Stop DDoS Archive

NATO is implementing a coordinated approach to cyber defence that encompasses planning and capability development aspects in addition to response mechanisms in the event of a cyber attack. To achieve this, NATO is incorporating and integrating cyber defence measures across all Alliance missions. NATO is also developing minimum requirements for those national networks that are connected to NATO information.

Therefore, NATO is identifying its critical dependencies on its allies’ national information systems and working with its allies to develop minimum cyber defence requirements. NATO is defending its territory and populations against all threats, including emerging security challenges through cyber defence. On that point, the NATO policy on Cyber Defence reiterates that any collective defence response is subject to decisions of the North Atlantic Council, which is enhancing NATO consultation mechanisms, early warning, situational awareness and information-sharing among the allies. In this regard, Russian hacker groups affiliated with the Russian government carried several cyber attacks to the computers of Ukrainian administration officials and to agencies in NATO.

Russia has been using a form of hybrid warfare in Ukraine since early 2014 that relies on an element of information warfare that Russia calls “reflexive control”. The primary objective of the reflexive control techniques Moscow has employed in the Ukrainian situation has been to persuade the West and strong NATO allies to remain on the sidelines as Russia dismantles Ukraine. Russia has used force against Ukraine by engaging in “hybrid warfare”. Rather than openly using military power to secure its political objectives in Ukraine, Russia has adopted an approach intended to give the Kremlin “plausible deniability” while reducing the cost associated with engaging Ukraine’s armed force directly. On that point, cyber conflict and cyber warfare present great examples of the use of new technologies within the scope of hybrid warfare. The adversary is usually difficult to locate and to respond to in the cyber domain. Cyber space allows for a great deal of anonymity and attacks can be routed through servers all over the globe to mask its origin.  On December 23, 2015 the power grid in the Ivano-Frankivsk region of Ukraine went down for a reported six hours, leaving about 1.4 million people  without power.

The Russian cyber assault on Estonia in 2007 was a blueprint for a geopolitically inspired and just-deniable-enough digital disruption. When the Estonian government decided to move a Soviet war memorial from the center of its capital in Tallin to a military cemetery on the outskirts of town, Russia responded by encouraging “patriotic hackers” to engage in a three week long Distributed Denial- Of-Service (DDoS) attack against numerous sectors of the Estonian economy, including the government, media, and financial institutions. Russia might, alternately, hold off on such disruptive attacks in favor of increasingly aggressive espionage in which Russian state-sponsored hackers are believed to have compromised the U.S Department of State, then used that access to penetrate the unclassified network  of the Executive Office of the President. Unlike previous intrusions linked to Russia, on this occasion the digital spies did not back out of the system once they were discovered but fought back in order to maintain their foothold in the network and intrusion which forced the Pentagon to take the system down for several days. On February 9, 2016, President Barack Obama announced his Cyber Security National Action Plan, which proposed investing over $19 billion, 35 percent more than last year, in cyber security in 2017.

Turkey is reeling under a massive cyber attack purportedly carried out by the hacker group called Anonymous. The targets of the attacks include websites of governments and banks. The two-week-long cyber campaign intensified over financial and state-run sites. These sites have experienced Distributed Denial of Service (DDoS) attacks, resulting in the crippling of transactions. Anonymous claimed responsibility for the cyber terrorist attacks. Their cyber attacks are mainly targeting airports, military assets and private state connections in Turkey. More than 400,000 websites registered under Turkey’s top-level internet domain “.tr” have experienced problems. The computer servers of government agencies and private entities have suffered systematic cyber attacks. It’s likely that Russia is behind the cyber attacks in retaliation for Ankara’s downing of a Russian jet in November 2015. Russia is taking the lead in developing a combat doctrine that encompasses both kinetic and cybernetic activity. In the case of Ukraine, cyberspace operations enable Russia to continue denying its involvement with  it’s neighbor, while at the same time persisting in efforts to attack it.

In a climate of growing global awareness of the risks of privacy breaches in the World Wide Web, the world is increasingly relying on Israel’s expertise to ward off computer threats and keep information secure. Combining exceptional high-tech capabilities with skills honed over decades, contending with the threats over terrorism, its is seen that Israel were exported more than 3 billion dollar worth of cyber products in 2015. Furthermore the Israeli government has established the National Cyber Bureau, which is engaged in target efforts to secure the cyber front. The NATO Strategic Concept allows for an interesting window of opportunity and more room for Israel to get closer to NATO. The aim of the new Strategic Concept  is to address NATO’s challenges and new forms of strategic threats,  such as cyber warfare. Israel is also thinking of a military type of coalition on the basis of Cyber Article 5, which Israel has a Cyber Article 5 and so does NATO. Therefore NATO is reassessing  the format and structure of its relations with Israel. In this respect, Israel is assessing its goals with regard to future relations with its alliances.

Turkey has become a member of the NATO Cooperative Cyber Defense Center of Excellence (CCDCOE), which focuses on consultations, training and exercises in the field of cyber security. NATO Cooperative Cyber Defense Center is also enhancing capability, cooperation and information sharing between NATO, its members and its partners in cyber defense. The fate of  NATO’s superiority in the Euroasian space will be determined by the success of  Operation Inherent Resolve, which is being led by the United States against DEASH from NATO’s Incirlik Airbase in Turkey. On the other hand, two ılyushin-20 surveillance planes settled into Syrian airspace to provide a major upgrade for the Russian air fleet of Sukhoi-30 fighter jets. The  Coot-20 can supply Russian forces and commanders with a complete, detailed electronic activity on the ground and collate the data gathered and transmit it to the intelligence command center at the Latkia Airbase, which posses significant threats for Israel in terms of IDF presence in Golan Heights. In this vein, Turkey, NATO and Israel are developing a cyber system with capabitity to counteract Russian hybrid warfare in the Middle East.

Source: http://www.turkishweekly.net/2016/03/04/op-ed/nato-developing-strategic-relations-between-turkey-and-israel-for-cyber-warfare-in-middle-east/

HSBC is working with law enforcement to catch those behind a cyber attack that forced its personal banking websites in the UK to shutdown, its second major service outage this month, the bank said on Friday.

Europe’s largest lender said it had “successfully defended” its systems against a distributed denial of service (DDoS) attack but it was experiencing fresh threats, impeding full restoration of its services.

“HSBC’s internet and mobile services have partially recovered, and we continue to work to restore a full service,” John Hackett, UK Chief Operating Officer, said in a statement.

“We are closely monitoring the situation with the authorities,” he added.

The outage began on Friday morning and online services were still down by 1630 GMT (11:30 a.m. ET).

DDoS attacks are often used by cyber criminals trying to disrupt businesses and companies with significant online activities.

HSBC has declined to estimate when its online services might resume. Its Twitter feed said all major branches will be open on Saturday to help manage urgent transactions.

Dozens of customers took to social media to vent their anger. They were advised to use the bank’s mobile banking application but some reported access difficulties due to high demand.

The attack coincides with the first full pay-day of the year for many Britons and runs close to a deadline for the submission of personal tax returns.

Several technology failures have hit Britain’s retail banks in recent years, prompting lawmakers to call for improvement.

“Bank IT systems just don’t seem to be up to the job,” Andrew Tyrie, Conservative lawmaker and chairman of the Treasury Committee, said in a statement. “It could be leaving the banking system, and with it the economy, exposed to the risk of systemic failures.”

Thousands of HSBC’s UK customers were affected by a blackout on its personal banking online services in the first week of January.

HSBC gave no explanation for that glitch but confirmed it was not due to a cyber-attack or malicious act. Technicians restored service after two days.

The bank said customer transactions were not affected by Friday’s breach, which appeared to be aimed at disrupting and causing embarrassment to HSBC.

“DDoS attacks are not attacks meant to directly steal from consumers, they are meant to deny them access to the institution,” said Robert Capps, vice president of business development at NuData Security.

However, some breaches can be a cover for other types of cyber attack, Capps said.

“We’ve seen DDoS attacks against banks used as a smoke screen and cover for other nefarious activities such as cyber-heists … large value money transfers, or the bulk theft and removal of consumer account data,” he said.

Financial crime costs the UK economy 52 billion pounds ($73.69 billion) a year, delegates at the Wealth Management Association’s financial crime conference heard earlier this week.

Special Inspector James Phipson, commercial director of the economic crime directorate at City of London Police, also told the event that only 12 per cent of cyber-crime is ever reported.

Source: http://kfgo.com/news/articles/2016/jan/29/hsbc-says-internet-banking-services-down-after-cyber-attack-bbc/

Last Wednesday, January 20, the website of the Irish National Lottery was knocked offline courtesy of a DDoS attack launched by an unknown attacker.

The website was shut down for around two hours, during which time, players could not access the Web portal, nor use ticket machines to buy tickets for the Lottery’s upcoming draw of £9 million ($12.8 million / €11.8 million) prize money.

The BBC reports that the attack began at 11:21 GMT, but ticket dispensers and retail offices were restored by 12:45 GMT whereas the website was back online by 13:25 GMT.

Users that have accessed the lottery.ie website since the incident have probably seen the standard CloudFlare DDoS protection system doing its magic.

Both the lottery’s operator, Premier Lotteries Ireland, and local authorities have started an investigation into the incident.

The mystery remains as to why the Lottery’s staff decided to link the website and the ticket retail systems together. As this cyber-attack proved, the Lottery’s engineers will need to create a separate backend for the Lottery’s operations and have it run on different servers than those hosting the Web portal, which will no doubt see more DDoS attacks in the coming future.

It is not uncommon for cyber-gangs to target organizations working with large amounts of money. Bitcoin traders and banks are targeted by DDoS attacks on a regular basis.

Source: http://news.softpedia.com/news/irish-national-lottery-shut-down-via-ddos-attack-right-before-big-draw-499381.shtml

Cyberattacks have turned out to be more common, with data infringes of top-rated organizations and businesses, making regular news on daily basis. The distributed denial of service attack is one particular kind of cyber threat, which, as implied by the name, making websites and other online resources inaccessible to the users. DoS threats exist in different forms, with few targeting the primary server infrastructure directly, whereas others take advantage of vulnerabilities in communication protocols and applications. Thus, websites should seek for ddos protection, which could prevent DDoS attack from corrupting the functions of the enterprise.

Unlike other type of cyberattacks that are generally introduced to set up a long-term grip and hijack most susceptible information, the assaults of ddos attack don’t try to infringe security perimeter. Instead, they try to make servers and websites inaccessible to the authentic users. In certain cases, denial of service is also employed as a smokescreen for various malicious activities and to bring down the security components like web application firewalls. It is necessary to set up ddos mitigation that could offer protection from DDoS botnets and cyber-attack groups.
DoS vs. DDoS

In a simple term, a DoS attack is any attack which is against system component attempted to force the system to restrict or even quit, regular services. DoS attack may be intended to a particular computer operating system, to a particular service or port on a targeted system, to a network component or to a network as a whole, to firewall or to any kind of system component. To be more simple, in DoS attack, the executor employs a single internet connection either to make use of software vulnerability or stuff a target with full of fake requests, typically in an effort to exhaust the server resources.

On the other hand, a DDoS attack is a kind of DoS attack, which takes place from not just one source rather more than one source or location, all at the same time. Usually, the DDoS attackers will not be aware that they are involved in a DoS attack against a website and will be duped, either physically or technically, into joining the attack through third party. Since, the attacks are introduced from multiple connected devices being distributed throughout the internet, these multi-devices, multi-person barrages are typically difficult to deflect, especially due to the sheer amount of devices involved.
Denial of Service Attack Types

There are primarily three kinds of attacks, which include,

Against the Networks
Against the Hosts
Against the Users

DoS attacks can also be categorized as two main types, namely application layer attacks and network layer attacks. The application layer attacks can be either DDoS or DoS threats, which attempt to overload a server with huge amount of requests calling for resource-intensive processing and handling. Network layer attacks are mostly DDoS assaults intended to clog pipelines that connects your network.
Recent DDoS Attacks

Some of the recent incidents about DDoS attacks are listed below,

Attack on national lottery ticket machine and website, which flooded the communication system with huge traffic affecting the communication connectivity.
DDoS attack on the Internet’s largest torrent portal, which had a difficult time with downtime after the site had been pummeled by DDoS attack.
DDoS attacks on Nissan made the firm to take down two of its sites after the company had been hit by the anonymous hackers.
Dozens of government based websites in Pakistan have been attacked by hackers, including a military site.

Protect Against DDoS Attacks

The worst fact about DDoS attacks is that they don’t prey on the weaknesses of victims, hence being cautious and utilizing the right protection and tools, as in case of hacking, is not sufficient.

In spite of the threat, there is yet an efficient method to protect a network from these attacks, which is by network design decisions. A DDoS attack is nothing other than an unending series of requests from a great number of resources. The only best technique against this is having a system to recognize the DDoS and blocking it.

This is simple said than actually done. Finding out the source of DDoS attack is tricky and in several cases, it deals with tweaking IDS (Intrusion Detection System) to distinguish between attacks and legitimate requests. Checking its efficiency is not simple either. In any case, this would cause some false positives.

Once you find out the attack source, all that you have to do is configuring the firewall in order to block the source till the attack quits. Even so, when your internet bandwidth is plagued by requests, your website will still be inaccessible probably. It does not end here and if you are the focus of DDoS attack, the next issue to deal with is your ISP. When the attack is big enough, the ISP may be opted to disconnect your way out of the system to hoard bandwidth and stay away from degrading the performance for other users. In such case, the impacts may be worse than the usual impact of DDoS attack itself since your downtime is liable to be longer. It is for this reason; you would need to check out the policies of your ISP on DDoS attacks prior to signing up for the service. Defending from DDoS attack is only possible through design solutions and ensuring a proper infrastructure in place, which can aid mitigate the damage.

Source: http://atulhost.com/dos-ddos-attacks

Law enforcers across Europe and beyond have started the year as they mean to go on with a closely co-ordinated operation resulting in the arrest of a key target in connection with infamous DDoS Bitcoin extortion group DD4BC.

Europol revealed in a statement on Tuesday that Operation Pleiades had been a success, resulting in one arrest, the detention of another suspect, and the seizure of an “extensive amount of evidence” resulting from property searches.

The operation was carried out on 15 and 16 December by law enforcers from Austria, Bosnia and Herzegovina, Germany and the UK along with Europol. It was the UK’s Metropolitan Police Cyber Crime Unit (MPCCU) that apparently identified key members of the group in Bosnia.

Police in Australia, France, Japan, Romania, Switzerland and the US (FBI and Secret Service) were also involved, alongside Interpol, the statement continued.

DD4BC is well known for extorting money from online gambling, financial services, entertainment and other firms—threatening them with DDoS attacks unless they pay up in Bitcoins.

“These [cybercrime] groups employ aggressive measures to silence the victims with the threat of public exposure and reputation damage. Without enhanced reporting mechanisms law enforcement is missing vital means to protect companies and users from recurring cyber-attacks,” argued Europol deputy director of operations, Wil van Gemert.

“Police actions such as Operation Pleiades highlight the importance of incident reporting and information sharing between law enforcement agencies and the targets of DDoS and extortion attacks.”

Brian Honan, founder of BH Consulting and special adviser to Europol, welcomed the news as another example of law enforcers working well together across jurisdictional boundaries, and as a good lesson for victimized firms on why working with police should always be the preferred option.

“In the past, companies have been reluctant to share details of a security incident with law enforcement as they think there is little chance the criminals behind the attack will be brought to justice,” he told Infosecurity.

“But by working with law enforcement the information gathered, analysed, and shared can provide an overall picture of who the criminals are. So even if the attack your company is victim to does not yield immediate results, the information you share with law enforcement could be a vital clue in unraveling the overall puzzle as to who the criminals are and eventually lead to their arrest.”

Honan added that the arrest also showed cybercriminals can’t always hide behind anonymization tools and digital currencies.

Others warned this is unlikely to be the last of DDoS-based ransom demands.

“Distributed denial of service attacks are easier to pull off than ever, which is why we are seeing them increasingly used as a means of gaining leverage over businesses that are highly reliant on the internet,” argued A10 Networks product marketing director, Paul Nicholson.

“For organizations such as banks, financial institutions and even gambling websites, network downtime is equated with an immediate loss of revenue, which can lead them to give in to demands. Fortifying defenses must be these organizations’ top priority.”

Source: http://www.infosecurity-magazine.com/news/police-around-world-join-forces/