DDoS Protection Specialist Archive

By Brian Bloom, ComputerWorld Canada

May 29, 2012, 8:53 PM — Depending on how unscrupulous your business practices are, a denial-of-service attack can give you a competitive advantage. From keeping competitors offline to engaging in outright extortion, there are organizations (some more obviously criminal than others) now using DDoS attacks to make big money.

For those on the receiving end, DDoS attacks are expensive. If you want to avoid losing a lot of money, it pays to be insured. And it’s better to get your protection from the good guys.

Corero Network Security is a company that fits into a small but growing sector of the information security community. It looks at ways to combat the increasingly sophisticated — and often untraceable — denial-of-service attacks targeting organizations of all kinds. The company says the bulk of the attacks today are not the spectacular, ideology-driven kinds that grab headlines.

“Most of the attacks, we know, involve things like unfair competition,” says Neil Roiter, research director of Corero Network Security Inc. “In other words, another company in your own market, your own sector, hitting you to knock you offline, to chase away customers, to lure customers to their own site.”

Roiter adds that when Corero surveyed companies in the U.S. subjected to DDoS attack, more than half believed they had been targeted by the competition. Then there are other attacks: ones that are essentially information age protection rackets.

“It’s like the old protection racket where guys come into your shop, your store, like in the movies and they say, ‘You have a nice place here. It would be a shame if something bad happened to it. Or happened to you.’

“You’ll get an email or phone call saying, ‘Pay us $50,000 by such and such a time, transfer it to this account, or we’re going to knock your site offline.'”

At first glance, Canada appears to have avoided the scourge of these sorts of “professional” DDoS attacks. David Black, manager of the RCMP technology crime branch’s cyber crime fusion team, says he hasn’t encountered many cases of DDoS extortion in Canada, though the threat is certainly present.

“Any company is vulnerable to this, in a sense,” says Black. “If their business depends on 24/7 network connection, extortion could be a reality.”

He adds that it’s “very rare” to catch a company knocking down a competitor’s site in Canada. But again, he cautions that this doesn’t mean they won’t occur in the future.

“We are at high risk, don’t get me wrong,” Black says. “Just the examples aren’t there.”

But Roiter suggests there may plenty of examples that the police simply don’t know about. Extortion, he says, is a crime that usually goes unreported, making it impossible to know how prevalent it is. While countries do differ in terms of the types of DDoS attacks they experience, certain industries are magnets for these types of crimes, Roiter says. He notes, for example, that Canada has a “healthy online gambling industry.”

“Gambling sites are very popular targets. There’s a lot of that that goes on in online gambling. And usually they’ll pay the ransom. Think of it this way: somebody gives you that call before World Cup match when you know you’re going to be doing hundreds of thousands, maybe a million dollars in business, and they say, ‘pay us $50,000′ or ‘£30,000′ or whatever it is. You’re going to pay.”

Roiter says part of the reason that companies are forced to give into criminals’ demands is not necessarily that they haven’t taken protective measures, but that they haven’t taken the right ones. They may be protected from network-based attacks and aren’t ready for the newer application-level attacks.

“The networking flooding attacks, the SYN flood, the UDP attacks, the ICMP attacks, those sorts of things are becoming less prevalent, and application-layer attacks, which use far less bandwidth and are much harder to detect and mitigate, are becoming dominant.”

To combat such attacks, Corero’s security platform uses analysis to examine whether a protocol is behaving properly and a rate-limiting technique that assigns it either a credit or demerit point. With enough demerits, the system will perceive a threat and immediately block it off.

The company has more than 20 major Canadian clients, including financial and government institutions. Dave Millier, CEO of Toronto-based Sentry Metrics Inc., says his company was the primary reseller for Top Layer Networks Inc., a company Corero acquired in 2011 that was one of the biggest players in the DDoS market.

Millier says in general, Corero’s “claim to fame” in preventing DDoS attacks is their ability to ensure business continuity in the midst of an attack. “They can sustain multi-hundred megabit attacks, while still allowing acceptable performance of the Web services that are running on the systems inside the network itself.”

This is accomplished by placing the Corero boxes outside of the network and firewall to identify and block threats more quickly. “All the data still comes to the Corero box, but it’s intelligent enough to actually in effect drop the connections before they ever get to the devices that are trying to be connected to.”

From the RCMP’s perspective, says Black, one of the best ways to combat DDoS crime in Canada is to seek guidance from the Canadian Cyber Incident Response Centre (CCIRC). Businesses can also report cyber threat incidents to the Centre. And as they increase, it will play an increasingly important role, he says.

“As this business grows and matures, for advice on how to prevent … (that’s) a great role for CCIRC,” he says.

Source: http://www.itworld.com/security/279089/new-ddos-silent-organized-and-profitable

NEW DELHI: A day after messing with servers maintained by Reliance Communications, Anonymous, an international hacker collective, defaced two websites belonging to BJP on Sunday. Through its Twitter account (@opindia_back) it announced thatwww.mumbaibjp.org and www.bjpmp.org.in were hacked by the group. After the hacking, the group posted a message to web users, asking them to organize protests against “web censorship” in India on June 9.

While the message was displayed on the homepage of www.mumbaibjp.org, on www.bjpmp.org.in it was inserted as a page at bjpmp.org.in/ads/anon.html. On Mumbai BJP website the message was accompanied by a catchy tune embedded through a YouTube link.

“Today they took away your right to use a few websites… day after tomorrow they will take away your freedom of speech and no one will be there to speak for you. Speak Now or Never,” the message read. The hackers said that people should print out or buy Guy Fawkes Masks and wear them while protesting against web censorship in Bangalore, Mangalore, Kochi, Chennai, Vizag, Delhi, Mumbai and Hyderabad on June 9.

TOI reached out to Anonymous though Twitter, asking why it defaced BJP websites. “”Just needed a website to display our message,” said the person managing @opindia_back.

The Ion, who is likely a part of Anonymous and who uses @ProHaxor alias on Twitter, added, “BJP are the opposition they should have stopped this or should have organised a protest they did not do any.”

Incidentally, CERT-IN, the nodal agency in India for monitoring security and hacking incidents within the country’s cyberspace, said in a report on Sunday that hackers are targeting Indian websites. “It is observed that some hacker groups are launching Distributed Denial of Service (DDoS) attacks on websites of government and private organizations in India,” the report said and asked network administrators to keep vigil.

Anonymous started attacking websites belonging to government agencies and companies like Reliance Communications last week after internet service providers blocked several websites in the country on the basis of an order by Madras high court. Anonymous says the blocking of websites is illegal and suppression of freedom of speech. On Friday it held a virtual ‘press conference’ and released a list of websites that were allegedly blocked on the internet service provided by Reliance Communications even though there was no legal requirement for the ISP to do so. The hackers said they stole the list from Reliance’ servers. At the same ‘press briefing’ the group called on Indian people to organize protests against web censorship on June 9.

In the last few months, Anonymous has organized or played a dominant role in real world protests against what it perceives censorship and abuse of power. The most popular of these protests has been Occupy Wall Street in the US. Though there were a number of groups and individuals involved in these protests Anonymous had played a key role in spreading the word.

Source: http://timesofindia.indiatimes.com/tech/news/internet/Anonymous-hacks-BJP-websites-wants-people-to-protest-against-web-censorship/articleshow/13576173.cms

More than half of US businesses still rely on conventional firewalls or intrusion prevention systems to shield themselves from the scourge of DDoS attacks, a survey by services firm Neustar has found.

By John E Dunn

Techworld — More than half of US businesses still rely on conventional firewalls or intrusion prevention systems to shield themselves from the scourge of DDoS attacks, a survey by services firm Neustar has found.

The survey of 1,000 US-based IT professionals across a range of industries found that only 3 percent were using DDoS mitigation systems or services, with a quarter claiming they had no protection whatsoever against the threat.

Eleven percent used intrusion detection/prevention systems even though such technology is (in common with firewalls, routers and switches) widely seen as an inadequate defence against contemporary DDoS bombardment, Neustar said.

“Experts point out that during DDoS attacks these ‘defences’ become part of the problem. They quickly become bottlenecks, helping achieve an attacker’s goal of slowing or shutting you down. Moreover, firewalls won’t repel attacks on the application layer, an increasingly popular DDoS vector,” the authors note.

A third of those questioned said DDoS attacks lasted for a day or more with 11 percent mentioning over a week.

There didn’t appear to be any clear pattern that related attack length to industry segment, except that the travel industry appeared slightly more vulnerable to attacks lasting longer than 24 hours.

Two thirds said the direct cost of all this DDoS was about $10,000 (APS6,200) per hour or $240,000 per day, with 13 percent reckoning it as being $100,000 per hour.

The most vulnerable to high costs was retail, a sector that depends on online sales to generate cashflow, followed by finance.

The main anxiety in advance of DDoS attacks was the negative impact on customers, ahead of brand reputation damage and even direct costs.

Companies such as Neustar have a vested interest in talking up the difficulty of dealing with DDoS the better to market protection services.

However, the company said it accepted that there was no simple answer to countering DDoS attacks; even the best protection systems available still required trained, skilled staff to deploy and manage them.

“With attacks becoming more sophisticated – mixing brute-force bandwidth assaults and surgical strikes on applications – in-depth knowledge and experience make a huge difference. There is no ‘magic box’ that can out-think attackers on its own.”

The company markets its own cloud-based mitigation service, SiteProtect. Three years ago its UltraDNS service was itself the victim of a DDoS attack.

Source: http://www.cio.com/article/706594/U.S._Firms_Over_Reliant_on_Firewalls_to_Defend_Against_DDoS_Attacks?taxonomyId=3089

The Pirate Bay is getting pounded with a denial-of-service attack and most of the likely suspects deny involvement.

by Greg Sandoval May 16, 2012 12:56 PM PDT

There’s a good whodunit developing over at The Pirate Bay, the popular BitTorrent file-sharing service.

An unknown entity has launched a large distributed denial-of-service attack (DDoS) against The Pirate Bay and rendered the site largely inaccessible for more than a day. The Pirate Bay posted a note to its Facebook page confirming the attack. Site operators wrote: “We don’t know who’s behind it but we have our suspicions.”

Suspicions are all anybody seems to have at this point. Here’s a list of the top suspects and where they stand on the issue.

– The Motion Picture Association of America: A spokesman for the trade group for the top six Hollywood film studios, a group that over the years has become one of The Pirate Bay’s arch nemesis, told CNET “The MPAA has no involvement and does not condone DDoS attacks.”

– The Recording Industry Association of America: A representative for the trade group for the four major music labels, also denied that the organization was behind the attack. He pointed out that the RIAA has been the victim of multiple DDoS attacks and has denounced the practice.

– Anonymous: The mysterious hacktivist group that is well known around the world for launching DDoS attacks, has denied responsibility. The Pirate Bay admonished Anonymous’ for its tactics when the group recently launched a DDoS attack against Virgin Media, the first Internet service provider in the United Kingdom to block The Pirate Bay.
“Yes, The Pirate Bay is down,” wrote Anonymous in a Twitter post. “Yes it’s under DDoS attack. No we don’t know who from. We’ll update as we hear more.”

Of course the MPAA and RIAA don’t speak for every copyright owner around the world. Plenty of filmmakers and musicians not affiliated with those groups consider The Pirate Bay a scourge and believe that site operators enrich themselves at artists’ expense.

Anonymous also doesn’t speak for every hacker in the world or for everyone who has the capability to launch a DDoS attack.

The only reason that anyone would even suspect Anonymous, which has always been a huge supporter of The Pirate Bay, is because of BitTorrent site’s strong condemnation last week of DDoS attacks — even attacks launched in support of the service.

“We do not encourage these actions,” The Pirate Bay wrote after Virgin Media came under attack, according to the blog Torrentfreak. “We believe in the open and free

Internets, where anyone can express their views. Even if we strongly disagree with them and even if they hate us.”

So, where does this leave us? Is it a government that is attacking the site or an angry group of tech-savvy indie filmmakers or musicians? Is it a rogue element of Anonymous? If you have any suspicions, please share them in the comments.

Source: http://news.cnet.com/8301-1023_3-57435710-93/who-is-behind-murky-ddos-attack-against-the-pirate-bay/

By: Jeremy Nicholls

The internet is an ideal destination for like-minded people to come together.

This is as true for people who are reaching out to friends, colleagues and strangers to raise money for charity as it is for groups of individuals who plan to use cyber attacks to make political or ideological statements.

It is the latter group, ‘hacktivists’ as they have come to be called, who are having a profound impact on today’s security threat landscape.

Research from Arbor Networks’ annual Worldwide Infrastructure Security Report (a survey of the internet operational security community published in February) supports this. Ideologically motivated hacktivism and vandalism were cited by a staggering 66 per cent of respondents as a motivating factor behind distributed denial-of-service (DDoS) attacks on their businesses.

One of these attacks last month targeted the BBC – the attack took down email and other internet-based services and the BBC suspected the attack was launched by Iran’s cyber army in a bid to disrupt BBC Persian TV. Then there was the takedown of the Home Office website with the promise of a series of weekly attacks against the Government.

But it’s not just high-profile, politically connected organisations at risk. Any enterprise operating online, which applies to just about any type and size of business operating in the UK, can become a target because of who they are, what they sell, who they partner with or for any other real or perceived affiliations. Nobody is immune.

An influx of new attack tools entering the market are readily available and fast to download. This video demonstrates how many tools are available today to anyone with a grievance and an internet connection; furthermore, the underground economy for botnets is booming.

Botnets ‘for hire’ are popular – unskilled attackers are able to hire botnet services for bargain-basement prices. Just as an enterprise can subscribe to a technology provider or a cloud-based DDoS mitigation service, hacktivists can subscribe to a DDoS service to launch attacks.

While hacktivism has gained tremendous press attention recently, there is evidence of DDoS attacks being used for competitive gain. For example, the Russian security service FSB arrested the CEO of ChronoPay, the country’s largest processor of online payments, for allegedly hiring a hacker to attack his company’s rivals. He was charged with a DDoS attack on rival Assist that paralysed the ticket-selling system on the Aeroflot website.

This all has overwhelming implications for the threat landscape, risk profile, network architecture and security deployments for all service providers and enterprises.

With the democratisation of DDoS has come a change in the attacks themselves. The methods hackers use to carry out DDoS attacks have evolved from the traditional high-bandwidth/volumetric attacks to stealth-like application-layer attacks and state attacks on firewalls and IPS, with a combination of any or all three being used in some cases.

Multi-vector attacks are becoming more common. A high-profile attack on Sony in 2011 had the company blinded of security breaches that compromised user accounts on the PlayStation Network, Qriocity and Sony Online Entertainment, because it was distracted by DDoS attacks.

Whether used for the sole purpose of shutting down a network or as a means of distraction to obtain sensitive data, DDoS attacks continue to become more complex and sophisticated. While some DDoS attacks have reached levels of 100Gbps, low-bandwidth, application-layer attacks have become more prominent as attackers exploit the difficulties in detecting these ‘low-and-slow’ attacks before they impact services.

Of the respondents surveyed in Arbor’s report, 40 per cent reported an inline firewall and/or IPS failure due to a DDoS attack, and 43 per cent reported a load-balancer failure.

While these products have a place and are an important part of an organisation’s overall IT security portfolio, they are not designed to protect availability. To ensure the best possible protection, organisations should adopt a multi-layered approach – combining a purpose-built, on-premise device with an in-cloud service.

DDoS mitigation is not a short-term fix. At Arbor Networks, we believe that this is something that should sit within a company’s overall risk-planning considerations. Just as physical security can be impacted by fire or extreme weather, digital security includes evaluating threats to availability, namely DDoS attacks.

It is becoming increasingly important to develop a plan to identify and stop them before they impact services, just as you would with natural disasters such as earthquakes or floods.

It is time for companies to start considering DDoS in their business-continuity planning. If they don’t, and they are targeted, the resulting chaos and lack of tools extends the outage and increases the costs both from an immediate financial perspective, and in terms of longer-term brand damage.

 

Source: http://www.scmagazineuk.com/the-changing-face-and-growing-threat-of-ddos/article/241020/