to how critical these business applications are,” Cummings says. “How much do you want to spend to withstand an attack and an attack of what size?” The first questions that need to be addressed before, during or following a DDoS, says Cummings, “are how big is your Internet pipe and how much bandwidth has been thrown at you historically?” The answers determine a network’s required level of operational capability as well as what the needs at a bare minimum to resume the business. Security products are available from multiple vendors to help harden a company’s public-facing systems so they’re less susceptible to targeted types of attacks. “Those technologies presume you have enough of an Internet pipe to withstand that amount of bandwidth,” says Cummings. Otherwise, it’s a moot point. Detection analytics is another important tool to put DDoS mitigation measures in place. “You don’t all the sudden get a terabyte of traffic hitting. It kind of spools up, as that botnet starts to distribute the attack commands,” he adds. ISPs can know in advance to block certain IP addresses or certain traffic streams upstream. More sophisticated attacks often are focused on a profit motive and target companies with a lot of money or a gambling site that is taking bets on a major sporting event. In online video gaming or gambling, some players go to the extremes of disrupting the network where the opposition is hosted by firing off a DDoS attack. Retribution is another scenario with DDoS attacks. A former employee or student gets mad and rents a botnet to conduct the attack. A significant consequence to a denial of service attack is damage to the victim organization’s reputation, in addition to a potential dollar loss for every minute that the network is offline. Nearly two-thirds (64 percent) of respondents in the Ponemon Institute’s denial of service study say reputation damage is the main consequence of a DoS attack, with 35 percent for diminished IT staff productivity and 33 percent for revenue losses. “We try to come up with metrics on how to measure reputation loss, which is pretty significant,” says Larry Ponemon, chairman of the Ponemon Institute, the cybersecurity think tank based in Traverse City, Mich. “When people hear the bad news, what do they do? The churn can be significant from a revenue point of view. People leave, they find alternatives.” Citing research from the institute’s recent Cost of Data Breach study, Ponemon says the most expensive attack type on a unit cost per attack is DDoS, when compared to other security incidents such as phishing, because it takes a lot of effort to stop it. Meanwhile, he adds, “there’s an extraction of data while people are worrying about the website being down.” Source: http://www.scmagazine.com/waiting-for-ddos/article/523247/

Visit site:
Waiting for DDoS

DDoS attacks increase by over 80 percent

In the second quarter of this year DDoS attacks increased by 83 percent to more than 182,900, according to the latest threat report from security solutions company Nexusguard. The report shows that Russia has become the number one victim country. Starlink — a Russian ISP supporting small, medium and large enterprises — received more than 40 percent of the DDoS attacks measured over a two-day period. This targeted DNS attack also pushed the mean average DDoS duration to hours instead of minutes, as measured in the previous quarter. Nexusguard’s researchers attributed this increase to nationalist hactivists organizing a targeted attack to take out Russian businesses, rather than outbreaks driven by popular DDoS-for-hire activity. As a result, they advise businesses to safeguard their infrastructures and check service provider security to ensure continuity for their web presence. The United States and China continue to hold spots in the top three target countries. Brazil remains in the top 10, as well, but saw its attacks decline by more than half. Nexusguard also recorded increases in other attack varieties, including routing information protocol (RIP) and multicast domain name system (mDNS) threats. Hackers are experimenting with new attack methodologies, and with the upcoming Olympics in Brazil and political tensions around the world, researchers predict these factors will contribute to a DDoS spike in Q3. “We were surprised to see an increase in DDoS attacks this quarter, especially as hackers experiment with ransomware, phishing schemes and other data-grabbing methods for monetary gain,” says Terrence Gareau, chief scientist at Nexusguard. “Organizations can expect cyberattacks to continue growing in frequency this year, especially with more attention on the Summer Olympics and the November election season in the US. The results from this quarter also show how important it is to not only protect your website, but also to plan for new payloads and attacks on your infrastructure”. Source: http://betanews.com/2016/07/27/ddos-attacks-increase-by-over-80-percent/

Read More:
DDoS attacks increase by over 80 percent

China is the top target for DDoS reflection attacks

China bore the brunt of DDoS reflection attacks last month, with 61 percent of the top attack destinations observed hitting Chinese-based systems, according to Nexusguard. Of the 21,845 attack events …

More here:
China is the top target for DDoS reflection attacks