DDoS Defense Archive

EfficientIP’s 2018 DNS Threat Report has revealed telecom organisations took an average of 18 hours to mitigate each cyber attack.

The telecommunications sector ranks as one of the worst businesses sectors in its handling of cyber threats.

According to the report from EfficientIP, 43% of telco organisations suffered from DNS-based malware over the past 12 months. It was also highlighted that 81% took three days or more to apply a critical security patch after notification.

Time and money
DNS attacks cost telco organisations, like any other, significant time and money.

In general, telcos are taking too long to mitigate an attack; requiring an average of three employees to collectively spend over 17 hours per attack.

Due to how time-intensive the mitigation process can be, the report found that the average cost per DNS attack is rising for the telecommunications sector. Last year, a single DNS attack cost a telco organisation $622,100. This year the research shows telcos lose an average of $886,560 from each DNS attack, an increase of 42% in just 12 months.
Commenting on the reason behind these attacks, David Williamson, CEO of EfficientIP says: “Telco organisations attract complex, sophisticated cyber attacks as they hold sensitive customer data, and are also critical for providing unified communication services to businesses With a large part of their customer base operating online, strong network security has become a business necessity for the entire telco sector in general. Ensuring consistency and reliability in service is a crucial step towards providing elevated customer satisfaction.”

Reputational damage
The ramifications on telcos’ brands, while undergoing cyber attacks, is damaging.

Brand reputation was likely to suffer due to service issues:

• 45% had to close down specific affected processes and connections.
• 38% suffered cloud service downtime.
• 33% reported a compromised website.
• 31% endured in-house application downtime.
• 30% reported sensitive customer information stolen.

Recommendations for telcos
Working with some of the world’s largest telecommunication brands such as Orange and Vodafone to protect their networks, EfficientIP recommends five best practices:

• Rethink and simplify DNS architectures by replacing intermediary security layers with an adapted DNS security solution. As well as reducing administration and maintenance costs, this helps guarantee availability of service.

• Augment your threat visibility using real-time, context-aware DNS transaction analytics for behavioral threat detection. Businesses can detect all threat types, and prevent data theft to help meet regulatory compliance such as GDPR and US CLOUD Act.

• Apply adaptive countermeasures relevant to threats. The result is ensured business continuity, even when the attack source is unidentifiable, and practically eliminates risks of blocking legitimate users.

• Decentralise DNS architecture to cope with heavy growth of traffic. In addition to enhancing user experience, placing purpose-built, high performance DNS servers in points of presence significantly improves security against DDoS attacks.

• Incorporate DNS into a global network security solution to recognize unusual or malicious activity and inform the broader security ecosystem. This allows holistic network security to address growing network risks and protect against the lateral movement of threats.

Source: https://www.information-age.com/telcos-cyber-attacks-123476699/

In Europe DDoS attack volumes have increased sharply during the third quarter 2018 according to a new report.

The report from DDoS protection specialist Link11 shows the average attack volume more than doubled in July, August and September, to 4.6 Gbps (up from 2.2 Gbps in Q2).

Attacks are also becoming increasingly complex, with 59 percent of incidents using two or more vectors — up from 46 percent in Q2. The highest-volume attack observed by Link11 in 2018 rose to 371 Gbps in Q3, an increase of 75 percent compared to the maximum of 212 Gbps observed in Q1. In addition, there were a further 35 attacks with bandwidth peaks above 100 Gbps.

Multivector attacks, which accounted for 59 percent of all attacks in Q3, were also a major threat. 37 percent of all attacks in Q3 featured 3 different vectors – more than double the number of triple-vector attacks seen in Q2 (16 percent).

“The structure and composition of DDoS attacks is constantly changing, but the goal remains the same: to interrupt servers, networks or data streams,” says Aatish Pattni, regional director UK and Ireland for Link11. “Over half of attacks during Q3 were multi-vector, making them harder to defend against, and they are growing in volume, too, meaning they can easily overwhelm defenses. To stop these attacks disrupting business operations, organizations need proactive protection that tracks and responds to evolving attack scenarios and patterns automatically, using advanced machine-learning techniques.”

The report also reveals that attacks are most frequent on Fridays and Sundays, with the level of attacks declining during the business week. Attackers targeted organizations most frequently between 4pm and midnight Central European Time, with attack volumes at their lowest between 5am and 10 am CET. The highest number of attacks seen in one day during Q3 was 885 on Friday 17 August.

Source: https://betanews.com/2018/11/20/ddos-attack-volumes-double/

Small and medium-sized businesses are much more at risk of DDoS attacks than many think, according to research by the Dutch domain registrar SIGN and the internet providers group NBIP. The two groups conducted research on the .nl websites affected by such attacks and the organisations affected. In total, 237 DDoS attacks were identified in the year to June 2018.

Web shops selling consumer goods such as clothes, cosmetics and garden equipment have a bigger chance of being hit by DDoS attacks, the research found. On average the resulting damage costs EUR 1.8 million.

A common cause is the use of shared hosting. To save costs, small online sellers often share a server with other websites. They are then affected if another site on the server is hit by an attack. The chance of collateral damage is 35 times higher in such a case.

The public sector and larger banks remain the most likely target of direct attacks. The study estimates the direct damage cost EUR 59.6 million, while collateral effects cost another EUR 10 million.

The damages are based on the 237 attacks identified and estimates for the consequences if the attacks succeeded. If no protective measures are taken, the total cost to society from DDoS attacks is estimated at EUR 1 billion per year.

Source: https://www.telecompaper.com/news/sidn-nbip-warn-small-businesses-of-increased-risk-of-ddos-attacks–1269808

Resellers that support the retail sector will be keeping a keen eye on how their customers react to the huge amounts of data that will be generated this coming weekend.

Resellers selling into the retail sector are about to go through one of the most stressful weeks of the year as their customers gear up for Black Friday.

With this weekend marking one of the main moments consumers spend big before Christmas the emphasis might be on getting the best deals but for those with an eye on the IT the next few days is going to be about data.

On the one hand that means making use of the data around offers and stock to ensure that customers get current information about what a retailer can offer.

“Last year Black Friday itself was worth a total of £2.5bn in sales to the UK economy. However, if retailers fail to stand out against the intense competition, Black Friday could well be a Bleak Friday for them,” said Chris Haines, director of consulting at Amplience.

“To make the most out of the week and the increasingly important Cyber Monday, retailers should be focusing on their digital content. Retail is steadily marching towards the web, and Black Friday this year will be fought out online and on mobile,” he added.

But it is also about ensuring that data is protected, particularly over some of the busiest days of the year.

“Thanks to the popularity of ecommerce sites and credit card payments, the Black Friday shopping season has become synonymous with a peak in credit card thefts, site spoofing and DDoS attacks. It’s as much an occasion for cyber criminals as it is for consumers looking for a bargain,” said Spencer Young, rvp EMEA at Imperva.

“Retailers must also take responsibility for investing time and effort in testing their security measures ahead of the season,” he added.

There are also dangers that some retailers will get caught out by different shopping patterns and Ajmal Mahmood, customer solution architect, KCOM, warned against wrongly interpreting the sales the go through the tills.

“Buying habits change during big sales events, with some consumers making more impulse purchases, some stocking up on discounted items and some simply shopping as usual. It’s prudent for retailers to isolate the data collected during sales events, to ensure that they don’t significantly affect their personalisation algorithms across the year,” he said.

Source: https://www.computerweekly.com/microscope/news/252452793/Data-will-be-flowing-through-the-retail-systems-this-Black-Friday

One of the most significant issues facing the online gaming industry is service availability as large-scale Distributed Denial of Service (DDoS) attacks are still an everyday occurrence.

Unfortunately, denial of service attacks have always and will always be a part of the gaming culture, but not every outage is considered malicious in nature. For example, when hundreds of thousands of users attempt to log in simultaneously, it creates tremendous stress on some of the largest networks in the world resulting in a natural flood of users that can cause an outage.  For operators defending these networks, identifying and mitigating malicious traffic during these times can be difficult even for the most advanced team.

The good news is most of these attacks can often be forecast allowing operators time to prepare. In general, what makes target gaming companies attractive to “DDoSers” is their massive user base and potential impact. Criminals will often strategically launch DDoS attacks during a new release, tournament or special promotion because they know there will be an increase of traffic and stress put on the network allowing them to cause the greatest amount of damage and impact the most users.  For example, in October 2018 Ubisoft’s new release, Assassin’s Creed: Odyssey, was targeted on its release day by a series of DDoS attacks that prevented users from connecting to the game’s servers.

Three Types of DDoS Attackers

There are numerous reasons why someone would launch a denial of service attack against an online gaming platform, but most can be categorized into one of three groups.

Trolls

The first group is known for their trolling antics and a general desire to disrupt another person’s day. Their assaults typically come at the most crucial moments when gamers are looking to take advantage of particular in-game content or bonuses. These events occur on specific dates and times and attackers will deliberately target their DDoS attacks during these set times. This group gets the reaction they are looking for when gamers voice their frustration at the situation and gaming operators over social media.

Retaliators

The second group are those that attack in retaliation. For example, when Blizzard Entertainment banned a large group of users for using automatic triggering and aimbots, the company experienced a DDoS attack in response. This group attacks their targets immediately following the ban and its only goal is to inflict damage to the company directly.

Attention Seekers

The third group of attackers are attention seekers or profiteers.  Their attacks are focused mainly on tournament disruption and booting specific players for profit or stunt DDoS’ing to advertise their services during major release or holidays. By launching these attacks, their mission is to generate profit and social klout.

DDoS attacks aimed at the gaming industry over the last five years has evolved at rapid rates mainly due to the adoption of Internet of Things (IoT) devices by general consumers. Typically, today’s DDoS attacks target the game industry through IoT botnets like Mirai. They produce massive volumetric attacks causing severe problems not only to game operators and their users, but to service providers who will have to absorb the high volume attacks.

These DDoS campaigns are often conducted by attackers that have a basic to advanced understanding of network and application security. If they are unable to flood the gaming servers, they will find another bottleneck or attempting to target upstream providers.

Before the release of Square Enix’s Final Fantasy XIV expansion pack Stormblood in June 2017, the company relocated its servers to provide their users with better service availability and increased optimization. Unfortunately, attackers were still able to identify the locations of the new servers and DDoS attacks occurred in parallel with the release date of the Stormblood expansion. The attacks against the release persisted over several day and eventually escalated from targeting Square Enix’s game servers directly to attacking their upstream providers.

The advanced attackers are also able to consistently change attack vectors in an attempt to defeat modern day mitigation systems. One of the more prominent trends in 2017 was the increase in short-burst attacks, which over time have increased in complexity, frequency and duration. Burst tactics are typically used against gaming websites and service providers due to their sensitivity to service availability among their users. Timely or random bursts of high traffic can leave the targeted organization paralyzed causing a severe service disruption for its users.

Large-scale DDoS attacks and natural floods also have a significant impact on network providers who must deal with pipe saturations as massive volumetric attacks are directed at their clients. This kind of disruption typically leads to high latency and service degradation impacting additional enterprise customers of the ISP as the attack consumes provider resources.

As DDoS attacks increase in volume, they will continue to pose a threat not only to gaming operators, but for network providers as well.

The determination and systematic targeting of these services show how motivated attackers can be. Looking forward, one of the last major releases for the year, Battlefield V, will go live on November 20th. It’s expected that due to high demand, the release could experience latency and service degradation due to natural floods of users or worse, targeted by a series of DDoS attacks. The last release of Battlefield 1 on October 21 2016, was severally affected along with other major services that day by a denial of service attack that was launched against Dyn’s managed DNS infrastructure.

Since these attacks generally occur in sync with the launch of significant tournaments, maintaining and inspecting networks is necessary to defend against these types of attacks. For the online gaming industry and service providers, it’s critical to get into a pattern of auditing their systems ahead of major tournaments and releases so that there is plenty of time to review and make the necessary adjustments if needed to prevent service outages. Most attacks targeting the gaming industry can be forecasted and with proper planning you can ensure service availability for both you and your users.

 

Source: https://www.scmagazine.com/home/opinions/how-online-gaming-companies-can-forecast-protect-against-ddos/