DDoS Defense Archive

Distributed Denial-of-service attacks have become annoyingly common over the past several years. They’ve been responsible for some major service outages, too. One knocked an entire country offline. Another crippled Internet access across the Eastern United States.

In 2018 law enforcement agencies fought back in a big way. A coordinated effort dubbed Operation Power Off resulted in the takedown of Webstresser.org, one of the largest DDoS-for-hire marketplaces around.

As a result, authorities got their hands on a treasure trove of customer information. Those customers, remember, were paying cash to launch attacks against businesses and individuals.

In the United Kingdom alone Webstresser data has led to multiple arrests and the seizure of dozens electronic devices and more are on the way. According to a Europol press release, more than 250 individuals will soon face charges.

Many may not have realized how disruptive their actions could be, especially when launching a DDoS attack is so cheap and easy to do. The reality is that DDoS attacks can create serious problems. A larger business hit by a sustained DDoS can easily run up several million dollars in costs resulting from lost productivity, sales, and remedition. A 2017 survey of 1,000 businesses revealed total estimated losses of $2.2 billion.

The losses pile up quickly, which is why agencies from 20 different countries have agreed to coordinate their efforts against DDoS service providers and users. Their cooperation led to several more successes toward the end of 2018. 17 more DDoS services were shut down in December, 15 of which were seized by the FBI.

To b clear, the battle against DDoS attacks will be an ongoing game of whack-a-mole and officials are taking a zero-tolerance approach. Europol’s release states that “size does not matter – all levels of users are under the radar of law enforcement, be it a gamer booting out the competition out of a game, or a high-level hacker carrying out DDoS attacks against commercial targets for financial gain.”

Source: https://www.forbes.com/sites/leemathews/2019/01/29/law-enforcement-agencies-are-going-after-hundreds-of-ddos-users/#531c1af86b19

If you’re keeping up with what’s happening in the wonderful world of IT, you’re probably reading the blood-curdling headlines about 1.7 Tbps distributed denial of service (DDoS) attacks and gut-wrenching descriptions of average $40,000-per-hour costs of unmitigated attacks.

You’ve also probably digested the fact that no business is too large or too small to be a target of distributed denial of service attacks. So, it’s natural to start thinking about IT security improvements. In these initial thoughts, it’s tempting to envisage a tidy, on-site operation. It has the latest hardware and software (you’re upgrading), and your IT team is in charge. But hold on a minute. Before you go any further, consider all your options before settling on a DIY security solution. There are many reasons why the wise choice is letting the security pros protect your network.

Five reasons to not DIY

The main reason to pass up DIY mitigation? Its limitations. Although tools and techniques of in-house DDoS mitigation are powerful, they can’t stop swift, massive, and sophisticated volumetric attacks. Remember, in on-premises DIY mitigation plans:

  • Protection starts too late in the attack cycle. DIY protection methods are usually a reaction to the initial attack. By the time the IT security team starts working, much of the damage is done. This is especially relevant in DDoS attacks that include application-layer exploits.
  • The ability to adjust configurations doesn’t always help. IT security pros can respond to an attack by adjusting configuration settings manually. However, this takes valuable time. Also, protection is good only for the same type of attack. This lack of flexibility becomes a problem in multi-vector exploits. When botmasters (human controllers of DDoS bots) change tactics in mid-attack, your protection loses its usefulness.
  • Your network’s network bandwidth limits DIY protection efforts. Your DDoS protection is only as good as your bandwidth is large. DDoS attacks commonly measure many times more than the volume of enterprise network traffic.
  • DIY protection can’t always distinguish malware and legitimate users. In-house, DDoS protection methods often involve static traffic rate limitations and IP blacklisting. When you use these relatively old-fashioned methods, legitimate users can be mistaken for malicious software. Being blocked from using your website is a quick way to lose customers.
  • Prohibitive costs. For many companies wanting to upgrade their DDoS protection, this is the biggest problem of all. Purchasing, installing and deploying hardware appliances carry a hefty price tag that puts DIY protection beyond the budget of most organizations.

Don’t forget to protect your applications

Network users are discovering what IT security pros have known for a while. Volumetric attacks might be the familiar face of DDoS mayhem. In many cases, however, data and application security are also at risk.

That’s because DDoS attacks are often smokescreens to exploits that look for valuable data and information. In an application-layer DDoS attack, a botnet distracts the security team. While the security pros deal with the immediate problem, bots search for any information that can be sold on the Dark Web.

If you want to run your own DDoS protection methods, this is bad news. The security of applications that you run onsite is at risk. Given this expanded security scope, you would have to protect your apps by upgrading application-layer security measures. Experts recommend that to secure commercial applications, organizations must have their own remediation process, identity management methods, and infrastructure security procedures.

To run custom applications safely, you should adopt quite a few additional measures. These include application security testing, developer training, DevOps and DevSecOps practices, and maintaining an open source code inventory.

The ace up your sleeve—cloud-based mitigation services

The cloud is where you’ll find a powerful, cost-effective security option. Cloud-based, DDoS mitigation providers offer benefits that DIY methods lack.

  • Broad DDoS protection. Cloud-based protection secures your infrastructure against attacks on your system’s network and application layers.
  • No DDoS-related capital or operations costs. Mitigation service specialists offer DDoS protection as a managed service. There’s no need to invest in hardware or software. And, say good-bye to IT labor costs. Your IT staff doesn’t get involved in DDoS mitigation.
  • No scalability problems. DDoS mitigation providers use large-scale infrastructures, with virtually unlimited bandwidth.
  • No need to hire expensive talent. In-house DDoS protection solutions require IT pros with expensive, often hard-to-find knowledge and experience. The staffs of DDoS mitigation providers include the security and data specialists needed to keep DDoS attacks at bay.
  • You spend less time and money. When you add up the costs of all required assets and resources, the conclusion is clear. You’ll spend far less time, effort, and budget when you engage off-premises, DDoS protection services.

These are the benefits that most DDoS mitigation services provide. However, advanced mitigation providers go several steps beyond this already high standard of performance. For example, automated defense methods built into DDoS response software eliminate the need for time-consuming human intervention. In fact, these capabilities reduce time to mitigation to mere seconds. (The current industry record is 10 seconds).

Isn’t it time to take advantage of this IT security firepower? With DDoS mitigation services at your back, you’ll never have to wince at another DDoS screamer headline again.

Source: http://trendintech.com/2019/01/27/the-trouble-with-growing-your-own-ddos-protection-methods/

On Monday, Europol said it was closing in on more than 250 customers of Webstresser.org and other DDoS-for-hire services. In April, authorities took down the site for letting buyers knock websites offline.

If you were a big buyer of DDoS attacks, you may be in trouble. Police in Europe plan to go after customers of Webstresser.org, a major DDoS-for-hire website it shut down last year

On Monday, Europol said it was closing in on more than 250 customers of Webstresser.org and other DDoS-for-hire services. “Actions are currently underway worldwide to track down the users of these Distributed Denial of Service (DDoS) attacks,” the agency added.

In April, Europol shut down Webstresser.org for letting buyers knock websites offline. For as little as $18.99 a month, the site offered access to DDoS attacks, which can overwhelm an IP address or website with enough internet traffic to disrupt access to it.

Webstresser.org was believed to be the world’s largest market for DDoS-for-hire services, according to Europol. Before its shutdown, the site helped launch 4 million attacks. It had also attracted 151,000 registered users under the guise of selling “server stress testing” services.

Now all those customers are in danger of facing potential prosecution. That’s because authorities have uncovered a “trove of information” on Webstresser.org’s users.

“In the United Kingdom, a number of webstresser.org users have recently been visited by the police,” Europol said in its announcement. “UK police are also conducting a number of live operations against other DDoS criminals.”

Although police have typically focused on targeting the sellers of DDoS attacks, Europol said law enforcement is ramping up activities to crack down on buyers as well. Last month, US federal investigators also warned they were going after customers of DDoS-for-hire websites.

“Whether you launch the DDoS attack or hire a DDoS service to do it for you, the FBI considers it criminal activity,” FBI Assistant Director Matthew Gorham said in December. “Working with our industry and law enforcement partners, the FBI will identify and potentially prosecute you for this activity.”

Source: https://www.pcmag.com/news/366214/europol-crackdown-targets-ddos-attack-buyers

In March of 2018 cybersecurity nonprofit abuse.ch launched a new project called URLhaus. Its goal: to search and destroy compromised web pages that were being used to distribute malware. Fast forward to today and URLhaus has helped cleanse the Web of more than 100,000 malicious pages.

URLhaus is a collaborative effort and some 265 cybersecurity researchershave contributed to the project so far. Abuse.ch reports having received more than 300 malicious page submissions every day.

That number jumped dramatically this month. On January 16 reports more than doubled to 701. Yesterday URLhaus broke the 1,000 submission mark for the first time. Expect those numbers to continue climbing as more members of the cybersec community get involved.

Two strains of malware make up a substantial percentage of the submissions so far. Heodo, a botnet that is commonly used to launch DDoS attacks and distribute additional malware, leads the way with more than 16,000pages blacklisted. In second place is Gozi, a widely-distributed spyware tool that has the ability to record keystrokes and steal login details from web browsers.

Abuse.ch shared some additional statistics about its work so far. Some of the most interesting dealt with the responsiveness of hosting providers around the globe.

Providers in the United States typically took swift action after receiving a notification from URLhaus. Digital Ocean, which saw the most submissions of any provider, averaged about 6 days. Household names GoDaddy and Google were slightly slower at 9 and 8 days, respectively.

Faster is better, naturally. The sooner a malware distribution point is removed from the Web the safer things are for everyone who uses it.

Unfortunately not all content distribution networks respond as quickly. Some providers allowed reported URLs to continue pushing malware for weeks. In one case nearly two months passed between the URLhaus alert and the link’s removal.

The longer these malicious pages remain online, the greater the harm the malware can do. Hopefully providers will start working more closely with URLhaus and bringing their response times down. Swift action on their part means a safer Internet for everyone.

Source: https://www.forbes.com/sites/leemathews/2019/01/23/massive-group-effort-disables-100000-web-pages-that-distributed-malware/#178990873b39

While ransomware attacks declined in 2018, cryptominers dominated the malware landscape and impacted 37 per cent organisations worldwide, Israel-based cybersecurity solutions provider Check Point Software Technologies said in a report here on Tuesday.

According to “Check Point’s 2019 Security Report”, despite a fall in the value of all cryptocurrencies, 20 per cent of the companies continued to be hit by cryptomining attacks every week.

In 2018, cryptominers occupied the types of top four most prevalent malware.

On the other hand, ransomware usage fell sharply in 2018, impacting just 4 per cent of organisations globally.

“From the meteoric rise in cryptomining to massive data breaches and DDoS attacks, there was no shortage of cyber-disruption caused to global organisations over the past year,” Peter Alexander, Chief Marketing Officer of Check Point Software Technologies, said in a statement.

“These multi-vector, fast-moving, large-scale ‘Gen V’ attacks are becoming more and more frequent, and organisations need to adopt a multi-layered cybersecurity strategy that prevents these attacks from taking hold of their networks and data.
“The 2019 Security Report offers knowledge, insights and recommendations on how to prevent these attacks,” he added.

The report examines the latest emerging threats against various industry sectors, and gives a comprehensive overview of the trends observed in the malware landscape, in emerging data breach vectors, and in nation-state cyber-attacks.

Mobiles were found as a moving target. Over 30 per cent of organisations worldwide were hit by mobile malware, with the leading three malware types targeting the Android OS.

2018 saw several cases where mobile malware was pre-installed on devices, and apps available from app stores that were actually malware in disguise, the report said.

Bots were the third most common malware type, with 18 per cent of organisations hit by bots which are used to launch DDoS attacks and spread other malware. Bot infections were instrumental in nearly half (49 per cent) of organisations experiencing a DDoS attack in 2018.

The report is based on data from Check Point’s ThreatCloud intelligence — a collaborative network for fighting cybercrime which delivers threat data and attack trends from a global network of threat sensors — over the last 12 months.

It is also based on a new survey of IT professionals and C-level executives that assesses their preparedness for today’s threats.

Source: https://economictimes.indiatimes.com/news/international/business/cryptomining-impacted-37-organisations-worldwide-in-2018/articleshow/67639012.cms