DDoS Archive

Arbor Networks says that the number and size of DDoS attacks against French websites spiked considerably after 3.7 million people took to the streets to protest against terrorism.

The firm leveraged its Arbor Atlas initiative, which receives anonymised internet traffic and DDoS event data from 330 internet service providers (ISPs) worldwide, to view events in France in the days after the protest, which was in response to the Charlie Hebdo shootings that left 20 people dead.

The magazine was targeted by ISIS sympathisers and others unhappy with the satirical magazine’s ridiculing of Islam, including its depiction of the Prophet Muhammed. The publication also satirised other religions.

Comparing the DDoS attacks between January 3-10 and 11-18, the US security firm found that there were 1,342 unique attacks – an average of 708 attacks a day – during the two week period.

However, the firm noted in a recent blog post that the number of DDoS attacks after the march rose by 26 percent with the average size of DDoS attack growing 35 percent. In the eight days prior to the attack, the average size was 1.21Gbps but this later increased to 1.64Gbps.

The vast majority of these DDoS attacks were low-level although the number of attacks larger than 5Gbps did double in the days after the protest. Arbor reports that one attack measured as high as 63.2 Gbps on January 11.

“This is yet another striking example of significant online attacks paralleling real-world geopolitical events, wrote Arbor’s threat intelligence and response manager Kirk Soluk.

Speaking to SC after it first emerged that ‘thousands’ of French websites were facing cyber-attacks, Corero Network Security CEO Ashley Stephenson said that DDoS attacks were increasingly being used as an attack tool during international conflicts.

“Whatever the motivation – cyber-terrorism, retaliation, religious incitement, radicalisation… It is clear that modern conflicts will be fought in the cyber-world as well as the real world,” he said via email.

“The internet should be better protected against all of these associated cyber-threats. Increasingly we are seeing DDoS used as a tool in and around these conflicts and we should be prepared to institute increased cyber-security to protect this vital resource.”

Last week, Admiral Arnaud Coustilliere, head of cyber-defence at the French military, said that about 19,000 French websites had faced cyber-attacks in the days after the shootings, although one source closely connected with the clean-up operation for some of these sites later told SC that hacking groups from Tunisia, Syria, Morocco, the Middle East and Africa had largely ignored DDoS as an attack vector because such attacks “didn’t work”.

Instead, Gérôme Billois, senior manager of Solucom, said that these groups – also believed to often be ISIS sympathisers – had looked to scan thousands of websites to identify and exploit common WordPress, Joomla and other content management system (CMS) vulnerabilities.

Source: http://www.scmagazineuk.com/french-ddos-attacks-spike-after-terror-protest/article/393796/

It’s impossible to predict when distributed denial of service (DDOS) attacks will hit so companies must take measures to mitigate such an incident.

So says Martin Walshaw, senior engineer at F5 Networks, who notes barely a month goes by without media reports of a Web site or service being brought down by a DDOS attack. Sony’s PlayStation Network again became the victim of such an attack recently, while hacking group Anonymous is on a disabling offensive of extremist Web sites, he says.

According to research conducted by B2B International and Kaspersky Lab, 38% of companies providing online services, such as online shopping and online media, fell victim to DDOS attacks over the past 12 months.

Doros Hadjizenonos, sales manager at Check Point Technologies in SA, says DDOS criminal activity was used to attack the Web sites of various gaming platforms last year. This attack involves many computers continuously requesting certain information from the attacked network until saturation and, therefore, its downfall, Hadjizenonos explains.

Walshaw says DDOS attacks can come in a variety of shapes and sizes. “However, the aim of a DDOS attack is always the same – to saturate a server with so many requests that it simply cannot cope, leaving legitimate users unable to connect.

“Attackers will sometimes use their own network of computers to launch DDOS attacks, but what is now more common is for them to use a network of PCs across the world that have been infected with malware that is capable of joining in a DDOS attack without the owner’s knowledge,” Walshaw explains.

Legitimate traffic

The results of a DDOS attack can be disastrous: loss of revenue-generating applications as well as reputational damage can negatively impact a business for years.

However, Walshaw notes: “There are ways a company can keep its applications, services and even its whole network online without stopping legitimate traffic.”

He believes a sophisticated firewall manager, application security manager and local traffic manager combined provide the protection needed to mitigate DDOS attacks, from blocking attack traffic to re-routing legitimate requests to ensure uptime.

Analysis is also key, says Walshaw, adding understanding who is attacking you, as well as how and why, can help prevent an attack from causing too much damage and protect against future attacks.

Establishing which layer is being attacked (application, network or session, for example) will help a company know where to focus its resources, and intelligent firewall management will be able to inspect all traffic coming into a network and stop traffic that is coming from a DDOS attack, he points out.

Fire drills

According to Neil Campbell, group GM for Dimension Data’s Security Business Unit, IT security ‘fire drills’, supported by executive management and the risk committee should be conducted regularly in organisations in order to understand the appropriate course of action in advance of a security breach.

He believes technologies and services focused on incident response – rather than only incident prevention – should be one of the trends high on the agendas of security professionals in 2015.

“It’s inevitable that security incidents will occur. It’s, therefore, critical that organisations begin to focus on identifying what we call ‘indicators of compromise’, putting a comprehensive incident response plan in place, and performing regular IT security ‘fire drills’,” explains Campbell.

He points out the regular fire drills – or rehearsals – will ensure that, in the event of an incident, IT and management teams are clear about what needs to be done, and the business is less at risk. This includes recovering evidence, identifying and resolving the root cause of the incident (not just the symptoms), and undertaking a forensic investigation.

Source: http://www.itweb.co.za/index.php?option=com_content&view=article&id=140563:DDOS-attacks-prepare-for-the-worst&catid=71

Another teenager has been arrested in the UK, following DDoS attacks on the PlayStation Network and Xbox Live.

Sky News recently reported that a Mereyside, UK teenager has been arrested in a joint British and US investigation.

The UK’s the South East Regional Organised Crime Unit (SEROCU) confirmed that the teenager was arrested on suspicion of unauthorised access to computer material, and was detained for alleged threats to kill.

“We are still at the early stages of the investigation and there is still much work to be done,” said Craig Jones of the SEROCU. “We will continue to work closely with the FBI to identify those who commit offences and hold them to account.”

“This arrest demonstrates that we will pursue those who commit crime with the false perception they are protected within their own homes or hiding behind anonymous online personas,” added Peter Goodman, the Deputy Chief Constable at the Association of Chief Police Officers.

The teenager hasn’t been directly linked to the DDoS attacks on Xbox Live and PlayStation Network over Christmas. This new arrest follows a previous arrest in the UK in early January.

Source: http://stevivor.com/2015/01/another-teenager-arrested-uk-following-christmas-ddos-attacks-psn-xbox-live/

Kaspersky Labs principal researcher David Emm tells TechWeekEurope how businesses can stay safe in the face of continued assault

It was a miserable Christmas for gamers, with both Sony’s PlayStation Network and Microsoft’s Xbox Live forced offline on Christmas Day by Distributed Denial of Service (DDoS) attacks (hacking group Lizard Squad claimed responsibility for the attacks). Millions of anxious gamers were left unable to play with their new games or consoles, with the reason given for the attack: “because we can”.

Unfortunately, the attacks on Sony and Microsoft are just the latest in a stream of DDoS attacks to target high-profile organisations. Yet, while high-profile attacks like this make the papers, many others do not. Unlike Advanced Persistent Threat (APT) campaigns, such as Red October, NetTraveler, MiniDuke,and Careto, Distributed Denial of Service (DDoS) attacks rarely hit the headlines, so it’s easy to assume they are rare. But in reality, the DDoS attack is one of the most popular weapons in the cybercriminals’ arsenal.

Understanding the danger

A typical DDoS attack involves a huge number of calls to a server or other Internet resource (such as a web site). These calls overload the victim’s equipment so that the servers lose their ability to service their genuine clients properly.

Today DDoS attacks can be set up cheaply and easily, even without needing to have underworld contacts among hackers. Hackers no longer need to create huge botnets before launching their attacks, while criminal sites offering this kind of criminal service can be easily found on the Internet; and a DDoS attack is available at an affordable price

According to our recent study with B2B International, almost half of IT companies have encountered a DDoS attack. However, most businesses that suffer from these attacks prefer to deal with the problem on their own, so as not to attract press coverage. Not only do such attacks lead to financial losses from unplanned downtime, but they can also cause severe reputational damage that can lead to the loss of valuable customers. The threat from DDoS attacks is real and the impact is significant.  So it’s important that businesses of all sizes need to find an effective way to safeguard their organisations from such attacks.

How to stay protected

The key to defending against DDoS attacks lies in early detection of an attack and mitigating the effects of the attack by filtering out the traffic generated by the attackers.  There are different approaches to this and dozens of companies on the market that provide services to protect against them. Some install appliances in the client’s information infrastructure, some use capabilities within ISP providers, and others channel traffic through dedicated cleaning centres. Three of the most popular approaches are:

Install filtration equipment within the company IT infrastructure: It is possible to install special equipment within the company’s IT infrastructure. However this method has some serious drawbacks. Firstly, it requires IT professionals to control the filtration equipment. And secondly, it may clog the entire Internet channel, not just the company equipment.

Ask your Internet provider to filter the traffic: Another option is a contract with a company specialising in protection against DDoS attacks, such as an Internet service provider (ISPs). ISPs use a wide channel, giving them a significant safety margin that enables them to provide their customers with communication even when they are under attack. However, a wide channel and filtering services are only effective if the filtration rules are continually improved to combat the latest DDoS techniques. Not all providers offer such a service, As a result, they can only filter out the crudest, most obvious attacks. If a company is able to employ true specialists its protection will be much more effective, but they also have to rent a wide channel from a provider, which drives up the cost of protection.

Turn to the experts: The most effective method of protection involves experts who not only modify filtering equipment but also study the tricks used by the fraudsters, develop new defensive technologies, monitor the situation and are ready to quickly improve filtering mechanisms. Specifically, if the attacker probes a victim’s resources in search of the most effective means of attack available, only expertise in this area can help to quickly find the appropriate filters and avoid resource overload.

In addition, partnership with an Internet provider can help to provide still more effective filtering. In some cases it is possible to weed out crude attacks entirely on the provider’s equipment while referring more sophisticated junk traffic to special cleaning centres. This approach also reduces the cost of customer protection since it can work in an online channel with relatively small bandwidth.

Online activities now play an increasingly important role in virtually every business’s day-to-day interactions with customers, suppliers and employees, so no business can afford to ignore the risk posed by DDoS attacks. By putting in place a stringent security policy, supported by the right technology and expertise, businesses can be confident that their organisation remains protected, should the worst happen.

Source: http://www.techweekeurope.co.uk/security/cyberwar/kaspersky-labs-defend-ddos-attacks-159664


Last month, attackers took down the PlayStation Network for several days, embarrassing Sony and leaving tons and tons of gamers unable to feed their Destiny addictions for almost a week. This is all thanks to what’s called a Distributed Denial of Service attack, where a person or a group of people send an inflated amount of traffic to a network in hopes of overloading and crippling the servers.

DDoS attacks are easy to pull off and extremely difficult to stop, which is why it’s kinda nice to see the White House coming out with an Official Stance against them. In fact, President Obama just released a statement saying he’s working on legislation to expand federal authority when it comes to fighting this sort of malicious internet behavior.

Check out the press release (emphasis mine):

Modernizing Law Enforcement Authorities to Combat Cyber Crime: Law enforcement must have appropriate tools to investigate, disrupt and prosecute cyber crime.  The Administration’s proposal contains provisions that would allow for the prosecution of the sale of botnets, would criminalize the overseas sale of stolen U.S. financial information like credit card and bank account numbers, would expand federal law enforcement authority to deter the sale of spyware used to stalk or commit ID theft, and would give courts the authority to shut down botnets engaged in distributed denial of service attacks and other criminal activity. 

It also reaffirms important components of 2011 proposals to update the Racketeering Influenced and Corrupt Organizations Act (RICO), a key piece of law used to prosecute organized crime, so that it applies to cybercrimes, clarifies the penalties for computer crimes, and makes sure these penalties are in line with other similar non-cyber crimes. Finally, the proposal modernizes the Computer Fraud and Abuse Act by ensuring that insignificant conduct does not fall within the scope of the statute, while making clear that it can be used to prosecute insiders who abuse their ability to access information to use it for their own purposes.

The feds going after botnets—groups of computers that can work together to perform an activity, like flooding a target with artificial or inflated traffic—would certainly make it tougher for people to get their hands on the tools needed to execute DDoS attacks. This seems like an excruciatingly difficult battle to fight, but it sure is worth fighting.

The Entertainment Software Association—the lobbying group for video game companies—sent out a statement expressing support for this new initiative, attributed to president Michael Gallagher:

Cyber attacks threaten our country’s security and prosperity. We commend President Obama’s leadership in providing law enforcement the tools necessary to detect and prosecute organized digital crime. Consumers need to be protected from illegal, malicious botnets and denial-of-service attacks. They deserve to enjoy an innovative and dynamic Internet free of this criminal activity. The Entertainment Software Association will work with the White House and Congressional leaders to fine tune these proposals and help enhance penalties for those who inflict consumer damage on a mass scale.

Will any of this actually lead to legislation? No idea. But in the wake of a very frustrating Christmas Day for gamers worldwide, it’s comforting to know that the government is at least talking about this stuff.

Source: http://kotaku.com/the-white-house-is-now-taking-steps-to-fight-ddos-attac-1679505712