DDoS Protection Specialist Archive

Akamai Technologies’ Q4 2014 State of the Internet – Security report has found that the number of distributed denial-of-service (DDoS) attacks nearly doubled since 2013.

The report (PDF) showed DDoS attacks increased by 90 percent from Q4 2013, and increased by 57 percent compared to the last quarter. There was also a 52 percent increase in average peak bandwidth of DDoS attacks compared to Q4 2013.

Akamai observed that the rise of Internet of Things devices is having a profound impact on the DDoS thread landscape. The report showed that SSDP flood attacks increased by 214 percent from the last quarter, with one campaign generating 106Gbps of malicious traffic.

Despite this, the report showed that attackers continued to favour force over technique in their approach, which was aided by the exploitation of web vulnerabilities, the addition of millions of exploitable internet-enabled devices, and botnet building.

Attackers also leveraged multiple attack vectors during Q4. In the quarter, 44 percent of DDoS attacks leveraged multiple attack vectors, representing an 88 percent increase in the number of multi-vector attacks since Q4 2013. Akamai said the expansion of the DDoS-for-hire market promoted the execution of multi-vector campaigns.

Attack duration increased during the quarter by 31 percent to 29 hours, from last quarter at 22 hours. This increase is similar to a 28 percent year-over-year increase from Q3 2013, at 23 hours.

As for the timing of DDoS attacks, the report showed it was distributed evenly in Q4, a trend that Akamai said has been fuelled by the increasing number of targets of greater value in previously under-represented geographic locations.

akamai-ddos-attacks.jpg
(Image: Screenshot)

Meanwhile, Akamai said the United States and China continued as the lead source countries for DDoS traffic, with the US accounting for 31.54 percent of attacks, and China for 17.61 percent. This is a change from the last quarter, where Brazil, Russia, and India dominated as the source countries for DDoS attacks.

Akamai said gaming remained the most targeted industry since Q2 2014, and experienced a 2 percent increase this quarter. In Q4, attacks were fuelled by malicious actors seeking to gain media attention or notoriety from peer groups, damage reputations, and cause disruptions in gaming services. Some of the largest console gaming networks were openly and extensively attacked in December 2014, when more players were likely to be affected.

The software and technology industry, which includes companies that provide solutions such as software-as-a-service and cloud-based technologies, came in as the second most targeted industry during the quarter. According to Akamai, this industry saw the sharpest climb in attack rates, up 7 percent from last quarter to 26 percent of all attacks.

“An incredible number of DDoS attacks occurred in the fourth quarter, almost double what we observed in Q4 a year ago,” said John Summers, vice president, Akamai cloud security business unit.

“Denial of service is a common and active threat to a wide range of enterprises. The DDoS attack traffic was not limited to a single industry, such as online entertainment that made headlines in December. Instead, attacks were spread among a wide variety of industries.”

Source: http://www.zdnet.com/article/global-ddos-attacks-increase-90-percent-on-last-year/

One of the more interesting parts of my day job at Akamai Technologies AKAM +1.59% is that I have access to all sorts of security research. An information junkie’s fantasy land. One of these items is in the form of the Akamai State of the Internet security report.

What struck me about this research was the sheer increase in volume of distributed denial of service (DDoS) attacks from the last quarter. An increase of 57% was noted from just one year earlier. Nothing to sneeze at. One of the main drivers that helped to raise this number was a 241% increase in the number of attacks that leveraged SSDP floods.

What, might you ask, is SSDP? This stands for Simple Service Discovery Protocol. This is a service that can be used by attackers to reflect traffic against a target in a DDoS attack. Attackers can amplify the signal of their attack bringing a larger amount of attack traffic against the target than they could otherwise based on the volume of just attacking nodes. SSDP is commonly found in devices using Universal Plug and Play (UPnP). The largest attack that was witnessed in this instance was one that reached 106 Gbps of malicious traffic.

This is an example of what can happen with poorly configured, or worse, devices with no security controls that are rolled out as a component of the Internet of Things (Iot). As the Internet of Things continues to increase we will see more opportunities for attackers to leverage devices to increase the size and scope of their botnets. Security needs to be backed into IoT devices from the initial design phase.

Groups such as the Lizard Squad have reportedly used home routers which were susceptible to compromise as enlisted troops in their botnet. Here again we see an example of force over finesse. They’re attempting to make money by selling access to these devices with their Lizardstresser service. This server was built on code copied from another service called, Titaniumstresser and at the time it was rolled out was poorly implemented. I was able to enumerate usernames and others were able to see the contents of their misconfigured .htaccess file which is supposed to control directory level access. You could even see in the code they had not bothered to remove references to Titaniumstresser.

In the State of the Internet security report there was a demonstrated 90% increase in attacks in Q4 over those recorded in the third quarter of 2014. The attacks continue. I did notice a change in the landscape which, to be fair, I’m surprised has not happened before now. When Malaysian Airlines website was compromised on Monday, January 26th through a DNS hijack the attackers took the time to set up a DNS record to capture email from the beleaguered airline. Be sure to lock your registrar records to avoid this sort of issue.

All in all it was an interesting fourth quarter of 2014. I’m sure that 2015 will offer up a new range of interesting attacks. Or, we might get lucky and have a nice quiet year.

Source: http://www.forbes.com/sites/davelewis/2015/01/29/ddos-attacks-continue-to-rise/2/

As cyber-criminals innovate and develop new techniques to tackle defensive methods, it has never been more important for information security professionals to have strong, proactive defense and remediation strategies in place. During this webinar, the speakers will share insight on how to address the risks and respond to attacks.

Hear about the evolution of and motivations behind DDoS attacks and the attack vectors exploited

  • Discover how to implement multi-layered DDoS defense
  • Identify best practice detection and classification techniques
  • Discover how to implement resilient DDoS incident response practices

Date: November 12th 2014
Time: 10:00AM EST/15:00 GMT

Click here to register !

As the Director of Sales for DOSarrest Internet Security I have the opportunity to speak with many prospects looking for DDoS protection service for their corporate website.

What I have learned is that there are many competitors offering what I would call a “bare bones vanilla offering”.

Some offer free service to service ranging in price from $200 – $300/month. These plans offer a very basic protection. They also advertise an Enterprise offering that has an expense starting point can really turn into being quite costly depending on your circumstances.

The Enterprise service is the offering that any company that is serious about protecting their website should consider. There are a few issues with each of these offerings that I’d like to point out.

These competitors claim they have a very large number of clients utilizing their services but fail to mention that 80-85% of them are using their free service. Roughly 10 -15% of their customers are using their $200-$300/month service which again is really just a basic protection with limited protection capabilities.

When a company witnesses a large attack, which is completely out of their control, they are told they should upgrade to their enterprise offering. I hear from prospects quite often that this $200 – $300/month service does not offer adequate protection nor customer support.

In most cases there is no phone support included at all! Also they will charge the client based on the size of the attack? How can a client control the size of an attack they are experiencing! This uncertainty makes it virtually impossible for a company to budget costs. Let’s not be mistaken, their goal is to get you onto their Enterprise offering which will cost you in excess of a thousand dollars per month.

Alternately at DOSarrest Internet Security we offer a single Enterprise level service for all of our clients.

The service includes full telephone and email access to our 24/7 support team with our service. This provides you direct access to system experts. We do not operate a tiered support service given the criticality of the service.

Also we protect our clients from all DDoS attacks regardless of size without the need to pay us additional depending on the size of an attack.

We also include an external monitoring account with our service called DEMS which stands for our DOSarrest External Monitoring Service. This allows our 24/7 support team to monitor your website from 8 sensors in 4 geographical regions.

We proactively inform our clients if we notice any issues with their website. Most of our competitors do not offer this service and if they do it is not included free of charge to their clients.

DOSarrest has been providing DDoS protection services since 2007. Globally we were one of the very first DDoS protection providers and have successfully mitigated thousands of real world attacks. This is a not an “add on product” for us. Our team has the experience and the protection of a client’s website is our #1 priority. Please visit our newly revamped website and take a look at the testimonials page to see what some of our current customers are saying about their experience with us.

Please feel free to reach out to me directly or anyone on our sales team at sales@dosarrest.com for further information on our service.

Brian Mohammed

Director of Sales for DOSarrest Internet Security LTD.

When you start with the premise that capitalism is illegitimate it’s easy to dismiss other people’s property rights.

To some people, a political mission matters more than anything, including your rights. Such people (the Bolsheviks come to mind) have caused a great deal of damage and suffering throughout history, especially in the last 100 years or so. Now they’re taking their mission online. You better not get in their way.

Molly Sauter, a doctoral student at McGill University and a research affiliate at the Berkman Center at Harvard (“exploring cyberspace, sharing its study & pioneering its development”), has a paper calling the use of DDOS (distributed denial of service) attacks a legitimate form of activism and protest. This can’t go unchallenged.

Sauter notes the severe penalties for DDOS attacks under “…Title 18, Section 1030 (a)(5) of the US Code, otherwise known as the CFAA” (Computer Fraud and Abuse Act). This section is short enough that I may as well quote it here verbatim:

(5)(A) [Whoever] knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;
(B) intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage; or
(C) intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage and loss.

There are other problems with the CFAA with respect to some legitimate security research and whether it technically falls afoul of the act, but that’s not the issue here.

Sauter goes on in some detail with the penalties under Federal law for violating this act and, no argument here, they are extreme and excessive. You can easily end up with many years in prison. This is, in fact, a problem generally true of Federal law, the number of crimes under which has grown insanely in the last 30 or so years, with the penalties growing proportionately. For an informed and intelligent rant on the problem I recommend Three Felonies a Day by Harvey Silverglate. Back to hacktivist DDOS attacks.

She cites cases of DDOS attacks committed against Koch Industries, Paypal, the Church of Scientology and Lufthansa Airlines, some of these by the hacktivists who call themselves Anonymous. In the US cases of the attacks against Koch, Paypal and the Church, the attackers received prison time and large fines and restitution payments. In the Lufthansa case, in a German court, the attacker was sentenced to pay a fine or serve 90 days in jail; that sentence was overturned on appeal. The court ruled that “…the online demonstration did not constitute a show of force but was intended to influence public opinion.”

This is the sort of progressive opinion, dismissive of property rights, that Sauter regrets is not happening here in the US. She notes, and this makes sense to me, that the draconian penalties in the CFAA induce guilty pleas from defendants, preventing the opportunity for a Lufthansa-like precedent.

This is part and parcel of the same outrageous growth of Federal criminal law I mentioned earlier; you’ll find the same incentive to plead guilty, even if you’re just flat-out innocent, all over the US Code. I would join Sauter in calling for some sanity in the sentencing in the CFAA, but I part ways with her argument that political motives are a mitigating, even excusing factor.

Sauter’s logic rises from a foundation of anti-capitalism:

…it would appear that the online space is being or has already been abdicated to a capitalist-commercial governance structure, which happily merges the interests of corporate capitalism with those of the post-9/11 security state while eliding democratic values of political participation and protest, all in the name of ‘stability.’

Once you determine that capitalism is illegitimate, respect for other people’s property rights is no longer a problem. Fortunately, the law protects people against the likes of Anonymous and other anti-capitalist heroes of the far left.

I would not have known or cared about Sauter’s article had it not been for a favorable link to it by Bruce Schneier. Schneier is a Fellow at the Berkman Center.

Progressives and other leftists who think DDOS, i.e. impeding the business of a person or entity with whom you disagree in order to make a political point, should consider the shoe on the other foot. If I disagree with Schneier’s positions is it cool for me to crash his web site or those of other organizations with which he is affiliated, such as the Berkman Center, the New America Foundation’s Open Technology Institute, the Electronic Frontier Foundation, the Electronic Privacy Information Center and BT (formerly British Telecom)? I could apply the same principle to anti-abortion protesters impeding access to a clinic. I’m disappointed with Schneier for implying with his link that it’s legitimate to engage in DDOS attacks for political purposes.

It’s worth repeating that Sauter has a point about the CFAA, particularly with respect to the sentences. It does need to be reformed — along with a large chunk of other Federal law. The point of these laws is supposed to be to protect people against the offenses of others, not to protect the offender.

Source: http://www.zdnet.com/researcher-makes-the-case-for-ddos-attacks-7000034560/