DDoS DDoS Attack Specialist DDoS Attacks DDoS Defense DDoS Protection Specialist
Hackers demand huge ransom from banks to avoid DDoS attacks
July 31, 2015

Hackers are threatening financial institutions, demanding tens of thousands of dollars from them to avoid attacks on their websites.

MarketWatch, citing a Federal Bureau of Investigation (FBI) agent, reported that hackers threatened more than 100 companies including big banks and brokerages in the financial sector to take their websites offline with distributed denial of service (DDoS) attacks, unless they pay large sums.

With DDoS, cyber criminals flood websites with unwanted traffic to stop them from functioning.

Richard Jacobs, assistant special agency in charge of the cyber branch at the FBI’s New York office, told MarketWatch that the companies have been receiving such DDoS threats since April.

He added that some companies have paid the ransom money, amounting typically in tens of thousands of dollars. These companies end up facing further trouble as hackers know that they are willing to engage.

“There are some groups who typically will go away if you don’t pay them, but there’s no guarantee that’s going to happen,” Jacobs said.

Most of the companies are willing to pay the money to avoid service disruption that could lead to big losses. A distributed denial of service outage could mean losses of more than $100,000 an hour for financial companies, according to information services and analytics company Neustar.

A hacking group leaked details of about 30,000 clients of Swiss bank Banque Cantonale de Geneve, after the Swiss bank declined its request to pay a ransom, Bloombergreported in January.

Source: http://www.ibtimes.co.uk/hackers-demand-huge-ransom-banks-avoid-ddos-attacks-1513450

DDoS DDoS Attack Specialist DDoS Attacks DDoS Defense DDoS Protection Specialist
How to minimize the impact from DDoS attacks
July 27, 2015

In early 2000, one of the first known distributed denial-of-service (DDoS) attacks shut Yahoo down for three hours when an attacker repurposed a university’s computers to flood the Internet portal’s traffic. Such synchronized attacks from multiple sources against a sole target characterize DDoS attacks, a relatively new phenomenon as compared to “traditional” denial-of-service (DoS) attacks, which originate from a single source.

Thanks in part to the increased number of devices on the Internet and the availability of high-speed Internet access for the average user, there’s a larger pool of possible sources for all kinds of technological attacks. In the early 2000s, DDoS attacks reached a speed of approximately 4 gigabit/sec. Now, they average between 10 and 60 Gbps per second – or even faster. A DDoS incident this past February peaked at almost 400 Gbps. And the average DDoS attack now lasts 17 hours.

Three types of DDoS attacks have appeared in recent years:

Resource consumption. A common instantiation resource consumption attack is a SYN flood. Attackers initiate a large number of bogus connection requests to a single destination. The targeted server acknowledges the requests, but the attackers fail to send the final pieces of information to complete the “three-way handshake” required to establish a connection between two computers. While the server waits for the expected response, new connection requests continue pouring in until all available connections are consumed, preventing communication with legitimate users. Attackers also may launch a resource consumption attack by attempting to exhaust the target server’s disk space or another finite resource by using legitimate traffic to force the server into creating large numbers of log files.

Bandwidth consumption. Attackers consume all available bandwidth on the networks leading to the targeted server by sending bogus network traffic in quick succession. The resulting surge – which doesn’t have to come from legitimate traffic or even traffic the server usually recognizes as legitimate – renders the targeted server unavailable. Its impact is greater still because it also can take down other servers on the same immediate network.

Keeping connections open.  Attackers complete numerous three-way handshakes to establish legitimate connections, but then use Slowloris software to delay the process by designing each connection to instruct the target that it is “busy.” It’s similar to answering a phone call and then being placed on hold for an hour while the person who called takes care of something else. Allowing for the possibility that these users are operating on slow or unreliable networks, the target server waits. The attackers can keep numerous connections open for extended periods by sending a data fragment to each connection every few minutes, thus tying up the server so it can’t respond to legitimate traffic.

Government networks are frequent targets

DDoS attacks on the public sector accelerated more than on any other industry in the fourth quarter of 2014. Commonly, opposition to legislation or political activism are motivators in DDoS attacks on government. Hackers aim to damage an agency’s finances, reputation or both while gaining notoriety through claims on social media.

Government agencies and the services they offer, by their nature, always will be targeted. And, because DDoS attacks can be launched with increasing ease – even by hackers with little technological expertise – agencies should operate as if a DDoS attack is inevitable. With some advance planning, agencies can reduce the perceived gains from future attacks.

Minimizing hackers’ impact

DDoS attacks cannot be prevented. They come without warning and, equally disconcerting, can escalate from start to peak effectiveness in as little as one minute. While some Internet service providers offer automatic responses, these can cause outages and shut down legitimate traffic at the same time it shuts down bogus traffic.

What agencies can – and should – do is make themselves less appealing targets. Distributing services across various locations, instead of placing them in only one data center, is the first step. That way, a single DDoS attack cannot take the agency’s entire suite of services offline, and the agency won’t have to rely exclusively on the Internet services provider’s solution, which usually is expensive.

Agencies also should consider using a content delivery network, which can mask network connections from attackers, as an entry point to its services. Such services are beneficial, but also expensive, so agencies must consider their cost-to-benefit ratio.

Another step agencies can take is establishing a relationship with a  managed services partner that can provide built-in protections from DDoS attacks targeting services they host. The services partner can distribute the services through different data centers, reducing exposure to and impact from DDoS attacks, while the agency retains control of the mission objectives the services partner delivers.

Government agencies can protect themselves against DDoS attacks. An expert partner will help them determine – before an incident occurs – how the increasing problem of a DDoS attack can be solved.

Source: http://gcn.com/articles/2015/07/27/ddos-attack-mitigation.aspx

DDoS DDoS Attack Specialist DDoS Attacks DDoS Defense DDoS Protection Specialist
DDoS Attacks Have Become a Persistent Problem
July 20, 2015

Over the last decade, distributed-denial-of-service attacks have grown from a nuisance to a persistent problem that can potentially cripple a company. The Kaspersky Lab reports that there were 12,281 unique victims of DDoS attacks during the first quarter of 2015, and these attacks targeted Web resources in 76 countries. A new report from security firm Imperva offers a deeper examination of the topic—as well as the risks and repercussions from DDoS assaults. Among other things, the “Imperva DDoS Report 2015″ found that once an organization becomes a target of DDoS attacks, it remains a target; the length of a typical attack extends beyond the period most enterprise executives expect; and, if no mitigation occurs, organizations can lose millions of dollars and also wind up with frustrated customers who decide to give their business to competitive vendors. Imperva collected data in the wild during the course of mitigating thousands of DDoS assaults against Imperva Incapsula-protected domains and network infrastructures. Here are some of the key findings from the DDoS report:

Costly Consequences

An unmitigated DDoS attack costs a business U.S. $40,000 per hour, though the consequences can also include lost opportunities, data theft and loss of public trust.


Once a Website is targeted by application layer attacks, it will be attacked again—once every 10 days on average.

Timing Is Everything

71% of DDoS occurrences last under three hours, but 20% span five days or more. The longest known attack lasted 8 days.

Tools of the Trade

UDP (User Datagram Protocol) and SYN floods are the most common methods for launching DDoS attacks. They were used in more than 56% of all attacks.

Multi-Vector Attacks Diminish

56% of all network layer attacks were classified as multi-vector, compared to 81% in March 2014.

Botnet for Hire

40% of all mitigated network layer attacks fell into the botnet-for-hire category. The average subscription fee for a one hour a month DDoS package is roughly $38, with fees as low as $19.99

Application Layer Risks

A spike in activity occurred from devices infected with MrBlack, Nitol, PCRat and Cyclone malware. 15% of all attacks originated from China, followed by Vietnam, U.S., Brazil and Thailand

Bot Evolution

There is roughly the same percentage of primitive bots today as there was a year ago, but more sophisticated methods are emerging.

Searching for Results

Over the course of a year, search engine impersonator bots dropped from 58% of DDoS traffic to less than 1%.

No Escape

Overall, 40% of Imperva’s clients were exposed to attacks from botnets for hire

Source: http://www.baselinemag.com/security/slideshows/ddos-attacks-have-become-a-persistent-problem.html


DDoS DDoS Attack Specialist DDoS Attacks DDoS Defense
‘Someone from East Asia is pissed’ say admins, but our cyborgs are fighting back
July 14, 2015

Popular messaging platform Telegram has been hit with a 200Gbps distributed denial of service (DDoS) attack.

The Tsunami TCP SYN flood kicked off on Friday and hurt users in Asia, Australia, and Oceania, knocking out the service for some five percent of the company’s 60 million active users it has gained in 18 months.

It is a new form of DDoS attack discovered October by Radware security folk who say it is different from regular SYN floods in that it transmits large 100 byte packet sizes about double the regular 40 to 60 byte size.

That Radware says defeats many defense algorithms and quickly consumes bandwidth making even a modest attack clock some four to five gigabits per second.

“The garbage traffic came from about a hundred thousand infected servers, most noticeably, in LeaseWeb B.V., Hetzner Online AG, PlusServer AG, NFOrce Entertainment BV, Amazon and Comcast networks,” Telegram says.

“That said, the attack was distributed evenly across thousands of hosts and none contributed more than five percent of the total volume … by now we know that the attack is being coordinated from East Asia.

“Attacks on the scale of the one we‘re facing today have become possible only recently and it’s the first time we‘ve met anything like this.”

The company says it did not want to discuss its mitigation measures in the event that it could give pointers to attackers unknown.

“Our sysadmin cyborgs are working on this 24 hours a day.”

The attack follows a bizarre smaller DDoS that followed a move by the company to introduce free custom stickers over the service.

Source: http://www.theregister.co.uk/2015/07/14/telegram_ddos/

DDoS DDoS Attacks
Reddit alternative Voat knocked offline by DDoS cyberattack
July 13, 2015

Reddit rival Voat has announced that it is currently being hit by a Distributed Denial of Service (DDoS) attack by unknown hackers.

Switzerland-based Voat posted on Twitter at midnight (GMT) on 13 July that it was being hit by an ongoing “layer 7 DDoS attack”. The website added a bit more detail on its own website:

“In case you were wondering why most third party apps for Voat haven’t been working for the last 8 hours or so – we are under DDoS. Again,” Voat wrote, quoting a CloudFlare support engineer.

“In order to keep Voat at least somewhat responsive, we’ve bumped up CloudFlare security settings which essentially breaks most Voat third party apps currently on the market. We are sorry about this and we are working on a solution and taking this time to optimise our source code even further. What doesn’t kill you – makes you stronger, right?”

At the time of publication, the website is now loading, although intermittently, and some users will still receive a message saying: “Voat is currently being kicked by a botnet.”

Voat is a censorship-free alternative to Reddit that uses an almost identical layout to the hugely popular “front page of the internet”.

Voat’s rise has been helped by Reddit problems

On 2 July, it was announced that director of talent Victoria Taylor, one of the few people to have a paid position with Reddit, had been fired. Her departure caused a huge online protest to erupt which saw 300 of Reddit’s most read subreddits being made private for over 24 hours and causing Reddit CEO Ellen Pao to resign.

During this period, Voat reported that it was receiving huge spikes in traffic, likely from Reddit users moving to the Swiss copy, and its servers were struggling to handle the increase in users. The website’s administrators also confirmed that they had been approached by several venture capitalist firmskeen to invest on 3 July.

However, the website has already been on the rise since May – it was initially ranked below 80,000 on Alexa, but within six weeks, it rose to become one of the top 15,000 websites online in the world, and one of the top 2,000 websites in the US.

For comparison, Reddit has 36 million registered users, 169 million monthly unique visitors and 7.55 billion page views per month. It is currently ranked 33 by Alexa globally and 10 in the US.

Voat experienced several DDoS attacks in June, and on 25 June, Voat itself reported that it had received over 700,000 unique visitors in the 30-day period ending on 25 June. “That’s like, crazy and stuff,” Voat’s administrators said on Twitter.

Voat was also briefly taken offline when its web host Hosteurope.de terminated Voat’s contracts and shut down its servers without a warning, because Voat had hosted “politically incorrect” content.

Source: http://www.ibtimes.co.uk/reddit-alternative-voat-knocked-offline-by-ddos-cyberattack-1510581