DDoS DDoS Attack Specialist DDoS Attacks DDoS Defense
Size and frequency of DDoS attacks increasing, annual report shows
January 27, 2015

The largest distributed denial-of-service (DDoS) attack reported a decade ago was 8 Gbps – this year the largest reported attack was 400 Gbps, according to the 10th Annual Worldwide Infrastructure Security Report by Arbor Networks.

From November 2013 to October 2014, the company – which specializes in DDoS attacks – collected survey data from 287 service providers, hosting, mobile enterprise and other network operators from around the globe.

“Looking back to our first report 10 years ago, 90 [percent] of respondents saw volumetric DDoS attacks on their networks,” Gary Sockrider, Arbor Networks’ solutions architect for the Americas, told SCMagazine.com in a Tuesday email correspondence. “This year, 90 percent saw application-layer DDoS attacks which weren’t even being discussed back then.”

According to the findings in the latest report, 42 percent of respondents said they have experienced multi-vector attacks that – within a single sustained attack – combined volumetric, application-layer, and state exhaustion techniques.

Overall, DDoS attacks are on the rise – this year 38 percent of respondents said that they have experienced more than 21 attacks per month, whereas roughly 25 percent indicated the same in 2013.

“In 2014 the primary technique for generating these massive attacks was reflection/amplification exploiting servers running protocols such as NTP, SSDP, and DNS,” Sockrider said. “Because there are so many unsecured and publicly available servers on the Internet, it’s frighteningly simple to perpetrate these attacks.”

Sockrider said that Arbor Networks is also seeing a negative trend in the number of respondents who are filtering spoofed traffic on their networks, which he considered a best current practice. He added, calling it unfortunate, that organizations are still using firewalls and intrusion prevention systems (IPS).

“Since these devices typically maintain state tables for the traffic passing through them, they become the victim of state-exhaustion DDoS attacks,” Sockrider said. “One positive trend we saw this year was the increased use of Intelligent DDoS Mitigation Systems to protect the firewalls and other infrastructure from these kinds of attacks.”

In the report, 40 percent of respondents said they felt reasonably or well prepared for a security incident, and 10 percent said they felt completely unprepared to respond to an incident. Sockrider said that organizations are finding it difficult to retain talented security personnel, and that many groups are not regularly running drills to hone their response skills.

Ultimately, organizations have much to lose from being hit with DDoS attacks.

“The business impacts of DDoS are many and this year the top reported issues are operational expense, reputation damage and revenue loss,” Sockrider said. “Other impacts include employee turnover, stock price fluctuation and loss of executives.”

The report notes that data centers have become a big target – more than a third of data center operators experienced DDoS attacks that exhausted internet bandwidth, and 44 percent said they experienced revenue losses as a result of DDoS attacks.

Source: http://www.scmagazine.com/largest-ddos-reported-at-400-gbps-up-from-8-gbps-a-decade-ago/article/394747/

DDoS DDoS Attack Specialist DDoS Attacks DDoS Defense
Great Firewall of China blasts DDoS attacks at random IP addresses
January 26, 2015

An upgrade to China’s Great Firewall is having knock-on effects all over the internet, with seemingly random sites experiencing massive traffic spikes.

One site owner in North Carolina, Craig Hockenberry, has written up how, after he looked into why his mail server was down, he found 52Mbps of search traffic piling into his system: 13,000 requests per second, or roughly a third of Google’s search traffic.

The post goes into some detail over howHockenberry managed to deal with the firehose-blast of requests, all of it coming from China and much of it trying to find Bittorrents or reach Facebook. Short version: he blocked all of China’s IP blocks.

Hockenberry is not the only one dealing with a sudden flood of requests, though. There are numerous reports of sysadmins finding that their IP address has appeared in front of the headlights of the Chinese government’s censorship juggernaut, causing them to fall over and forcing them to introduce blocking measures to get back online.

After a number of different theories about what was happening, including focussed DDoS attacks and “foreign hackers” – that suggestion courtesy of the Chinese government itself – the overall conclusion of the technical community is that bugs have been introduced into China’s firewall. Particularly, something seems to have gone wrong in how it uses DNS cache poisoning to redirect users away from sites the government doesn’t want them to see.


China uses a weak spot of the DNS system to intercept requests coming into and going out of the country. If it spots something it doesn’t like – such as a request for “facebook.com” or “twitter.com” – it redirects that request to a different IP address.

For a long while, China simply sent these requests into the ether – i.e. to IP addresses that don’t exist, which has the effect of causing the requests to time out. However, possibly in order to analyze the traffic more, the country has started sending requests to IP addresses used by real servers.

Unfortunately, it seems that there have been some configuration mishaps and the wrong IP addresses have been entered. When one wrong number means that a server on the other side of the world suddenly gets hits with the full stream of millions of Chinese users requesting information, well then … that server falls over.

The situation has had a broader impact within China. Tens of millions of users weren’t able to access the Web while the government scrambled to fix the problem. According to one Chinese anti-virus vendor, Qihoo 360, two-thirds of Chinese websites were caught up in the mess.

China’s DNS infrastructure experts started pointing the finger at unknown assailants outside its system. “The industry needs to give more attention to prevent stronger DNS-related attacks,” said Li Xiaodong, executive director of China’s Internet Network Information Center (CNNIC).

Your own medicine

The reality, however, is that China has seen the downside to its efforts to reconfigure the basic underpinnings of the domain name system to meet political ends. The network is designed to be widely distributed and route around anything that prevents effective communication.

By setting itself up as a bottleneck – and an increasingly huge bottleneck as more and more Chinese users get online – the Chinese government is making itself a single point of failure. The slightest error in its configurations will blast traffic in uncertain directions as well as cut off its own users from the internet.

For years, experts have been warning about the “balkanization” of the internet, where governments impose greater and greater constraints within their borders and end up effectively breaking up the global internet. What has not been covered in much detail is the downside to the countries themselves if they try to control their users’ requests, yet make mistakes.

Source: http://www.theregister.co.uk/2015/01/26/great_firewall_of_china_ddos_bug/

DDoS DDoS Attack Specialist DDoS Attacks DDoS Defense DDoS Protection Specialist
Web Security Outlook for 2015: Mega Vulnerabilities Expected to Fuel DDoS Attacks
January 22, 2015

Companies using web hosting services expect high availability and lightning-fast performance for their online applications. That’s why hosting providers should be concerned about the rapidly growing Distributed Denial of Service (DDoS) threat. Driven by commercial, political and other motives, today’s DDoS attacks use computers distributed across the Internet to clog a network connection or overload server resources until the targeted website becomes unavailable for service.

What makes DDoS attacks particularly thorny for hosting providers is that multiple clients share resources and Internet connections. This means that a DDoS attack preventing users from accessing one hosted site can cause performance degradation and even downtime to other “innocent” sites and services being run out of that same data center.

To learn more about defending your hosting business against harmful DDoS attacks, download this WHIR white paper.

The Financial Impact of a DDoS Attack

The impact of a DDoS attack on an online business is clear: every minute of downtime means a loss of revenue. To quantify this impact, Incapsula commissioned a survey of 270 North American companies of various sizes.

The findings showed that some 45 percent had been hit at least once by a DDoS attack. The average cost of a DDoS attack is $40,000 dollars per hour, while nearly half of all DDoS attacks last between 6 to 24 hours. And that’s just the impact on the targeted business. What about the other hosting clients sharing the gateway that is being flooded by the DDoS attack? Hosting providers have an obligation to them as well.

DDoS Botnets on the Rise

Most DDoS attacks make use of botnets, which are a network of bots (“zombies”) that can be commanded as a group to launch DDoS attacks. As published in our 2013-2014 DDoS Threat Landscape Report, we recorded an average of 12+ million unique DDoS sessions per week in early 2014, representing a 240 percent increase over the same period in 2013.

DDoS attacks come in two flavors. High-volume network (Layer 3 & 4) attacks, such as SYN floods and DNS amplification, often exceed 200 Gbps. Application (Layer 7) attacks, on the other hand, are much leaner, since even 50-100 requests per second to a resource-heavy asset are enough to overload the typical mid-sized application server.

Regardless of the flavor, what is common to all types of DDoS attacks is that they are executed via botnets comprised of hijacked devices (computers, servers, etc.). Hackers typically compromise these machines by taking advantage of logic or security vulnerabilities, enabling them to gain full control of these resources for use in DDoS attacks.

Mega Vulnerabilities Help Accelerate Botnet Expansion

During 2014 a number of mega vulnerabilities were discovered. Unlike most vulnerabilities that are specific to a particular OS, browser or software application, this type of vulnerability (e.g., Heartbleed and Poodle) relates to the core Internet infrastructure (e.g., SSL and Linux devices).

Due to the huge number of systems affected worldwide by these vulnerabilities, their appeal to hackers is almost irresistible. Even after these vulnerabilities are patched, persistent hackers are likely to find plenty of under-maintained servers they can exploit. In this way, mega vulnerabilities fuel and accelerate the expansion of malicious botnets.

This new dynamic can be seen in the recent Shellshock mega vulnerability, discovered in Bash (the most common command-line shell used in Linux/Unix systems). Once exploited, this vulnerability allows attackers to completely take over the server, making it an available resource for executing DDoS attacks.

Following Shellshock’s discovery and the release of a patch, Incapsula saw exploit attempts increase from around 400 offending IPs at zero day to over 15,000 four weeks after discovery. Most of these were attempts by hackers to hijack vulnerable Linux and Unix servers.

What to Look for in 2015

The endless chess game between savvy adversaries and security teams will continue in 2015. DDoS attacks will keep growing in size and sophistication, while at the same time more mega vulnerabilities will be discovered by security researchers. The almost inevitable result will be an increase in the exploitation of mega vulnerabilities to build botnets and carry out DDoS attacks.

Similarly, we expect that open website platforms (e.g., Drupal, WordPress, etc.) will also be prime targets for hackers, who can exploit security holes in these platforms to steal data or to launch DDoS attacks as part of a botnet.

While DDoS attacks threaten the core of the hosting business, they also represent a new business opportunity for providers. Most clients need much more than “pure” web hosting – this includes security, storage, backup, etc. By offering them DDoS mitigation services, hosting providers can meet clients’ needs for high availability and performance, while increasing revenues and enhancing their service portfolio.

Source: http://www.thewhir.com/web-hosting-news/web-security-outlook-2015-mega-vulnerabilities-expected-fuel-ddos-attacks

Block DDoS DDoS DDoS Attack Specialist DDoS Attacks DDoS Defense
City of Fort Lauderdale Spends $430,000 on Cyber Security After DDoS Attack from Anonymous
January 20, 2015

After getting hacked by cyber activist group Anonymous last month for its homeless laws, the City of Fort Lauderdale beefed-up its cyber security network with a hefty $430,000 worth of improvements. But city officials say it wasn’t the Anonymous attack that made them spend almost half a million dollars on computer upgrades – they were planning on doing it anyways.

Back on December 1, hacktivists attacked the city’s main website – fortlauderdale.gov – and the Fort Lauderdale PD’s website – flpd.org – with a distributed denial-of-service (DDoS) hack, which bombarded the websites with so much traffic that they had to shut down. The attack only lasted a few hours, however, and the sites were back up by evening.

In a video warning of the attack, a masked hacker wearing the Guy Fawkes mask that has become synonymous with Anonymous demanded that the city drop the three controversial ordinances in the next 24 hours.

“It has come to our attention that Mayor John P. Seiler has become an embarrassment to the good law-abiding citizens of Fort Lauderdale,” the hacker says. “You should have expected us, Mayor John Seiler.”

City officials hope the new upgrades will be able to prevent this and other types of attacks in the future. But Seiler is quick to point out that these plans were in the works before a group of hackers in plastic masks made good on a threat to shut down an entire city’s web presence if laws against feeding homeless people weren’t struck down.

“Certainly, Anonymous probably expedited the work that needed to be done and probably exposed some areas that needed to be addressed,” Seiler tells the Sun-Sentinel. “I wouldn’t say that [the expense] was all tied to Anonymous in any way, shape, or form.”

The vast majority of Fort Lauderdale’s computer upgrade bill is going for consulting and oversight. From the Sentinel:

City manager Lee Feldman broke down the emergency expenses: $366,989 for specialized security consulting and oversight services; $45,398 for software licenses to manage and control computer activities; and $17,907 for hardware to strenghten the computer infrastructure.

The City of Fort Lauderdale is just one of the latest victims of Anonymous’ DDoS attacks. Past victims include credit card giants Visa and Mastercard, as well as online payment system Paypal, which lost almost $6 million in 2010. The reason for the hack was because Visa, Mastercard, and Paypal decided to stop allowing people to donate to Wikileaks via its systems.

Two of the three hackers, who are from the United Kingdom, were caught and sentenced to prison terms of seven months and eighteen months.

And Fort Lauderdale isn’t the first city to be targeted by Anonymous DDoS attacks, either. That distinction is shared with Albuquerque’s police department, whose website was crashed in March, 2014 in retaliation for the police-killing of James Boyd, an unarmed, mentally ill homeless man who was shot to death.

Source: http://blogs.browardpalmbeach.com/pulp/2015/01/city_of_fort_lauderdale_spends_430000_on_cyber_security_after_hacktivst_group_anonymous_attack.php

Expert View – How Can You Defend Your Business Against DDoS Attacks?
January 19, 2015

Kaspersky Labs principal researcher David Emm tells TechWeekEurope how businesses can stay safe in the face of continued assault

It was a miserable Christmas for gamers, with both Sony’s PlayStation Network and Microsoft’s Xbox Live forced offline on Christmas Day by Distributed Denial of Service (DDoS) attacks (hacking group Lizard Squad claimed responsibility for the attacks). Millions of anxious gamers were left unable to play with their new games or consoles, with the reason given for the attack: “because we can”.

Unfortunately, the attacks on Sony and Microsoft are just the latest in a stream of DDoS attacks to target high-profile organisations. Yet, while high-profile attacks like this make the papers, many others do not. Unlike Advanced Persistent Threat (APT) campaigns, such as Red October, NetTraveler, MiniDuke,and Careto, Distributed Denial of Service (DDoS) attacks rarely hit the headlines, so it’s easy to assume they are rare. But in reality, the DDoS attack is one of the most popular weapons in the cybercriminals’ arsenal.

Understanding the danger

A typical DDoS attack involves a huge number of calls to a server or other Internet resource (such as a web site). These calls overload the victim’s equipment so that the servers lose their ability to service their genuine clients properly.

Today DDoS attacks can be set up cheaply and easily, even without needing to have underworld contacts among hackers. Hackers no longer need to create huge botnets before launching their attacks, while criminal sites offering this kind of criminal service can be easily found on the Internet; and a DDoS attack is available at an affordable price

According to our recent study with B2B International, almost half of IT companies have encountered a DDoS attack. However, most businesses that suffer from these attacks prefer to deal with the problem on their own, so as not to attract press coverage. Not only do such attacks lead to financial losses from unplanned downtime, but they can also cause severe reputational damage that can lead to the loss of valuable customers. The threat from DDoS attacks is real and the impact is significant.  So it’s important that businesses of all sizes need to find an effective way to safeguard their organisations from such attacks.

How to stay protected

The key to defending against DDoS attacks lies in early detection of an attack and mitigating the effects of the attack by filtering out the traffic generated by the attackers.  There are different approaches to this and dozens of companies on the market that provide services to protect against them. Some install appliances in the client’s information infrastructure, some use capabilities within ISP providers, and others channel traffic through dedicated cleaning centres. Three of the most popular approaches are:

Install filtration equipment within the company IT infrastructure: It is possible to install special equipment within the company’s IT infrastructure. However this method has some serious drawbacks. Firstly, it requires IT professionals to control the filtration equipment. And secondly, it may clog the entire Internet channel, not just the company equipment.

Ask your Internet provider to filter the traffic: Another option is a contract with a company specialising in protection against DDoS attacks, such as an Internet service provider (ISPs). ISPs use a wide channel, giving them a significant safety margin that enables them to provide their customers with communication even when they are under attack. However, a wide channel and filtering services are only effective if the filtration rules are continually improved to combat the latest DDoS techniques. Not all providers offer such a service, As a result, they can only filter out the crudest, most obvious attacks. If a company is able to employ true specialists its protection will be much more effective, but they also have to rent a wide channel from a provider, which drives up the cost of protection.

Turn to the experts: The most effective method of protection involves experts who not only modify filtering equipment but also study the tricks used by the fraudsters, develop new defensive technologies, monitor the situation and are ready to quickly improve filtering mechanisms. Specifically, if the attacker probes a victim’s resources in search of the most effective means of attack available, only expertise in this area can help to quickly find the appropriate filters and avoid resource overload.

In addition, partnership with an Internet provider can help to provide still more effective filtering. In some cases it is possible to weed out crude attacks entirely on the provider’s equipment while referring more sophisticated junk traffic to special cleaning centres. This approach also reduces the cost of customer protection since it can work in an online channel with relatively small bandwidth.

Online activities now play an increasingly important role in virtually every business’s day-to-day interactions with customers, suppliers and employees, so no business can afford to ignore the risk posed by DDoS attacks. By putting in place a stringent security policy, supported by the right technology and expertise, businesses can be confident that their organisation remains protected, should the worst happen.

Source: http://www.techweekeurope.co.uk/security/cyberwar/kaspersky-labs-defend-ddos-attacks-159664