Tag Archives: traffic

Sad-sack Anon calling himself ‘Mr Cunnilingus’ online is busted for DDoSing ex-bosses

Electronics tutor’s taunts come back to haunt him An electronics technician pleaded guilty on Wednesday to orchestrating distributed denial of service (DDoS) attacks on a former employer and other organizations – and to unlawfully possessing a firearm as a former felon.…

Link:
Sad-sack Anon calling himself ‘Mr Cunnilingus’ online is busted for DDoSing ex-bosses

Someone is trying to take down the Drudge Report, and it’s a mystery who’s behind it

The Drudge Report, the highly trafficked conservative news website, has been knocked offline for extended periods during the past two weeks, succumbing to large distributed denial of service attacks, according to its founder, Matt Drudge. And it’s a mystery who’s behind it. Drudge wrote on Twitter that a December 30 attack was the “biggest DDoS since site’s inception.” A DDoS attack is executed by using hijacked computers or electronic devices to flood a website with redundant requests, aiming to overload the website’s hosting server and render it unavailable. But, according to cybersecurity experts who spoke with Business Insider, using such a method to take down the Drudge Report would not be easy. The site is already equipped to handle a high volume of visitors and scale out to accommodate spikes in traffic. Moreover, a website that generates so many page views would most likely employ strong defense measures, the cybersecurity experts said. “The Drudge Report has a massive readership,” said Ajay Arora, the CEO and cofounder of the cybersecurity firm Vera. “Generally someone that has that kind of viewership is going to have sophisticated hosting and counter defenses against DDoS attacks.” Since emerging in 1996, the Drudge Report has been a home to conservatives who feel disenfranchised by traditional media. Drudge has marketed his site as a news destination not controlled by corporate interests or politicians. And he’s had great success. SimilarWeb, an analytics firm, continually ranks the Drudge Report as one of the five most-trafficked media publishers in the US. According to analytics posted to the site, the Drudge Report has amassed about 775 million page views in the past 31 days — all with hardly any traffic coming from social-media channels. It’s a high-prized target, one that now sees itself under attack by an unknown culprit. Drudge has pointed the finger at the US government, tweeting that the traffic that downed his website had “VERY suspicious routing [and timing].” “Attacking coming from ‘thousands’ of sources,” he wrote on Twitter. “Of course none of them traceable to Fort Meade…” Drudge seemed to imply that his site was taken down in connection with punishment leveled against Russia for election-related hacking. The first attack on his site came hours after President Barack Obama announced the US would impose sanctions against Moscow, and the Drudge Report had previously been identified in a discredited Washington Post story as responsible for spreading Russian propaganda. “Maybe they think this is a proportional counterattack to Russia,” tweeted Sharyl Attkisson, a former CBS News investigative journalist. “After all they have decided @Drudge is Russian fake news, right?” Neither the White House nor the Office of the Director of National Intelligence responded to requests for comment. But cybersecurity experts who spoke with Business Insider discounted Drudge’s claim on grounds that the government attacking a US journalist’s site would be a blatant violation of the Constitution — as well as generally improbable. “If Putin wanted to take down a website, I’m sure he could order it,” said Jared DeMott, a former security engineer for the National Security Agency who is now the chief technology officer of Binary Defense Systems. “If Obama wanted to do something like that, he’d have to go to different people. It would be a hard conversation to have.” “Maybe if there was a military reason to have it,” DeMott added. “But domestically, there is no way.” DeMott, however, posited that another nation-state could be the potential culprit. “It definitely could be a nation-state,” he said. “They do stuff like that on an ongoing basis, whether they are looking for intel or trying to destabilize a political region.” Arora of the firm Vera agreed, saying that only a “small number of groups” in the world had the sophistication necessary to execute an attack to take out the Drudge Report for extended periods. “I would say it would be a group or nation-state that has pretty sophisticated methods and means,” he said. “Given the fact it’s happened a number of times and is persistent for well over a few minutes, and it’s coming from multiple sources, against a site that would have a lot of protection, it would indicate it’s someone pretty sophisticated.” Chris Weber, the cofounder of Casaba Security, agreed that because the Drudge Report was “getting so much traffic already,” a DDoS attack would need to be on a far “greater magnitude” to be effective against it. “It does seem unlikely that the Drudge Report would be easily taken down or slowed significantly by a standard DDoS attack,” he said. He surmised that the attack that took down the site was perhaps more on the scale of the massive cyberattack that temporarily knocked out Dyn, a large DNS company, in October. WikiLeaks said its supporters were behind that attack as a show of support for the group’s founder, Julian Assange. Outside nation-states, it is equally probable that the Drudge Report has come under fire from a “hacktivist” organization, perhaps unhappy with the political views espoused by the site’s founder. Drudge has always been a controversial conservative figure, but in 2016 he went all-in for President-elect Donald Trump, often igniting controversy with inflammatory headlines emblazoned on his site. But hacktivist organizations almost always take credit after a successful attack has been executed, experts said. So far, no one has claimed credit for the attacks on the Drudge Report. And without a group taking credit, it may be impossible to determine the culprit. “Attribution has always been hard in cyber,” DeMott said. “The science is just quite not mature.” Arora said any information Drudge “can provide in terms of motives” to a cybersecurity team would be helpful in identifying the responsible party. “There’s a lot of people that don’t like Matt Drudge,” he said. “He likes to push people’s buttons. Anyone who he specifically has knowledge of, who would be out to get him.” Arora added: “It’s not just a technology question. It’s also a motive question.” Source: http://www.businessinsider.com/hackers-ddos-drudge-report-2017-1

See the article here:
Someone is trying to take down the Drudge Report, and it’s a mystery who’s behind it

Russian telecom giant repels DDoS attacks on country’s 5 largest financial institutions

Russian telecom giant Rostelecom has thwarted DDoS-attacks on the five largest banks and financial institutions in the country, the company said in a statement. All the attacks were recorded on December 5, 2016, the longest of them lasting for over two hours, Rostelecom said on Friday. “The analysis of the attack sources carried out by Rostelecom specialists revealed that the traffic was generated from the home routers of users who are usually referred to IoT devices,” Muslim Medzhlumov, director of the Cybersecurity Center for Rostelecom, said in a statement , published on the company’s website. “A distinctive feature of the attacks was that they were organized with the help of devices that support the CWMP Management Protocol (TR-069). A few weeks ago, a serious vulnerability was revealed in the implementation of this protocol on a number of devices from different manufacturers, which allows attackers [to] organize DDoS-attacks. At the beginning of last week, the largest German operator Deutsche Telecom was subjected to an attack on users’ home devices, as well as the Irish provider Eircom,” he explained. The Russian Federal Security Service (FSB) reported on December 2 that it had received intelligence of foreign intelligence services preparing large-scale cyber-attacks in Russia in the period starting from December 5, 2016, aimed at destabilizing Russia’s financial system and the activities of a number of major Russian banks. A RIA Novosti source close to the Central Bank reported that the Bank of Russia recorded several attacks on December 5 on the site of VTB Bank Group. On Tuesday, Russian President Vladimir Putin signed into effect an updated doctrine on information security. It states that the limitless flow of information has a negative impact on international security, as it can be employed to pursue geopolitical and military goals, thus favoring organized crime, extremists and terrorists. The doctrine notes that Russian government agencies, scientific centers, and military industries are being targeted by foreign intelligence services by means of electronic and cyber surveillance. To counter threats and challenges in the information environment, Russia will build “strategic deterrents” and step up efforts to “prevent armed conflicts that stem from the use of IT.” The doctrine also instructs government agencies to strengthen critical information infrastructure to protect against cyber and computer network attacks. Source: https://www.rt.com/news/369738-ddos-attacks-russia-banks/

Excerpt from:
Russian telecom giant repels DDoS attacks on country’s 5 largest financial institutions

Last month’s botnet DDoS happened because a gamer was mad at PSN

Remember last month, when a Mirai botnet attack brought down half the internet? On October 21, a Distributed Denial of service attack that employed swarms of unsecured “Internet of Things” devices was laser focused on a global DNS provider, making much of the internet unusable for many. Here’s what Dyn, the targeted DNS provider, said of the attack then: “At this point we know this was a sophisticated, highly distributed attack involving 10s of millions of IP addresses. We are conducting a thorough root cause and forensic analysis, and will report what we know in a responsible fashion. The nature and source of the attack is under investigation, but it was a sophisticated attack across multiple attack vectors and internet locations. We can confirm, with the help of analysis from Flashpoint and Akamai, that one source of the traffic for the attacks were devices infected by the Mirai botnet. We observed 10s of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack.” 10 million devices, flooding networks with garbage traffic. Why? According The Wall Street Journal, it’s because one angry gamer was pissed about Sony’s PlayStation Network. Says Dale Drew, CSO of Level 3 Communications: “We believe that in the case of Dyn, the relatively unsophisticated attacker sought to take offline a gaming site with which it had a personal grudge and rented time on the IoT botnet to accomplish this.” While Drew hasn’t said which gaming site, The Wall Street Journal has, saying that the entire outage was brought about because somebody was mad at Sony. According to Forbes, all it took was buying the attack on the deep, dark web for $7500. The attack lasted for less than a full day. Is that worth over R100 000? That’s money that could have been spent on – materialistically – moving to another platform. Source: http://www.lazygamer.net/gaming-news/last-months-botnet-ddos-happened-gamer-mad-psn/

Visit site:
Last month’s botnet DDoS happened because a gamer was mad at PSN

Could a DDoS wipe out Black Friday online sales?

Don’t miss out on Black Friday sales: why retailers must prepare for DDoS threat to online shopping. The recent spate of Distributed Denial of Service (DDoS) attacks should be a call to action for online retailers to prepare their defences in the run-up to Black Friday. DDoS attacks flood a target website with redundant traffic and take it offline. This is bad news for any company with an online presence; it can damage the company’s image in the eyes of potential customers if they attempt to access support services, for example, and find that the site is not operational. But with retail, the threat is an existential one and in the case of Black Friday could make the difference between success and bankruptcy. An example of an existential DDoS was seen earlier this month when the website of bookmaker William Hill was attacked and taken offline for around 24 hours. The threat is not new to the betting industry; in 2004, the online betting industry was hit with DDoS attacks during the Cheltenham horse races. The technical team for the website worked tirelessly to restore service, but estimates of the company’s losses are in the millions of pounds. These seem significant, but one can only imagine the losses on a peak day (not to denigrate the importance of the KAA Gent vs Shakhtar Donetsk fixture that took place during the attack). Imagine if attackers had hit the betting site during a major tournament such as the World Cup or the Olympics. Black Friday is perhaps the retail equivalent of the World Cup. In 2015, consumers in the UK spent £3.3 billion during the Black Friday and Cyber Monday weekend. According to Rubikloud, a machine intelligence platform for enterprise retailers which analysed Black Friday sales in 2015, retailers acquire 40 percent more customers on Black Friday than the average shopping day. In this context, a DDoS could be lethal to a vendor. As Martin McKeay, Akamai’s Senior Security Advocate, says, “if retailers have a DDoS hit it could mean the difference between making or failing to make their figures for the year.” The Akamai Q3 2016 State of the Internet/Security report found that DDoS capacities are increasing. In the quarter Akamai found a 58 percent year-on-year increase in attacks of over 100 Gbps. Even without a DDoS, the traffic increase to a site will be huge anyway and the chances of a website crashing are there. Analysis by cloud and CDN provider Tibus suggests that websites including those of Boots, Boohoo, John Lewis and Argos suffered service outages during last year’s Black Friday. So what is to be done if retailers are to protect the November cash cow? The first step is to evaluate what a DDoS would do to an organisation, says McKeay. “Understand your exposure and what it will cost you. If you are a merchant you can’t take the chance of being knocked offline.” Visibility is the key foundation for DDoS mitigation. Having a view of the actual volume of traffic hitting your site allows decisions to be made on policy. In terms of the architecture of a DDoS prevention solution, there are three lines of defence: the basic mitigation in network equipment, dedicated customer premises equipment (CPE) devices and finally, cloud integration. A DDoS mitigation provider will be all too happy to talk a customer through the technological aspects of DDoS mitigation, but there are also important management decisions to be made. Crucially, think about the outcome you want. “Is it better for most of the people to have some service or all of them to have none? It’s about keeping the service available, because their goal is to not have it available,” Steve Mulhearn, Fortinet’s Director of Enhanced Technologies UKI & DACH, told CBR in a recent interview. Nowhere is that more true than in retail, where a vast array of factors come into play when a customer is making a transaction. Research, including a study by Baymard in July 2016, continues to show low conversion rates for online shopping: sometimes languishing around the 25 percent mark. Retailers will need to use their own data and experience of their own site to learn how to allocate resources. For example, focus on keeping online the parts of the site enabling the actual transaction rather than auxiliary services. Black Friday should be an opportunity for retailers, not a threat – which is why a DDoS prevention strategy should be on every online vendor’s shopping list. Source: http://www.cbronline.com/news/cybersecurity/breaches/ddos-wipe-black-friday-online-sales/

Visit link:
Could a DDoS wipe out Black Friday online sales?

Web attacks increase 71% in third quarter

Dubai: After a slight downturn in the second quarter of this year, the average number of Distributed Denial of Service (DDoS) attacks increased to an average of 30 attacks per target. Fact Box description starts here Fact Box description ends here This reflects that once an organisation has been attacked, there is a high probability of additional attacks, a cyber security expert said. Fact Box description starts here Fact Box description ends here “Cybercriminals have found new attack channels to disable resources as the total DDoS attacks increased by 71 per cent year over year in the third quarter. During the third quarter, we mitigated a total of 4,556 DDoS attacks, an eight per cent decrease from second quarter,” Dave Lewis, Global Security Advocate at Akamai Technologies, told Gulf News. Fact Box description starts here Fact Box description ends here DDoS attack means an attacker sends too much traffic to a server beyond it can handle and the server goes offline. Fact Box description starts here Fact Box description ends here “We are seeing more and more of short-based attacks with limited bandwidth and consequence. There were 19 mega attacks mitigated during the quarter that peaked at more than 100Gbps, matching the first quarter high point,” he said. It’s interesting that while the overall number of attacks fell by eight per cent quarter over quarter, he said the number of large attacks, as well as the size of the biggest attacks, grew significantly. Fact Box description starts here Fact Box description ends here In contrast to previous quarters, when reflection attacks generated the traffic in the largest attacks, a single family of botnets, Mirai, accounted for the traffic during these recent attacks. Rather than using reflectors, he said that Mirai uses compromised internet of Things systems and generates traffic directly from those nodes. Fact Box description starts here Fact Box description ends here The Mirai botnet was a source of the largest attacks Akamai mitigated to date, an attack that peaked at Fact Box description starts here Fact Box description ends here 623Gbps. Mirai did not come out of nowhere. What makes Mirai truly exceptional is its use of IoT devices and several capabilities that aren’t often seen in botnets. Fact Box description starts here Fact Box description ends here The two largest DDoS attacks this quarter, both leveraging the Mirai botnet, were the biggest observed by Akamai to-date — recorded at 623Gbps and 555Gbps. Fact Box description starts here Fact Box description ends here “Attackers are generally not looking for vulnerable systems in a specific location, they are scanning the entire internet for vulnerable systems. The Mirai botnet is especially noisy and aggressive while scanning for vulnerable systems,” he said. Fact Box description starts here Fact Box description ends here He said that some clients are almost always under attack. The top target organisations saw three to five attacks every day of the quarter. However, without defences in place, these attacks could have a “substantial cumulative effect” on an organisation’s’ reputation. Fact Box description starts here Fact Box description ends here “It is becoming easier for hackers to launch attacks on commoditised platforms for lesser price than a coffee cup. The internet of Things are very good at what they are good at but security is often left out. We see these devices like DVRs with default credentials with an insecure protocol,” he said. Fact Box description starts here Fact Box description ends here According to Akamai Technologies’ Third Quarter, 2016 State of the internet/Security Report, majority of web application attacks continued to take place over http (68 per cent) as opposed to https (32 per cent), which could afford attackers some modicum of protection by encrypting traffic in transit. Fact Box description starts here Fact Box description ends here The US remained the top target for web application attacks as many organisations are headquartered in the US, with the resultant infrastructure also hosted in-country, it is expected that the US will continue to be the top target for some time. Fact Box description starts here Fact Box description ends here Brazil, the top country of origin for all web application attacks in the second quarter, experienced a 79 per cent decrease in attacks this quarter. The United States (20 per cent) and Netherlands (18 per cent) were the countries with the most web application attacks. Source: http://gulfnews.com/business/sectors/technology/web-attacks-increase-71-in-third-quarter-1.1930487

See the original post:
Web attacks increase 71% in third quarter

Renowned blog KrebsOnSecurity hit with massive DDoS attack

The 620 Gbps DDoS attack was built on a massive botnet. The security blog KrebsOnSecurity has been hit with one of the largest distributed denial of service (DDoS) attacks of all time. The site, which is run by security expert Brian Krebs, was hit by a DDoS attack of around 620 Gbps on 20 September. KrebsOnSecurity managed to stay online during the attack, due to defences from content delivery network provider Akamai. The largest attack of this kind Akamai had previously defended was one of 336 Gbps earlier this year. Previous large-scale DDoS attacks, including the 336 Gbps attack, used well-known methods to amplify a smaller attack such as using unmanaged DNS servers. Apart from being much larger in terms of scale, the attack on KrebsOnSecurity also differed in that it seemed to instead use a very large botnet of hacked devices. This could have involved hundreds of thousands of systems. “Someone has a botnet with capabilities we haven’t seen before,” Martin McKeay, Akamai’s senior security advocate, said to KrebsOnSecurity. “We looked at the traffic coming from the attacking systems, and they weren’t just from one region of the world or from a small subset of networks — they were everywhere.” Brian Krebs said that there were some signs that the attack had used a botnet that had captured a large number of Internet of Things (IoT) devices. During a DDoS attack, the targeted website is flooded with traffic, designed to overwhelm the resources of the site to crash or suspend its services. “It seems likely that we can expect such monster attacks to soon become the new norm,” wrote Krebs. He suggested that the attack on his site might have been in retaliation for a series he had done on the takedown of a DDoS-for-hire service vDOS, a theory supported by text included in the strings of the DDoS attack referencing the vDOS owners. Source: http://www.cbronline.com/news/cybersecurity/business/renowned-blog-krebsonsecurity-hit-with-massive-ddos-attack-5012622

Excerpt from:
Renowned blog KrebsOnSecurity hit with massive DDoS attack

Waiting for DDoS

In football, many offensive plays are designed to trick the defense into thinking something else is about to unfold. In the world of cybersecurity, DoS (Denial of Service) or DDoS (Distributed Denial of Service) attacks often serve as a similar smokescreen or decoy to a far more sinister plot with the ulterior motive to mount a computer network breach that results in the loss of data or intellectual property. It was a DDoS attack that woke up Sony Pictures a year ago (watch the video emailed to Sony employees on the morning of the attack), even though attackers had infiltrated the company’s networks months before undetected, and eventually obliterated its computer systems. According to  Fortune , half of Sony’s global network was wiped out, erasing everything stored on 3,262 of the company’s 6,797 personal computers and 837 of its 1,555 servers. Hackers calling themselves “#GOP” (Guardians of Peace) threatened to release publicly Sony Pictures’ internal data if their demands, including “monetary compensation,” were not met. They weren’t bluffing. Sobering DDoS Statistics Recent studies show DDoS attacks growing exponentially in recent years, launched through rentable, relatively inexpensive, anonymous botnets that cost as little as $1,000 and can render an e-commerce website completely inoperable. The average denial of service (DoS) attack costs the victim $1.5 million, according to a separate Ponemon Institute survey sponsored by Akamai and published in March 2015. The 682 responding companies reported four attacks a year. AT&T also reported companies across its network were hit with four times a year with DDoS attacks and 62 percent growth in DDoS attacks over the past two years. Once an organization receives a DDoS attack, the chances of being the object of a data breach are better than 70 percent, reported Neustar Inc., a Sterling, Va.-based provider of cloud-based information services, including conducting research on cloud metrics and managing various top-level internet domains. The second quarter of 2015 set a record for the number of DDoS attacks recorded on Akamai’s Prolexic Routed network – more than double what was reported in 2014’s second quarter. Corero Networks, a Hudson, Mass.-based security services provider, reported that its clients were getting DDoS attacks an average of three times a day, and in the second quarter of 2015 daily attack volume reached an average of 4.5 attacks, a 32 percent increase from the previous quarter. More than 95 percent of the attacks combated by Corero last 30 minutes or less, and the vast majority of the attacks were less than 1 Gbps. Only 43 percent rate their organizations as highly effective in quickly containing DoS attacks, and only 14 percent claimed to have had the ability to prevent such attacks, according to the Ponemon report. The worst DDoS attack on the Akamai network peaked at 214 million packets per second (Mpps), a volume capable of taking out tier 1 routers, such as those used by internet service providers (ISPs). “It’s pretty hard to stay one step ahead of these guys,” admits Mark Tonnesen, chief information officer (CIO) and chief security officer (CSO) of Neustar. In a recent survey of 760 security professionals commissioned by Neustar and conducted by Simply Direct of Sudbury, Mass., for the U.S. market and Harris Interactive of London for the Europe, Middle East and Africa (EMEA) markets,  DDoS attacks increased in 2015 six-fold when compared to the previous year. “Every day there’s an announcement of some [DDoS attack] going on with a company caught unprepared, trying to ramp up with people and technology,” Tonnesen says. “Companies are looking for any way they can grab an edge any way in identification, detection and reaction time to eliminate the attack.” Interruption vs. Outage Those behind DDoS attacks may have ulterior motives to capture real value from the attack, such as financial gain, brand carnage, or intellectual property resold on the underground market. Any of those scenarios happen nine out of every 10 DDoS attacks, according to Neustar data. The impact on a company’s customers and the firm’s bottom line “negatively impacts everybody’s financials,” Tonnsesen points out. DDoS attacks, which can take the form of an interruption or the more serious outage, almost always serves as a smokescreen avoiding attention to an outright sinister data breach. Meanwhile, the IT staff is trying to figure out why the website isn’t working properly. “Unbeknownst to you, [the malware is] already in your network,” he explains. A DDoS  outage  is a complete slaughter of messaging to a network, such as an e-commerce platform. Effectively, the network appears to shut down completely due to the bandwidth overload, making it nearly impossible to get traffic through to the website. In contrast, a DDoS  interruption  involves attacks targeted such as to a customer service organization or intellectual property or customer records and identity. “[An interruption] certainly has a major impact, but it wouldn’t be an outage,” explains Tonnesen. “It’s more of a disruption, not a flat-out attack. The attackers are much more intelligent and organized; they know what they’re certainly looking for, such as affecting your brand and or having a financial impact. There’s an element of showcasing their capability, and the lack thereof of the company that was attacked.” As a result, IT security and network teams must be vigilant and always be on high alert. The Hybrid Solution  Some CISOs are moving to a “hybrid” approach to combating a DDoS attack of the of the Open System Interconnection (OSI) Model Application Layer 7 variety. The approach uses an on-ground client security product that links with a cloud-based mitigation tool. One argument for this approach is that attack victims can react more quickly to a specific attack on a business area, such as engineering or customer support, if they have the benefit of cloud-based updates rather than waiting for a network-based device to be updated. “Based on the customers I talk to, hybrid approaches are becoming mainstream,” says Tonnesen. Client and cloud security products work together with one or the other configured as a rules-based defense working on certain types of data attacks that affect key assets and applications.  Typically, underlying attacks involve a DNA-like sequence that lives in a lower level of an organization’s technology stack, such as malware sitting on a server some place, and begin to take over key assets. “That’s where a DDoS mitigation service can really help a weakness or attack sector,” Tonnesen says. “One approach really isn’t good enough anymore.” Mike Weber, vice president of labs of Coalfire, a cyber risk management and compliance company based in Louisville, Colo., says that “being able to diagnose a denial of service attack does take some time. Generally understanding if it’s a problem internally, such as an application malfunction, system problem or faulty hardware, those kinds of diagnostics take a while.” When Weber was fending off DDoS attacks at a former employer, a web hosting company, he received an insider’s view of old-fashioned corporate espionage. The client hosting company had known adversaries but could never pin the frequent attacks on a single entity. “They had a good idea who was behind the attacks,” he remembers. “A lot of times, it was their competition. It was used as a revenge tactic – sometimes it was intended to impact that company from a business perspective for whatever reason. Maybe it’s a page rank or advertising issue.” Attackers leverage those kinds of attacks to consume personnel/intellectual capital being used for diagnosis. While the victim attempts to identify the strategy attempting to thwart it typically sends companies under attack into a state of chaos. An attack against a website can be set to look like a denial of service interspersed with an attack that achieved the end goal of flooding log servers. Typically the obvious attack needs to be stopped before one can diagnose the other less obvious attack. “Think of that as DNS (Domain Name System) amplification – a DDoS attack where the attacker basically exploits vulnerabilities in the DNS servers to be able to turn small inquiries into large payloads, which are directed back to the victim’s server,” Weber says. “Those are a different protocol than those other attacks that are attacking different parts of the infrastructure whether they’re operating systems or applications. So typically they would be targeted towards two different parts of the client environment.” Malicious Traffic A typical approach to prevent DDoS from inflicting damage is to re-route non-malicious traffic to a cloud-based or third-party provider whose sole purpose is to mitigate denial of service-type attacks at what’s known as a “scrubbing” center. “Only clean traffic gets through,” says J.J. Cummings, managing principal of Cisco’s security incident response team. DDoS traffic then purposely gets diverted to the external provider, which takes the “brunt” of the attack and “roots out all that’s evil and bad.” Denial of service attacks are extremely challenging and can be expensive from a mitigation perspective, in terms of pipe size and technology, he admits. “At the end of the day it comes down to how critical these business applications are,” Cummings says. “How much do you want to spend to withstand an attack and an attack of what size?” The first questions that need to be addressed before, during or following a DDoS, says Cummings, “are how big is your Internet pipe and how much bandwidth has been thrown at you historically?” The answers determine a network’s required level of operational capability as well as what the needs at a bare minimum to resume the business. Security products are available from multiple vendors to help harden a company’s public-facing systems so they’re less susceptible to targeted types of attacks. “Those technologies presume you have enough of an Internet pipe to withstand that amount of bandwidth,” says Cummings. Otherwise, it’s a moot point. Detection analytics is another important tool to put DDoS mitigation measures in place. “You don’t all the sudden get a terabyte of traffic hitting. It kind of spools up, as that botnet starts to distribute the attack commands,” he adds. ISPs can know in advance to block certain IP addresses or certain traffic streams upstream. More sophisticated attacks often are focused on a profit motive and target companies with a lot of money or a gambling site that is taking bets on a major sporting event. In online video gaming or gambling, some players go to the extremes of disrupting the network where the opposition is hosted by firing off a DDoS attack. Retribution is another scenario with DDoS attacks. A former employee or student gets mad and rents a botnet to conduct the attack. A significant consequence to a denial of service attack is damage to the victim organization’s reputation, in addition to a potential dollar loss for every minute that the network is offline. Nearly two-thirds (64 percent) of respondents in the Ponemon Institute’s denial of service study say reputation damage is the main consequence of a DoS attack, with 35 percent for diminished IT staff productivity and 33 percent for revenue losses. “We try to come up with metrics on how to measure reputation loss, which is pretty significant,” says Larry Ponemon, chairman of the Ponemon Institute, the cybersecurity think tank based in Traverse City, Mich. “When people hear the bad news, what do they do? The churn can be significant from a revenue point of view. People leave, they find alternatives.” Citing research from the institute’s recent Cost of Data Breach study, Ponemon says the most expensive attack type on a unit cost per attack is DDoS, when compared to other security incidents such as phishing, because it takes a lot of effort to stop it. Meanwhile, he adds, “there’s an extraction of data while people are worrying about the website being down.” Source: http://www.scmagazine.com/waiting-for-ddos/article/523247/

Visit site:
Waiting for DDoS

123-Reg drowns in ongoing DDoS tsunami

Data centre target of attack of 30+ Gbps Beleaguered web host 123-Reg has suffered a “huge scale” distributed denial of service (DDoS) attack to its data centre – knocking the Brit outfit’s website offline and a number of users’ services. The attack began this morning and is still ongoing but no performance-related issues have been reported since the traffic was rerouted. The Register understands that the outfit experienced a DDoS attack of 30-plus Gbps to its data centre, with its protection systems kicking in within seconds of the attack being detected. Consequently the business redirected traffic through its secondary “DDoS protection platform” in Germany, which doubled its capacity. No servers were offline, although customers experienced intermittent connection issues such as our website, control panel, email or websites. A 123-Reg spokeswoman said: “At about 10:10am we received a huge scale DDoS attack to our data centre. “Our protection systems kicked in immediately and the attack was contained by 10:40am. We apologise for any intermittent connection issues to our services that some of our customers may have experienced during this time.” Back in November, internet provider Eclipse was hit by a DDoS attack. ® Source: http://www.theregister.co.uk/2016/08/02/123reg_suffers/

Read More:
123-Reg drowns in ongoing DDoS tsunami