DDoS Protection Specialist Archive

DOSarrest Internet Security, a fully managed cloud based DDoS protection service, today announced that their DOSarrest External Monitoring Service (DEMS), a real-time website monitoring tool, launches a new iOS and Android application for clients. This application is a complimentary service to all DOSarrest clients who are subscribed to DOSarrest’s industry leading DDoS protection service. The new mobile application on iOS and Android will allow clients to easily access and view their website(s) status and performance in real-time 24/7/365, as well as enable them to historically view all of the statistics for up to 1 year from 8 globally distributed sensors.

Jag Bains, CTO of DOSarrest says, “This application is beneficial to all of our clients who have a mission critical website that requires 100% uptime. Unlike other monitoring services, this service is fully managed 24/7/365. Should anything unexpected occur, our engineers will investigate, pinpoint and advise the client on a solution in near real-time. No other vendor in this industry offers this level of customer service.”

“We have a number of clients who depend on this service and some have subscribed to it that aren’t even using our DDoS protection service,” says Mark Teolis, CEO of DOSarrest. “With the new mobile application, in one click on your smart phone, you can view what sites are up or down and why in real-time, whenever and wherever you are. It’s like the laptop version in your pocket.”

Teolis adds, “As far as I know, no other DDoS protection service or CDN offers any such complimentary service that compares to our External Monitoring Service, with 8 globally distributed sensors completely independent of any of our scrubbing nodes.”

About DOSarrest Internet Security:

DOSarrest founded in 2007 in Vancouver, B.C., Canada, is one of only a couple of companies worldwide to specialize in cloud based DDoS protection services. Additional Web security services offered are Cloud based Web Application Firewall (WAF), Vulnerability Testing and Optimization (VTO) as well as cloud based global load balancing.

Learn more about DOSarrest at http://www.DOSarrest.com

Source: http://www.prnewswire.co.uk/news-releases/dosarrest-external-monitoring-service-launches-ios-and-android-app-499008971.html

Distributed denial-of-service (DDoS) attacks could expose 40% of businesses to losses of  £100,000 or more an hour at peak times, a survey by communications and analysis firm Neustar has revealed.

Some 12% estimated potential losses due to outages at peak times would be greater than £600,000 an hour, and 11% admitted they did not know what their losses would be.

The poll of 250 IT professionals in Europe, the Middle East and Africa also showed that half of respondents believe DDoS attacks are a bigger risk than a year ago.

Only 18% said they believed the risk was lower, yet 59% of them still admitted they are investing more in DDoS protection compared with 2014.

Apart from direct financial losses, the biggest risk identified by more than a quarter of companies is the damage to company reputation and a loss of customer trust.

“For 26% of companies, brand damage and loss of customer trust is a top concern,” said Neustar product marketing director Margee Abrams.

“Companies are beginning to understand that the impact of DDoS attacks is across the organisation, also impacting areas like customer services and regulatory compliance,” she told Computer Weekly.

Underlining the business threat of DDoS attacks, 30% of respondents said their companies had been hit multiple times, with the number of companies being hit only once down 30% compared with 2014.

The financial sector reported the highest level of multiple attacks, with 79% reporting six or more DDoS attacks a year, compared with the cross-industry average of 20%.

Respondents said attacks were lasting longer, with 30% of attacks lasting between one and two days.

They also said DDoS attacks are often accompanied by theft, with 52% of DDoS victims also reporting theft of customer data, intellectual property (IP) or money, representing a 24% increase from 2014.

The survey revealed that 84% of companies still use up to 10 employees to mitigate DDoS attacks, which the report notes is exploited by attackers to distract companies.

“Smokescreen” DDoS attacks

In “smokescreen” DDoS attacks, the real objective is theft, the report said. In 30% of DDoS attacks, malware was either installed or activated, in 18% customer data was stolen, in 12% IP was stolen, and in 12% money was stolen.

The survey showed that 56% of retailers hit by DDoS attacks were also hit by malware installation or activation compared with the cross-industry average of 30%, and 76% of retailers hit by DDoS attacks were also robbed of data or funds compared with the cross-industry average of 52%.

The report notes that managed mitigation services help to free up IT security staff to focus on other activities that may be taking place during a DDoS attack.

“However, the effect of DDoS attacks is so much wider than information security,” said Abrams. “Companies also need to review how DDoS attacks could affect their overall online performance and customer experience.”

As a result of increased recognition of the threat of DDoS attacks, many organisations are taking stronger action, with 35% investing in hybrid DDoS protection that combines on-premise hardware with cloud-based mitigation services.

The biggest investment in hybrid systems is being made by financial sector organisations which are a prime target of DDoS attacks, with 40% investing in hybrid protection and 80% choosing a hybrid approach to block attacks at peak times.

Hybrid approaches seek to combine the instant blocking capabilities of on-premise hardware devices with cloud-based “traffic scrubbing” to deal with high-volume attacks.

According to the report, hybrid systems are able to detect and respond to attacks nearly twice as fast as other systems while providing the bandwidth to deal with larger attacks.

The report showed that 56% of attacks average around 5Gbps, while some organisations have recorded attacks in the past year of up to 300Gbps.

Smaller attacks still cause damage to businesses

However, companies targeted by smaller attacks still reported damage to brand trust, loss of customer data, loss of IP, and loss of revenue.

More than a third of organisations are using stand-alone, cloud-based DDoS mitigation services, up 11% compared with 2014, and 36% are using DDoS mitigation appliances, also up 11% on 2014.

Overall, 70% of respondents said they are spending more on DDoS protection, although 40% feel their investment should be even greater.

Although 28% said they were investing less in DDoS protection, only 6% said they did not see DDoS defence as a priority.

Only 8% continue to rely on content distribution networks as a form of DDoS protection, and only 2% report no DDoS protection at all.

However, most companies (61%) still use internet service provider-based firewalls to combat DDoS attacks. But firewalls are not sufficient as they often cause bottlenecks and accelerate outages during attacks, the report said.

Some 28% of respondents said they still use web application firewalls, switches and routers as a defence against DDoS attacks.

However, with cyber criminal services available to enable anyone to take down a website using DDoS attacks for just $6 a month, it is clear that increasing mitigation capacity alone is not enough, according to Neustar senior vice-president and fellow Rodney Joffe.

“We have to become more strategic. The online community needs to develop industry-based mitigation technologies that incorporate mechanisms to distribute attack source information to internet service providers so they can stop attacks closer to the source,” he said.

Joffe believes there is also a need to improve visibility and understanding of activities in the criminal underground, so that their command and control structures can be disabled quickly.

“Finally, it is important to improve attribution and the ability of law enforcement to identify perpetrators and bring them to justice. While these improvements will not happen overnight and will not solve everything, they will make a significant and positive difference,” he said.

Source: http://www.computerweekly.com/news/4500243431/DDoS-losses-potentially-100k-an-hour-survey-shows

According to the latest quarterly threat report from network security specialist Black Lotus the frequency of DDoS attacks fell by 44 percent in the last quarter of 2014.

However, the average packet volume of attacks increased 340 percent to 4.36 million packets per second (Mpps), and the average bit volume swelled 245 percent to 12.1 gigabits per second (Gbps) over the same period.

The report is based on analysis of Black Lotus’ customer network logs. The largest bit volume DDoS attack observed during the report period was 41.1 Gbps on Oct 1, a rise in volume since the beginning of 2014, due to attackers’ usage of blended, complex attacks to achieve outages.

Of the 143,410 attacks observed during Q4 2014 49 percent were regarded as severe and more than half (53 percent) of all those mitigated resulted from UDP flood attacks. These cause poor host performance or extreme network congestion by producing large amounts of packets and IP spoofing.

The average attack during the report period was 12.1 Gbps and 4.36 Mpps, tripling average packet volume since the previous quarter. This indicated a continued reliance on using multi-vector attacks, signaling the need for security practitioners to use intelligent DDoS mitigation rather than padding networks with extra bandwidth.

“We found DDoS attacks continued trending down in frequency quarter over quarter, but, on average, attack volumes multiplied,” says Shawn Marck, co-founder and chief security officer of Black Lotus. “With networks and IT teams becoming defter at spotting and stopping volumetric attacks, cybercriminals are turning to blended approaches to confuse organizations, often using DDoS attacks as smokescreens for other underhanded activity”.

Looking ahead, Black Lotus has revised its estimate of the security measures enterprises will need to protect against the majority of attacks throughout 2015. It now says they’ll need to be capable of handling 15 Gbps minimum in bit volume, up from its Q3 prediction of five Gbps minimum. The research team anticipates that attackers will continue to try new DDoS recipes in an effort to confuse security teams and allow agitators to steal user credentials, customer billing information or confidential files.

Source: http://betanews.com/2015/03/24/ddos-attacks-reduce-in-frequency-but-grow-in-volume/

Denial of service is on the rise. What can you do to respond?

Business in the West runs on the Internet, a fact your reporter is acutely aware of as he writes offline, the office having been plunged into the 1950s for reasons best known to the IT department.

That in mind, it is no surprise that web disruption has acquired a status formerly reserved for mass traffic jams or tree-wrenching storms, a fact illustrated by the speculation that followed Facebook going offline for a mere sixty minutes in January.

Though the social network eventually claimed the shutdown was planned maintenance, many took seriously the claim that Lizard Squad, a group of hackers known for shutting down video game networks, had brought one of Silicon Valley’s giants to a halt through a distributed-denial-of-service (DDoS) attack.

Whilst Lizard Squad’s prowess likely does not extend to such feats, the idea that a business could be paralysed by DDoS attacks is not so strange. The attack method, which involves flooding servers with traffic, is one of the easiest hacks to pull off – so much so that some purists do not even consider it to qualify as hacking.

Launching such an attack can be as simple as downloading a tool for your computer that effectively automates a page refresh on a website at high speed. More advanced versions require roping in other machines to create botnets (robot networks), with such services also available to rent for as little as a few pounds. So what can be done about them?

Hacking politics

“The primary purpose of a denial-of-service attack is to interfere with an organisation’s Internet activity,” says Chris Richter, SVP of managed security services at Level 3, a telecoms firm. “We see a lot of that happening with companies dependent on high speed transactions such as gaming or finance.”

According to Richter as much as three-quarters of these attacks fall into the realm of “hacktivism”, a form of political protest in which hackers disrupt a company or government’s operations to register their opposition to a given policy or practice – a common tactic among groups such as Anonymous.

More problematic are the “mixed” or “blended” attacks, which used DDoS as a distraction. Mike Langley, EMEA VP of Palo Alto Networks, a security vendor, says DDoS attacks can be just the start of a broader assault, which may leave firms open to devastating damage.

“DDoS attacks are how you cripple a company, then you utilise malware to break the perimeter and get where you want to go,” he says. “We’re certainly defending against DDoS attacks, but the reality of all these threats is it’s sophisticated malware and that’s getting past people’s perimeters.”

Blocking the threat

Langley adds that the CISOs he talks to tend not worry so much about the hacktivism, but rather how they can beat the cybercriminals before they have a chance to steal data or intellectual property.

It is in this vein Richter’s company Level 3 runs a “scrubbing” service, so called because it can wash traffic clean before the bad stuff has a chance to disrupt a website. It works by redirecting traffic away from the website for assessment, only passing on the legitimate visitors to the main site.

“We decided to build a DDoS mitigation service because wee scan so much of the world’s traffic,” he says. “We see about 70% of the world’s IP headers flowing across our routers. That gives us the ability to detect all of the malicious activity, including DDoS attacks.”

By analysing the NetFlow packets, which contain data on router traffic, Level 3 is able to tell which traffic is good or bad based on its origin, destination, volume and protocol. It has even devised an analytics program that can be taught what to look for.

This approach differs from Palo Alto’s solution, which relies on staple defences that most companies would be considering as part of a broader security programme. These include segmenting data, implementing systems that beat unpatched “zero day” flaws, blocking command and control (C&C) servers which send instructions to viruses, and limiting user privileges across a system.

“The nature of any malware is that it’s going to do something that’s not acceptable use,” Langley explains. Both firms plans are part of a broader initiative to detect strange behaviour, which is an increasing focus among security vendors.

Denial of future

Yet even as the defenders become smarter, the hackers are expanding their efforts to carry out DDoS attacks. Richter reports that his company has seen a rise in volumetric attacks, which launch thousands of bots at a given website, and also strikes levelled against web apps as opposed to websites.

“These [application attacks] are low and slow,” he says, adding that they involved crafted packets that target specific vulnerabilities and are primed to go off at a specific time. Such strikes will be harder to his firm to detect than the current batch, but no less damaging. Troubling times await.

Source: http://www.cbronline.com/news/security/how-to-protect-yourself-from-ddos-attacks-4527651

There’s a striking disparity between how threatened service providers feel by potential DDoS attacks and how prepared they are to mitigate one, according to a Black Lotus survey. The findings demonstrate that while almost all participants (92 percent) have some form of DDoS protection in place, it is insufficient to stop an attack before damage is done.

Most respondents incurred increased operational expenses due to DDoS attacks, with more than 35 percent of the providers surveyed indicating that they are hit with one or more attacks weekly. The respondents represented companies of all sizes, from small to large.

The largest group represented in the survey was small companies of one to 999 employees worldwide (52 percent of all companies surveyed), with organizations of fewer than 250 employees (20 percent) as the largest subgroup.

Among the findings were:

  • 61 percent of providers feel that DDoS is a threat to their businesses.
  • Only 16 percent of the providers surveyed indicated that they had been rarely or never hit by a DDoS attack.
  • The top three industries with customers affected by DDoS attacks are managed hosting solutions (MHS), voice over IP (VoIP) and platform as a service (PaaS).
  • In case of a DDoS attack, 34 percent of the surveyed providers remove the targeted customer, and 52 percent temporarily null route or block the problem customer.
  • 64 percent of PaaS providers have been impacted by DDoS.
  • 56 percent of MHS providers have been impacted by DDoS.
  • 52 percent of infrastructure as a service (IaaS) providers have been impacted by DDoS.

“DDoS attacks lasting hours or even minutes can lead to loss of revenue and customers, making DDoS protection no longer a luxury, but a necessity,” said Shawn Marck, CSO of Black Lotus. “DDoS attacks will continue to grow in scale and severity thanks to increasingly powerful (and readily available) attack tools, the multiple points of Internet vulnerability and increased dependence on the Internet. Enterprises have to move from thinking of DDoS as a possibility, to treating it as an eventuality.”

Source: http://www.net-security.org/secworld.php?id=18043