Blocking DDoS Archive

NBN connections abused for service disruption attacks.

Australia has appeared in content delivery network provider Akamai’s top ten list of sources for denial of service attacks for the first time, as high-speed broadband connections become more commonplace.

Akamai’s State of the Internet report saw Australia enter the top ten DDoS source list in the second quarter of this year with around four percent of attacks globally, putting it on par with larger countries such as Germany, Russia and Korea.

The report indicates fast NBN connections are being abused by attackers for denial of service attempts.

“Australia’s appearance on the list is likely due to the increased adoption of high speed internet access throughout NBN and connectivity of IOT [internet of things] devices in the region,” Akamai wrote.

The vast majority of DDoS attacks with non-spoofed source addresses came from Chinese internet users (37 percent), the United States (just under 18 percent) and the UK (10.2 percent), Akamai’s data showed.

Denial of service attacks are used for criminal purposes by those who seek to blackmail organisations and providers through service disruptions that harm their reputations.

Compared to the year before, the second quarter of 2015 saw a 132 percent increase in total DDoS attacks, with the number of 100 gigabit per second floods doubling from six to 12.

Attacks also last longer on average, up to 20.64 hours from 17.35, but Akamai saw an 11.5 percent decrease in average peak bandwidth.

SYN and Simple Service Discovery Protocol (SSDP) were the two most common flooding techniques used by attackers, who have started to combine several denial of service vectors for greater effect, Akamai said.

The largest DDoS recorded by Akamai in the second quarter of 2015 measured 240Gbps. Online gaming sites remain the most common target for DDoS attacks.

Akamai also saw one of the highest recorded packet rate attacks on the Prolexic network in quarter two of 2015.

This peaked at 214 million packets per second, an intensity sufficient to take out routers used by large Tier 1 internet providers.

Cybercriminals are strengthening their DDoS attacks with more amplification and new methods to refine their botnets, according to the just released “Kaspersky DDoS Intelligence Report for Q1 2016.”

DDoS attacks employing amplification/reflection strategies remain a favorite tool for miscreants, with targets running from presidential candidates to security companies. And attacks at the application level remain high.

Hackers are more and more using the DNSSEC protocol to carry out DDoS attacks, the report found. This strategy enables them to minimize DNS spoofing attacks, while amplifying the power of their incursions.

Attackers target the .gov domain as well as security companies, particularly those offering anti-DDoS services, the report found. While security company sites are well protected, they still remain a favorite target because they are being used as test beds, the researchers determined.

The number of DDoS attacks declined a bit compared to last year, but their strength has increased fourfold.


Chief executive of Polish national carrier LOT has warned no airline is safe from the type of cyber attack that grounded his aircraft and hundreds of passengers at Poland’s busiest airport over the weekend.

Poland’s domestic intelligence agency said it had been called in to investigate, but there was no word on who might be responsible for the attack that disabled the system LOT uses for issuing flight plans.

The attack is likely to bring renewed scrutiny to the question of whether systems which help keep airliners safe in the air are adequately protected from hackers intent on causing havoc or even on bringing down a plane.

“This is an industry problem on a much wider scale, and for sure we have to give it more attention,” LOT chief executive Sebastian Mikosz told a news conference.

“I expect it can happen to anyone anytime.”

The airline said there was never any danger to passengers from the attack since it did not affect systems used by aircraft while in the air.

Around 1400 passengers were stranded at Warsaw’s Chopin airport when the flight plan system went down for around five hours on Sunday. Flights were taking off and landing as scheduled on Monday, the airline said.

Denial of service attack overloads network

A LOT spokesman said the problem was most likely caused by a Distributed Denial of Service (DDoS) attack.

“This was a capacity attack, which overloaded our network,” said the spokesman, Adrian Kubicki.

Ruben Santamarta, a researcher on airline’s cyber-security, said there are not enough details on the LOT attack to properly assess what happened. But he said it highlighted the vulnerability of passenger jets when they are on the tarmac preparing to fly.

“There are multiple systems at ground level that provide critical services for airlines and aircraft, in terms of operations, maintenance, safety and logistics,” said Santamarta, who is principal security consultant for Seattle-based security research firm IOActive.

Santamarta last year said he had figured out how to hack into the satellite communications equipment on passenger jets through their wi-fi and inflight entertainment systems.

Most denial of service attacks use a publicly accessible internet site as the channel through which to bombard their target. The LOT system has no public site.

“I am quite surprised that such sensitive systems dedicated to airline operations are exposed to the internet to be exposed to denial of service attacks,” said Pierluigi Paganini, the chief information security officer of Naples-based Bit4Id.

“Like many experts, I am waiting for more details to understand how this occurred,” he said.

Asked about whether the system was exposed to the internet, Kubicki, the airline spokesman, said the hackers had acted illegally to interfere with the operation of the system, but he said they had not gained direct access to any of the data contained within it.

“The key thing for an airline is the ability to apply certain emergency procedures in such situations and I think that we passed this test,” said Kubicki.


NEARLY THREE-QUARTERS of companies have been the victim of a distributed denial-of-service (DDoS) attack, and 80 per cent have been hit more than once, according to a new report from Neustar that puts part of the blame on the Internet of Things (IoT).

The Threatscape Widens: DDoS Aggression and the Evolution of IoT Risks report highlights a growing threat to small and medium sized businesses everywhere.

Neustar found that 57 per cent of victims reported some kind of theft following the attack involving customer data, financial information or intellectual property.

Some 47 per cent of companies that have been attacked have suffered more than five times. We reported in October that some firms get hit as many as four times a day.

The cost is not insignificant. Half of the victims lost an estimated $100,000 an hour during peak outages, while around a third took a $250,000 hourly punch in the face. Neustar reckons that it takes about three hours for an organisations to realise that it’s under attack.

You possibly know this already, but the threat of DDoS attacks has prompted firms to invest more money in security.

“The findings of our most recent report are clear: attacks are unrelenting around the world but organisations now recognise DDoS attacks for what they are – an institutionalised weapon of cyber warfare – and are protecting themselves,” said Rodney Joffe, head of IT security research at Neustar.

“We present the data from our third DDoS survey as a means to inform the public of the dangers associated with DDoS attacks. This should be a discourse that reaches from security through to marketing, as when a DDoS attack hits the reverberations have a domino effect throughout all departments.”

This wouldn’t be a 2016 security news story without some consideration of where the Internet of Things fits into this, and it seems to be right in the middle.

“The IoT is already here, but the internet was never built with security in mind; ease of use and convenience were paramount,” said Hank Skorny, senior vice president for the IoT at Neustar.

“Every IT professional knows it can take just one successful hack on an IoT device to access and compromise an entire network. As IoT devices continue to become ingrained into our electrical grid, hospitals, assembly lines and other essential areas of life, the stakes are simply too high to leave security to chance.”




New research has revealed that the UK is one of the biggest targets for DDoS criminals, as the number of attacks continues to soar.

The latest Imperva Global DDoS Threat Landscape Report discovered that the UK is the second-most targeted nation, being hit by over nine per cent of all DDoS attacks in the first three months of 2016. Only the US suffered more, at 50.3 per cent.


Main source

Businesses of all sizes are being targeted by the global threat of DDoS attacks, according to the report, which also revealed that South Korea is the main source of DDoS attacks around the globe. This is partly down to a sharp rise in botnet activity in the country according to Imperva. Russia and Ukraine also topped the list of originating countries, particularly via the Generic!BT malware which is Trojan used to compromise Windows computers.


Frequency increase

Finally, Imperva also saw the frequency of attacks continue to increase. In the first quarter of 2016, every other site that came under attack was targeted more than once. The number of sites that were targeted between two and five times increased from 26.7 percent to 31.8 percent.

Imperva’s Igal Zeifman said: “Every DDoS attack mitigated is an invitation for the attacker to try harder. This is the reality of DDoS protection business and the common motive for many of the trends we are observing in the DDoS threat landscape today.”