DDoS Protection Specialist Archive

Connectivity at MTN’s Gallo Manor data centre has been fully restored after the Johannesburg site was hit by a distributed denial of service (DDoS) attack earlier this afternoon.

MTN alerted clients just after 3pm today that it had suffered a DDoS attack, which resulted in packet loss and a disturbance to clients’ cloud services.  At the time the company said MTN Business’ network operations centre was working on resolving the problem to avoid any further attacks.

This comes less than two days after a power outage at the same data centre caused loss of connectivity.

MTN chief technology officer Eben Albertyn says, while the DDoS attack today hampered the company’s ability to provide connectivity services, engineers worked “fervently” to fully restore services and avert further attacks, and connectivity was restored soon after.

“The interruption lasted only a few minutes and is completely unrelated to the outage experienced on Monday. MTN wishes to apologise profusely to its customers for any inconvenience caused.”

On Sunday evening just after 6pm, MTN’s Gallo Manor data centre went offline, causing major disruptions to clients’ services, including Afrihost.

MTN put the outage down to a power outage. The problem persisted until the next day, with services being restored around 11am on Monday.

Digital Attack Map defines DDoS attack as: “An attempt to make an online service unavailable by overwhelming it with traffic from multiple sources.”  The live data site notes these attacks can target a wide variety of important resources, from banks to news Web sites, and present a major challenge to making sure people can publish and access important information.

Source: http://www.itweb.co.za/index.php?option=com_content&view=article&id=142968:MTN-weathers-DDOS-attack

Australian targets are being hit by shorter, more intense distributed denial of service (DDoS) attacks that are, on average, the largest in the Asia-Pacific region, according to new figures from a global DDoS watchdog.

The average DDoS size in the first quarter of this year was 1.25Gbps, according to figures from Arbor Networks’ ATLAS Threat Portal.

ATLAS, which compiles and normalises traffic data from over 330 service providers carrying a cumulative 120Tbps of Internet traffic, traces DDoS attacks from start to finish and measures them by peak and average bandwidth.

Australian DDoS attacks were getting worse on both metrics, with the 1.25Gbps average attack size approximately twice as large as the average attack across the Asia-Pacific region during Q1.

“Australia reflects the global trend,” Arbor Networks Australian country manager Nick Race recently told CSO Australia. “We’re not just an island at the bottom of the world; we’re affected equally as much as the rest of the world.”

The largest reflection attack observed in Australia used Simple Service Discovery Protocol (SSDP) to generate 26Gbps of DDoS traffic, while Network Time Protocol (NTP) was exploited to generate a reflection attack that surged to 51Gbps peak traffic.

That fell short of the 77Gbps Australian peak and 400Gbps global record observed during 2014, but the growing average size of the incidents confirmed that DDoS attacks are ever more-significant threats to Australian organisations. Despite their intensity, attacks against Australian targets lasted just 22 minutes, compared with 46 minutes across the region.

Arbor Networks has been watching the steady growth in DDoS attacks for years, with successive reviews of its collective data showing DDoS frequency and intensities continuing to trend upwards at an alarming pace.

DDoS attacks’ potential damage to revenues and brand perception was driving customer interest in cloud-based DDoS detection and mitigation services as well as encouraging many to revisit their own on-premises protections.

“The more we go online as an industry, the more that downtime becomes a business cost,” Race said.

“Take your online revenue and divide it by 365, and that’s the effective loss you face per day that a DDoS has taken your services down. Then there’s the brand damage, and the more intangible costs for businesses because they are offline.”

Race believes a growing trend towards proactive mitigation of DDoS attacks will help Australian companies avoid being completely blindsided by such attacks. Telecommunications carriers, in particular, are moving to bolster their DDoS defences to prevent the attacks from getting anywhere near their customers.

“Telcos and service providers are working together to collaborate in the defence from attacks like these,” Race said. “The most important thing you can do is to get as close as possible to the source of the attack, and stop it as far upstream as possible. We are all just trying to stay one step ahead of the bad guys.”

Source: http://www.cso.com.au/article/572801/australian-ddos-attacks-last-half-long-hit-twice-hard-regional-average/

DOSarrest Internet Security, a fully managed cloud based DDoS protection service, today announced that their DOSarrest External Monitoring Service (DEMS), a real-time website monitoring tool, launches a new iOS and Android application for clients. This application is a complimentary service to all DOSarrest clients who are subscribed to DOSarrest’s industry leading DDoS protection service. The new mobile application on iOS and Android will allow clients to easily access and view their website(s) status and performance in real-time 24/7/365, as well as enable them to historically view all of the statistics for up to 1 year from 8 globally distributed sensors.

Jag Bains, CTO of DOSarrest says, “This application is beneficial to all of our clients who have a mission critical website that requires 100% uptime. Unlike other monitoring services, this service is fully managed 24/7/365. Should anything unexpected occur, our engineers will investigate, pinpoint and advise the client on a solution in near real-time. No other vendor in this industry offers this level of customer service.”

“We have a number of clients who depend on this service and some have subscribed to it that aren’t even using our DDoS protection service,” says Mark Teolis, CEO of DOSarrest. “With the new mobile application, in one click on your smart phone, you can view what sites are up or down and why in real-time, whenever and wherever you are. It’s like the laptop version in your pocket.”

Teolis adds, “As far as I know, no other DDoS protection service or CDN offers any such complimentary service that compares to our External Monitoring Service, with 8 globally distributed sensors completely independent of any of our scrubbing nodes.”

About DOSarrest Internet Security:

DOSarrest founded in 2007 in Vancouver, B.C., Canada, is one of only a couple of companies worldwide to specialize in cloud based DDoS protection services. Additional Web security services offered are Cloud based Web Application Firewall (WAF), Vulnerability Testing and Optimization (VTO) as well as cloud based global load balancing.

Learn more about DOSarrest at http://www.DOSarrest.com

Source: http://www.prnewswire.co.uk/news-releases/dosarrest-external-monitoring-service-launches-ios-and-android-app-499008971.html

Distributed denial-of-service (DDoS) attacks could expose 40% of businesses to losses of  £100,000 or more an hour at peak times, a survey by communications and analysis firm Neustar has revealed.

Some 12% estimated potential losses due to outages at peak times would be greater than £600,000 an hour, and 11% admitted they did not know what their losses would be.

The poll of 250 IT professionals in Europe, the Middle East and Africa also showed that half of respondents believe DDoS attacks are a bigger risk than a year ago.

Only 18% said they believed the risk was lower, yet 59% of them still admitted they are investing more in DDoS protection compared with 2014.

Apart from direct financial losses, the biggest risk identified by more than a quarter of companies is the damage to company reputation and a loss of customer trust.

“For 26% of companies, brand damage and loss of customer trust is a top concern,” said Neustar product marketing director Margee Abrams.

“Companies are beginning to understand that the impact of DDoS attacks is across the organisation, also impacting areas like customer services and regulatory compliance,” she told Computer Weekly.

Underlining the business threat of DDoS attacks, 30% of respondents said their companies had been hit multiple times, with the number of companies being hit only once down 30% compared with 2014.

The financial sector reported the highest level of multiple attacks, with 79% reporting six or more DDoS attacks a year, compared with the cross-industry average of 20%.

Respondents said attacks were lasting longer, with 30% of attacks lasting between one and two days.

They also said DDoS attacks are often accompanied by theft, with 52% of DDoS victims also reporting theft of customer data, intellectual property (IP) or money, representing a 24% increase from 2014.

The survey revealed that 84% of companies still use up to 10 employees to mitigate DDoS attacks, which the report notes is exploited by attackers to distract companies.

“Smokescreen” DDoS attacks

In “smokescreen” DDoS attacks, the real objective is theft, the report said. In 30% of DDoS attacks, malware was either installed or activated, in 18% customer data was stolen, in 12% IP was stolen, and in 12% money was stolen.

The survey showed that 56% of retailers hit by DDoS attacks were also hit by malware installation or activation compared with the cross-industry average of 30%, and 76% of retailers hit by DDoS attacks were also robbed of data or funds compared with the cross-industry average of 52%.

The report notes that managed mitigation services help to free up IT security staff to focus on other activities that may be taking place during a DDoS attack.

“However, the effect of DDoS attacks is so much wider than information security,” said Abrams. “Companies also need to review how DDoS attacks could affect their overall online performance and customer experience.”

As a result of increased recognition of the threat of DDoS attacks, many organisations are taking stronger action, with 35% investing in hybrid DDoS protection that combines on-premise hardware with cloud-based mitigation services.

The biggest investment in hybrid systems is being made by financial sector organisations which are a prime target of DDoS attacks, with 40% investing in hybrid protection and 80% choosing a hybrid approach to block attacks at peak times.

Hybrid approaches seek to combine the instant blocking capabilities of on-premise hardware devices with cloud-based “traffic scrubbing” to deal with high-volume attacks.

According to the report, hybrid systems are able to detect and respond to attacks nearly twice as fast as other systems while providing the bandwidth to deal with larger attacks.

The report showed that 56% of attacks average around 5Gbps, while some organisations have recorded attacks in the past year of up to 300Gbps.

Smaller attacks still cause damage to businesses

However, companies targeted by smaller attacks still reported damage to brand trust, loss of customer data, loss of IP, and loss of revenue.

More than a third of organisations are using stand-alone, cloud-based DDoS mitigation services, up 11% compared with 2014, and 36% are using DDoS mitigation appliances, also up 11% on 2014.

Overall, 70% of respondents said they are spending more on DDoS protection, although 40% feel their investment should be even greater.

Although 28% said they were investing less in DDoS protection, only 6% said they did not see DDoS defence as a priority.

Only 8% continue to rely on content distribution networks as a form of DDoS protection, and only 2% report no DDoS protection at all.

However, most companies (61%) still use internet service provider-based firewalls to combat DDoS attacks. But firewalls are not sufficient as they often cause bottlenecks and accelerate outages during attacks, the report said.

Some 28% of respondents said they still use web application firewalls, switches and routers as a defence against DDoS attacks.

However, with cyber criminal services available to enable anyone to take down a website using DDoS attacks for just $6 a month, it is clear that increasing mitigation capacity alone is not enough, according to Neustar senior vice-president and fellow Rodney Joffe.

“We have to become more strategic. The online community needs to develop industry-based mitigation technologies that incorporate mechanisms to distribute attack source information to internet service providers so they can stop attacks closer to the source,” he said.

Joffe believes there is also a need to improve visibility and understanding of activities in the criminal underground, so that their command and control structures can be disabled quickly.

“Finally, it is important to improve attribution and the ability of law enforcement to identify perpetrators and bring them to justice. While these improvements will not happen overnight and will not solve everything, they will make a significant and positive difference,” he said.

Source: http://www.computerweekly.com/news/4500243431/DDoS-losses-potentially-100k-an-hour-survey-shows

According to the latest quarterly threat report from network security specialist Black Lotus the frequency of DDoS attacks fell by 44 percent in the last quarter of 2014.

However, the average packet volume of attacks increased 340 percent to 4.36 million packets per second (Mpps), and the average bit volume swelled 245 percent to 12.1 gigabits per second (Gbps) over the same period.

The report is based on analysis of Black Lotus’ customer network logs. The largest bit volume DDoS attack observed during the report period was 41.1 Gbps on Oct 1, a rise in volume since the beginning of 2014, due to attackers’ usage of blended, complex attacks to achieve outages.

Of the 143,410 attacks observed during Q4 2014 49 percent were regarded as severe and more than half (53 percent) of all those mitigated resulted from UDP flood attacks. These cause poor host performance or extreme network congestion by producing large amounts of packets and IP spoofing.

The average attack during the report period was 12.1 Gbps and 4.36 Mpps, tripling average packet volume since the previous quarter. This indicated a continued reliance on using multi-vector attacks, signaling the need for security practitioners to use intelligent DDoS mitigation rather than padding networks with extra bandwidth.

“We found DDoS attacks continued trending down in frequency quarter over quarter, but, on average, attack volumes multiplied,” says Shawn Marck, co-founder and chief security officer of Black Lotus. “With networks and IT teams becoming defter at spotting and stopping volumetric attacks, cybercriminals are turning to blended approaches to confuse organizations, often using DDoS attacks as smokescreens for other underhanded activity”.

Looking ahead, Black Lotus has revised its estimate of the security measures enterprises will need to protect against the majority of attacks throughout 2015. It now says they’ll need to be capable of handling 15 Gbps minimum in bit volume, up from its Q3 prediction of five Gbps minimum. The research team anticipates that attackers will continue to try new DDoS recipes in an effort to confuse security teams and allow agitators to steal user credentials, customer billing information or confidential files.

Source: http://betanews.com/2015/03/24/ddos-attacks-reduce-in-frequency-but-grow-in-volume/