DDoS Archive

Over the last decade, distributed-denial-of-service attacks have grown from a nuisance to a persistent problem that can potentially cripple a company. The Kaspersky Lab reports that there were 12,281 unique victims of DDoS attacks during the first quarter of 2015, and these attacks targeted Web resources in 76 countries. A new report from security firm Imperva offers a deeper examination of the topic—as well as the risks and repercussions from DDoS assaults. Among other things, the “Imperva DDoS Report 2015″ found that once an organization becomes a target of DDoS attacks, it remains a target; the length of a typical attack extends beyond the period most enterprise executives expect; and, if no mitigation occurs, organizations can lose millions of dollars and also wind up with frustrated customers who decide to give their business to competitive vendors. Imperva collected data in the wild during the course of mitigating thousands of DDoS assaults against Imperva Incapsula-protected domains and network infrastructures. Here are some of the key findings from the DDoS report:

Costly Consequences

An unmitigated DDoS attack costs a business U.S. $40,000 per hour, though the consequences can also include lost opportunities, data theft and loss of public trust.

Target

Once a Website is targeted by application layer attacks, it will be attacked again—once every 10 days on average.

Timing Is Everything

71% of DDoS occurrences last under three hours, but 20% span five days or more. The longest known attack lasted 8 days.

Tools of the Trade

UDP (User Datagram Protocol) and SYN floods are the most common methods for launching DDoS attacks. They were used in more than 56% of all attacks.

Multi-Vector Attacks Diminish

56% of all network layer attacks were classified as multi-vector, compared to 81% in March 2014.

Botnet for Hire

40% of all mitigated network layer attacks fell into the botnet-for-hire category. The average subscription fee for a one hour a month DDoS package is roughly $38, with fees as low as $19.99

Application Layer Risks

A spike in activity occurred from devices infected with MrBlack, Nitol, PCRat and Cyclone malware. 15% of all attacks originated from China, followed by Vietnam, U.S., Brazil and Thailand

Bot Evolution

There is roughly the same percentage of primitive bots today as there was a year ago, but more sophisticated methods are emerging.

Searching for Results

Over the course of a year, search engine impersonator bots dropped from 58% of DDoS traffic to less than 1%.

No Escape

Overall, 40% of Imperva’s clients were exposed to attacks from botnets for hire

Source: http://www.baselinemag.com/security/slideshows/ddos-attacks-have-become-a-persistent-problem.html

 

Australian-based online marketplace startup Envato has been the target of a sustained distributed denial of service (DDos) attack this month.

Envato, which has over four million users, has been intermittently offline across the last two weeks, including for three hours last Friday and one hour on Sunday.

The company released a statement on Monday about the attacks, saying they don’t know who is behind it.

“The attacker, whose motive and identity are unknown, has repeatedly flooded our servers with high levels of traffic, causing our services to be unavailable at various times,” software development manager John Viner says in the post.

StartupSmart attempted to contact Envato for comment but did not hear back before publication.

Envato is an online network of eight marketplaces where users can sell creative assets for web designers. The company’s largest site is ThemeForest,which was listed among the top 100 most popular websites in the world last year, according to Alexa.

The DDoS attacks seem to have begun at the start of this month and are still continuing, with some users reporting outages on Wednesday.

“This is the largest incident of this type Envato has experienced and although we’ve been able to successfully restore service each time, our response times could have been faster,” Viner says.

Envato reported in April the total payments made to their community had reached more than $250 million, meaning there must be a lot of money lost during these downtimes.

Envato was founded by Collis Ta’eed, Cyan Ta’eed and Jun Rung in 2006, and has been entirely bootstrapped since then. It now employs about 250 people, mostly in Melbourne.

Despite the multiple attacks, Envato says no personal or financial information has been breached.

“Please know that your data is safe and we are fully committed to mitigating the situation and minimising future unplanned downtime,” Viner says.

Envato says it is now working on a range of developments to prevent these attacks in the future, including a dedicated team to deal with the issue at all times, DDoS mitigation service providers, and fast-track planned technical upgrades.

“We’re now better placed than ever before to detect and deal with attacks of this nature,” Viner says.

“It’s hard to predict what we’ll come up against in the coming days and weeks and we thank you in advance for your patience and understanding.”

Source: http://www.startupsmart.com.au/technology/envato-targeted-by-sustained-ddos-attack/2015071615119.html

More than half of IT security professionals (52 per cent) said loss of customer trust and confidence were the most damaging consequences of DDoS attacks for their businesses, according to new research from Corero Network Security (LSE: CNS), a leading provider of First Line of Defence® security solutions against DDoS attacks.

The research, conducted at the U.S. RSA Conference 2015 and Infosecurity Europe, also revealed that a fifth of respondents (22 per cent) indicated that DDoS attacks have directly impacted their bottom line – disrupting service availability and impeding revenue-generating activity.

“An organisation’s ability to maintain service availability in the wake of a DDoS attack is paramount in maintaining customers, as well as winning over new customers in a highly competitive market,” said Dave Larson, CTO and Vice President, Product at Corero Network Security. “When an end user is denied access to Internet-facing applications or if latency issues obstruct the user experience, the bottom line is immediately impacted.”

One-fifth of respondents cited a virus or malware infection as the most damaging consequence of a DDoS attack, and 11 per cent indicated that data theft or intellectual property loss as a result of a DDoS event is of highest concern.

“DDoS attacks are often used as a distraction technique for ulterior motives. They’re not always intended for denying service, but rather as a means of obfuscation, intended to degrade security defenses, overwhelm logging tools and distract IT teams while various forms of malware sneak by,” Larson continued.

Nearly half of those surveyed admitted to responding reactively to DDoS attacks. When asked how they knew that they suffered a DDoS attack, 21 per cent cited customer complaints of a service issue as the indicator of an attack, while 14 per cent said the indicator was infrastructure outages (e.g. when their firewalls went down), and another 14 per cent said application failures, such as websites outages, alerted them to the DDoS event. In contrast, less than half of respondents (46 per cent) were able to spot the problem in advance by noticing high bandwidth spikes, an early sign of an imminent attack, by using other network security tools.

“It is an unfortunate but all too common issue when your customers are first to alert you to a service outage. From a technical perspective, it’s much harder to respond to an outage if you start off on the back foot. Real-time protection is really the only way to proactively combat the DDoS attacks targeting business,” Larson noted. “Using scrubbing centers to mitigate DDoS attacks off-site is a game of cat and mouse. With 96 per cent of DDoS attacks lasting 30 minutes or less, by the time an on-demand defense has been engaged, it is already too late and the damage has been done.”

Approximately 50 per cent of respondents rely on traditional IT infrastructure, such as firewalls or Intrusion Prevention Systems to protect against DDoS attacks, or they depend on their upstream provider to deal with the attacks. Only 23 per cent of those surveyed have dedicated DDoS protection via an on-premises appliance-based technology or from an anti-DDoS cloud service provider. However, it appears that many organisations are more in tune with the ramifications of DDoS attacks, as 32 per cent indicate that they have plans to adopt a dedicated DDoS defense solution to better protect their business in the future.

Larson concludes, “Attackers are finding new ways to apply DDoS tactics and mask malware and other vulnerability exploits, indicating that DDoS is a changing breed of threat that the Internet-connected business cannot afford to ignore. Relying on traditional infrastructure or upstream services to protect you against the frequent and increasingly sophisticated DDoS attack landscape is not a definitive solution. Dedicated DDoS protection technology that is deployed at the very edge of the network, or Internet peering can effectively inspect all Internet traffic and mitigate DDoS attacks in real-time removing the threat to your business before it can inflict damage.”

Source: http://www.itproportal.com/2015/07/13/what-is-most-damaged-in-a-ddos-attack/

Reddit rival Voat has announced that it is currently being hit by a Distributed Denial of Service (DDoS) attack by unknown hackers.

Switzerland-based Voat posted on Twitter at midnight (GMT) on 13 July that it was being hit by an ongoing “layer 7 DDoS attack”. The website added a bit more detail on its own website:

“In case you were wondering why most third party apps for Voat haven’t been working for the last 8 hours or so – we are under DDoS. Again,” Voat wrote, quoting a CloudFlare support engineer.

“In order to keep Voat at least somewhat responsive, we’ve bumped up CloudFlare security settings which essentially breaks most Voat third party apps currently on the market. We are sorry about this and we are working on a solution and taking this time to optimise our source code even further. What doesn’t kill you – makes you stronger, right?”

At the time of publication, the website is now loading, although intermittently, and some users will still receive a message saying: “Voat is currently being kicked by a botnet.”

Voat is a censorship-free alternative to Reddit that uses an almost identical layout to the hugely popular “front page of the internet”.

Voat’s rise has been helped by Reddit problems

On 2 July, it was announced that director of talent Victoria Taylor, one of the few people to have a paid position with Reddit, had been fired. Her departure caused a huge online protest to erupt which saw 300 of Reddit’s most read subreddits being made private for over 24 hours and causing Reddit CEO Ellen Pao to resign.

During this period, Voat reported that it was receiving huge spikes in traffic, likely from Reddit users moving to the Swiss copy, and its servers were struggling to handle the increase in users. The website’s administrators also confirmed that they had been approached by several venture capitalist firmskeen to invest on 3 July.

However, the website has already been on the rise since May – it was initially ranked below 80,000 on Alexa, but within six weeks, it rose to become one of the top 15,000 websites online in the world, and one of the top 2,000 websites in the US.

For comparison, Reddit has 36 million registered users, 169 million monthly unique visitors and 7.55 billion page views per month. It is currently ranked 33 by Alexa globally and 10 in the US.

Voat experienced several DDoS attacks in June, and on 25 June, Voat itself reported that it had received over 700,000 unique visitors in the 30-day period ending on 25 June. “That’s like, crazy and stuff,” Voat’s administrators said on Twitter.

Voat was also briefly taken offline when its web host Hosteurope.de terminated Voat’s contracts and shut down its servers without a warning, because Voat had hosted “politically incorrect” content.

Source: http://www.ibtimes.co.uk/reddit-alternative-voat-knocked-offline-by-ddos-cyberattack-1510581

Messaging app Telegram appeared to have suffered from a two-hour outage today. The service has appeared to have gone down at about 4pm and was partially restored at about 5.30pm. However, some users are still experiencing difficulty accessing the instant messenger. Online service fault detector website downdetector.com received 7 alerts on failed connectivity issues. Based on comments received on the website, most of the service faults were reported in the Asia-Pacific region. “Telegram down. So I guess it’s not as stable as WhatsApp lah aite.” said twitter user @amin_aminullah. Meanwhile, Telegram tweeted that it was faced with a Distributed Denial of Service (DDoS) attack in India and the South-east Asia region. “An ongoing DDoS is causing connection issues for our users in India and South East Asia. We’re hard at work fighting back.” @telegram tweeted. According to Wikipedia, a DDoS attack takes advantage of some property of the operating system or applications on the victim’s system. In turn, it enables an attack to consume resources of the victim, possibly crashing it. A growing number of Malaysians have switched over to Telegram as an alternative to popular messaging services such as WhatsApp and WeChat.

Source: http://www.nst.com.my/node/91658