DDoS DDoS Attack Specialist DDoS Attacks DDoS Defense DDoS Protection Specialist Stop DDoS
​The top 5 least-wanted malware in any corporate IT infrastructure
August 29, 2016

Ask a group of people to define malware, and you’re likely to get a range of different answers. The term has become a catch-all description for a broad collection of different cyber threats that keep IT managers awake at night.

Categories falling under the malware banner include viruses and worms, adware, bots, Trojans and root kits. Each category is different but all can cause disruption and loss if not detected and quickly removed.

Of the malware types in the wild, the top five are:

1. Remote Access Trojans (RATs)

RATS comprise malicious code that usually arrives hidden in an email attachment or as part of a downloaded file such as a game. Once the file is open, the RAT installs itself on the victim’s computer where it can sit unnoticed until being remotely trigged.

RATs provide attackers with a back door that gives them administrative control over the target computer. This can then be used to steal data files, access other computers on the network or cause disruption to business processes.

One of the first examples, dubbed Beast, first appeared in the early 2000s. It was able to kill running anti-virus software and install a key logger that could monitor for password and credit card details. Sometimes it would even take a photo using the target computer’s web cam and send it back to the attacker.

2. Botnets

Some liken botnets to a computerised ‘zombie army’ as they comprise a group of computers that have been infected by a backdoor Trojan. Botnets have similar features to a RAT, however their key difference is that they are a group of computers being controlled at the same time.

Botnets have been described as a Swiss Army knife for attackers. Linked to a command-and-control channel, they can be instructed to forward transmissions including spam or viruses to other computers in the internet. They can also be used to initiate distributed denial of service (DDoS) attacks similar to the one suspected to have disrupted the Australian census.

Some attackers even rent their botnets out to other criminals who want to distribute their own malware or cause problems for legitimate websites or services.

3. Browser-based malware

This type of malware targets a user’s web browser and involves the installation of a Trojan capable of modifying web transactions as they occur in real time. The benefit for malware of being in a browser is that it enables it to avoid certain types of security protection such as packet sniffing.

Some examples of the malware generate fake pop-up windows when they know a user is visiting a banking web site. The windows request credit card details and passwords which are then sent back to the attacker.

Security experts estimate that there have been around 50 million hosts infected by browser-based malware and estimated financial losses have topped $1 billion.

4. Point-of-sale (POS) Malware

DDoS DDoS Attack Specialist DDoS Attacks DDoS Defense DDoS Protection Specialist
Attacks increase as a result of DDoS-for-hire services
August 26, 2016

DDoS attacks have increased in frequency, scale and complexity over the past year, driven by DDoS-for-hire services, according to a new report.

DDoS-for-hire services have caused attacks to become more affordable by enabling unsophisticated threat actors to launch attacks, stated Imperva’s DDoS Threat Landscape Report 2015-2016. The proliferation of these services, also known as “stressers” and “booters,” accounted for an increase in the number of DDoS attacks from 63.8 percent in Q2 2015 to 93 percent in Q1 2016.

The U.S. and U.K. are the most frequently targeted countries in DDoS attacks, the report said.

In speaking to SCMagazine.com on Thursday, Tim Matthews, vice president of marketing at Imperva Incapsula, said it has become inexpensive to mount DDoS attacks as these kits become “readily available,” creating a “perverse economic ecosystem.”

Other security pros have noticed a similar trend. Maxim Goncharov, security researcher at Shape, wrote in an email to SCMagazine.com on Thursday that in the underground community, there are “literally thousands of offers from DDoS professionals.”

While a 100-plus GB DDoS attack was virtually unheard of just 18 months ago, attacks of that magnitude are no launched by large scale botnets, according to Tom Kellermann, CEO at Strategic Cyber Ventures. “Mitigation through content delivery and ISP is key here,” wrote Kellermann, formerly CISO of Trend Micro, in an email to SCMagazine.com.

Allison Nixon, director of security research at Flashpoint, noted in an email to SCMagazine.com on Thursday that her firm has seen a rise in DDoS-as-a-service in recent years, both in number of services and the power of their attacks. “The problem is that these DDoS services are getting more powerful, and these attacks cause a lot of collateral damage,” she wrote. “Unfortunately, due to the widespread availability of DDoS power, many businesses are learning that purchasing DDoS protection is a requirement to engage in commerce.”

Imperva’s Matthews said there has been an uptick in job postings that require technical skills and experience countering these attacks.

The rise in DDoS-as-service attacks has become a significant concern for law enforcement, according to William MacArthur, threat intelligence analyst at RiskIQ. The adoption of IPv6 mixed with normal traffic protocol patterns is a method used by attackers that the “current hardware in use in most places of business is not ready to handle,” he wrote in an email to SCMagazine.com on Thursday.

Michael Covington, VP product, Wandera, noted that the increase in sophisticated DDoS attacks causes secondary challenges for organizations. “In many situations, a DDoS attack is just a smokescreen for something else the malicious actor is trying to accomplish, whether it involves installing malware, exfiltrating sensitive data or attacking an associate of the target,” he wrote to this publication.

Yogesh Amle, managing director and head of software at Union Square Advisors, agreed, noting that DDoS “is one of the most prevalent and common tactics used by cyberterrorists.” However, he also informed this publication that DDoS attacks are increasingly used to distract businesses. He called DDoS the “gateway” to a bigger prize.

Amle noted that the rise of the DDoS-as-a-service model is an example of a “dark economy” emerging on the internet. “With money to be made, amateurs and sophisticated hackers are jumping into the fray,” he said.

Source: http://www.scmagazine.com/attacks-increase-as-a-result-of-ddos-for-hire-services/article/518544/

Block DDoS DDoS DDoS Attack Specialist DDoS Attacks DDoS Defense DDoS Protection Specialist Denial of Service Attack Stop DDoS Attacks
“The amount of traffic, or bandwidth, that is able to be generated and used as a weapon is at an all-time high.,” said one expert.
August 25, 2016

The company measured threats faced by its customers during a roughly one-year time period, seeing a 211 percent year-over-year increase in attacks.

More commonly known as DDoS attacks, they are designed to flood servers with artificial internet traffic that causes access interruption to websites or network systems.

The firm largely attributed this apparent growth to the establishment of several botnet operations — which serve as a platform to automate and increase attack volume — and malicious actors’ ability to access greater bandwidth to help generate and use such weapons. Dark Web dealers are using these botnets, according to Imperva, to offer more effective cyber tools to would-be customers.

“The amount of traffic, or bandwidth, that is able to be generated and used as a weapon is at an all-time high. This is likely the result of more compromised machines with higher bandwidth,” Imperva Vice President Tim Matthews told FedScoop.

In short, hackers are able to launch denial of service attacks by manipulating a hosting provider to re-route IP addresses towards a preferred server.

Those DDoS attacks recorded by Imperva — recorded between March 2015 and April 2016 — targeted a diverse range of clients. Even so, all of the attacks similarly aimed to disrupt each organization’s digital operations at one of two distinct levels: application or network.

To be clear, an application-based DDoS effectively works to discontinue online access to a specific property, like a website or software service, rather than an entire network.

Because app-based DDoS attacks are by nature less expansive, they typically leverage less traffic. In the past, DDoS-ing an entire network has presented a challenge for hackers due to the sheer artificial traffic required to pull it off. But Imperva’s new report suggests that botnets are significantly changing this dynamic; making it easier for individual operations to disrupt larger segments of the internet.

Another worrisome trend in the DDoS arena, spotted by Imperva, is that when a target gets hit once, it should prepare for another wave. Data shows that 40 percent of affected targets were attacked more than once, while 16 percent were targeted more than five times.

In the past, DDoS attacks have been used to distract an organization from a more malicious data breach, leading to the possible exfiltration of valuable data like customer finances and personal records.

Here’s what a DDoS looks like via a data visualization by cybersecurity firm Norse:

Source: http://fedscoop.com/ddos-attacks-up-211-percent-august-2016

DDoS DDoS Attacks DDoS Defense Denial of Service Attack
Blizzard’s Battle.net servers hit by yet another DDoS attack
August 24, 2016

Gaming servers are a top target of DDoS assaults,’ Imperva security researcher Ofer Gayer told IBTimes UK.

Developer Blizzard’s Battle.net servers were hit with yet another DDoS attack on Tuesday (23 August) resulting in latency and connection issues in some of its popular titles including Overwatch, World of Warcraft and Hearthstone. The company acknowledged the interruption on its Twitter support channels in both the US and Europe, indicating that it was not restricted to just one region.

The company also said that its sites and forums were “experiencing issues” at the time in a separate tweet.

Screen Shot 2016-08-24 at 13.41.29

Screen Shot 2016-08-24 at 13.42.43

The latest attack is the second such assault targeting the developer’s servers this month and the third since the launch of its popular hero-based shooter, Overwatch, in May. It also comes at the end of which ran from 2 August to 22 August in celebration of the Olympic Games in Rio.

On 3 August, Blizzard’s Battle.net servers were crippled by another massive DDoS attack that caused connection, login and latency issues across some of its popular titles. The disruption also occurred on the same day Blizzard launched its Summer Games series.

Hacking collective PoodleCorp claimed responsibility for the alleged attack. The same hacker group also claimed responsibility for taking down Pokémon Go’s servers in July.

In June, Blizzard’s servers were hit with another alleged DDoS attack claimed by notorious hacker group Lizard Squad that prevented players from accessing their games.

DDoS attacks, which are difficult to prevent and defend against, have continued to plague online companies’ networks in recent years, particularly those of major gaming companies’ servers.

“Gaming servers are a top target of DDoS assaults,” Ofer Gayer, a senior security researcher at Imperva, told IBTimes UK.“They have been hit with some of the largest and longest attacks on recent record.”

He added that mitigating DDoS attacks on game servers is a “particularly complex task”.

“Since only gaming platforms are highly sensitive to latency and availability issues, they’re ideal DDoS attack targets,” Gayer said. “Gamers are very sensitive to the impact on latency, so what may be considered negligible for most services, can be very frustrating for the gaming community. This can be affected by multiple factors, most prominently the distribution of scrubbing locations and TTM (time to mitigate).”

Imperva’s latest DDoS Threat Landscape Report found that DDoS attacks have increased by a massive 220% over the past year “with no signs of abating”. It also noted that the UK has become the second most popular target for DDoS attacks in the world.

Screen Shot 2016-08-24 at 13.44.58

Blizzard’s official Customer Support Twitter account later confirmed that the “technical issues” they were experiencing earlier have been resolved. At the time of publication, no hacking group has claimed responsibility for the most recent alleged DDoS attack.

Source: http://www.ibtimes.co.uk/blizzards-battle-net-servers-hit-by-yet-another-ddos-attack-1577793

DDoS DDoS Attack Specialist DDoS Attacks DDoS Defense DDoS Protection Specialist Denial of Service Attack Stop DDoS Attacks
DDoS Attacks Increase 200%; UK Now Second Most Targeted Nation
August 23, 2016

DDoS attacks have increased by over 200% in the last year, according to new research from Imperva. The uptick in attacks has been attributed to DDoS-for-hire services, the company said.

DDoS attacks are now among the most common cyber threats businesses can face, according to Imperva. Between April 1, 2015 and March 31, 2016 it recorded an average of 445 attacks targeting its customers per week. More than 40% of customers affected were targeted more than once, and 16% were hit more than five times.

The majority of attacks noted by Imperva targeted the application layer, making up 60% of all DDoS attacks. The remainder targeted the network layer. However, Imperva noted that the number of application layer attacks are trending downwards, dropping by 5% year over year. If that trend continues, network layer attacks could be just as common as application layer ones before too long.

The most recent quarter covered by this report shows a big jump in the size of network layer attacks. The biggest recorded attack was 470 Gbps, while many others exceeded 200 Gbps. Imperva now says attacks of this size are a “regular occurrence.”

These increases in DDoS attacks have been attributed to DDoS-for-hire services, where anyone can pay as little as $5 to launch a minute-long DDoS attack on a target of their choice. This means attacks can be launched by just about anyone—whether it’s because of a grudge against a particular company or just boredom.

These now account for 93% of DDoS attacks, up from 63.8% in Q2 2015. Imperva says this has directly led to the increase in overall DDoS numbers.

Another clue to an increase in DDoS-for-hire services and what Imperva calls “casual offenders” is a decrease in attack complexity. Starting in Q2 2015 the company recorded a decrease in multi-vector attacks; attacks using multiple vectors and payloads indicate a more sophisticated, complex attack. However, Q1 2016 saw an increase in the volume of assaults using five or more payloads.

“This countertrend reminds us that—in parallel with the increased “hobbyist” activity—more capable cyber-criminals continue to improve their methods. As per the first rule of the DDoS mitigation industry, attacks continue to get larger and more sophisticated on the high-end of the scale,” the report said.

The report also examined where DDoS attacks generally emerge from. Once again, China tops the list, with a sharp increase recorded in South Korea. The excellent broadband infrastructure in the country enables attacks to easily launch effective attacks, Imperva said.

The UK is now the world’s second most-attacked country, after the United States of America. Most attacks targeted small and medium businesses, but some bigger institutions, including the BBC and HSBC, were hit as well.

Source: http://www.infosecurity-magazine.com/news/ddos-attacks-increase-200/