DDoS Protection Specialist Archive

In recent years, DDoS (distributed denial-of-service) attacks have been increasing in frequency, resulting in companies of every size being targeted, including major organisations like Google, Visa, Paypal, Sony, Deezer, and Evernote.

Many experts say the traditional methods of prevention and mitigation have become less effective, but could SAVI help? Here we look at what DDoS attacks are, and what can be done to minimise their impact.

What are DDoS attacks?

A DDoS attack is essentially an attempt to make a website or online service unavailable to users. There are a number of different methods to execute a DDoS attack, but one of the most common is sending so many requests that a server is overloaded, and unable to respond to legitimate requests. Anyone visiting the website or service will either not be able to access it at all, or have a very limited experience, and that can obviously have a big impact on a business.

Organisations of all sizes are targeted. For example, millions of PlayStation gamers were affected by DDoS attacks on Sony’s PlayStation Network (PSN) on several occasions last year. This meant that gamers couldn’t use a service that they had paid for, leaving them very frustrated, and resulting in Sony losing revenue.

It’s worth noting that it’s not just the immediate impact that can do damage – there may be ongoing reputational harm if the company is perceived as being unable to provide people with a stable and reliable experience. No-one wants to rely on a service which may or may not be available at any given time.

Protecting your company

Source Address Validation Improvement (SAVI) is one way to protect your company against these threats. DDoS attacks are typically targeted to exploit the fact that IP does not perform a robust mechanism for authentication, which is proving that a packet came from where it claims it did – a packet simply claims to originate from a given address, and there isn’t a way to be sure that the host that sent the packet is telling the truth.

SAVI methods were developed by the Internet Engineering Task Force (IETF) to prevent this spoofing. SAVI works by mitigating the risk of nodes attached to the same IP link from spoofing each other’s IP addresses, complementing access filtering with unique, standardised IP source address validation.

In summary, businesses of all sizes should be aware of how their servers are protected against DDoS attacks, and what redundancies are in place in the event of an attack. If people are more aware of security issues and how to minimise their impact, the internet and the web will continue to be an incredible resource for everyone.

Source: http://www.techradar.com/news/world-of-tech/how-to-minimise-the-impact-of-ddos-attacks-on-your-business-1283432

While massive retail breaches dominated headlines in 2014, with hacks involving state-sponsored threats coming in a strong second, distributed denial-of-service (DDoS) attacks continued to increase, both in the volume of malicious traffic generated and the size of the organizations falling victim.

Recently, both the Sony PlayStation and Xbox Live gaming networks were taken down by Lizard Squad, a hacking group which is adding to the threat landscape by offering for sale a DDoS tool to launch attacks.

The Sony and Xbox takedowns proved that no matter how large the entity and network, they can be knocked offline. Even organizations with the proper resources in place to combat these attacks can fall victim. But looking ahead, how large could these attacks become?

According to the “Verisign Distributed Denial of Service Trends Report,” covering the third quarter of 2014, the media and entertainment industries were the most targeted during the quarter, and the average attack size was 40 percent larger than those in Q2.

A majority of these insidious attacks target the application layer, something the industry should be prepared to see more of in 2015, says Matthew Prince, CEO of CloudFlare, a website performance firm that battled a massive DDoS attack on Spamhaus early last year.

Of all the types of DDoS attacks, there’s only one Price describes as the “nastiest.” And, according to the “DNS Security Survey,” commissioned by security firm Cloudmark, more than 75 percent of companies in the U.S. and U.K. experienced at least one DNS attack. Which specific attack leads that category?

You guessed it. “What is by far the most evil of the attacks we’ve seen…[are] the rise of massive-scale DNS reflection attacks,” Prince said.

By using a DNS infrastructure to attack someone else, these cyber assaults put pressure on DNS resolver networks, which many websites depend on when it comes to their upstream internet service providers (ISP).

Believing these attacks are assaults on their own network, many ISPs block sites in order to protect themselves, thus achieving the attacker’s goal, Prince said. By doing so “we effectively balkanize the internet.”

As a result, more and more of the resolvers themselves will be provided by large organizations, like Google, OpenDNS or others, says Prince.

That in itself could lead to an entirely different issue: Consolidating the internet.

Source: http://www.scmagazine.com/tidal-waves-of-spoofed-traffic-ddos-attacks/article/393059/

Akamai Technologies’ Q4 2014 State of the Internet – Security report has found that the number of distributed denial-of-service (DDoS) attacks nearly doubled since 2013.

The report (PDF) showed DDoS attacks increased by 90 percent from Q4 2013, and increased by 57 percent compared to the last quarter. There was also a 52 percent increase in average peak bandwidth of DDoS attacks compared to Q4 2013.

Akamai observed that the rise of Internet of Things devices is having a profound impact on the DDoS thread landscape. The report showed that SSDP flood attacks increased by 214 percent from the last quarter, with one campaign generating 106Gbps of malicious traffic.

Despite this, the report showed that attackers continued to favour force over technique in their approach, which was aided by the exploitation of web vulnerabilities, the addition of millions of exploitable internet-enabled devices, and botnet building.

Attackers also leveraged multiple attack vectors during Q4. In the quarter, 44 percent of DDoS attacks leveraged multiple attack vectors, representing an 88 percent increase in the number of multi-vector attacks since Q4 2013. Akamai said the expansion of the DDoS-for-hire market promoted the execution of multi-vector campaigns.

Attack duration increased during the quarter by 31 percent to 29 hours, from last quarter at 22 hours. This increase is similar to a 28 percent year-over-year increase from Q3 2013, at 23 hours.

As for the timing of DDoS attacks, the report showed it was distributed evenly in Q4, a trend that Akamai said has been fuelled by the increasing number of targets of greater value in previously under-represented geographic locations.

akamai-ddos-attacks.jpg
(Image: Screenshot)

Meanwhile, Akamai said the United States and China continued as the lead source countries for DDoS traffic, with the US accounting for 31.54 percent of attacks, and China for 17.61 percent. This is a change from the last quarter, where Brazil, Russia, and India dominated as the source countries for DDoS attacks.

Akamai said gaming remained the most targeted industry since Q2 2014, and experienced a 2 percent increase this quarter. In Q4, attacks were fuelled by malicious actors seeking to gain media attention or notoriety from peer groups, damage reputations, and cause disruptions in gaming services. Some of the largest console gaming networks were openly and extensively attacked in December 2014, when more players were likely to be affected.

The software and technology industry, which includes companies that provide solutions such as software-as-a-service and cloud-based technologies, came in as the second most targeted industry during the quarter. According to Akamai, this industry saw the sharpest climb in attack rates, up 7 percent from last quarter to 26 percent of all attacks.

“An incredible number of DDoS attacks occurred in the fourth quarter, almost double what we observed in Q4 a year ago,” said John Summers, vice president, Akamai cloud security business unit.

“Denial of service is a common and active threat to a wide range of enterprises. The DDoS attack traffic was not limited to a single industry, such as online entertainment that made headlines in December. Instead, attacks were spread among a wide variety of industries.”

Source: http://www.zdnet.com/article/global-ddos-attacks-increase-90-percent-on-last-year/

One of the more interesting parts of my day job at Akamai Technologies AKAM +1.59% is that I have access to all sorts of security research. An information junkie’s fantasy land. One of these items is in the form of the Akamai State of the Internet security report.

What struck me about this research was the sheer increase in volume of distributed denial of service (DDoS) attacks from the last quarter. An increase of 57% was noted from just one year earlier. Nothing to sneeze at. One of the main drivers that helped to raise this number was a 241% increase in the number of attacks that leveraged SSDP floods.

What, might you ask, is SSDP? This stands for Simple Service Discovery Protocol. This is a service that can be used by attackers to reflect traffic against a target in a DDoS attack. Attackers can amplify the signal of their attack bringing a larger amount of attack traffic against the target than they could otherwise based on the volume of just attacking nodes. SSDP is commonly found in devices using Universal Plug and Play (UPnP). The largest attack that was witnessed in this instance was one that reached 106 Gbps of malicious traffic.

This is an example of what can happen with poorly configured, or worse, devices with no security controls that are rolled out as a component of the Internet of Things (Iot). As the Internet of Things continues to increase we will see more opportunities for attackers to leverage devices to increase the size and scope of their botnets. Security needs to be backed into IoT devices from the initial design phase.

Groups such as the Lizard Squad have reportedly used home routers which were susceptible to compromise as enlisted troops in their botnet. Here again we see an example of force over finesse. They’re attempting to make money by selling access to these devices with their Lizardstresser service. This server was built on code copied from another service called, Titaniumstresser and at the time it was rolled out was poorly implemented. I was able to enumerate usernames and others were able to see the contents of their misconfigured .htaccess file which is supposed to control directory level access. You could even see in the code they had not bothered to remove references to Titaniumstresser.

In the State of the Internet security report there was a demonstrated 90% increase in attacks in Q4 over those recorded in the third quarter of 2014. The attacks continue. I did notice a change in the landscape which, to be fair, I’m surprised has not happened before now. When Malaysian Airlines website was compromised on Monday, January 26th through a DNS hijack the attackers took the time to set up a DNS record to capture email from the beleaguered airline. Be sure to lock your registrar records to avoid this sort of issue.

All in all it was an interesting fourth quarter of 2014. I’m sure that 2015 will offer up a new range of interesting attacks. Or, we might get lucky and have a nice quiet year.

Source: http://www.forbes.com/sites/davelewis/2015/01/29/ddos-attacks-continue-to-rise/2/

As cyber-criminals innovate and develop new techniques to tackle defensive methods, it has never been more important for information security professionals to have strong, proactive defense and remediation strategies in place. During this webinar, the speakers will share insight on how to address the risks and respond to attacks.

Hear about the evolution of and motivations behind DDoS attacks and the attack vectors exploited

  • Discover how to implement multi-layered DDoS defense
  • Identify best practice detection and classification techniques
  • Discover how to implement resilient DDoS incident response practices

Date: November 12th 2014
Time: 10:00AM EST/15:00 GMT

Click here to register !