DDoS Protection Specialist Archive

If you’re keeping up with what’s happening in the wonderful world of IT, you’re probably reading the blood-curdling headlines about 1.7 Tbps distributed denial of service (DDoS) attacks and gut-wrenching descriptions of average $40,000-per-hour costs of unmitigated attacks.

You’ve also probably digested the fact that no business is too large or too small to be a target of distributed denial of service attacks. So, it’s natural to start thinking about IT security improvements. In these initial thoughts, it’s tempting to envisage a tidy, on-site operation. It has the latest hardware and software (you’re upgrading), and your IT team is in charge. But hold on a minute. Before you go any further, consider all your options before settling on a DIY security solution. There are many reasons why the wise choice is letting the security pros protect your network.

Five reasons to not DIY

The main reason to pass up DIY mitigation? Its limitations. Although tools and techniques of in-house DDoS mitigation are powerful, they can’t stop swift, massive, and sophisticated volumetric attacks. Remember, in on-premises DIY mitigation plans:

  • Protection starts too late in the attack cycle. DIY protection methods are usually a reaction to the initial attack. By the time the IT security team starts working, much of the damage is done. This is especially relevant in DDoS attacks that include application-layer exploits.
  • The ability to adjust configurations doesn’t always help. IT security pros can respond to an attack by adjusting configuration settings manually. However, this takes valuable time. Also, protection is good only for the same type of attack. This lack of flexibility becomes a problem in multi-vector exploits. When botmasters (human controllers of DDoS bots) change tactics in mid-attack, your protection loses its usefulness.
  • Your network’s network bandwidth limits DIY protection efforts. Your DDoS protection is only as good as your bandwidth is large. DDoS attacks commonly measure many times more than the volume of enterprise network traffic.
  • DIY protection can’t always distinguish malware and legitimate users. In-house, DDoS protection methods often involve static traffic rate limitations and IP blacklisting. When you use these relatively old-fashioned methods, legitimate users can be mistaken for malicious software. Being blocked from using your website is a quick way to lose customers.
  • Prohibitive costs. For many companies wanting to upgrade their DDoS protection, this is the biggest problem of all. Purchasing, installing and deploying hardware appliances carry a hefty price tag that puts DIY protection beyond the budget of most organizations.

Don’t forget to protect your applications

Network users are discovering what IT security pros have known for a while. Volumetric attacks might be the familiar face of DDoS mayhem. In many cases, however, data and application security are also at risk.

That’s because DDoS attacks are often smokescreens to exploits that look for valuable data and information. In an application-layer DDoS attack, a botnet distracts the security team. While the security pros deal with the immediate problem, bots search for any information that can be sold on the Dark Web.

If you want to run your own DDoS protection methods, this is bad news. The security of applications that you run onsite is at risk. Given this expanded security scope, you would have to protect your apps by upgrading application-layer security measures. Experts recommend that to secure commercial applications, organizations must have their own remediation process, identity management methods, and infrastructure security procedures.

To run custom applications safely, you should adopt quite a few additional measures. These include application security testing, developer training, DevOps and DevSecOps practices, and maintaining an open source code inventory.

The ace up your sleeve—cloud-based mitigation services

The cloud is where you’ll find a powerful, cost-effective security option. Cloud-based, DDoS mitigation providers offer benefits that DIY methods lack.

  • Broad DDoS protection. Cloud-based protection secures your infrastructure against attacks on your system’s network and application layers.
  • No DDoS-related capital or operations costs. Mitigation service specialists offer DDoS protection as a managed service. There’s no need to invest in hardware or software. And, say good-bye to IT labor costs. Your IT staff doesn’t get involved in DDoS mitigation.
  • No scalability problems. DDoS mitigation providers use large-scale infrastructures, with virtually unlimited bandwidth.
  • No need to hire expensive talent. In-house DDoS protection solutions require IT pros with expensive, often hard-to-find knowledge and experience. The staffs of DDoS mitigation providers include the security and data specialists needed to keep DDoS attacks at bay.
  • You spend less time and money. When you add up the costs of all required assets and resources, the conclusion is clear. You’ll spend far less time, effort, and budget when you engage off-premises, DDoS protection services.

These are the benefits that most DDoS mitigation services provide. However, advanced mitigation providers go several steps beyond this already high standard of performance. For example, automated defense methods built into DDoS response software eliminate the need for time-consuming human intervention. In fact, these capabilities reduce time to mitigation to mere seconds. (The current industry record is 10 seconds).

Isn’t it time to take advantage of this IT security firepower? With DDoS mitigation services at your back, you’ll never have to wince at another DDoS screamer headline again.

Source: http://trendintech.com/2019/01/27/the-trouble-with-growing-your-own-ddos-protection-methods/

On Monday, Europol said it was closing in on more than 250 customers of Webstresser.org and other DDoS-for-hire services. In April, authorities took down the site for letting buyers knock websites offline.

If you were a big buyer of DDoS attacks, you may be in trouble. Police in Europe plan to go after customers of Webstresser.org, a major DDoS-for-hire website it shut down last year

On Monday, Europol said it was closing in on more than 250 customers of Webstresser.org and other DDoS-for-hire services. “Actions are currently underway worldwide to track down the users of these Distributed Denial of Service (DDoS) attacks,” the agency added.

In April, Europol shut down Webstresser.org for letting buyers knock websites offline. For as little as $18.99 a month, the site offered access to DDoS attacks, which can overwhelm an IP address or website with enough internet traffic to disrupt access to it.

Webstresser.org was believed to be the world’s largest market for DDoS-for-hire services, according to Europol. Before its shutdown, the site helped launch 4 million attacks. It had also attracted 151,000 registered users under the guise of selling “server stress testing” services.

Now all those customers are in danger of facing potential prosecution. That’s because authorities have uncovered a “trove of information” on Webstresser.org’s users.

“In the United Kingdom, a number of webstresser.org users have recently been visited by the police,” Europol said in its announcement. “UK police are also conducting a number of live operations against other DDoS criminals.”

Although police have typically focused on targeting the sellers of DDoS attacks, Europol said law enforcement is ramping up activities to crack down on buyers as well. Last month, US federal investigators also warned they were going after customers of DDoS-for-hire websites.

“Whether you launch the DDoS attack or hire a DDoS service to do it for you, the FBI considers it criminal activity,” FBI Assistant Director Matthew Gorham said in December. “Working with our industry and law enforcement partners, the FBI will identify and potentially prosecute you for this activity.”

Source: https://www.pcmag.com/news/366214/europol-crackdown-targets-ddos-attack-buyers

In March of 2018 cybersecurity nonprofit abuse.ch launched a new project called URLhaus. Its goal: to search and destroy compromised web pages that were being used to distribute malware. Fast forward to today and URLhaus has helped cleanse the Web of more than 100,000 malicious pages.

URLhaus is a collaborative effort and some 265 cybersecurity researchershave contributed to the project so far. Abuse.ch reports having received more than 300 malicious page submissions every day.

That number jumped dramatically this month. On January 16 reports more than doubled to 701. Yesterday URLhaus broke the 1,000 submission mark for the first time. Expect those numbers to continue climbing as more members of the cybersec community get involved.

Two strains of malware make up a substantial percentage of the submissions so far. Heodo, a botnet that is commonly used to launch DDoS attacks and distribute additional malware, leads the way with more than 16,000pages blacklisted. In second place is Gozi, a widely-distributed spyware tool that has the ability to record keystrokes and steal login details from web browsers.

Abuse.ch shared some additional statistics about its work so far. Some of the most interesting dealt with the responsiveness of hosting providers around the globe.

Providers in the United States typically took swift action after receiving a notification from URLhaus. Digital Ocean, which saw the most submissions of any provider, averaged about 6 days. Household names GoDaddy and Google were slightly slower at 9 and 8 days, respectively.

Faster is better, naturally. The sooner a malware distribution point is removed from the Web the safer things are for everyone who uses it.

Unfortunately not all content distribution networks respond as quickly. Some providers allowed reported URLs to continue pushing malware for weeks. In one case nearly two months passed between the URLhaus alert and the link’s removal.

The longer these malicious pages remain online, the greater the harm the malware can do. Hopefully providers will start working more closely with URLhaus and bringing their response times down. Swift action on their part means a safer Internet for everyone.

Source: https://www.forbes.com/sites/leemathews/2019/01/23/massive-group-effort-disables-100000-web-pages-that-distributed-malware/#178990873b39

Spreading tiny parts of junk traffic across a wide range of IP addresses can wreak havoc, while avoiding detection.

A new type of DDoS attacks has emerged, and it targets communications service providers (CSP). According to security firm Nexusguard, cybercriminals attack the large attack surface of ASN-level (autonomous system number) CSPs by spreading ‘tiny attack traffic’ across hundreds of IP addresses.

This allows them to avoid being detected.

Roughly two thirds (65.5 per cent) of DDoS attacks in the third quarter of last year targeted CSPs. Hundreds of IP prefixes were used, which means hackers had access to a ‘diverse pool’ of IP addresses.

“As a result, the year-over-year average attack size in the quarter fell measurably – 82 per cent,” the report states.

The activity usually goes like this: first cybercriminals map out the network landscape of their target, and try to identify key IP ranges. Then they inject tiny pieces of junk traffic to mix with the legitimate one. The small size allows it to bypass detection.

“Perpetrators are using smaller, bit-and-piece methods to inject junk into legitimate traffic, causing attacks to bypass detection rather than sounding alarms with large, obvious attack spikes,” said Juniman Kasman, chief technology officer for Nexusguard. “Diffused traffic can cause communications service providers to easily miss large-scale DDoS attacks in the making, which is why these organizations will need to share the load with the cloud at the network edge to minimize attack impact.”

Source: https://www.itproportal.com/news/small-scale-ddos-attacks-are-on-the-rise/

THE innovative technologies and advance development facilitated by the digital age have benefited humanity immensely, completely transforming every facet of our lives while helping set the trajectory of the future.

However, along with the significant beneficial impact of technologies, also comes the dark, seedy side of the digital world – cyber crimes and cybersecurity threats-  which are also getting more sophisticated by the day.

A recent media report, claims that digital devices that are connected to the internet – computers, phones, and webcams – are being attacked on average every five minutes.

Referred to as “doorknob -rattling,” these are the same types of attack deployed by Mirai botnet to unleash distributed denial-of-service (DDoS) attack on major websites such as Netflix and Twitter in 2016 after taking control of over 600,000 devices.

While most computers and smartphones are protected from such attacks due to built-in security measures, many IoT devices that are connected to the internet, such as webcams, CCTV cameras, and printers among others are not impervious.

Security experts believe that as long as any device is connected to a public network, and has a public IP address, someone is going try hack into it, and the attempts to breach into machines are akin to the background noise of the internet.

Armies of malicious devices and botnets always seeking to take control of other devices that are sharing a common network is now a permanent feature of the digital realm.

The botnet Mirai was created by a US computer science student, Paras Jha who first deployed it on his university website to stall an exam. He also provided his expertise to other companies to protect them from similar attacks.

In an effort bamboozle the authorities who were hot on his heels, he releases the Mirai’s source code online which led a proliferation of the Mirai-like botnets controlled by legions of cybercriminals around the world.

Network security companies often set up what is called “honeypots” which are simulated connections that are intentionally left vulnerable to attract these botnets and record their modus operandi.

Generally, Mirai-style botnets, choosing IP address at random will attack the honeypot within minutes and seek to connect to it using default username and passwords.

With the emergence of IoT, cybersecurity experts have sounded the alarm, raising concerns that explosion in the number of IoT devices that still uses passwords and rarely updated will become an easy target to hackers to access a home network.

Users, however, could take proactive security measure to protect themselves from malicious botnets or to connect to the internet via a firewall or a home router.

Beyond that, to fend off more sophisticated attacks that will emerge with the constant development of technologies, more advanced security measure that integrates future technologies such AI and machine learning has to be developed and deployed to stay one step ahead of the cyber threats.

Source: https://techwireasia.com/2019/01/will-the-emergence-of-iot-make-the-internet-less-safe/