DDoS Protection Specialist Archive

More than half of IT security professionals (52 per cent) said loss of customer trust and confidence were the most damaging consequences of DDoS attacks for their businesses, according to new research from Corero Network Security (LSE: CNS), a leading provider of First Line of Defence® security solutions against DDoS attacks.

The research, conducted at the U.S. RSA Conference 2015 and Infosecurity Europe, also revealed that a fifth of respondents (22 per cent) indicated that DDoS attacks have directly impacted their bottom line – disrupting service availability and impeding revenue-generating activity.

“An organisation’s ability to maintain service availability in the wake of a DDoS attack is paramount in maintaining customers, as well as winning over new customers in a highly competitive market,” said Dave Larson, CTO and Vice President, Product at Corero Network Security. “When an end user is denied access to Internet-facing applications or if latency issues obstruct the user experience, the bottom line is immediately impacted.”

One-fifth of respondents cited a virus or malware infection as the most damaging consequence of a DDoS attack, and 11 per cent indicated that data theft or intellectual property loss as a result of a DDoS event is of highest concern.

“DDoS attacks are often used as a distraction technique for ulterior motives. They’re not always intended for denying service, but rather as a means of obfuscation, intended to degrade security defenses, overwhelm logging tools and distract IT teams while various forms of malware sneak by,” Larson continued.

Nearly half of those surveyed admitted to responding reactively to DDoS attacks. When asked how they knew that they suffered a DDoS attack, 21 per cent cited customer complaints of a service issue as the indicator of an attack, while 14 per cent said the indicator was infrastructure outages (e.g. when their firewalls went down), and another 14 per cent said application failures, such as websites outages, alerted them to the DDoS event. In contrast, less than half of respondents (46 per cent) were able to spot the problem in advance by noticing high bandwidth spikes, an early sign of an imminent attack, by using other network security tools.

“It is an unfortunate but all too common issue when your customers are first to alert you to a service outage. From a technical perspective, it’s much harder to respond to an outage if you start off on the back foot. Real-time protection is really the only way to proactively combat the DDoS attacks targeting business,” Larson noted. “Using scrubbing centers to mitigate DDoS attacks off-site is a game of cat and mouse. With 96 per cent of DDoS attacks lasting 30 minutes or less, by the time an on-demand defense has been engaged, it is already too late and the damage has been done.”

Approximately 50 per cent of respondents rely on traditional IT infrastructure, such as firewalls or Intrusion Prevention Systems to protect against DDoS attacks, or they depend on their upstream provider to deal with the attacks. Only 23 per cent of those surveyed have dedicated DDoS protection via an on-premises appliance-based technology or from an anti-DDoS cloud service provider. However, it appears that many organisations are more in tune with the ramifications of DDoS attacks, as 32 per cent indicate that they have plans to adopt a dedicated DDoS defense solution to better protect their business in the future.

Larson concludes, “Attackers are finding new ways to apply DDoS tactics and mask malware and other vulnerability exploits, indicating that DDoS is a changing breed of threat that the Internet-connected business cannot afford to ignore. Relying on traditional infrastructure or upstream services to protect you against the frequent and increasingly sophisticated DDoS attack landscape is not a definitive solution. Dedicated DDoS protection technology that is deployed at the very edge of the network, or Internet peering can effectively inspect all Internet traffic and mitigate DDoS attacks in real-time removing the threat to your business before it can inflict damage.”

Source: http://www.itproportal.com/2015/07/13/what-is-most-damaged-in-a-ddos-attack/

DDoS attacks are getting more frequent and more harmful, but the key is not to be blackmailed.

If a large man stopped you on a street corner and told you that if you hand him five dollars, he won’t punch you in the face, what would you do? First you would sarcastically think to yourself welcome to New York, because that’s where this would happen.

Following that, you could say no. You could try to run. You could try to defend yourself. But with a matter of moments to think about it, you’d probably just hand over the five dollars. It doesn’t feel good to give money to an unethical person to stop him from doing a terrible thing to you, but hey, face punch averted.

Three days later, there he is again. Same offer only now its ten dollars. He already knows you don’t want to be punched in the face and he also knows you don’t seem to have any other plan for dealing with his threats. Handing over that first five dollars set you up to keep being victimised.

A DDoS ransom note has a similar strategy behind it. The difference is that you don’t have mere seconds to make your decision. Forewarned is forearmed, so get your shield up.

DDoS attack motivations

A DDoS attack is a distributed denial of service attack, which is an attack that seeks to deny the services of a website, network, server or other internet service to its users by interfering with an internet-connected host. While victims of this kind of attack may throw their hands up in the air and ask why me, it isn’t necessarily a rhetorical question.

Many people assume DDoS attacks stem from business rivalries, or are an attempt to gain a competitive advantage. In some cases this is true, but it’s far from being the only reason for DDoS attacks. DDoS attacks may stem from ideological or political differences, and in some instances they can even be equated with a hate crime when certain groups are targeted.

The other main causes of DDoS attacks essentially come down to script kiddies being script kiddies. Whether it’s a turf war between online groups, websites being randomly targeted for DDoS experiments, a challenge to see what attackers are capable of, or hacktivist groups trying to gain attention (the Lizard Squad, anyone?), a lot of the reasons for DDoS attacks can be summed up to just being a jerk on the internet.

DDoS ransom notes no exception

Speaking of jerks on the internet. For about as long as DDoS attacks have been a thing, so too have DDoS attack extortion attempts. ‘We have a botnet army prepared to take down your site. You have 24 hours to pay us $1000.’ This sort of ransom note is typically followed by a warning shot low-level DDoS attack, just so you know the attackers are capable of what they’re threatening.

A year ago, even a few months ago, these DDoS ransom notes were largely attributed to low-level cyber criminals, or kids trying to make some easy cash. But the recent actions of DD4BC, a high-level hacking group responsible for some high-level extortions on bitcoin companies, have shown us that this isn’t true.

DD4BC have been threatening 400+ Gbps DDoS flood attacks. While their actual attacks have been shown to be much smaller scale application layer DDoS attacks, peaking at about 150 requests per second accompanied by network layer attacks maxing out at 40 Gbps, these attacks would still be enough to take down most small to medium-sized websites.

DD4BC have been attempting to extort bitcoin and gaming companies since November of 2014. Lately they seem to have begun targeting the payment industry as well.

How to respond when you receive a DDoS ransom note

Thank your mom for all that just ignore it advice she gave you growing up, because one of the best responses here is definitely no response. If you pay the ransom, not only are you out that money, but you’ve also identified your website as one that has no professional DDoS protection.

That will put you on the exploitable victim list with a big exclamation mark after your name.

Some companies have decided that they’re not content with merely ignoring the ransom demands. One of DD4BC’s first publicised extortion attempts was against the Bitalo Bitcoin exchange, who not only refused to capitulate, but slapped a big ol’ bounty on DD4BC’s head.

That bounty was added to by another bitcoin company, Bitmain, in March. Another high-profile website, meetup.com, also went public with their fight against a blackmail-related DDoS attack in March 2014.

Ignoring these DDoS ransom notes or actively fighting back against would-be extortionists is unequivocally what your organisation should do in the event that you receive one. However, to do either of these things absolutely requires that you have professional DDoS protection. You don’t poke the bear unless you know it can’t get out of its cage. If that means onboarding protection as soon as you get a note, then so be it.

A better plan is to have professional DDoS mitigation in place before you ever land on the list of some hacking group. Blackmail is just one of many reasons DDoS attacks take place, and DDoS attacks are getting stronger and more devastating all the time.

Source: http://www.information-age.com/technology/security/123459804/ddos-ransom-notes-why-paying-will-get-you-nowhere

Attention is turning to application data breaches, network attacks and malware, despite 60% of respondents saying they are worried about DDoS attacks, a survey shows

Complacency about distributed denial of service (DDoS) attacks is putting businesses at risk, a survey has revealed.

Investment in specific DDoS protection is relatively low, according to a survey by F5 Networks at Infosecurity Europe 2015 in London.

Attention is turning to application data breaches, network attacks and malware, despite 60% of respondents saying they are worried about DDoS attacks and 39% admitting it is likely their organisation has already been targeted.

Similarly to advanced persistent threats (APTs), many DDoS attacks are starting to be characterised by long durations, repetition and changing attack vectors, according to a recent report by Imperva.

Almost 40% of the organisations questioned are using a firewall to protect against DDoS attacks, with web application firewalls preferred by 26% of respondents, but investment in specific DDoS protection, either on or off premise, scored much lower.

However, firewalls are not sufficient as they often cause bottlenecks and accelerate outages during attacks, according to a report published in March by communications and analysis firm Neustar.

With cyber criminal services available to enable anyone to take down a website using DDoS attacks for just $6 a month, it is clear increasing mitigation capacity alone is not enough, said Neustar senior vice-president and fellow Rodney Joffe.

“We have to become more strategic. The online community needs to develop industry-based mitigation technologies that incorporate mechanisms to distribute attack source information to internet service providers so they can stop attacks closer to the source,” he said.

Gary Newe, technical director of UK, Ireland and Sub-Saharan Africa at F5, said he was surprised DDoS attacks are not among the top three concern for businesses.

“DDoS attacks are still coming thick and fast, with an ever-increasing level of sophistication. Businesses must continue to invest in protecting themselves against attacks of this kind,” he added.

The survey also revealed the evolving technology landscape is making security more challenging, with 76% of respondents stating that with cloud computing and increased use of personal mobile devices for work purposes, the ability to maintain consistent security and availability policies has become more difficult in the past three years.

However, respondents are still looking to innovate and take on board opportunities to drive efficiencies in their business. More than a quarter of respondents are looking to use software defined networking (SDN) technologies in their datacentre in the near future, but 20% believe SDN environments are more vulnerable to attacks. The top three security concerns are bugs and vulnerabilities in the applications (26%), the exploitation of centralised controllers (21%) and the development and deployment of malicious applications on controllers (15%).

Source: http://www.computerweekly.com/news/4500248055/Complacency-about-DDoS-attacks-puts-businesses-at-risk-survey-shows

Most DDoS defence solutions are missing critical parts of the threat landscape thanks to a lack of proper visibility.

Online organisations need to take a closer look at the problem of business disruption resulting from the external DDoS attacks that every organisation is unavoidably exposed to when they connect to an unsecured or ‘raw’ Internet feed. Key components of any realistic DDoS defense strategy are proper visualisation and analytics into these security events.

DDoS event data allows security teams to see all threat vectors associated with an attack – even complex hybrid attacks that are well disguised in order to achieve the goal of data exfiltration.

Unfortunately, many legacy DDoS defense solutions are not focused on providing visibility into all layers of an attack and are strictly tasked with looking for flow peaks on the network. If all you are looking for is anomalous bandwidth spikes, you may be missing critical attack vectors that are seriously compromising your business.

In the face of this new cyber-risk, traditional approaches to network security are proving ineffective. The increase in available Internet bandwidth, widespread access to cyber-attack software tools and ‘dark web’ services for hire, has led to a rapid evolution of increasingly sophisticated DDoS techniques used by cyber criminals to disrupt and exploit businesses around the world.

DDoS as a diversionary tactic

Today, DDoS attack techniques are more commonly employed by attackers to do far more than deny service. Attack attempts experienced by Corero’s protected customers in Q4 2014 indicate that short bursts of sub-saturating DDoS attacks are becoming more of the norm.

The recent DDoS Trends and Analysis report indicates that 66% of attack attempts targeting Corero customers were less than 1Gbps in peak bandwidth utilisation, and were under five minutes in duration.

Clearly this level of attack is not a threat to disrupt service for the majority of online entities. And yet the majority of attacks utilising well known DDoS attack vectors fit this profile. So why would a DDoS attack be designed to maintain service availability if ‘Denial of Service’ is the true intent? What’s the point if you aren’t aiming to take an entire IT infrastructure down, or wipe out hosted customers with bogus traffic, or flood service provider environments with massive amounts of malicious traffic?

Unfortunately, the answer is quite alarming. For organisations that don’t take advantage of in-line DDoS protection positioned at the network edge, these partial link saturation attacks that occur in bursts of short duration, enter the network unimpeded and begin overwhelming traditional security infrastructure. In turn, this activity stimulates un-necessary logging of DDoS event data, which may prevent the logging of more important security events and sends the layers of the security infrastructure into a reboot or fall back mode.

These attacks are sophisticated enough to leave just enough bandwidth available for other multi-vector attacks to make their way into the network and past weakened network security layers undetected. There would be little to no trace of these additional attack vectors infiltrating the compromised network, as the initial DDoS had done its job—distract all security resources from performing their intended functions.

Multi-vector and adaptive DDoS attack techniques are becoming more common

Many equate DDoS with one type of attack vector – volumetric. It is not surprising, as these high bandwidth-consuming attacks are easier to identify, and defend against with on-premises or cloud based anti-DDoS solutions, or a combination of both.

The attack attempts against Corero’s customers in Q4 2014 not only employed brute force multi-vector DDoS attacks, but there was an emerging trend where attackers have implemented more adaptive multi-vector methods to profile the nature of the target network’s security defenses, and subsequently selected a second or third attack designed to circumvent an organisation’s layered protection strategy.

While volumetric attacks remain the most common DDoS attack type targeting Corero customers, combination or adaptive attacks are emerging as a new threat vector.

Empowering security teams with DDoS visibility

As the DDoS threat landscape evolves, so does the role of the security team tasked with protecting against these sophisticated and adaptive attacks. Obtaining clear visibility into the attacks lurking on the network is rapidly becoming a priority for network security professionals. The Internet connected business is now realising the importance of security tools that offer comprehensive visibility from a single analysis console or ‘single pane of glass’ to gain a complete understanding of the DDoS attacks and cyber threats targeting their Internet-facing services.

Dashboards of actionable security intelligence can expose volumetric DDoS attack activity, such as reflection, amplification, and flooding attacks. Additionally, insight into targeted resource exhaustion attacks, low and slow attacks, victim servers, ports, and services as well as malicious IP addresses and botnets is mandatory.

Unfortunately, most attacks of these types typically slide under the radar in DDoS scrubbing lane solutions, or go completely undetected by cloud based DDoS protection services, which rely on coarse sampling of the network perimeter.

Extracting meaningful information from volumes of raw security events has been a virtual impossibility for all but the largest enterprises with dedicated security analysts. Next generation DDoS defense solutions can provide this capability in a turn-key fashion to organisations of all sizes. By combining high-performance in-line DDoS event detection and mitigation capabilities with sophisticated event data analysis in a state-of-the-art big data platform, these solutions can quickly find the needles in the haystack of security events.

With the ability to uncover hidden patterns of data, identify emerging vulnerabilities within the massive streams of DDoS attack and security event data, and respond decisively with countermeasures, next-generation DDoS first line of defense solutions provide security teams with the tools required to better protect their organization against the dynamic DDoS threat landscape.

Source: http://www.information-age.com/technology/security/123459482/how-organisations-can-eliminate-ddos-attack-blind-spot

DDoS attacks are more prevalent than ever and enterprises can’t always rely on their service providers for protection. Learn what enterprises should do for effective DDoS mitigation.

Moving unified communications applications to the cloud can simplify business operations. But cloud infrastructure can present vulnerabilities that attract malicious attacks like distributed denial of service (DDoS). And with many enterprises using service providers for their UC applications, DDoS attacks can be more damaging than ever.

As the threat of DDoS attacks loom, there is a disconnect between enterprises and their service providers taking responsibility during an attack, according to a report from DDoS mitigation service provider Black Lotus Communications, which surveyed 129 service providers and the impact of DDoS on their business.

According to the report, many organizations believe they can rely on their service provider to manage a DDoS attack and its impact on their business. But the reality is most providers believe they are solely responsible for making sure their infrastructure remains intact during an attack and that the direct impact of an attack is the customer’s responsibility.

“Service providers with undeveloped DDoS mitigation strategies may choose to sacrifice a customer by black hole routing their traffic or recommending a different service provider in order to protect the service of other customers,” said Chris Rodriguez, network security senior analyst at Frost & Sullivan. Enterprises can lose anywhere from $100,000 to tens of millions of dollars per hour in an attack, the report found.

Just over one-third of service providers reported being hit with one or more DDoS attacks weekly, according to the report. Managed hosting services, VoIP and platform as a service were the three industries most affected by DDoS.

During an attack, 52% of service providers reported temporarily blocking the targeted customer, 34% reported removing the targeted customer, 32% referred customers to a partner DDoS mitigation provider and 26% encouraged an attacked customer to find a new service provider. But by removing or blocking a customer, service providers have effectively helped the attackers achieve their goal and leave enterprises suffering the consequences, according to the report.

Communicating DDoS concerns

Three-quarters of service providers reported feeling very to extremely confident they could withstand a catastrophic DDoS attack, and 92% of providers have protections in place. But the report found that the majority of providers use traditional protections that have become less effective in mitigating DDoS.

To maximize DDoS protection, Nemertes Research CEO Johna Till Johnson offered four questions that enterprises should ask when evaluating service provider security and DDoS protection.

  1. What protections does the service provider have in place in the event of an attack?Don’t be afraid to ask service providers questions regarding the DDoS mitigation products and services they use, what their DDoS track record is or how many clients have been victims of an attack. “If they refuse to answer, it tells you something about the vendor,” Johnson said. “Any legitimate provider has this information and will share it with customers.”
  2. Is the service provider willing to put DDoS mitigation in a service-level agreement (SLA)? The provider may already include DDoS protection or may require the enterprise to buy a service. But if a provider won’t include DDoS mitigation in an SLA, find out why. “If you’re not going to put it in black and white, you’re at risk,” she said.
  3. What third-party services does the provider recommend? Service providers may have third-party partnerships that can deliver DDoS protection.
  4. What is your organization’s stance on security? Johnson recommends having a line item in the budget for DDoS that covers a DDoS mitigation service or product.

Making DDoS mitigation plans

If a service provider is hit with a DDoS attack, there are two issues facing enterprises, Johnson said. The first issue is if the enterprise experienced a small hit in the attack. “If you’ve gotten a gentle probe, then attackers may be coming after you,” she said.

Just like when a credit card number is stolen and the thief spends a small amount of money to test the number before making the large, fraudulent charges, attackers are testing for vulnerabilities. Enterprises should immediately figure out where they’re at risk and what they can do to protect themselves now, Johnson said.

The second issue, she said, is that DDoS isn’t just an attack, it’s an earthquake. A disaster recovery plan is required so enterprises know what to do if a core application is suddenly unavailable.

“DDoS attack techniques continue to change, and enterprises must be proactive in their defenses,” Rodriguez said.

He said a hybrid approach to DDoS mitigation has emerged as an effective strategy. Hybrid DDoS mitigation requires an on-premises DDoS mitigation appliance to protect an enterprise’s infrastructure and a cloud-based DDoS mitigation service that routes traffic to a scrubbing center and returns clean traffic. The on-premises appliance is used during smaller attacks; and when attacks reach a certain size, the appliance can signal for the cloud-based service to take over.

“This allows the organization to use the DDoS services sparingly and only when necessary, with a seamless transition between the two services,” he said.

Source: http://searchunifiedcommunications.techtarget.com/news/4500245890/Enterprises-must-be-proactive-in-DDoS-mitigation