As cyber-criminals innovate and develop new techniques to tackle defensive methods, it has never been more important for information security professionals to have strong, proactive defense and remediation strategies in place. During this webinar, the speakers will share insight on how to address the risks and respond to attacks.

Hear about the evolution of and motivations behind DDoS attacks and the attack vectors exploited

  • Discover how to implement multi-layered DDoS defense
  • Identify best practice detection and classification techniques
  • Discover how to implement resilient DDoS incident response practices

Date: November 12th 2014
Time: 10:00AM EST/15:00 GMT

Click here to register !

As the Director of Sales for DOSarrest Internet Security I have the opportunity to speak with many prospects looking for DDoS protection service for their corporate website.

What I have learned is that there are many competitors offering what I would call a “bare bones vanilla offering”.

Some offer free service to service ranging in price from $200 – $300/month. These plans offer a very basic protection. They also advertise an Enterprise offering that has an expense starting point can really turn into being quite costly depending on your circumstances.

The Enterprise service is the offering that any company that is serious about protecting their website should consider. There are a few issues with each of these offerings that I’d like to point out.

These competitors claim they have a very large number of clients utilizing their services but fail to mention that 80-85% of them are using their free service. Roughly 10 -15% of their customers are using their $200-$300/month service which again is really just a basic protection with limited protection capabilities.

When a company witnesses a large attack, which is completely out of their control, they are told they should upgrade to their enterprise offering. I hear from prospects quite often that this $200 – $300/month service does not offer adequate protection nor customer support.

In most cases there is no phone support included at all! Also they will charge the client based on the size of the attack? How can a client control the size of an attack they are experiencing! This uncertainty makes it virtually impossible for a company to budget costs. Let’s not be mistaken, their goal is to get you onto their Enterprise offering which will cost you in excess of a thousand dollars per month.

Alternately at DOSarrest Internet Security we offer a single Enterprise level service for all of our clients.

The service includes full telephone and email access to our 24/7 support team with our service. This provides you direct access to system experts. We do not operate a tiered support service given the criticality of the service.

Also we protect our clients from all DDoS attacks regardless of size without the need to pay us additional depending on the size of an attack.

We also include an external monitoring account with our service called DEMS which stands for our DOSarrest External Monitoring Service. This allows our 24/7 support team to monitor your website from 8 sensors in 4 geographical regions.

We proactively inform our clients if we notice any issues with their website. Most of our competitors do not offer this service and if they do it is not included free of charge to their clients.

DOSarrest has been providing DDoS protection services since 2007. Globally we were one of the very first DDoS protection providers and have successfully mitigated thousands of real world attacks. This is a not an “add on product” for us. Our team has the experience and the protection of a client’s website is our #1 priority. Please visit our newly revamped website and take a look at the testimonials page to see what some of our current customers are saying about their experience with us.

Please feel free to reach out to me directly or anyone on our sales team at sales@dosarrest.com for further information on our service.

Brian Mohammed

Director of Sales for DOSarrest Internet Security LTD.

Seventy official sites targeted by hackers ‘partly from other regions’ who declared ‘cyberwar’ after tear gas was used on Occupy protesters

Eleven people have been arrested over cyberattacks on more than 70 government websites this month after hackers warned of retaliation for the use of tear gas on democracy protesters.

The cyberattacks are believed to have been directed under the banner of Anonymous, a brand adopted by hackers and activists around the globe.

No information was changed or stolen, nor were the government’s online services affected significantly, Secretary for Commerce and Economic Development Greg So Kam-leung told lawmakers yesterday.

Attackers made the sites intermittently inaccessible through a flood of access requests, he said.

“Attacks launched by the hackers’ group originated partly from Hong Kong, and partly from other regions,” So said.

“Since any internet user can join Anonymous, [the attackers] could have originated from anywhere in the world and it is hard to find out their nationalities.”

Police had arrested eight men and three women, aged 13 to 39, on suspicion of accessing computers with criminal or dishonest intent, he said.

On October 2, web users identifying themselves as Anonymous hackers declared “cyberwar” on the government and police force after tear gas was fired at Occupy Central demonstrators late last month.

So told a Legislative Council meeting that more than 70 official sites were made temporarily inaccessible by so-called distributed denial-of-service (DDoS) attacks. During such attacks, website infrastructure is overwhelmed by a huge bombardment of traffic, overloading servers and slowing down the site’s functionality. So stressed that security was not compromised.

In contrast, hundreds of phone numbers and email addresses of the Ningbo Free Trade Zone and a job-search site run by the Changxing county administration, both in Zhejiang province, were exposed by Anonymous this month, apparently in support of the protesters. The data also included individual IP addresses and names.

So said hackers had hit some local websites as well, but did not have a significant impact on the city’s economic activities.

Lawmakers asked if the hacking was related to Occupy and the alleged involvement of “external forces” in the movement.

So said it could not be linked to any specific country as many computers originating from different places were involved. Police were investigating further.

The website of pro-democracy newspaper Apple Daily has also been the target of cyberattacks in recent weeks, coinciding with a blockade of its offices in Tseung Kwan O by pro-Beijing protesters.

No group has claimed responsibility for those cyberattacks, which followed similar attempts to make the Apple Daily website inaccessible in June when Occupy held an electoral reform “referendum”.

Source: http://www.scmp.com/news/hong-kong/article/1622171/more-70-hong-kong-government-websites-under-attack-anonymous-hackers

Anonymous attacks predicted as Guy Fawkes Day approaches. 

Hackers are increasingly using domain name serves (DNS) amplification to deliver huge amounts of traffic in distributed denial of service (DDoS) attacks, according to a white paper from security company Symantec.

Between January and August of this year the firm observed an 183% increase in the use of such attacks, in which hackers deliver requests to DNSs prompting floods of traffic to the target.

Candid Wueest, threat researcher at Symantec, said: “Distributed denial of service attacks are not a new concept, but they have proven to be effective. In the last few years they have grown in intensity as well as in number, whereas the duration of an attack is often down to just a few hours.

“Such attacks are simple to conduct for the attackers, but they can be devastating for the targeted companies. Amplification attacks especially are very popular at the moment as they allow relatively small botnets to take out large targets.”

Attack patterns employed by hackers can move over time as companies seek to defend themselves against popular attacking strategies, in what is often compared to an arms race.

Many hackers now sell DDoS attacks for as little as $5 online, although denial of service continues to popular among so-called hacktivists such as Anonymous, who engage in cyber attacks as a means of political protest, or what some may consider terrorism.

Wueest added that Shellshock bug earlier this year which affected the command lines of Unix, Linux and Mac had allowed hackers “to install DDoS scripts on a variety of servers”, with some building “a powerful DDoS botnet”.

“The forecast for the future looks dark, as we expect to see many DDoS attacks during Guy Fawkes Day on November 5, as the Anonymous collective has already announced various activities under the Operation Remember campaign,” he said.

“We have also seen cases of extortion where targets have been financially blackmailed, as well as some targeted attacks using DDoS as a diversion to distract the local CERT team while the real attack was being carried out.”

This year saw a DDoS attack measuring 400Gbps, the fastest on record, with many attacks said by Symantec to be in excess of 100Gbps. India was found to be the most common source for the attacks at 26%, with the US accounting for 17%.

Source: http://www.cbronline.com/news/security/huge-ddos-attacks-on-the-rise-4412905

Device vendors, internet service providers, and enterprises are all at risk of massive distributed denial of service (DDoS) attacks involving the harnessing of millions of universal plug and play (UPnP) devices, according to Akamai’s Prolexic Security Engineering & Response Team (PLXsert).

The firm has issued an advisory detailing the use of a new reflection and amplification DDoS attack that deliberately misuses communications protocols that come enabled on millions of home and office devices, including routers, media servers, web cams, smart TVs and printers.

The protocols allow devices to discover each other on a network, establish communication and coordinate activities. DDoS attackers are now abusing these protocols on Internet-exposed devices to launch attacks that generate floods of traffic and cause website and network outages at enterprise targets.

“Malicious actors are using this new attack vector to perform large-scale DDoS attacks,” said Stuart Scholly, senior vice president and general manager for the security business unit at Akamai. “PLXsert began seeing attacks from UPnP devices in July, and they have become common.”

He added, “The number of UPnP devices that will behave as open reflectors is vast, and many of them are home-based Internet-enabled devices that are difficult to patch. Action from firmware, application and hardware vendors must occur in order to mitigate and manage this threat.”

In fact, PLXsert found that 4.1 million Internet-facing UPnP devices are potentially vulnerable to being employed in this type of reflection DDoS attack – about 38% of the 11 million devices in use around the world. PLXsert will share the list of potentially exploitable devices to members of the security community in an effort to collaborate with cleanup and mitigation efforts of this threat.

PLXsert replicated an attack of this type in a lab environment, demonstrating how attackers produce reflection and amplification DDoS attacks using UPnP-enabled devices. Essentially, the Simple Object Access Protocol (SOAP) is used to deliver control messages to UPnP devices and pass information back and forth. Attackers have discovered that SOAP requests can be crafted to elicit a response that reflects and amplifies a packet, which can be redirected towards a target. By employing a great number of devices, attackers create large quantities of attack traffic that can be aimed at selected targets.

The mechanism is the latest in amplification techniques. Other traffic-boosting gambits include NTP reflection attacks, and, recently, a surge in Simple Service Discovery Protocol (SSDP) attacks, as we reported earlier in the month.

“These attacks are an example of how fluid and dynamic the DDoS crime ecosystem can be,” explained Scholly. “Malicious actors identify, develop and incorporate new resources and attack vectors into their arsenals. It’s predictable that they will develop, refine and monetize these UPnP attack payloads and tools in the near future.”

Source: http://www.infosecurity-magazine.com/news/surging-ddos-amplifications-use/