DDoS Archive

Update 5:50 a.m. PST:

The servers are now down for maintenance, and the attack is over. If further ones happen, we’ll announce accordingly.

Update 8:15 p.m. PST

The DDoS attacks continue. Blizzard is rolling out updates to the backend services at a breakneck pace right now, some of which are having unintended consequences and further complicating an already messy situation. However, it should be noted that this is to be expected when combating such a large scale attack. In no way is Blizzard responsible for the server outages on this scale — responsibility rests with the script kiddies and bot net controllers.

It’s hard to know just how big this attack is, but with the sustained issues it’s causing, and the severity of response from Blizzard, it’s safe to assume that it’s big. Battle.net is a hardened internet service that has withstood onslaughts like this before. For it to fail at such a critical juncture is nothing but catastrophic for the short term, and could have serious long term implications. We have some idea, shown above, of just how global this attack is.

We’ll update this post as the night continues, providing you with the latest. In the mean time — we recommend you catch up on your lore, and not concern yourself with logging in.

Original Post:

WoW Insider received reports earlier today that Blizzard may be the target of a significant DDoS effort — and community manager Bashiok has confirmed it on the World of Warcraftforums.

Bashiok goes on to outline additional issues Blizzard is currently attempting to resolve: instance servers timing out, disconnects from the continent servers, and performance and phasing issues with garrisons.

Source: http://wow.joystiq.com/2014/11/13/blizzard-confirms-world-of-warcraft-target-of-ddos-attack/

The average distributed denial-of-service (DDoS) attack costs a business roughly $40,000 per hour, according to an Incapsula survey. Since 49 percent of incidents last between six and 24 hours – 86 percent of respondents reported that an average attack lasts 24 hours or less – the average cost associated with a DDoS attack is assessed in the survey at approximately $500,000.

To learn how DDoS attacks impact businesses, Incapsula surveyed 270 North American organizations – 80 percent of which are headquartered in the U.S. – that have anywhere from 250 to 10,000 employees.

Igal Zeifman, product evangelist and researcher at Incapsula, told SCMagazine.com in a Thursday email correspondence that companies stand to lose some or all of their revenue per hour when hit by a DDoS attack. As an example, Zeifman noted that $1 billion in annual revenue amounts to $114,155 per hour, so “every hour a large business operates is worth a lot of money.” And the cost of DDoS attacks goes beyond lost revenue. Organizations that are victims of DDoS attacks incur costs from loss of customers, brand damage, legal fees, and wasted staff time, he added.

In the survey, 52 percent of respondents said they had to replace hardware or software, 50 percent had a virus or malware installed or activated on their network, 43 percent experienced loss of consumer trust, 33 percent acknowledged customer data theft, and 19 percent suffered intellectual property loss – 60 percent reported having two or more of these consequences.

Within the company, 35 percent of those surveyed indicated that IT takes the largest financial hit, but 23 percent named sales, 22 percent named security and risk management, and 12 percent named customer services.

“Sales is hit with responding to angry customers who may leave, or threaten to leave, the business they had contracts with, for example a SaaS vendor or hosting provider with a service level agreement,” Zeifman said. “Sales may also miss its number, for example an online retailer knocked offline on Cyber Monday.”

Additionally, five percent named marketing and public relations, and two percent named legal.

“Marketing often has to communicate with customers and repair their reputation with customers and the market,” Zeifman said. “Legal is involved in negotiations over SLA violation, potential lawsuits, and potentially with regulatory filings in the financial services industry.”

Incapsula indicates in the survey that organizations should be able to respond to DDoS attacks with as few employees as possible.

When asked how many employees in the organization are tasked with mitigating or combating a DDoS attack, 27 percent of respondents said more than 15 staffers, 69 percent said between two and 15 people, and no one said just a single individual. Furthermore, while 43 percent of respondents said their company uses a purpose-built DDoS protection solution, more than half stated that their firm relies on web application firewalls or traditional network firewalls that are vulnerable on their own.

“In general, organizations do not do a good job when it comes to crisis planning,” Zeifman said. “There are often business priorities that take precedence, though the lack of planning may come back to bite them. Just like organizations should have plans to recover from data breaches, they should have plans to recover from DDoS attacks.”

Stepping back from cost analysis, Incapsula sought to determine the motivations behind DDoS attacks.

In the survey, 46 percent of respondents indicated that they had received a ransom note from a DDoS attacker, and 45 percent said they had not. 40 percent of those surveyed said they believe the attacker was attempting to flood the company’s network infrastructure to block all connections to its domain, 20 percent believe the attacker was targeting specific applications to block the company’s use, and 33 percent believe both were motivations.

Extortion for profit is one of the primary drivers of DDoS attacks, Zeifman said.

“Extortionist hackers rent botnets for a relatively small amount of money, say $500, and then threaten DDoS attacks on ten to twenty sites, betting that some will pay up,” Zeifman said. “It is effectively DDoS arbitrage.”

Zeifman added that hacktivism and competitive business feuds are other big motivations.

“Hacktivists try to draw attention to their cause or the faults of the organization they are attacking,” Zeifman said. “Their aim is publicity, but the business and its customers suffer. Competitive business feuds are more common in certain competitive and loosely regulated industries like online gambling, multiplayer online games, and bitcoin exchanges. Competitors try and take out a competitor to drive business to their game site, gambling site or exchange.”

Source: http://www.scmagazine.com/incapsula-found-the-of-ddos-attacks-to-be-substantial/article/383179/


Distributed Denial of Service (DDoS) attacks against Hong Kong websites increased a whopping 111% from September to October as pro-democracy protests in the Special Administrative Region of China took hold, according to Arbor Networks.

The DDoS mitigation firm’s Security Engineering and Response Team (ASERT) consulted anonymized data generated by its ATLAS network of 290 ISPs worldwide running Arbor products.

It found that observed attacks against Hong Kong-related online properties jumped from 1,688 in September this year to 3,565 in October.

ASERT threat intelligence and response manager, Kirk Soluk, explained in a blog post that while establishing definitive causal relationships and attribution is tricky, DDoS attacks appear to have become the “new normal” in countries experiencing political unrest.

“In this case, we observed a 111% increase in the number of DDoS attacks targeting Hong Kong-related internet properties when analyzing the months immediately before and after protester demands, on October 1, for Hong Kong’s chief executive to step down,” he added.

“Additionally, large-scale DDoS attacks were observed targeting Hong Kong-related internet properties that coincide with reports of debilitating disruptions of online media outlets sympathetic to the protest movement.”

These online media outlets included most notably Next Media, run by outspoken Beijing critic Jimmy Lai, and its popular Apple Daily publication.

In this case the large DDoS on its site coincided with reports of anti-protest crowds physically trying to prevent distribution of the Apple Daily newspaper and of a simultaneous cyber-attack which took the company’s email system out for hours.

Arbor may have had trouble with attribution but security vendor FireEye recently claimedthat the attack infrastructure used to launch the DDoS campaigns could be linked to that used by likely Chinese state-backed APT activity such as Operation Poisoned Hurricane.

As for the future, Arbor is predicting that November is already shaping up to be another big month for DDoS attacks in Hong Kong, as the protesters continue their campaign for true democracy in the former British colony.

The firm said it recorded peak DDoS sizes of 30Gb/s on four consecutive days this month, for example.

Source: http://www.infosecurity-magazine.com/news/hong-kong-sites-hit-by-111-rise/

The first event of the 2014 Swedish Masters, the online poker series run by Sweden’s state-owned monopoly company Svenska Spel, did not go as expected, as a distributed denial-of-service (DDoS) attack obliged the room to cancel the event and refund all the players.

Initially scheduled to take place on Sunday, Nov. 2, the tournament ended up without a winner, but with 1,451 players being refunded for their tournament buy-ins.

“We have had a number of DDoS attacks last week, that went on into the evening,” a spokesperson from Svenska Spel told Sweden’s leading daily Aftonbladet. “At first, we paused the tournament, but then we noticed that the attack started again, so we decided to cancel it.”

Planned to offer Svenka Spel’s players a good number of tournaments throughout the whole month of Nov., the 2014 Swedish Masters is now considered to be a series “at risk” per the room’s own admission, and it is possible that similar attacks will influence the regular play of the other events in the schedule.

The DDoS attacks came in a delicate time period for Svenska Spel, as Sweden’s only licensed company has recently suffered for some significant revenue losses.

As reported by PokerNews on Monday, the company recorded 2.1 billion Swedish krona ($284 million) in 2014 third-quarter revenue, representing a 10.9-percent decline from the 2.4 billion Swedish krona ($325 million) in the same period in 2013. At the same time, 2014 year-to-date operating profit has declined nine percent from 3.8 billion Swedish krona ($514 million) in 2013 to 3.5 billion Swedish krona ($473 million) in 2014.

The negative trend, however, did not come as a surprise for the board of the company, as its CEO Lennart Käll explained that the numbers were “according to the company’s plan.”

According to Käll, the decline is due to the fact that “in recent years, the Swedish gambling market has evolved in the wrong direction,” and that Svenska Spel’s has decided to engage in a more socially responsible promotion of gambling and adopted a series of measures that have limited its visibility compared to the past years.

Source: http://www.pokernews.com/news/2014/11/svenska-spel-swedis.masters-ddos-attack-19727.htm

Guy Fawkes: famous for a plot to assassinate England’s King James in 1604 and for guarding copious amounts of gunpowder, is remembered every Nov. 5 in Britain with fireworks and bonfires. Researchers say that businesses should brace themselves for a different kind of plot: an influx of distributed denial of service (DDoS) attacks from hacktivist group Anonymous on Wednesday.

“The forecast for the future looks dark, as we expect to see many DDoS attacks during Guy Fawkes Day on November 5, as the Anonymous collective has already announced various activities under the Operation Remember campaign,” said Candid Wueest, threat researcher at Symantec, in a blog. “However, hacktivists protesting for their ideological beliefs are not the only ones using DDoS attacks. We have also seen cases of extortion where targets have been financially blackmailed, as well as some targeted attacks using DDoS as a diversion to distract the local CERT team while the real attack was being carried out.”

DDoS attacks have grown in intensity as well as in number in the last two years, although the duration of an attack is often down to just a few hours. Amplification attacks especially are very popular at the moment as they allow relatively small botnets to take out large targets with amplification factors of up to 500. For such an attack, spoofed traffic is sent to a third-party service, which will reflect the answer to the spoofed target.

“Such attacks are simple to conduct for the attackers, but they can be devastating for the targeted companies,” said Wueest.

From January to August 2014, Symantec has seen a 183% increase in DNS amplification attacks, making it the most popular method seen by Symantec’s Global Intelligence Network. Multiple methods are often used by attackers in order to make mitigation difficult and, to make matters worse, DDoS attack services can be hired for less than $10 on underground forums.

“It is the distribution of hosts that attracts attackers — such as the group Anonymous — as it provides multiple advantages; undetectable location, multiple machines and identity anonymity,” said Alex Raistrick, director cybersecurity solutions at Palo Alto Networks. And all of that “which makes DDoS attacks an appealing instrument for destruction on Guy Fawkes Day,” he added.

As far as mitigation, Raistrick noted that some attacks simply exploit vulnerabilities that subsequently crash or severely destabilize the system so that it can’t be accessed or used.

“Segmentation helps to block attacks trying to spread from one area of the network to another,” he said. “Next-generation firewall will also directly contribute to a stronger overall security platform, starting with the endpoint and detecting attacks there as well as detecting when threats are attempting lateral moves within networks.”

He added, “Essentially, make your estate difficult and expensive to breach — and the bad actors will go elsewhere.”

Source: http://www.infosecurity-magazine.com/news/ddos-explosion-imminent-for-guy/