André Stewart, president international at Corero Network Security, argues that the Serious Organised Crime Agency should have taken a recent DDoS attack more seriously…

The response by the Serious Organised Crime Agency (SOCA) to the distributed denial of service (DDoS) attack directed at its public website is somewhat disappointing for the nation’s leading anti-crime organisation. The agency’s statement that it does not consider investing in DDoS defence protection “a good use of taxpayers’ money” fails to take into account potentially serious security consequences. Further, it sends the wrong message to cyber criminals at a time when businesses and organisations in the United Kingdom and around the world operate under continuous threat of attack.

The attack against the SOCA website used a network-layer DDoS attack which is a very publicly visible form of cyber crime. The attackers’ intent is to slow or bring down a website for the entire world to see. The victim organisation has to own up to what has happened and, in the case of government entities, explain why it will not or cannot respond effectively.

However, hacktivist groups and criminals frequently use DDoS attacks as a smokescreen to hide more surreptitious intrusions aimed at stealing data. For example, the theft of 77 million customer records from the Sony PlayStation Network was preceded by a severe DDoS attack. In discussing its 2012 Data Breach Investigations Report, Verizon’s Bryan Sartin said that diversionary DDoS attacks are common practice to mask data theft, including many of the breaches by hacktivists which totalled some 100 million stolen records.

This raises the question about SOCA’s approach to securing its networks and the protection of critical information from more sinister, stealth cyber attacks. Criminals want to create diversions and remain unnoticed while they infiltrate deeper into a network and steal data. Most data breaches go undetected for weeks, months, even years in some cases. Can we be confident, based on SOCA’s response to its public website being hit for the second time in less than a year, that it is addressing more critical security risks? The response to the latest incident could undermine confidence in the quality of the agency’s security program. How deep does its estimable high regard for taxpayer money go?

Just last June, the LulzSec group claimed credit for taking SOCA offline with a DDoS attack. One has to wonder if SOCA is truly dismissive of these attacks or simply has been slow to address the issue. Whilst the agency is dismissive of the latest DDoS attack its inability to protect itself nearly a year after the first public attack plants a seed of doubt about the calibre of its security program.

Perhaps most concerning is that SOCA is conceding the initiative to criminals who are attacking the agency directly. Would the police stand by, for example, while some hooligan scrawled graffiti on a local station with the explanation that they had more important things on which to spend time and money? Would the public tolerate that response?

Whilst putting its foot down on spending public funds is commendable, failing to respond to a direct criminal attack on law enforcement’s public face seems an odd place for SOCA to draw a line in the sand.

Source: http://www.publicservice.co.uk/feature_story.asp?id=19768

UK’s largest hosting biz titsup in DDoS outrage

By Anna Leach

Posted in CIO, 23rd May 2012 12:36 GMT

A “massive” distributed-denial-of-service attack emanating from China has taken down 123-reg, the UK net biz that hosts 1.4 million websites.

In a statement on the its service status page just after midday today, 123-reg blamed attackers in China:

From 11:30 to 22:50 our network was undergoing a massive distributed denial of service attack from China. Due to the nature and size of this attack the firewall systems in place needed to be reconfigured to block the bad traffic and allow the good traffic through.

The attack, which appears to be ongoing, caused patchy service from the sites hosted by the company, which also has more than 4 million domains on its books. 123-reg promised that no emails would be lost, and messages would be queued up by the mail servers and sent shortly.

123-reg’s own site was down too in the aftermath of the traffic blast, which proved to be frustrating for users trying to find out what was going on. A 123-reg tweet at 12.30pm said that they were working through final issues and that services should be returning to normal.

123-reg is a brand name of Webfusion Ltd, part of the Host Europe group. WebFusion isn’t picking up the phone so we can’t get more detail on the hacks at this time. ®
Updated to add

A spokeswoman for 123-reg got in touch this afternoon to say:

We had contained the primary attack within 15 minutes of it happening. As the largest domain provider in the UK, and coupled with the increase of these types of attacks across Europe in particular, we know we are a prime target. We are still in the process of resolving this.

Source: http://www.theregister.co.uk/2012/05/23/123reg_ddos_attack/

More than half of US businesses still rely on conventional firewalls or intrusion prevention systems to shield themselves from the scourge of DDoS attacks, a survey by services firm Neustar has found.

By John E Dunn

Techworld — More than half of US businesses still rely on conventional firewalls or intrusion prevention systems to shield themselves from the scourge of DDoS attacks, a survey by services firm Neustar has found.

The survey of 1,000 US-based IT professionals across a range of industries found that only 3 percent were using DDoS mitigation systems or services, with a quarter claiming they had no protection whatsoever against the threat.

Eleven percent used intrusion detection/prevention systems even though such technology is (in common with firewalls, routers and switches) widely seen as an inadequate defence against contemporary DDoS bombardment, Neustar said.

“Experts point out that during DDoS attacks these ‘defences’ become part of the problem. They quickly become bottlenecks, helping achieve an attacker’s goal of slowing or shutting you down. Moreover, firewalls won’t repel attacks on the application layer, an increasingly popular DDoS vector,” the authors note.

A third of those questioned said DDoS attacks lasted for a day or more with 11 percent mentioning over a week.

There didn’t appear to be any clear pattern that related attack length to industry segment, except that the travel industry appeared slightly more vulnerable to attacks lasting longer than 24 hours.

Two thirds said the direct cost of all this DDoS was about $10,000 (APS6,200) per hour or $240,000 per day, with 13 percent reckoning it as being $100,000 per hour.

The most vulnerable to high costs was retail, a sector that depends on online sales to generate cashflow, followed by finance.

The main anxiety in advance of DDoS attacks was the negative impact on customers, ahead of brand reputation damage and even direct costs.

Companies such as Neustar have a vested interest in talking up the difficulty of dealing with DDoS the better to market protection services.

However, the company said it accepted that there was no simple answer to countering DDoS attacks; even the best protection systems available still required trained, skilled staff to deploy and manage them.

“With attacks becoming more sophisticated – mixing brute-force bandwidth assaults and surgical strikes on applications – in-depth knowledge and experience make a huge difference. There is no ‘magic box’ that can out-think attackers on its own.”

The company markets its own cloud-based mitigation service, SiteProtect. Three years ago its UltraDNS service was itself the victim of a DDoS attack.

Source: http://www.cio.com/article/706594/U.S._Firms_Over_Reliant_on_Firewalls_to_Defend_Against_DDoS_Attacks?taxonomyId=3089

The Pirate Bay is getting pounded with a denial-of-service attack and most of the likely suspects deny involvement.

by Greg Sandoval May 16, 2012 12:56 PM PDT

There’s a good whodunit developing over at The Pirate Bay, the popular BitTorrent file-sharing service.

An unknown entity has launched a large distributed denial-of-service attack (DDoS) against The Pirate Bay and rendered the site largely inaccessible for more than a day. The Pirate Bay posted a note to its Facebook page confirming the attack. Site operators wrote: “We don’t know who’s behind it but we have our suspicions.”

Suspicions are all anybody seems to have at this point. Here’s a list of the top suspects and where they stand on the issue.

– The Motion Picture Association of America: A spokesman for the trade group for the top six Hollywood film studios, a group that over the years has become one of The Pirate Bay’s arch nemesis, told CNET “The MPAA has no involvement and does not condone DDoS attacks.”

– The Recording Industry Association of America: A representative for the trade group for the four major music labels, also denied that the organization was behind the attack. He pointed out that the RIAA has been the victim of multiple DDoS attacks and has denounced the practice.

– Anonymous: The mysterious hacktivist group that is well known around the world for launching DDoS attacks, has denied responsibility. The Pirate Bay admonished Anonymous’ for its tactics when the group recently launched a DDoS attack against Virgin Media, the first Internet service provider in the United Kingdom to block The Pirate Bay.
“Yes, The Pirate Bay is down,” wrote Anonymous in a Twitter post. “Yes it’s under DDoS attack. No we don’t know who from. We’ll update as we hear more.”

Of course the MPAA and RIAA don’t speak for every copyright owner around the world. Plenty of filmmakers and musicians not affiliated with those groups consider The Pirate Bay a scourge and believe that site operators enrich themselves at artists’ expense.

Anonymous also doesn’t speak for every hacker in the world or for everyone who has the capability to launch a DDoS attack.

The only reason that anyone would even suspect Anonymous, which has always been a huge supporter of The Pirate Bay, is because of BitTorrent site’s strong condemnation last week of DDoS attacks — even attacks launched in support of the service.

“We do not encourage these actions,” The Pirate Bay wrote after Virgin Media came under attack, according to the blog Torrentfreak. “We believe in the open and free

Internets, where anyone can express their views. Even if we strongly disagree with them and even if they hate us.”

So, where does this leave us? Is it a government that is attacking the site or an angry group of tech-savvy indie filmmakers or musicians? Is it a rogue element of Anonymous? If you have any suspicions, please share them in the comments.

Source: http://news.cnet.com/8301-1023_3-57435710-93/who-is-behind-murky-ddos-attack-against-the-pirate-bay/

By: Jeremy Nicholls

The internet is an ideal destination for like-minded people to come together.

This is as true for people who are reaching out to friends, colleagues and strangers to raise money for charity as it is for groups of individuals who plan to use cyber attacks to make political or ideological statements.

It is the latter group, ‘hacktivists’ as they have come to be called, who are having a profound impact on today’s security threat landscape.

Research from Arbor Networks’ annual Worldwide Infrastructure Security Report (a survey of the internet operational security community published in February) supports this. Ideologically motivated hacktivism and vandalism were cited by a staggering 66 per cent of respondents as a motivating factor behind distributed denial-of-service (DDoS) attacks on their businesses.

One of these attacks last month targeted the BBC – the attack took down email and other internet-based services and the BBC suspected the attack was launched by Iran’s cyber army in a bid to disrupt BBC Persian TV. Then there was the takedown of the Home Office website with the promise of a series of weekly attacks against the Government.

But it’s not just high-profile, politically connected organisations at risk. Any enterprise operating online, which applies to just about any type and size of business operating in the UK, can become a target because of who they are, what they sell, who they partner with or for any other real or perceived affiliations. Nobody is immune.

An influx of new attack tools entering the market are readily available and fast to download. This video demonstrates how many tools are available today to anyone with a grievance and an internet connection; furthermore, the underground economy for botnets is booming.

Botnets ‘for hire’ are popular – unskilled attackers are able to hire botnet services for bargain-basement prices. Just as an enterprise can subscribe to a technology provider or a cloud-based DDoS mitigation service, hacktivists can subscribe to a DDoS service to launch attacks.

While hacktivism has gained tremendous press attention recently, there is evidence of DDoS attacks being used for competitive gain. For example, the Russian security service FSB arrested the CEO of ChronoPay, the country’s largest processor of online payments, for allegedly hiring a hacker to attack his company’s rivals. He was charged with a DDoS attack on rival Assist that paralysed the ticket-selling system on the Aeroflot website.

This all has overwhelming implications for the threat landscape, risk profile, network architecture and security deployments for all service providers and enterprises.

With the democratisation of DDoS has come a change in the attacks themselves. The methods hackers use to carry out DDoS attacks have evolved from the traditional high-bandwidth/volumetric attacks to stealth-like application-layer attacks and state attacks on firewalls and IPS, with a combination of any or all three being used in some cases.

Multi-vector attacks are becoming more common. A high-profile attack on Sony in 2011 had the company blinded of security breaches that compromised user accounts on the PlayStation Network, Qriocity and Sony Online Entertainment, because it was distracted by DDoS attacks.

Whether used for the sole purpose of shutting down a network or as a means of distraction to obtain sensitive data, DDoS attacks continue to become more complex and sophisticated. While some DDoS attacks have reached levels of 100Gbps, low-bandwidth, application-layer attacks have become more prominent as attackers exploit the difficulties in detecting these ‘low-and-slow’ attacks before they impact services.

Of the respondents surveyed in Arbor’s report, 40 per cent reported an inline firewall and/or IPS failure due to a DDoS attack, and 43 per cent reported a load-balancer failure.

While these products have a place and are an important part of an organisation’s overall IT security portfolio, they are not designed to protect availability. To ensure the best possible protection, organisations should adopt a multi-layered approach – combining a purpose-built, on-premise device with an in-cloud service.

DDoS mitigation is not a short-term fix. At Arbor Networks, we believe that this is something that should sit within a company’s overall risk-planning considerations. Just as physical security can be impacted by fire or extreme weather, digital security includes evaluating threats to availability, namely DDoS attacks.

It is becoming increasingly important to develop a plan to identify and stop them before they impact services, just as you would with natural disasters such as earthquakes or floods.

It is time for companies to start considering DDoS in their business-continuity planning. If they don’t, and they are targeted, the resulting chaos and lack of tools extends the outage and increases the costs both from an immediate financial perspective, and in terms of longer-term brand damage.

 

Source: http://www.scmagazineuk.com/the-changing-face-and-growing-threat-of-ddos/article/241020/