DDoS DDoS Attack Specialist DDoS Attacks DDoS Defense DDoS Protection Specialist
DDoS – The Greatest Tool of Hackers in 2015
February 24, 2015

Internet – One of the greatest technological gifts to humans in the modern era. On top of this, the introduction of World Wide Web transformed the way we connected with each other in the real world. In addition, there has been a rise in businesses with e-commerce portals. We no longer need to step out of our homes and browse through the streets to buy products since the evolution of eCommerce and online security have made it convenient for us to shop from the comfort of our homes. This has inturn offered a positive opportunity for many small and medium scale enterprises to display their products/services at a reduced price compared to the traditional ways.

The Internet has undoubtedly proven to be beneficial for everyone, which includes the good and the bad – it has its own threats and hazards too. One of the most posed threats to websites is the downtime – which may be due to any reasons. Downtime in simple terms is the unavailability of a webpage OR an entire website. When a prospect visits it, they cannot find the information they look for. The customers/prospect doesn’t have a choice but to visit other sites, resulting in loss of sales to your business. Also, if the website remains down for elongated period of time then there may be various opportunities for you that might take a toll. There are very few who are aware of the fact that a situation of downtime can be used purposely against a website. It can be anyone from a notorious newbie, an unsatisfied employee or even your competitor who might have ill interests about your business. The only thing required is a professional hacker capable of executing a DDoS attack.

DDoS or Distributed Denial of Service, is an attack conducted by an anonymous entity. In this the server is burdened with too many requests that can’t be handled. When these requests aren’t processed in real time due to the heavy flood of traffic sent intentionally by compromised computers, the server hangs and no longer responds to any requests that comes-by. This network of compromised computers is called as BOTNETS. In simple terms, what happens is all computers and smart devices in the network are under control of hackers/attackers and the people who are using it aren’t aware that they have been hacked.

2014 proved to be a big year for the DDoS attackers as they wreaked disaster for various company websites globally. The attack on Sony PlayStation and Sony Entertainment Network which took place in August 2014 is still fresh in our minds. Moreover, the hackers also claimed responsibility for the attacks on Twitter and for tweeting about a bomb threat on a flight carrying the president of Sony’s online entertainment unit. But Sony was back online within 24 hours and assured people that no evidence of unauthorized access to their network or to personal information of users was found.

Popular DDoS Attack Methods and Tools –

  1. Distributed Denial Method

    In this method, the communication lines are opened by hundreds of compromised computers. A hacker who has access to several computers can send the requests anytime to the server to bring it down. It is called distributed denial as there are numerous computers placed, being involved in the attack. The server at a certain point is unable to cater the requests and ultimately crashes down.

  2. Handshake Method

    Usually, your computer opens a TCP line with the server and then the server responds and waits for you to complete the handshake. Handshake involves actions between your computer and server before transfer of actual data starts. When the attack takes place, the hacker opens TCP but refrains from completing the handshake – keeping the server waiting which leads to downtime.

  3. UDP Method –

    This is the fastest method of DDoS attack since it employs DNS (Domain Name Server) servers for beginning the attack.  Normally, to resolve the URL issues, User Datagram Protocol (UDP) is used by your computer as those work in speed than the standard TCP packets. Hackers take the advantage of UDP packets’ weaknesses to create flood of messages to a server. Fake packets are created by hackers that seem to come from the targeted server. The query would be sent to the targeted server in the form of large amount of data. The availability of multiple DNS resolvers leads the hacker to target a server to bring down a site effortlessly. In this method also, the targeted server receives limitless queries/responses that are unable to handle.

Apart from these, there are many third party tools that act similar to a botnet if the hacker shortfalls of computers.

Let’s learn about how to protect your business portal from the DDoS attack –

  • One of the commonly used method for attacks is clogging your server bandwidth. You can prevent this by extending your bandwidth but it can prove to be costly. More bandwidth means investing more money in your host provider.

  • Ensure your anti-DDoS provider shares data with you. It may happen that the anti-DDoS providers keep the data secret like sometimes it won’t share botnet source addresses or other data that may help the attacker. When the attack begins, there must be immediate decision to be taken for blocking the IP addresses.

  • Using a distributed data movement method is also one of the best methods to prevent DDoS attack. Appoint different datacenters that respond to requests in slices instead of a single server. Today, it is easy to manage datacenters as those can be applied on cloud that leads to reduction of load and distributes it from across servers instead of a single server.

  • Server mirroring is the next method. A mirror server comprises of recent copy of the items on the main server. The word itself suggests that instead of using main server you can use mirror servers which will help traffic to get distributed thus, preventing the DDoS attack.

DDoS attacks have become a common buzzword for many enterprises with the increasing number of devices getting compromised. There is an overall impression created by such attacks that Anonymous is thrashing down not only the small but also the biggest players in the game without exemption from the attack. Whenever there is an attack they make a reliable headline and nothing stops them to show-up more or less continuously. They have proven that they are the biggest and toughest group on Internet that can’t be challenged by any one. But there is one thing that we can do, just take the right measures that will help prevent these attacks.

Source: http://smartdatacollective.com/kelvinsmith/301296/ddos-greatest-tool-hackers-2015

DDoS DDoS Attack Specialist DDoS Attacks DDoS Defense
10 Steps To Mitigate A DDoS Attack In Real Time
February 20, 2015

Gary Newe, systems engineer, F5 Networks, recommends taking 10 decisive actions when you come under DDoS attack

The frequency and size of Distributed Denial of Service (DDoS) attacks is ever-growing and continues to be a priority issue for many businesses. With the ongoing work to shut-down or neutralise botnets, a cyber-arms race has started with hactivists and other cyber criminals constantly searching for new ways in which to amplify attacks. As a result, DDoS attacks are increasingly common.

As the lines between the professional and social use of technology continue to blur, it is vital that we start to really recognise the significance of these attacks, how likely they are and how damaging they can be.

Scary and stressful

For the first-time DDoS victim, these attacks can be scary and stressful ordeals. That’s not surprising; poor network performance and website downtime can be massively costly for businesses, both in lost sales and consumer trust. It’s not all bad news though, as there are some steps that can be taken to mitigate the impact. Here, Gary Newe, systems engineer at F5 Networks , give his recommendations on action to take, should you experience an attack:

1. Verify that there is an attack – Rule out common causes of an outage, such as DNS misconfiguration, upstream routing issues and human error.

2. Contact your team leads – Gather the operations and applications team leads need to verify which areas are being attacked and to officially confirm the attack. Make sure everyone agrees on which areas are affected.

3. Triage your applications – Make triage decisions to keep your high-value apps alive. When you’re under an intense DDoS attack and you have limited resources, focus on protecting revenue generators.

4. Protect remote users – Keep your business running: Whitelist the IP addresses of trusted remote users that require access and mainlist this list. Populate the list throughout the network and with service providers as needed.

5. Classify the attack – What type of attach is it: Volumetric? Slow and low? Your service provider will tell you if the attack is solely volumetric and may already have taken remediation steps.

6. Evaluate source address mitigation options – For advanced attack vectors your service provider can’t mitigate/ determine the number of sources. Block small lists of attacking IP addresses at your firewall. Block larger attacks with geolocation.7. Mitigate application layer attacks – Identify the malicious traffic and whether it’s generated by a known attack tool. Specific application-layer attacks can be mitigated on a case-by-case basis with distinct countermeasures, which may be provided by your existing solutions.

8. Leverage your security perimeter – Still experiencing issues? You could be confronting an asymmetric layer 7 DDoS flood. Focus on your application-level defences: login walls, human detection, or Real Browser Enforcement.

9. Constrain Resources – If previous steps fail, simply constraining resources, like rate and connection limit is a last resort – it can turn away both good and bad traffic. Instead, you may want to disable or blackhole an application.

10. Manage public relations – If the attack becomes public, prepare a statement and notify internal staff. If industry policies allow it, be forthright and admit you’re being attacked. If not, cite technical challenges and advise staff to direct all inquiries to the PR manager.
It’s an unfortunate fact that the DDoS threat has never been greater and is likely to continue to grow. As ever, the best protection is to be prepared for whatever will get thrown at you and DDoS mitigation should be part of your preparation. It’s important to consider if your network is up to scratch to cope with unexpected loads and if it has the intelligence to identify legitimate traffic during peaks, before an attack hits.

Source: http://www.techweekeurope.co.uk/networks/mitigate-ddos-attack-real-time-162718

DDoS DDoS Attack Specialist DDoS Attacks DDoS Defense
Average DDoS attack size at 7.39 Gbps in Q4 2014, according to report
February 19, 2015

In the final quarter of 2014, the size of distributed denial-of-service (DDoS) attacks mitigated by Verisign had an average peak size of 7.39 Gbps, marking a 14 percent increase over the third quarter of 2014 (6.46 Gbps) and a 245 percent increase over the final quarter of 2013 (2.14 Gbps).

Those findings are a part of the ‘Verisign Distributed Denial-of-Service Trends Report’ for the fourth quarter of 2014, which includes observations on DDoS activity for the period beginning Oct. 1, 2014 and ending Dec. 31, 2014.

“In all, 42 percent of attacks leveraged more than 1 Gbps of attack traffic, which even today remains a significant amount of bandwidth for any network-dependent organization to over-provision for DDoS attacks,” the report revealed, adding 17 percent of attacks leveraged more than 10 Gbps of DDoS traffic.

In the fourth quarter of 2014, UDP amplification attacks leveraging Network Time Protocol (NTP) continued to be the most common DDoS attack vector, but Simple Service Discovery Protocol (SSDP) also continues to be exploited in amplification attacks, according to Verisign’s research.

For NTP amplification attacks, the report stated that “the solution can be as easy as restricting or rate-limiting NTP ports inbound/outbound to only the authenticated/known hosts.” With SSDP-based attacks, “SSDP implementations [for most organizations] do not need to be open to the Internet.”

Which industry was hit hardest by DDoS attacks in the fourth quarter of 2014?

Verisign saw IT services/cloud/Software as a Service (SaaS) customers experiencing the largest volume of attacks, with one customer experiencing the largest volumetric UDP-based DDoS attack in the final quarter of 2014, the report indicated.

“This was primarily an NTP reflection attack targeting port 443 and peaking at 60 Gbps and 16 Mpps,” the report states. “The attack persisted at the 60 Gbps rate for more than 24 hours, and serves as another example of how botnet capacity and attack sustainability can be more than some organizations can manage themselves.”

The media and entertainment industry was also a big target. One customer experienced the largest TCP-based attack – a SYN flood – of the quarter, according to the report, which explains that the attack targeted a custom gaming port and peaked at 55 Gbps and 60 Mpps.

Altogether, 33 percent of Verisign DDoS mitigations were for IT services/cloud/SaaS customers, 23 percent were for media and entertainment customers, 15 percent were for financial customers, 15 percent were for public sector customers, eight percent were for ecommerce/online advertising customers, and six percent were for telecommunications customers.

Public sector customers experienced the largest increase in attacks in quarter four of 2014, the report notes.

“Verisign believes the steep increase in the number of DDoS attacks levied at the public sector may be attributed to attackers’ increased use of DDoS attacks as tactics for politically motivated activism, or hacktivism, against various international governing organizations, and in reaction to various well-publicized events throughout the quarter, including protests in Hong Kong and Ferguson, MO,” the report states.

Source: http://www.scmagazine.com/report-shows-42-percent-of-attacks-leveraged-more-than-1-gbps-of-attack-traffic/article/399206/

DDoS DDoS Attacks
Lizard Squad reportedly strikes again in DDoS attack on Xbox Live
February 18, 2015
The hacker collective that took responsibility for a series of distributed denial-of-service (DDoS) attacks over the Christmas holiday against gaming networks claims to have struck again.

Lizard Squad has reportedly launched new attacks over this past holiday weekend on gaming services which include Xbox Live and possibly Daybreak Games, previously known as Sony Online Entertainment, according to The Guardian.

The group took to its Twitter account to announce the attacks, posting on Monday morning that its next target would be Xbox Live, later tweeting “Xbox (360) Live #offline.” While Microsoft has yet to comment on the incident, gamers were reportedly logging problems associated with the disruption.

The hacker group took responsibility for knocking Xbox Live and the Playstation Network offline on Christmas day, leaving gamers without service for days. Following that event, the FBI launched an investigation against the group.

 Source: http://www.scmagazine.com/lizard-squad-reportedly-strikes-again-in-ddos-attack-on-xbox-live/article/398689/
DDoS DDoS Attack Specialist DDoS Attacks DDoS Defense
Ensuring security in your IT transformation
February 17, 2015

With social networking, mobile devices and cloud computing solutions being used more pervasively, we will see a transformational change in how service providers and large organizations deploy and enable security in their revenue generating network infrastructure.

Recent security breaches, amongst even security conscious companies worldwide, have put an uncomfortable spotlight on corporate security and compliance measures. Security professionals and network administrators have to walk a fine line between enforcing application security against increasingly sophisticated cyber attacks, while also providing sufficient access for their corporate customers.

Service providers such as cloud providers, web hosting services, ISPs as well as large enterprises require an environment that is highly available and secure. Any failure to resolve prevailing security threats such as cyber intrusions and distributed denial of service (DDoS) attacks can present costly and complicated scenarios for them.

DDoS attacks, for example, have become a significant and escalating threat for businesses. They have dramatically grown over the last several years in frequency, volume and sophistication. Attacks may originate from inside or outside of the corporate network. A recent survey report from Prolexic, a US-based distributed DDoS mitigation service provider, estimated that about 89 percent of DDoS attack traffic in the second quarter of 2014 was directed at infrastructure, many targeting telecom and service provider router infrastructures and involving Layer 3 and 4 protocols, with the remaining 11 percent being attacks targeting applications.

To defend against DDoS attacks—especially infrastructure attacks–service providers need solutions that can scale to handle large volumes of DDoS traffic. Security appliances that use specialized processors to detect and mitigate DDoS attacks can provide service providers the performance they need to block massive attacks.

At the same time, any deployment of mobile devices by an operator can present a significant amount of risk. The wireless networks on which mobile devices run outside of an operator’s subscriber network can leave information at risk of interception. The theft or loss of a device can be detrimental for the business, resulting in loss of sensitive or proprietary corporate information.

What Is Your Best Security Containment Strategy?

How can large enterprises and service providers cope with growing security threats? While they are becoming more and more reliant on the uptime of Internet-connected services, many are finding that legacy security solutions such as firewalls and intrusion prevention systems (IPS) have insufficient capacity to mitigate today’s multi-vector DDoS attacks at scale, that are growing in number and sophistication.

Recent DDoS attacks can overwhelm lesser performing network devices and render network infrastructure and applications vulnerable to downtime and further threats. To stay resilient, enterprises and service providers need robust security and processing hardware functionality that allow them to continue to provide full system functionality even while simultaneously under volumetric attacks, without impacting system performance.

 In addition, a robust security solution that can readily integrate with their existing IT infrastructure is required to protect against DDoS attacks. This can include a feature set for traffic management to ensure high availability and selective delivery of subscriber services. Together, these physical and virtual systems must be able to ensure that network operators can also expand their network capacity, mitigate threats, and exert greater content control.Scaling security devices and encrypted communications is a critical requirement as the network grows in complexity and size. Service providers can build robust layer 7 safeguards by leveraging products that offer agile defense mechanisms against more subtle attacks such as Slowloris and Tor’s Hammer to protect against seemingly legitimate traffic streams exploiting application vulnerabilities.

As more new devices are added to the network, they need to be integrated into the operator’s security system to meet policy and compliance requirements. TechTarget reports that new appliances today are capable of performing policy-based networking actions in hardware such as the ability to implement security functions — like traffic management or cloud security policies – to protect the performance and availably of applications and ensure large customer-facing networks are free from disruption. ADCs and CGNS, for example, sit at the critical ingress to most networks and is a natural place to locate advanced security capabilities so threats can be stopped or mitigated before they can enter the network.

Other measures that enterprises and network operators can take to strengthen their network defense include adopting multiple complementary approaches to security enforcement at various points in the network, therefore removing single points of security failure; incorporating people and processes in network security planning; employing security policies, security awareness training and policy enforcement; and maintaining the integrity of the network, servers and clients by ensuring the operating system of every network device is protected against attack by disabling unused services.

As enterprise and service provider networks evolve, ensuring security will become a compulsory IT requirement – and not a ‘nice-to-have’. Security breaches span access, infrastructure and applications across every industry. They can happen on both fixed and mobile networks and destroy your physical, intellectual and financial capital. Any downtime resulting from breaches on the network can have a devastating impact on your customer’s experience, your brand reputation, and ultimately your revenue and sustainability of your business.

James Wong is the Managing Director, South Asia, A10 Networks

Source: http://www.networksasia.net/article/ensuring-security-your-it-transformation.1424138223