A worrisome trend has been spotted recently of continuous DDoS attacks. After the Lizard Squad attack against Destiny and Call of Duty servers, the researchers confirmed a high volume of attacks that happened in the first six months of 2014. The players that suffered the attack were booted from the servers right in the middle of their game, when an error message occurred. The access to the game was restricted for several hours and the players complained about it, threatening to ask for their money back.

The trend of these DDoS attacks is likely to go on for two main reasons – the access to DDoS service solutions and the widespread coverage of the attacks. That is why the website operators need to put up defenses against the DDoS attacks.

DDoS attack duration

These attacks are short in duration and are repeated on a frequent basis. Approximately 90 % of the attacks that have been detected during that period of time lasted for less than half an hour. According to the experts, the ongoing trend is for attacks towards latency-sensitive websites including hosting service, online gaming and eCommerice. That is why these websites should apply different security solutions with rapid response.

DDoS attack strength
The attacks are of high rate and high volume. For example the DDoS traffic volume increased with one third reaching more than 500Mbps. Five percent of the DDoS traffic volume even reached up to 4Gbps. In the first half of 2014 more than 50% of the DDoS attacks were above 0.2Mpps, which is a 16 % increase. At the same time more than 2% of DDoS attacks were started at 3.2Mpps rate and above.

DDoS attack methods

DDoS attack methods
DDoS attacks are characterized with three main methods, namely DNS Flood, TCP Flood and HTTP Flood. The top three attack types form 85 % of all the attacks. The most popular method used are the DNS Flood attacks making 42 % of all the attacks noticed. The number of the HTTP Flood and the DNS Flood attacks has decreased, while at the same time the TCP Flood attacks grew substantially.

The ISPs attacks
The researchers found out that the number of the ISPs attacks has also increased by 87 %, the online gaming attacks increased by 60 % and the enterprises attacks increased by 100 %.

DDoS attacks of high-frequency

The DDoS attacks turned out to be one of the largest and longest, as well as the ones with highest frequency. The longest of all single attacks lasted for almost 12 days, while the largest single attack as far as packet-per-second was hit at 23 million pps volume.

At the same time, more than 40 % of the victims were targeted by the attack many times, and one in every 40 victims was hit repeatedly for more than 10 times. The highest frequency of attacks that has been noticed by one victim reached 68 separate DDoS attacks.

Source: http://sensorstechforum.com/ddos-attacks-gaming-sites/

The editorial Board of the Russia Today TV channel reported the most powerful DDoS attack on their website. This information was published on the website.

“Website RT.com today has been the most powerful DDoS attack for all time of existence of the channel. Power DDoS attack UDP flood on the RT site reached 10 Gbit/s. Thanks to the reliable technical protection of the site, RT.com was unavailable just a few minutes, however, the DDoS attack lasted”, – stated in the message.

Responsibility for hacker attack so far has not been declared.

Website RT.com subjected to DDoS attacks repeatedly. One of the most powerful hacker attacks occurred on February 18, 2013. The work of the RT site in English managed to recover only later, 6 hours after the start of the attack. In August 2012 sites of RT channels in English and Spanish were also under attack. Then the responsibility it has assumed hacker group AntiLeaks, which opposes the project WikiLeaks Julian Assange.

Source: http://newstwenty4seven.com/en/news/russia-today-zajavil-o-moschnejshej-ddos-atake-na-svoj-sajt

Question: What are botnets used for? Answer: Distributed Denial of Service (DDoS) Attacks.

Botnets are bad. The DDoS attacks that they can launch are even worse. The concept of a DDoS attack is simple. Generate enough malicious traffic to a web site, and it will become unable to respond to legitimate requests. In effect, the web site will be taken down. DDoS attacks have been used for retaliation, for political statements, for competitive reasons, and even for ransom.

The damage DDoS attacks can inflict on a company’s public-facing Internet services, such as web sites, or to the Internet in general is massive. There have been many examples of the use of botnets to bring major corporations to their knees:

  • In retaliation for the anti-Islamic YouTube video “Innocence of Muslims,” Islamic hackers launched massive DDoS attacks against several U.S. banks and took down their online banking portals for over a day each. Several months later, the hackers repeated their attacks; and they vowed to continue until the video is removed from the Internet. Their attacks so far have generated up to 70 gigabits per second (gbps) of malicious traffic – enough to overwhelm most web sites.
  • Spamhaus was hit with the most massive DDoS attack yet reported – a malicious data rate of 300 gbps! Spamhaus is a firm that maintains a blacklist of spam-generating sites and sells the list to corporations, government agencies, and ISPs so that they can block traffic from these sites. One of the web sites on the blacklist is CyberBunker, which advertises that it will post anything except child pornography and terrorist threats. It is CyberBunker that is suspected of launching the assault against Spamhaus.

Until these large attacks occurred, most DDoS incidences generated about 10 gbps of malicious traffic. Clearly, their severity is increasing. So is the frequency and length of attacks. Prolexic, a DDoS mitigation firm, found in its surveys that DDoS attacks increased 53% from 2011 to 2012. During this time, Prolexic mitigated seven attacks that exceeded 50 gbps. In this three-part series, we examine the anatomy of DDoS attacks. Part 1 describes how botnets are created and are used to launch attacks. Part 2 describes the types of DDoS attacks that can be used to disable your customer-facing systems. In Part 3, we discuss various mitigation strategies available for minimizing the effectiveness of a DDoS attack.

Botnets

A single PC is not powerful enough to generate sufficient traffic to overwhelm most systems. It takes a concerted effort of many PCs to do so. This is a botnet. A botnet is a collection of infected systems that can be commanded to take a joint action upon request by a bot master. For DDoS attacks, this joint action is the generation of massive amounts of malicious data directed toward a victim’s web site.

There are several classes of botnets:

  • The earliest botnets were made up of infected PCs. Typically, a PC is infected by a Trojan that enters the PC via a malicious email, a malicious web site, or an infected web site. The Trojan opens a backdoor to the PC that allows the bot master to download its DDoS software into the PC. The PC then connects to the bot master and thereafter will be under its control. PCs cannot generate a great deal of traffic, primarily due to the bandwidths of their Internet connections. A megabit per second (mbps) is typical. Therefore, to generate ten gigabytes per second of traffic, the botnet must comprise ten thousand PCs.ddoschart2
  • Some attacks are politically popular and generate a great deal of support among a class of people around the world. In this case, attackers have enlisted many individuals to voluntarily contribute the services of their PCs to the botnet. The Islamic hackers that attacked U.S. banks in retaliation for the anti-Islamic YouTube video reportedly had access to hundreds of thousands of voluntarily provided PCs. Another example was an attack launched by supporters of Julian Assange, founder of WikiLeaks, when he was arrested for leaking classified material.
  • The limited capability of a PC to generate DDoS traffic is solved to a great extent by using powerful servers instead. In this case, servers are infected with DDoS software, often through known security vulnerabilities in popular programs such as Joomla and WordPress. A powerful server with wideband access to the Internet can generate a thousand times as much traffic as a PC.

Botnets for Rent

Botnets are readily available for rent on the darknet, private networks where connections are made only between trusted peers. Hackers form a community of trusted peers and can gain access to botnet rentals. The cost for botnets is relatively modest given the damage they can inflict. For instance, the following botnet rentals are advertised on the darknet:

  • 10,000 PCs – 10 gbps – $500 per month
  • 100,000 PCs – 100 gbps – $200 per day

Source: http://www.techproessentials.com/ddos-attacks-can-take-down-your-online-services/

Old and cheap modems are now being blamed for Spark’s broadband troubles.

Customers reported slow speeds and dropped connections over the weekend.

Spark now believes cyber criminals have gained access to a number of customer’s modems, and disrupted the network that way.

It has disconnected the affected modems, and contacting customers to discuss solutions.

Meanwhile, denial of service attacks which hobbled Spark’s internet over the weekend are extremely unlikely, according to an industry body.

Internet New Zealand’s work programme director Andrew Cushen says people arriving at work for the first time since Friday should run a virus scan on their computers.

But he doesn’t believe Spark will be a long-term target.

“These attacks are unfortunately quite common on the internet and they are used quite commonly overseas.

“We don’t see them often here in New Zealand, because denial of service attacks usually go after higher profile targets.”

Source: http://www.newstalkzb.co.nz/auckland/news/nbnat/2051865836-further-denial-of-service-attacks-on-spark-unlikely

New study warns of rising smokescreening practice in cyberattacks

The top takeaway of a new study suggests that more and more frequently, distributed denial of service (DDoS) attacks are being used as a smokescreen, distracting organizations while malware or viruses are injected to steal money, data, or intellectual property.

The white paper, the 2014 Neustar Annual DDoS Attacks and Impact Report: A Neustar High-Tech Brief, reveals insights into this trend based on a survey of 440 North American companies, comparing DDoS findings from 2013 to 2012.

Over the last year, the study found, DDoS attacks evolved in strategy and tactics. More than half of attacked companies also reported theft of funds, data, or intellectual property. These cyber-attacks are intense but quick, more surgical in nature than sustained strikes whose goal is to extend downtime.

This year’s survey also demonstrated that the landscape of DDoS attacks is changing. The number of attacks is up, but attack duration is down, meaning that attacks are becoming more intense and harder to catch. Larger attacks are more common, but most attacks still are less than 1 Gbps. Although companies report a greater financial risk during a DDoS outage, most still rely on traditional defenses like firewall, rather than purpose-built solutions like DDoS mitigation hardware or cloud services.

Among the study’s other findings:

  • Virus and malware insertion during DDoS attacks was common, with 47 percent of companies who experienced a DDoS attack and data breach simultaneously reported the installation of a virus or malware.
  • The industry sees DDoS as a growing threat, with 91 percent of high-tech respondents viewing DDoS as a similar or larger threat than just a year ago.
  • 87 percent of companies attacked were hit multiple times.
  • Nearly twice as many businesses were hit: in 2013, 60 percent of companies were DDoS-attacked, up from 35 percent in 2012.  And these attacks were of shorter duration in 2013.
  • Attacks between 1 and 5 Gbps almost tripled.
  • Customer support is the leading area of impact. For 53 percent of tech companies that suffered an outage, customer service was cited as the area most affected, while 47 percent named brand/customer confidence as the most affected.
  • Collectively, non-IT/security groups see the greatest cost increases in the event of a DDoS attack.
  • High-tech revenue losses are in line with those of other sectors. In 2013, DDoS was just as risky for high-tech as for other verticals, with 47 percent reporting revenue risks of more than $50 K per hour and 31 percent hourly risks of more than $100 K. That means that daily revenue risks are often measured in seven figures.

The conclusion of the report is that there is a trend towards shorter DDoS attacks, but also more attacks from 1 to 5 Gbps — quicker, more concentrated strikes, that suggest a growing presence of a highly damaging tactic called DDoS smokescreening.

Smokescreening distracts IT and security teams with a DDoS attack, allowing criminals to grab and clone private data to siphon off funds, intellectual property, and other information.  In one case, thieves used DDoS to steal bank customers’ credentials and drain $9 million from ATMs in just 48 hours. Such crimes have caused the FDIC to warn about DDoS as a diversionary tactic.

The study urges businesses to watch for the warning signs, including shorter, more intense attacks with no extortion or policy demands.  It also counsels them to follow best practices such as not assigning all resources to DDoS mitigation, but dedicating some staff to monitoring entry systems during attacks, making sure everything is patched with up-to-date security and to establish dedicated DDoS protection.

Rodney Joffe, Neustar senior VP and senior technologist notes, “The stakes are much higher. If you’re a criminal, why mess around with extortion when you can just go ahead and steal — and on a much greater scale?”

Source: http://www.bsminfo.com/doc/smokescreening-is-the-latest-danger-in-ddos-attacks-0001