Cyber attacks targeting Turkey are far more numerous than the global average, according to data provided by American cyber security company Arbor Networks.

While in the second quarter of 2014 the global frequency of cyber attacks dropped by 68 percent, in the same period attacks directed at Turkey recorded an increase of 6 percent. The countries from which Turkey received the most attacks in the second quarter were Russia, the US and Switzerland.

Eric Michonnet, European director of Arbor Networks, which provides network security services to 90 percent of the world’s service providers, noted that Turkey’s average attack frequency was much higher than the global average. Explaining that cyber attacks are generally organized against financial institutions and Internet sales sites, Michonnet said the aim of the attacks is to inflict economic harm on the institution against which the attacks are organized.

Stating that Arbor Networks’ goal is to protect Internet service providers’ security, Michonnet said: “With the special systems we’ve placed in service providers, we’re preventing attacks on Turkey from several countries of the world before another attack affects Turkey.”

Michonnet explained that a cyber attack uses thousands of computers to enter a target website, congest it and block access to the site. He also noted that in the first half of 2014 the average size of a cyber attack was 3.39 gigabytes and the largest-capacity cyber attack had a base of 124 gigabytes.

Arbor Turkey Director Serhat Atlı commented that in recent years cyber attacks have particularly targeted Internet sales sites. Explaining that thousands of Internet users shop on these sites every day and that these attacks cause great economic damage, Atlı noted that some of these Internet sites have taken their own measures to prevent these attacks. He also stated that companies can arrange for cyber attacks to be carried out against their rivals.

In the first half of the year, the largest distributed denial-of-service (DDoS) type of attacks were perpetrated from Malaysia, Switzerland and Russia. In the second half of the year, the largest attack came from Russia, followed by the US and Switzerland.

A DDoS attack is used to harvest bank details, the aim being to cause surprise and to camouflage the real attack, as data theft can be carried out after the system has been penetrated. One way of performing a DDoS attack is through a botnet, which can contain over 100,000 bots. Bots are chosen because they are practically impossible to follow and locate, are cheap and can be easily removed from the system following the attack.


Update 5:50 a.m. PST:

The servers are now down for maintenance, and the attack is over. If further ones happen, we’ll announce accordingly.

Update 8:15 p.m. PST

The DDoS attacks continue. Blizzard is rolling out updates to the backend services at a breakneck pace right now, some of which are having unintended consequences and further complicating an already messy situation. However, it should be noted that this is to be expected when combating such a large scale attack. In no way is Blizzard responsible for the server outages on this scale — responsibility rests with the script kiddies and bot net controllers.

It’s hard to know just how big this attack is, but with the sustained issues it’s causing, and the severity of response from Blizzard, it’s safe to assume that it’s big. is a hardened internet service that has withstood onslaughts like this before. For it to fail at such a critical juncture is nothing but catastrophic for the short term, and could have serious long term implications. We have some idea, shown above, of just how global this attack is.

We’ll update this post as the night continues, providing you with the latest. In the mean time — we recommend you catch up on your lore, and not concern yourself with logging in.

Original Post:

WoW Insider received reports earlier today that Blizzard may be the target of a significant DDoS effort — and community manager Bashiok has confirmed it on the World of Warcraftforums.

Bashiok goes on to outline additional issues Blizzard is currently attempting to resolve: instance servers timing out, disconnects from the continent servers, and performance and phasing issues with garrisons.


The average distributed denial-of-service (DDoS) attack costs a business roughly $40,000 per hour, according to an Incapsula survey. Since 49 percent of incidents last between six and 24 hours – 86 percent of respondents reported that an average attack lasts 24 hours or less – the average cost associated with a DDoS attack is assessed in the survey at approximately $500,000.

To learn how DDoS attacks impact businesses, Incapsula surveyed 270 North American organizations – 80 percent of which are headquartered in the U.S. – that have anywhere from 250 to 10,000 employees.

Igal Zeifman, product evangelist and researcher at Incapsula, told in a Thursday email correspondence that companies stand to lose some or all of their revenue per hour when hit by a DDoS attack. As an example, Zeifman noted that $1 billion in annual revenue amounts to $114,155 per hour, so “every hour a large business operates is worth a lot of money.” And the cost of DDoS attacks goes beyond lost revenue. Organizations that are victims of DDoS attacks incur costs from loss of customers, brand damage, legal fees, and wasted staff time, he added.

In the survey, 52 percent of respondents said they had to replace hardware or software, 50 percent had a virus or malware installed or activated on their network, 43 percent experienced loss of consumer trust, 33 percent acknowledged customer data theft, and 19 percent suffered intellectual property loss – 60 percent reported having two or more of these consequences.

Within the company, 35 percent of those surveyed indicated that IT takes the largest financial hit, but 23 percent named sales, 22 percent named security and risk management, and 12 percent named customer services.

“Sales is hit with responding to angry customers who may leave, or threaten to leave, the business they had contracts with, for example a SaaS vendor or hosting provider with a service level agreement,” Zeifman said. “Sales may also miss its number, for example an online retailer knocked offline on Cyber Monday.”

Additionally, five percent named marketing and public relations, and two percent named legal.

“Marketing often has to communicate with customers and repair their reputation with customers and the market,” Zeifman said. “Legal is involved in negotiations over SLA violation, potential lawsuits, and potentially with regulatory filings in the financial services industry.”

Incapsula indicates in the survey that organizations should be able to respond to DDoS attacks with as few employees as possible.

When asked how many employees in the organization are tasked with mitigating or combating a DDoS attack, 27 percent of respondents said more than 15 staffers, 69 percent said between two and 15 people, and no one said just a single individual. Furthermore, while 43 percent of respondents said their company uses a purpose-built DDoS protection solution, more than half stated that their firm relies on web application firewalls or traditional network firewalls that are vulnerable on their own.

“In general, organizations do not do a good job when it comes to crisis planning,” Zeifman said. “There are often business priorities that take precedence, though the lack of planning may come back to bite them. Just like organizations should have plans to recover from data breaches, they should have plans to recover from DDoS attacks.”

Stepping back from cost analysis, Incapsula sought to determine the motivations behind DDoS attacks.

In the survey, 46 percent of respondents indicated that they had received a ransom note from a DDoS attacker, and 45 percent said they had not. 40 percent of those surveyed said they believe the attacker was attempting to flood the company’s network infrastructure to block all connections to its domain, 20 percent believe the attacker was targeting specific applications to block the company’s use, and 33 percent believe both were motivations.

Extortion for profit is one of the primary drivers of DDoS attacks, Zeifman said.

“Extortionist hackers rent botnets for a relatively small amount of money, say $500, and then threaten DDoS attacks on ten to twenty sites, betting that some will pay up,” Zeifman said. “It is effectively DDoS arbitrage.”

Zeifman added that hacktivism and competitive business feuds are other big motivations.

“Hacktivists try to draw attention to their cause or the faults of the organization they are attacking,” Zeifman said. “Their aim is publicity, but the business and its customers suffer. Competitive business feuds are more common in certain competitive and loosely regulated industries like online gambling, multiplayer online games, and bitcoin exchanges. Competitors try and take out a competitor to drive business to their game site, gambling site or exchange.”



Distributed Denial of Service (DDoS) attacks against Hong Kong websites increased a whopping 111% from September to October as pro-democracy protests in the Special Administrative Region of China took hold, according to Arbor Networks.

The DDoS mitigation firm’s Security Engineering and Response Team (ASERT) consulted anonymized data generated by its ATLAS network of 290 ISPs worldwide running Arbor products.

It found that observed attacks against Hong Kong-related online properties jumped from 1,688 in September this year to 3,565 in October.

ASERT threat intelligence and response manager, Kirk Soluk, explained in a blog post that while establishing definitive causal relationships and attribution is tricky, DDoS attacks appear to have become the “new normal” in countries experiencing political unrest.

“In this case, we observed a 111% increase in the number of DDoS attacks targeting Hong Kong-related internet properties when analyzing the months immediately before and after protester demands, on October 1, for Hong Kong’s chief executive to step down,” he added.

“Additionally, large-scale DDoS attacks were observed targeting Hong Kong-related internet properties that coincide with reports of debilitating disruptions of online media outlets sympathetic to the protest movement.”

These online media outlets included most notably Next Media, run by outspoken Beijing critic Jimmy Lai, and its popular Apple Daily publication.

In this case the large DDoS on its site coincided with reports of anti-protest crowds physically trying to prevent distribution of the Apple Daily newspaper and of a simultaneous cyber-attack which took the company’s email system out for hours.

Arbor may have had trouble with attribution but security vendor FireEye recently claimedthat the attack infrastructure used to launch the DDoS campaigns could be linked to that used by likely Chinese state-backed APT activity such as Operation Poisoned Hurricane.

As for the future, Arbor is predicting that November is already shaping up to be another big month for DDoS attacks in Hong Kong, as the protesters continue their campaign for true democracy in the former British colony.

The firm said it recorded peak DDoS sizes of 30Gb/s on four consecutive days this month, for example.


The first event of the 2014 Swedish Masters, the online poker series run by Sweden’s state-owned monopoly company Svenska Spel, did not go as expected, as a distributed denial-of-service (DDoS) attack obliged the room to cancel the event and refund all the players.

Initially scheduled to take place on Sunday, Nov. 2, the tournament ended up without a winner, but with 1,451 players being refunded for their tournament buy-ins.

“We have had a number of DDoS attacks last week, that went on into the evening,” a spokesperson from Svenska Spel told Sweden’s leading daily Aftonbladet. “At first, we paused the tournament, but then we noticed that the attack started again, so we decided to cancel it.”

Planned to offer Svenka Spel’s players a good number of tournaments throughout the whole month of Nov., the 2014 Swedish Masters is now considered to be a series “at risk” per the room’s own admission, and it is possible that similar attacks will influence the regular play of the other events in the schedule.

The DDoS attacks came in a delicate time period for Svenska Spel, as Sweden’s only licensed company has recently suffered for some significant revenue losses.

As reported by PokerNews on Monday, the company recorded 2.1 billion Swedish krona ($284 million) in 2014 third-quarter revenue, representing a 10.9-percent decline from the 2.4 billion Swedish krona ($325 million) in the same period in 2013. At the same time, 2014 year-to-date operating profit has declined nine percent from 3.8 billion Swedish krona ($514 million) in 2013 to 3.5 billion Swedish krona ($473 million) in 2014.

The negative trend, however, did not come as a surprise for the board of the company, as its CEO Lennart Käll explained that the numbers were “according to the company’s plan.”

According to Käll, the decline is due to the fact that “in recent years, the Swedish gambling market has evolved in the wrong direction,” and that Svenska Spel’s has decided to engage in a more socially responsible promotion of gambling and adopted a series of measures that have limited its visibility compared to the past years.