DDoS Attacks Archive

A distributed denial of service attack may sound like hacker talk, but there’s a simple explanation behind it. Secure messaging app Telegram said it had to endure one Wednesday, and it gave an explanation that almost anyone could understand.

Telegram tweeted Wednesday morning that it was dealing with a DDoS attack. The app was down for many users across the globe, according to DownDetector. The downtime period was just a little over an hour, and while it was going on, Telegram explained how a DDoS attack works.

Screen Shot 2019-06-12 at 11.42.41

“Imagine that an army of lemmings just jumped the queue at McDonald’s in front of you – and each is ordering a whopper,” Telegram tweeted. “The server is busy telling the whopper lemmings they came to the wrong place – but there are so many of them that the server can’t even see you to try and take your order.”

The tweets then went on to describe how hackers accomplish a DDoS attack.

“To generate these garbage requests, bad guys use ‘botnets’ made up of computers of unsuspecting users which were infected with malware at some point in the past. This makes a DDoS similar to the zombie apocalypse: one of the whopper lemmings just might be your grandpa,” the company said in another tweet.

Before giving the all-clear that the attack was over, Telegram tweeted that users’ data was safe.

“There’s a bright side: All of these lemmings are there just to overload the servers with extra work – they can’t take away your Big Mac and Coke,” the company tweeted.

Telegram has its share of run-ins with service denials, but they usually come from countries that want to shut the service down. Russia, Iran and Indonesia blocked the secure messaging app in recent years as governments in those countries argued that the service was used for anti-government protests and terrorism.

Telegram didn’t immediately respond to a request for comment.

Source: https://www.cnet.com/news/telegrams-description-of-ddos-attack-is-the-best/

One of the perpetrators of the 2015 TalkTalk cyber hack has been sentenced to four years in prison for his role in the attack.

 22-year-old Daniel Kelley, from Llanelli, South Wales, who also suffers from Asperger’s syndrome, originally pleaded guilty to 11 hacking-related offences in 2016.

Judge Mark Dennis sentenced him at the Old Bailey to four years’ detention in a young offenders institution. Judge Dennis said Kelley hacked computers “for his own personal gratification”, regardless of the damage caused. Kelley went on to blackmail company bosses, revealing a “cruel and calculating side to his character”, he said.

TalkTalk experienced three significant cyber attacks in 2015, resulting in a leak of the details of over 150,000 customers. The company hired the cyber arm of defence contractor BAE Systems to investigate the breach.

Kelley’s hacking offences also involved half a dozen other organisations, including a Welsh further education college, Coleg Sir Gar, where he was a student.

His actions caused “stress and anxiety” to his victims, as well as harm to their businesses, with the total cost to TalkTalk from multiple hackers estimated at £77m.

Between September 2013 and November 2015, Kelley engaged in a wide range of hacking activities, using stolen information to blackmail individuals and companies. Despite attempts at anonymity, his crimes were revealed in his online activities.

In September 2012, he boasted on Skype that he was “involved with black hat activities and I can ddos (Distributed Denial of Service)” in reference to malicious hacking. Commenting on what he was doing, he wrote on an online forum: “Oh God, this is so illegal.”

The court heard how Kelley was just 16 when he hacked into Coleg Sir Gar out of “spite or revenge”. The DDoS attack caused widespread disruption to students and teachers and also affected the Welsh Government Public Sector network, which includes schools, councils, hospitals and emergency services.

After he was arrested and bailed, Kelley continued his cyber-crime spree for a more “mercenary purpose”. Prosecutor Peter Ratliff said Kelley had been “utterly ruthless” as he threatened to ruin companies by releasing personal and credit card details of clients.

He hacked into TalkTalk and blackmailed Baroness Harding of Winscombe and five other executives for Bitcoin, the court heard.

However, he only received £4,400 worth of Bitcoins through all his blackmail attempts, having made demands for coins worth over £115,000.

Source: https://eandt.theiet.org/content/articles/2019/06/talktalk-hacker-sentenced-to-four-years/

Global communication service providers (CSPs), who are expected to provide customers with continuous, uninterrupted service, are struggling to deal with an increasing number of distributed denial of service (DDoS) attacks.

DDoS attacks involve flooding a network with more traffic than it can handle, which makes the network inaccessible to legitimate users.

According to A10 Networks’ The State of DDoS Attacks against Communication Service Providers report, which quizzed 325 IT and security professionals working for internet service providers, 85% of CSPs believe that there will be an increase or no reduction in the amount of DDoS attacks launched against them in the near future.

Despite the threat increasing, just 39% were confident that their organisation could detect a DDoS attack. Fewer respondents, 34%, were confident that their organisation could prevent an attack.

Respondents said that a lack of actionable intelligence was the top barrier to preventing DDoS attacks. Insufficient talent and expertise, and inadequate technologies were also viewed as significant barriers.

Stopping the botnet

Preventing attacks can be costly for businesses, according to cybersecurity expert Jake Moore, security specialist at ESET, but regulating the internet of things (IoT) space could help to prevent a large number of DDoS attacks before they are launched.

“DDoS attacks have always featured in cyber-attacks and there’s usually not much companies can do to protect their websites other than to attempt to divert as much traffic as possible, but this can be costly,” Moore explained. “The real solution lies in the early production of the internet of things and smart devices, where they are continually created with simple or no security at all.”

According to GlobalData’s recent smart home report, spending on internet-connected smart home devices climbed to $23bn in 2018. The market is expected to grow to $25bn by 2025 as consumers continue to automate their homes using smart speakers, thermostats, lighting and security products.

However, various studies have highlighted how easy it is to hack many of these devices.

This is being exploited by cybercriminals to build botnets, a number of compromised internet-connected devices that are used to carry out automated cybercriminal activities such as DDoS attacks or spam delivery.

The Mirai botnet discovered in 2016, for example, had amassed 380,000 devices by scanning the internet for IoT devices and testing commonly-used default username and password combinations to break into a device.

“Once such devices are taken over by a threat actor, they are simply diverted on mass to targeted sites to crash them,” Moore explained.

Source: https://www.verdict.co.uk/iot-regulation-ddos-attack-prevention/

Global communications service providers, whose businesses are predicated on continuous availability and reliable service levels, are struggling to fend off a growing number of DDoS attacks against their networks. A lack of timely and actionable intelligence is seen as a major obstacle to DDoS protection, according to A10 Networks.

The critical need for DDoS protection

The A10 Networks study conducted by the Ponemon Institute highlights the critical need for DDoS protection that provides higher levels of scalability, intelligence integration, and automation. Some 325 IT and security professionals at ISPs, mobile carriers and cloud service providers participated in the survey.

According to the report, entitled “The State of DDoS Attacks Against Communications Service Providers,” these service providers have major concerns with DDoS resilience readiness with only 29 percent of respondents confident in their ability to launch appropriate measures to moderate attacks.

DDoS attacks targeting the network layer are the most common form of attack—and the most dangerous to their business, according to respondents. These attacks flood the network with traffic to starve out legitimate requests and render service unavailable. As a result, service providers say they face a variety of consequences, the most serious being end-user and IT staff productivity losses, revenue losses and customer turnover.

85 percent of survey respondents expect DDoS attacks to either increase (54 percent) or remain at the same high levels (31 percent). Most service providers do not rate themselves highly in either prevention or detection of attacks. Just 34 percent grade themselves as effective or highly effective in prevention; 39 percent grade themselves as effective or highly effective in detection.

DDoS intelligence gap

The DDoS intelligence gap was highlighted by a number of survey findings:

  • Lack of actionable intelligence was cited as the number-one barrier to preventing DDoS attacks, followed by insufficient personnel and expertise, and inadequate technologies.
  • Out-of-date intelligence, which is too stale to be actionable, was cited as the leading intelligence problem, followed by inaccurate information, and a lack of integration between intelligence sources and security measures.
  • Solutions that provide actionable intelligence were seen as the most effective way to defend against attacks.
  • The most important features in DDoS protection solutions were identified as scalability, integration of DDoS protection with cyber intelligence, and the ability to integrate analytics and automation to improve visibility and precision in intelligence gathering.
  • Communications service providers who rated their DDoS defense capabilities highly were more likely to have sound intelligence into global botnets and weapon locations.

“Communications service providers are right, both in their expectations for increased attacks and about their need for better intelligence to prevent them,” said Gunter Reiss, vice president, marketing at A10 Networks. “The continuing proliferation of connected devices and the coming 5G networks will only increase the potential size and ferocity of botnets aimed at service providers. To better prepare, providers will need deeper insights into the identities of these attack networks and where the weapons are located. They also need actionable intelligence that integrates with their security systems and the capacity to automate their response.”

At the same time, many service providers see DDoS protection as a managed service as a significant business opportunity, with a majority (66 percent) of providers saying they were either delivering DDoS scrubbing services or planning to do so. However, the high cost of delivering these services using legacy solutions and making them profitable was seen as a major impediment. Service providers are being forced to find modern approaches that can scale defense in a profitable way.

Other key findings

  • DDoS is seen as the most difficult type of cyber attack to deter, prevent and contain.
  • Cybercriminals who use DDoS attacks to extort money are considered the biggest risk to service providers, followed by those who use DDoS attacks as a smoke screen for some other cyber attack.
  • The network is significantly more likely to be attacked than other layers of a service provider’s infrastructure, such as the application and device layers.
  • A majority of respondents say they do not have actionable intelligence into DDoS-for-hire botnets or DDoS weapon locations around the world to help them protect their networks.

Source: https://www.helpnetsecurity.com/2019/06/07/communications-service-providers-ddos/

Here are the most common types of attack that bring down data centers.

DDoS

The most common type of attack that can take down a data center is distributed denial of service, or DDoS.

In fact, according to the most recent Verizon Data Breach Investigations report, DDoS attacks were the second most common attack vector in last year’s security incidents, following privilege misuse. And, according to a report released in April by Neustar, the number of DDoS attacks 100 Gbps in size and larger increased by nearly 1,000 percent from the first quarter of 2018 to the first quarter of this year.

According to Adam Kujawa, director of Malwarebytes Labs at Malwarebytes Corp., a DDoS attack is a direct and immediate threat to data center uptime.

Plus, the proliferation of poorly secured connected devices such as routers and cameras creates a lot of opportunities for criminals to build botnets with which to launch these attacks.

“But technology has evolved so we have a better chance of protecting ourselves,” he added.

Ransomware

As the latest Verizon report showed, ransomware continues to be a major threat.

Unlike DDoS attacks, which are over when they’re over, the effects of ransomware can continue after the initial attack is stopped, said Dan Tuchler, CMO at SecurityFirst.

“If the data is corrupted or in an unknown state, it can take significant time to restore the data from backup,” he said.  As a result, data centers might not be able to function for hours or even days after an attack.

And there’s a secondary hit, said Mounir Hahad, head of threat research at Juniper Networks. “Ransomware has an obvious impact on downtime as the IT staff would race to recover data from backups,” he said. “But the detection of intrusion may result in downtime as well, as IT staff try to cut off any potential exfiltration activity.”

It can take several days to do the forensics necessary to find out if the attackers were able to compromise any databases. “Services may be offline during that time,” he said, “at least until the method of exfiltration is understood and remediation is in place.”

These costs add up. In fact, according to Cybersecurity Ventures, the total global damages from ransomware are predicted to hit $11.5 billion in 2019, up from $8 billion last year.

External Access Services

When protecting against downtime, data center managers can often overlook some external services their computing sites depend on, such as cloud access security brokers or external DNS servers.

“Attackers target those dependent services to cause widespread harm,” said Darien Kindlund, VP of technology at Insight Engines. “In many cases, firms that protect data centers may overlook these external dependencies when threat-modeling, as they may not even be aware that such dependencies exist during architecture reviews.”

One of the biggest examples of this kind of attack was the 2016 cyberattack against DNS provider Dyn, which took down services around Europe and North America. Services affected included the Boston Globe, CNN, Comcast, GitHub, HBO, PayPal, and many others.

Application Attacks

Attacks against individual web or server applications require a lot less bandwidth but can still effectively shut down services, said Alex Heid, chief research officer at SecurityScorecard.

For example, if a data center or hosting provider has a control panel application for its customers or users, an attack against that application that causes it to crash would impact availability.

Similarly, protocols can also be overwhelmed by a single, focused attack, he said. “Examples of these attacks include Dropbear SSH DoS and the Slowloris Apache HTTP attack.”

In fact, attackers are increasingly using lower-volume, more targeted attacks to take down their victims, according to the Neustar report.

These kinds of attacks will also morph over the course of an attack to make them harder to defend against. According to the company, in the first quarter of 2019, more than 77 percent of denial of service attacks used two or more vectors.

Source: https://www.datacenterknowledge.com/security/four-main-types-cyberattack-affect-data-center-uptime