DDoS Archive

DOSarrest Internet Security, a fully managed cloud based DDoS protection service, today announced that their DOSarrest External Monitoring Service (DEMS), a real-time website monitoring tool, launches a new iOS and Android application for clients. This application is a complimentary service to all DOSarrest clients who are subscribed to DOSarrest’s industry leading DDoS protection service. The new mobile application on iOS and Android will allow clients to easily access and view their website(s) status and performance in real-time 24/7/365, as well as enable them to historically view all of the statistics for up to 1 year from 8 globally distributed sensors.

Jag Bains, CTO of DOSarrest says, “This application is beneficial to all of our clients who have a mission critical website that requires 100% uptime. Unlike other monitoring services, this service is fully managed 24/7/365. Should anything unexpected occur, our engineers will investigate, pinpoint and advise the client on a solution in near real-time. No other vendor in this industry offers this level of customer service.”

“We have a number of clients who depend on this service and some have subscribed to it that aren’t even using our DDoS protection service,” says Mark Teolis, CEO of DOSarrest. “With the new mobile application, in one click on your smart phone, you can view what sites are up or down and why in real-time, whenever and wherever you are. It’s like the laptop version in your pocket.”

Teolis adds, “As far as I know, no other DDoS protection service or CDN offers any such complimentary service that compares to our External Monitoring Service, with 8 globally distributed sensors completely independent of any of our scrubbing nodes.”

About DOSarrest Internet Security:

DOSarrest founded in 2007 in Vancouver, B.C., Canada, is one of only a couple of companies worldwide to specialize in cloud based DDoS protection services. Additional Web security services offered are Cloud based Web Application Firewall (WAF), Vulnerability Testing and Optimization (VTO) as well as cloud based global load balancing.

Learn more about DOSarrest at http://www.DOSarrest.com

Source: http://www.prnewswire.co.uk/news-releases/dosarrest-external-monitoring-service-launches-ios-and-android-app-499008971.html

Distributed denial-of-service (DDoS) attacks could expose 40% of businesses to losses of  £100,000 or more an hour at peak times, a survey by communications and analysis firm Neustar has revealed.

Some 12% estimated potential losses due to outages at peak times would be greater than £600,000 an hour, and 11% admitted they did not know what their losses would be.

The poll of 250 IT professionals in Europe, the Middle East and Africa also showed that half of respondents believe DDoS attacks are a bigger risk than a year ago.

Only 18% said they believed the risk was lower, yet 59% of them still admitted they are investing more in DDoS protection compared with 2014.

Apart from direct financial losses, the biggest risk identified by more than a quarter of companies is the damage to company reputation and a loss of customer trust.

“For 26% of companies, brand damage and loss of customer trust is a top concern,” said Neustar product marketing director Margee Abrams.

“Companies are beginning to understand that the impact of DDoS attacks is across the organisation, also impacting areas like customer services and regulatory compliance,” she told Computer Weekly.

Underlining the business threat of DDoS attacks, 30% of respondents said their companies had been hit multiple times, with the number of companies being hit only once down 30% compared with 2014.

The financial sector reported the highest level of multiple attacks, with 79% reporting six or more DDoS attacks a year, compared with the cross-industry average of 20%.

Respondents said attacks were lasting longer, with 30% of attacks lasting between one and two days.

They also said DDoS attacks are often accompanied by theft, with 52% of DDoS victims also reporting theft of customer data, intellectual property (IP) or money, representing a 24% increase from 2014.

The survey revealed that 84% of companies still use up to 10 employees to mitigate DDoS attacks, which the report notes is exploited by attackers to distract companies.

“Smokescreen” DDoS attacks

In “smokescreen” DDoS attacks, the real objective is theft, the report said. In 30% of DDoS attacks, malware was either installed or activated, in 18% customer data was stolen, in 12% IP was stolen, and in 12% money was stolen.

The survey showed that 56% of retailers hit by DDoS attacks were also hit by malware installation or activation compared with the cross-industry average of 30%, and 76% of retailers hit by DDoS attacks were also robbed of data or funds compared with the cross-industry average of 52%.

The report notes that managed mitigation services help to free up IT security staff to focus on other activities that may be taking place during a DDoS attack.

“However, the effect of DDoS attacks is so much wider than information security,” said Abrams. “Companies also need to review how DDoS attacks could affect their overall online performance and customer experience.”

As a result of increased recognition of the threat of DDoS attacks, many organisations are taking stronger action, with 35% investing in hybrid DDoS protection that combines on-premise hardware with cloud-based mitigation services.

The biggest investment in hybrid systems is being made by financial sector organisations which are a prime target of DDoS attacks, with 40% investing in hybrid protection and 80% choosing a hybrid approach to block attacks at peak times.

Hybrid approaches seek to combine the instant blocking capabilities of on-premise hardware devices with cloud-based “traffic scrubbing” to deal with high-volume attacks.

According to the report, hybrid systems are able to detect and respond to attacks nearly twice as fast as other systems while providing the bandwidth to deal with larger attacks.

The report showed that 56% of attacks average around 5Gbps, while some organisations have recorded attacks in the past year of up to 300Gbps.

Smaller attacks still cause damage to businesses

However, companies targeted by smaller attacks still reported damage to brand trust, loss of customer data, loss of IP, and loss of revenue.

More than a third of organisations are using stand-alone, cloud-based DDoS mitigation services, up 11% compared with 2014, and 36% are using DDoS mitigation appliances, also up 11% on 2014.

Overall, 70% of respondents said they are spending more on DDoS protection, although 40% feel their investment should be even greater.

Although 28% said they were investing less in DDoS protection, only 6% said they did not see DDoS defence as a priority.

Only 8% continue to rely on content distribution networks as a form of DDoS protection, and only 2% report no DDoS protection at all.

However, most companies (61%) still use internet service provider-based firewalls to combat DDoS attacks. But firewalls are not sufficient as they often cause bottlenecks and accelerate outages during attacks, the report said.

Some 28% of respondents said they still use web application firewalls, switches and routers as a defence against DDoS attacks.

However, with cyber criminal services available to enable anyone to take down a website using DDoS attacks for just $6 a month, it is clear that increasing mitigation capacity alone is not enough, according to Neustar senior vice-president and fellow Rodney Joffe.

“We have to become more strategic. The online community needs to develop industry-based mitigation technologies that incorporate mechanisms to distribute attack source information to internet service providers so they can stop attacks closer to the source,” he said.

Joffe believes there is also a need to improve visibility and understanding of activities in the criminal underground, so that their command and control structures can be disabled quickly.

“Finally, it is important to improve attribution and the ability of law enforcement to identify perpetrators and bring them to justice. While these improvements will not happen overnight and will not solve everything, they will make a significant and positive difference,” he said.

Source: http://www.computerweekly.com/news/4500243431/DDoS-losses-potentially-100k-an-hour-survey-shows

The total number of distributed denial of service attacks declined steadily last year, from more than 450,000 attacks in the first quarter to fewer than 150,000 in the fourth quarter — but the size and complexity of the average attack both increased, according to a new report from Black Lotus Communications.

San Francisco-based Black Lotus, a DDOS mitigation firm, saw a total of 1.14 million different attacks last year, with an “alarming” surge in the last quarter of the year.

The average bit volume of each attack — the number of packets, multiplied by the size of each packet — increased 3.4 times compared to the third quarter of the year.

In addition, it was the first time that Black Lotus saw average attack size pass 10 gigabits per second, reaching an average of 12.1 Gbps in the fourth quarter, up from just 2.7 Gbps at the start of the year.

This isn’t bad news for Black Lotus, which is in the business of protecting organizations from the largest attacks. But it is bad news for enterprises doing their own DDOS mitigation.

“If people are trying to defend their own network using an on-premise device, they typically don’t have the capacity to exceed 20 gigabits,” said Frank Ip, the company’s VP of marketing and business development.

In other bad news, the complexity of attacks has already increased.

“There is a continuous trend of people combining different attacks together, in hybrid attacks,” Ip said.

“We’re also seeing more application-layer attacks,” he added. “Even though those are smaller in size, they are not smaller in terms of effect or damage to the targeted victim.”

While network attacks try to use up all the network bandwidth, application attacks target just one application’s resources, he explained.

“These are much easier to over run,” he said.

In fact, he said, the increased sophistication of the attacks may explain, in part, why there are fewer of them.

“They’re being more efficient,” he said. “They don’t have to lodge as many attacks to accomplish what they have to accomplish.”

There was also some good news last year, he added.

Attacks that used compromise servers to magnify the size of the attack are almost completely gone, he said.

“All the operators and companies that ran DNS and servers have patched up all the loopholes,” he said. “There are no more vulnerable servers available to generate those large volumes.”

Source: http://www.csoonline.com/article/2902309/network-security/ddos-attacks-less-frequent-last-year-more-dangerous.html

According to the latest quarterly threat report from network security specialist Black Lotus the frequency of DDoS attacks fell by 44 percent in the last quarter of 2014.

However, the average packet volume of attacks increased 340 percent to 4.36 million packets per second (Mpps), and the average bit volume swelled 245 percent to 12.1 gigabits per second (Gbps) over the same period.

The report is based on analysis of Black Lotus’ customer network logs. The largest bit volume DDoS attack observed during the report period was 41.1 Gbps on Oct 1, a rise in volume since the beginning of 2014, due to attackers’ usage of blended, complex attacks to achieve outages.

Of the 143,410 attacks observed during Q4 2014 49 percent were regarded as severe and more than half (53 percent) of all those mitigated resulted from UDP flood attacks. These cause poor host performance or extreme network congestion by producing large amounts of packets and IP spoofing.

The average attack during the report period was 12.1 Gbps and 4.36 Mpps, tripling average packet volume since the previous quarter. This indicated a continued reliance on using multi-vector attacks, signaling the need for security practitioners to use intelligent DDoS mitigation rather than padding networks with extra bandwidth.

“We found DDoS attacks continued trending down in frequency quarter over quarter, but, on average, attack volumes multiplied,” says Shawn Marck, co-founder and chief security officer of Black Lotus. “With networks and IT teams becoming defter at spotting and stopping volumetric attacks, cybercriminals are turning to blended approaches to confuse organizations, often using DDoS attacks as smokescreens for other underhanded activity”.

Looking ahead, Black Lotus has revised its estimate of the security measures enterprises will need to protect against the majority of attacks throughout 2015. It now says they’ll need to be capable of handling 15 Gbps minimum in bit volume, up from its Q3 prediction of five Gbps minimum. The research team anticipates that attackers will continue to try new DDoS recipes in an effort to confuse security teams and allow agitators to steal user credentials, customer billing information or confidential files.

Source: http://betanews.com/2015/03/24/ddos-attacks-reduce-in-frequency-but-grow-in-volume/

A group dedicated to fighting Chinese internet censorship has been hit with an “aggressive brute force” cyberattack for the first time after it was revealed it was helping people in China access banned websites and social media services.

GreatFire.org, which is a run by a group of three activists, aims to monitor the level of internet censorship in China which has become known as the Great Firewall and bans hundreds of websites including Gmail, Facebook, Twitter, YouTube, and most recently Reuters.

The activist group revealed that while it doesn’t know who is behind the attack, the massive distributed denial of service (DDoS) attack coincides with increased pressure on the organisation over the last few months.

“The Cyberspace Administration of China (CAC) publicly called us ‘an anti-China website set up by an overseas anti-China organisation’. We also know that CAC has put pressure on our IT partners to stop working with us. Recently, we noticed that somebody was trying to impersonate us to intercept our encrypted email.”

In a blog post entitled We Are Under Attack, GreatFire.org said that “this kind of attack is aggressive and is an exhibition of censorship by brute force.” According to the group, its mirror sites received up to 2.6 billion requests per hour, which is about 2,500 times more than normal levels.

Access banned websites

The attack came a day after a report in the Wall Street Journal revealed that services such as GreatFire.org, Tor and Lantern were using cloud services to allow people in China to access banned websites.

The system, known as collateral freedom by GreatFire.org, works by sending two requests from a user’s computer. One request is for access to an unbanned website which is unencrypted and seen by the sensors in China. The other is for a banned service (such as Gmail, Facebook, Twitter etc) but is encrypted so the censors cannot see it.

The encrypted request is sent to a cloud service such as Amazon Web Services or Microsoft’s Azure, and it is then either sent to on to the banned website or to a mirror of that site stored in the cloud.

The systems are implemented without the knowledge of companies like Amazon or Microsoft, and the cloud providers are looking to stop them from working as they do not want to be added to the banned list in China, which is an important and growing market in the cloud industry.

GreatFire.org uses Amazon Web Services to host its mirror sites and said that based on the massive level of traffic, it would need to pay $30,000 (£20,200) per day for bandwidth. It has called on supporters to donate to the cause to help keep the service up-and-running.

The group says that it has upgraded to faster servers to handle such attacks and many have urged it to consider getting DDoS protection from a company such as CloudFlare.

Source: https://my.livechatinc.com/visitors/S1427129991.648132fd6c