DDoS Attack Specialist Archive

In Europe DDoS attack volumes have increased sharply during the third quarter 2018 according to a new report.

The report from DDoS protection specialist Link11 shows the average attack volume more than doubled in July, August and September, to 4.6 Gbps (up from 2.2 Gbps in Q2).

Attacks are also becoming increasingly complex, with 59 percent of incidents using two or more vectors — up from 46 percent in Q2. The highest-volume attack observed by Link11 in 2018 rose to 371 Gbps in Q3, an increase of 75 percent compared to the maximum of 212 Gbps observed in Q1. In addition, there were a further 35 attacks with bandwidth peaks above 100 Gbps.

Multivector attacks, which accounted for 59 percent of all attacks in Q3, were also a major threat. 37 percent of all attacks in Q3 featured 3 different vectors – more than double the number of triple-vector attacks seen in Q2 (16 percent).

“The structure and composition of DDoS attacks is constantly changing, but the goal remains the same: to interrupt servers, networks or data streams,” says Aatish Pattni, regional director UK and Ireland for Link11. “Over half of attacks during Q3 were multi-vector, making them harder to defend against, and they are growing in volume, too, meaning they can easily overwhelm defenses. To stop these attacks disrupting business operations, organizations need proactive protection that tracks and responds to evolving attack scenarios and patterns automatically, using advanced machine-learning techniques.”

The report also reveals that attacks are most frequent on Fridays and Sundays, with the level of attacks declining during the business week. Attackers targeted organizations most frequently between 4pm and midnight Central European Time, with attack volumes at their lowest between 5am and 10 am CET. The highest number of attacks seen in one day during Q3 was 885 on Friday 17 August.

Source: https://betanews.com/2018/11/20/ddos-attack-volumes-double/

Small and medium-sized businesses are much more at risk of DDoS attacks than many think, according to research by the Dutch domain registrar SIGN and the internet providers group NBIP. The two groups conducted research on the .nl websites affected by such attacks and the organisations affected. In total, 237 DDoS attacks were identified in the year to June 2018.

Web shops selling consumer goods such as clothes, cosmetics and garden equipment have a bigger chance of being hit by DDoS attacks, the research found. On average the resulting damage costs EUR 1.8 million.

A common cause is the use of shared hosting. To save costs, small online sellers often share a server with other websites. They are then affected if another site on the server is hit by an attack. The chance of collateral damage is 35 times higher in such a case.

The public sector and larger banks remain the most likely target of direct attacks. The study estimates the direct damage cost EUR 59.6 million, while collateral effects cost another EUR 10 million.

The damages are based on the 237 attacks identified and estimates for the consequences if the attacks succeeded. If no protective measures are taken, the total cost to society from DDoS attacks is estimated at EUR 1 billion per year.

Source: https://www.telecompaper.com/news/sidn-nbip-warn-small-businesses-of-increased-risk-of-ddos-attacks–1269808

Resellers that support the retail sector will be keeping a keen eye on how their customers react to the huge amounts of data that will be generated this coming weekend.

Resellers selling into the retail sector are about to go through one of the most stressful weeks of the year as their customers gear up for Black Friday.

With this weekend marking one of the main moments consumers spend big before Christmas the emphasis might be on getting the best deals but for those with an eye on the IT the next few days is going to be about data.

On the one hand that means making use of the data around offers and stock to ensure that customers get current information about what a retailer can offer.

“Last year Black Friday itself was worth a total of £2.5bn in sales to the UK economy. However, if retailers fail to stand out against the intense competition, Black Friday could well be a Bleak Friday for them,” said Chris Haines, director of consulting at Amplience.

“To make the most out of the week and the increasingly important Cyber Monday, retailers should be focusing on their digital content. Retail is steadily marching towards the web, and Black Friday this year will be fought out online and on mobile,” he added.

But it is also about ensuring that data is protected, particularly over some of the busiest days of the year.

“Thanks to the popularity of ecommerce sites and credit card payments, the Black Friday shopping season has become synonymous with a peak in credit card thefts, site spoofing and DDoS attacks. It’s as much an occasion for cyber criminals as it is for consumers looking for a bargain,” said Spencer Young, rvp EMEA at Imperva.

“Retailers must also take responsibility for investing time and effort in testing their security measures ahead of the season,” he added.

There are also dangers that some retailers will get caught out by different shopping patterns and Ajmal Mahmood, customer solution architect, KCOM, warned against wrongly interpreting the sales the go through the tills.

“Buying habits change during big sales events, with some consumers making more impulse purchases, some stocking up on discounted items and some simply shopping as usual. It’s prudent for retailers to isolate the data collected during sales events, to ensure that they don’t significantly affect their personalisation algorithms across the year,” he said.

Source: https://www.computerweekly.com/microscope/news/252452793/Data-will-be-flowing-through-the-retail-systems-this-Black-Friday

One of the most significant issues facing the online gaming industry is service availability as large-scale Distributed Denial of Service (DDoS) attacks are still an everyday occurrence.

Unfortunately, denial of service attacks have always and will always be a part of the gaming culture, but not every outage is considered malicious in nature. For example, when hundreds of thousands of users attempt to log in simultaneously, it creates tremendous stress on some of the largest networks in the world resulting in a natural flood of users that can cause an outage.  For operators defending these networks, identifying and mitigating malicious traffic during these times can be difficult even for the most advanced team.

The good news is most of these attacks can often be forecast allowing operators time to prepare. In general, what makes target gaming companies attractive to “DDoSers” is their massive user base and potential impact. Criminals will often strategically launch DDoS attacks during a new release, tournament or special promotion because they know there will be an increase of traffic and stress put on the network allowing them to cause the greatest amount of damage and impact the most users.  For example, in October 2018 Ubisoft’s new release, Assassin’s Creed: Odyssey, was targeted on its release day by a series of DDoS attacks that prevented users from connecting to the game’s servers.

Three Types of DDoS Attackers

There are numerous reasons why someone would launch a denial of service attack against an online gaming platform, but most can be categorized into one of three groups.


The first group is known for their trolling antics and a general desire to disrupt another person’s day. Their assaults typically come at the most crucial moments when gamers are looking to take advantage of particular in-game content or bonuses. These events occur on specific dates and times and attackers will deliberately target their DDoS attacks during these set times. This group gets the reaction they are looking for when gamers voice their frustration at the situation and gaming operators over social media.


The second group are those that attack in retaliation. For example, when Blizzard Entertainment banned a large group of users for using automatic triggering and aimbots, the company experienced a DDoS attack in response. This group attacks their targets immediately following the ban and its only goal is to inflict damage to the company directly.

Attention Seekers

The third group of attackers are attention seekers or profiteers.  Their attacks are focused mainly on tournament disruption and booting specific players for profit or stunt DDoS’ing to advertise their services during major release or holidays. By launching these attacks, their mission is to generate profit and social klout.

DDoS attacks aimed at the gaming industry over the last five years has evolved at rapid rates mainly due to the adoption of Internet of Things (IoT) devices by general consumers. Typically, today’s DDoS attacks target the game industry through IoT botnets like Mirai. They produce massive volumetric attacks causing severe problems not only to game operators and their users, but to service providers who will have to absorb the high volume attacks.

These DDoS campaigns are often conducted by attackers that have a basic to advanced understanding of network and application security. If they are unable to flood the gaming servers, they will find another bottleneck or attempting to target upstream providers.

Before the release of Square Enix’s Final Fantasy XIV expansion pack Stormblood in June 2017, the company relocated its servers to provide their users with better service availability and increased optimization. Unfortunately, attackers were still able to identify the locations of the new servers and DDoS attacks occurred in parallel with the release date of the Stormblood expansion. The attacks against the release persisted over several day and eventually escalated from targeting Square Enix’s game servers directly to attacking their upstream providers.

The advanced attackers are also able to consistently change attack vectors in an attempt to defeat modern day mitigation systems. One of the more prominent trends in 2017 was the increase in short-burst attacks, which over time have increased in complexity, frequency and duration. Burst tactics are typically used against gaming websites and service providers due to their sensitivity to service availability among their users. Timely or random bursts of high traffic can leave the targeted organization paralyzed causing a severe service disruption for its users.

Large-scale DDoS attacks and natural floods also have a significant impact on network providers who must deal with pipe saturations as massive volumetric attacks are directed at their clients. This kind of disruption typically leads to high latency and service degradation impacting additional enterprise customers of the ISP as the attack consumes provider resources.

As DDoS attacks increase in volume, they will continue to pose a threat not only to gaming operators, but for network providers as well.

The determination and systematic targeting of these services show how motivated attackers can be. Looking forward, one of the last major releases for the year, Battlefield V, will go live on November 20th. It’s expected that due to high demand, the release could experience latency and service degradation due to natural floods of users or worse, targeted by a series of DDoS attacks. The last release of Battlefield 1 on October 21 2016, was severally affected along with other major services that day by a denial of service attack that was launched against Dyn’s managed DNS infrastructure.

Since these attacks generally occur in sync with the launch of significant tournaments, maintaining and inspecting networks is necessary to defend against these types of attacks. For the online gaming industry and service providers, it’s critical to get into a pattern of auditing their systems ahead of major tournaments and releases so that there is plenty of time to review and make the necessary adjustments if needed to prevent service outages. Most attacks targeting the gaming industry can be forecasted and with proper planning you can ensure service availability for both you and your users.


Source: https://www.scmagazine.com/home/opinions/how-online-gaming-companies-can-forecast-protect-against-ddos/

While bots are a common tool of cybercriminals for carrying out DDoS attacks and mining cryptocurrencies, a recent report found they may also be indirectly increasing the price of your airline tickets.

Distil Research Lab’s Threat report, “How Bots Affect Airlines,” found the airline industry has unique cybersecurity challenges when dealing with bad bots, which comprise 43.9 percent of traffic on airlines websites, mobile apps, and APIs, which is more than double the average bad bot traffic across all industries in which only make up an average of 21.8 percent.

One European airline saw a whopping 94.58 percent of its traffic from bad bots, according to the report which analyzed 7.4 billion requests from 180 domains from 100 airlines internationally.

Cybercriminals launch bots to compromise loyalty rewards programs, steal credentials, steal payment information, steal personal information, carry out credit card fraud, and to launch credential stuffing attacks.

When threat actors infiltrates loyalty programs they can potentially shake customer confidence to the point where they no longer use the airlines.

“Once a customer has been locked out of their account by a criminal changing their password, the airline has a customer service problem to solve,” the report said. “The forensics to investigate what happened inside the account is time consuming and costly.”

Researchers added that the costs of reimbursements for the damages are also a negative impact of these bad bots.

The only industry which had a worse bot problem was the gambling industry with an average of 53.08 percent of its traffic coming from bad bots.

These malicious bots are working around the clock in the airline industry as their activity appears consistent every day throughout the week except Friday when there is a peak in traffic. The majority of the traffic comes from the USA as it’s responsible for 25.58 percent of bad bot traffic worldwide, followed by Singapore in second place with 15.21 percent, and China in third with 11.51 percent.

Researchers also learned that of the nearly 30 percent of the domains they reviewed, bad bots encompassed more than half of all traffic with 48.87 of bad bots reportedly using Chrome as their users’ agent.

Not all bots are evil however, some of the bots are used by travel aggregators such as Kayak and other online travel agencies to scrape prices and flight information or even competitive Airlines looking to gather up-to-the-minute market intelligence but even these can hassles.

Some of these unauthorized (OTAs) however may use bots to scrape prices and flight information seeking to gather ‘free’ information from the airline rather than pay for any associated fees by entering into any commercial arrangement requiring a service level agreement, researchers said in the report.

To combat the bad bots, researchers recommend airlines block or CAPTCHA outdated user agents/browsers, block known hosting providers and proxy servers which host malicious activity, block all access points, investigate traffic spikes, monitor failed login attempts, and pay attention to public data breaches.

Source: https://www.scmagazine.com/home/security-news/bots-on-a-plane-bad-bots-cause-unique-cybersecurity-issues-for-airlines/