Block DDoS DDoS DDoS Attack Specialist DDoS Attacks DDoS Defense DDoS Protection Specialist Stop DDoS
DDoS Attacks: A Threat to Businesses and Consumers
January 16, 2017

Distributed Denial of Service (DDoS) attacks are a growing concern for businesses and consumers alike. These attacks are on the rise along with all forms of cyber-attack. According to Kapersky, “43% of businesses experienced data loss in the past year due to a cyber-security incident.”

While DDoS attacks threaten the reputation and the bottom line for businesses, they also threaten consumers. In many cases a DDoS attack is launched as a decoy to hide the real intentions of the hacker – to steal corporate intellectual property and financial data, as well as consumer data. DDoS attacks have been a factor in some of the largest data breaches. Dave Larson of Infosecurity Magazine reports that “in a large proportion of data breaches reported over the last few years, DDoS attacks have been occurring simultaneously, as a component of a wider strategy; meaning hackers are utilizing this technique in a significant way.”

At its core a DDoS attack uses hundreds and sometimes thousands of computers to flood the business website with large volume of internet traffic to overwhelm the host server. When this happens the website often stops functioning for a period of time. Sometimes hackers will continue to randomly attack a website until the business pays a ransom – much like ransomware that targets individuals.

There are three major types of DDoS attacks available to a hacker.

  • Volumetric: Most common. Sends a large amount of internet traffic to the host server simultaneously.
  • Amplification: Sends a high volume of traffic using large packets of data. Requires fewer “zombie” or compromised computers to accomplish the same task as a volumetric DDoS attack.
  • Resource Depletion: Makes multiple requests through multiple ports or entry points into the targeted server until its capacity is exceeded.

To find out more about these types of DDoS attacks, go to Defending Your Network against DDoS Attacks.

There are a number of hardware and software tools to help defend against such attacks, but the primary methods of defense are knowledge, detection, and training.

  1. Businesses should analyze how their networks and the systems attached to that network interact with the internet to uncover and fix vulnerabilities before they are exploited by hackers.
  2. Train IT employees to recognize the hallmarks of a DDoS and other cyber-attacks, so they can react quickly.
  3. Train all employees to recognize and immediately report any unusual activity on any system connected to the internet.
  4. Train all employees to question unusual emails or texts requesting W-2’s, other personnel data, or corporate financial information.
  5. Develop specific rules for employees regarding usage of social media and the types of corporate information that can be shared online. A recent study has shown that social engineering is a precursor to 66% of cyber-attacks. Source: 7 Ways to Make Yourself Hack-Proof.

For more information on Decoy DDoS attacks, check out DDoS attacks: a perfect smoke screen for APTs and silent data breaches.

To report a scam, go to the BBB Scam Tracker. To find trustworthy businesses, go to


DDoS DDoS Attack Specialist DDoS Attacks DDoS Defense DDoS Protection Specialist
DDoS prevention as part of a robust I.T. Strategy
January 16, 2017

A decade ago the idea of loss prevention (LP) had been limited to the idea of theft of merchandise. With the advent of online retailing, retailers have discovered that loss must be viewed more broadly to “intended sales income that was not and cannot be realized” [Beck and Peacock, 28]. While Beck and Peacock regard malicious loses such as vandalism as part of sales that cannot be realized, Distributed Denial of Service (DDoS) attacks certainly could fit with that definition. Unlike other kinds of LP, where the attempt of the thief is to conceal their activities, a DDoS attack is designed for maximal visibility so the purpose of the attack is to deny the target customer’s access, and especially susceptible are businesses that have online payment gateways [Gordon, 20] which today includes many business and non-profit entities.

Particularly problematic for CIOs is that the nature of DDoS attacks is constantly changing. Many of these attacks occur at networking layers below the application level, which means for the CIO that buying an off-the-shelf software product is unlikely to provide an effective countermeasure [Oliveira et al, 19]. Of course, the determination of financial impact is an important consideration when weighing allocations of the IT security budget. While it is clear that the “loss of use and functionality” constitutes true losses to a company [Hovav and D’Arcy, 98], estimating a potential loss encounters difficulties given the lack of historical data and a perceived risk to putting an exact figure upon security breach losses. This presents a problem for the CIO because of the need to show ROI on security investments [Hovav and D’Arcy, 99]. Yet, a successful DDoS attack has the potential to cost a company millions of dollars in real financial losses from the direct costs of work time, equipment leases, and legal costs to the indirect costs, such as, loss of competitive advantage and damage done to the company’s brand. The direct cost of “a more complex breach that affects a cross-section of a complex organization” can often exceed £500,000 (624,000 USD) and does not include additional five or six figure fines if government regulatory agencies are involved [Walker and Krausz, 30].

If the CIO cannot buy an off-the-shelf software product to prepare against a DDoS attack, how does the CIO develop an I.T. security strategy that is appropriate to this specific threat? While this is by no means an exhaustive list: here are a few approaches that one can take that may help to developing an effective I.T. strategy that can deal with the DDoS threat. (1) Accept that developing an I.T. strategy effective against mitigating loss caused by DDoS requires resources, but your business is worth protecting. (2) Remember that the purpose of technology is to connect your business to people [Sharif, 348], and that connectivity is itself an asset that has real value. (3) Developing effective business partners can help you ensure business continuity. These partnerships could be with consultants, alliance partnerships that have successfully dealt with DDoS attacks, or businesses that specialize in dealing with this kind of security issue.


Beck, Adrian, and Colin Peacock. New Loss Prevention: Redefining Shrinkage Management. NY: Palgrave Macmillan, 2009.

Gordon, Sarah, “DDoS attacks grow,” Network Security (May 2015), 2, 20.

Horvav, Anat, and John D’Arcy, “The Impact of Denial-of-Service attack announcements on the market value of firms,” Risk Management and Insurance Review 6 (2003), 97-121.

Oliveira, Rui André, Nuno Larajeiro, and Marco Vieira, “Assessing the security of web service frameworks against Denial of Service attacks,” The Journal of Systems and Software 109 (2015), 18-31.

Sharif, Amir M. “Realizing the business benefits of enterprise IT,” Handbook of Business Strategy 7 (2006), 347-350.

Walker, John, and Michael Krausz, The True Cost of Information Security Breaches: A Business Approach. Cambrigdeshire, UK: IS Governance Publishing, 2013.

David A. Falk, , Ph.D.
Director of IT
DOSarrest Internet Security

DDoS DDoS Attack Specialist DDoS Attacks DDoS Defense DDoS Protection Specialist Stop DDoS Stop Hackers
DDOS attacks intensify in EMEA
January 13, 2017

Distributed denial-of-service (DDOS) attacks in the Europe, Middle East and Africa (EMEA) region witnessed an uptick in the last quarter and are set to intensify in 2017.

This is according to a report issued by F5 Networks, which revealed data from its Security Operations Centre (SOC), highlighting the growing scale and intensity of cyber attacks in the region.

DDOS attacks have been around since at least 2000. These attacks refer to a situation in which many compromised machines flood a target with requests for information. The target can’t handle the onslaught of requests, so it crashes.

Consultancy firm Deloitte also expects cyber attacks to enter the terabit era in 2017, with DDOS attacks becoming larger in scale, harder to mitigate and more frequent.

F5 Networks points out that in 2016 to date, it has handled and mitigated 8 536 DDOS instances.

The company notes that one of the attacks featured among the largest globally – a 448Gbps user datagram protocol (UDM) and Internet control message protocol (ICMP) fragmentation flood using over 100 000 IP addresses emanating from multiple regions.

It explains the incident highlights a growing trend for global co-ordination to achieve maximum impact, with IP attack traffic stemming largely from Vietnam (28%), Russia (22%), China (21%), Brazil (15%) and the US (14%).

“The EMEA Security Operations Centre has been experiencing rapid growth since launching in September last year, and it is entirely driven by the explosion of attacks across the region, as well as businesses realising they need to prepare for the worst,” says Martin Walshaw, senior engineer at F5 Networks.

In Q1 (October – December), the SOC experienced a 100% increase in DDOS customers, compared to the same period last year.

F5 Networks says UDP fragmentations were the most commonly observed type of DDOS attack in Q1 (23% of total), followed by domain name system reflections, UDP floods (both 15%), syn floods (13%) and NTP reflections (8%).

“Given the rise and variety of new DDOS techniques, it is often unclear if a business is being targeted,” Walshaw says. “This is why it is more important than ever to ensure traffic is being constantly monitored for irregularities and that organisations have the measures in place to react rapidly.

“The best way forward is to deploy a multi-layered DDOS strategy that can defend applications, data and networks. This allows detection of attacks and automatic action, shifting scrubbing duties from on-premises to cloud and back when business disruption from local or external sources is imminent at both the application and network layer.”


DDoS DDoS Attack Specialist DDoS Attacks DDoS Protection Specialist Stop DDoS Stop DDoS Attacks Stop Hackers
Three ways retailers can safeguard against cybercrime
January 12, 2017

Chinese New Year is always a shopping boom time in town. People are generous in spending on food, decorations, and fashion during the important cultural festival. While retailers are focused on ensuring that they successfully take advantage of spikes in online and in-store sales, are they as prepared as they need to be to defend against major distributed denial of service (DDoS) attacks?

Avoiding a cyber-crime catastrophe 

Thanksgiving officially kicks off the biggest shopping period of the year globally.

The period through to Chinese New Year may be a sales bonanza, but it’s also a period of high vulnerability that criminals exploit to maximize the threat to a retailer’s business.

Along with gaming and finance companies, retailers are popular targets because they store sensitive data that thieves can use for financial gain. Additionally, DDOS attacks are often used to distract organizations so that even more costly web application attacks can take place at the same time. But the truth is no industry is immune and the threat is increasing in its relentlessness.

With Chinese New Year sales accounting for a sizeable chunk of most retailers’ revenues, from a criminal’s perspective, there could hardly be a better time to launch a cyber attack. What’s more, with systems already creaking under a load of peak volumes, it might not take much of a straw to break the camel’s back.

The last thing a retailer wants is for their business to spectacularly and very visibly come to a sudden halt because they can’t defend against and mitigate a major distributed denial of service (DDoS) attack.

Retailers face a growing threat

Talk of cyber attacks are more than mere scaremongering – the threat is very real. For example, in September, the release of the Mirai code — a piece of malware that infects IoT devices enabling them to be used for DDoS attacks — opened a Pandora’s box of opportunities for ruthless cyber entrepreneurs who want to disrupt their target markets and exploit the vulnerabilities and weaknesses of companies who honestly serve their customers.

This code gives criminals the ability to orchestrate legions of unsecured Internet of Things (IoT) devices to act as unwitting participants in targeted DDoS attacks. These objects could be anything from domestic hubs and routers to printers and digital video recorders — as long as they’re connected to the internet.

The latest large DDoS attacks have used botnets just like this — proving that the bad guys are multiplying and, most likely, gearing up for bigger things.

Asia is not immune and Hong Kong is a prime target

According to a recent report by Nexusguard, DDoS attacks increased 43 percent in Q2 to 34,000 attacks in the Asia-Pacific region and 83 percent worldwide. The largest increase was seen in Hong Kong, where attacks rose an astonishing 57 percent.

China, which saw a 50% increase in attacks, is the number one target in the region. According to the report, over the course of a month, a Chinese website was attacked 41 times.

The fact is, that every company needs to pay this issue serious attention and put effective plans in place.

Prevention is the better than the cure 

There are no easy answers to the question of how to secure IoT smart devices — especially at the ‘budget conscious’ end of the market. That’s why we expect that these DDoS attacks will continue to proliferate, meaning that targeted DDoS attacks of increasing scale and frequency will almost certainly occur as a result.

So how can retailers defend themselves against the threat of an attack?

Organizations have to use a combination of measures to safeguard against even the most determined DDoS attack. This include:

1. Limiting the impact of an attack by absorbing DDoS traffic targeted at the application layer, deflecting all DDoS traffic targeted at the network layer and authenticating valid traffic at the network edge
2. Choosing an ISP that connects directly to large carriers and other networks, as well as internet exchanges — allowing traffic to pass efficiently
3. Employing the services of a network-based DDoS provider — with a demonstrable track record of mitigating DDoS attacks and sinking significant data floods. This will safeguard specific IP address ranges that organizations want to protect.

Chinese New Year is a critical period for retailers — and hopefully for all the right reasons. But in an increasingly digital world, consideration needs to be given to the IT infrastructure that underpins today’s retail business and the security strategy that protects it.


DDoS DDoS Attack Specialist DDoS Attacks DDoS Protection Specialist Stop DDoS Stop DDoS Attacks Stop Hackers
Dark DDoS: hacker tools and techniques – the challenges faced
January 11, 2017

In 2017 has the cyber landscape changed? What are the objectives of hackers? What are their methods? The variety of attacks used has increased, so how can you mitigate the risk?

Hackers can have many different possible objectives. For instance, they may aim to interrupt business, corrupt data, steal information – or even all of these at the same time.

To reach their goals, they continuously look for any vulnerability – and will use any vulnerability – to attack. They’re getting increasingly smarter and always looking for more, faster and easier ways to strike.

Furthermore, their attacks are no longer designed simply to deny service but to deny security. The initial service denial attack is often used as a camouflage to mask further – and potentially more sinister – activities.

These include data theft, network infiltration, data exfiltration, networks being mapped for vulnerabilities, and a whole host of other potential risks.

These types of attacks are often referred to as ‘Dark DDoS’ because of initial smokescreen attack which acts to distract organisations from the real breach that’s taking place.

In a large proportion of recent data breaches, DDoS (distributed denial of service attacks) have been occurring simultaneously – as a component of a wider strategy – meaning hackers are utilising this technique in a significant way.

According to a report by SurfWatch Labs, DDoS attacks rose 162% in 2016. SurfWatch Labs claims this is due to the increasing use of IoT devices and the attacks on the and on domain name provider, Dyn – believed to be some of the biggest DDoS attacks ever recorded.

Last year, France was also hit by one of the largest DDoS attacks when hosting company, OVH, was targeted through 174,000 connected cameras.

Today’s hackers have developed a high variety of DNS attacks that fall into three main categories:

Volumetric DoS attacks

An attempt to overwhelm the DNS server by flooding it with a very high number of requests from one or multiple sources, leading to degradation or unavailability of the service.

Stealth/slow drip DoS attacks

Low-volume of specific DNS requests causing capacity exhaustion of outgoing query processing, leading to degradation or unavailability of the service.


Attacks exploiting bugs and/or flaws in DNS services, protocol or on operating systems running DNS services.

Often DNS threats are geared towards a specific DNS function (cache, recursive & authoritative), with precise damage objectives.

This aspect must be integrated into the DNS security strategy to develop an in-depth defence solution, ensuring comprehensive attack protection.

The list below of the most common attacks aims to emphasise the diversity of the threats and details the extent of the attack surfaces:

Volumetric attacks

Direct DNS attacks

Flooding of DNS servers with direct requests, causing saturation of cache, recursion or authoritative functions. This attack is usually sent from a spoofed IP address.

DNS amplification

DNS requests generating an amplified response to overwhelm the victim’s servers with very large traffic.

DNS reflection

Attacks using numerous distributed open resolver servers on the Internet to flood victim’s authoritative servers (usually combined with amplification attacks).


Flooding of the DNS servers with non-existing domains requests, implying recursive function saturation.

Stealth/slow drip DoS attacks

Sloth domain attacks

Attacks using queries sent to hacker’s authoritative domain that very slowly answers requests – just before the time out, to cause victim’s recursive server capacity exhaustion.

Phantom domain attack

Attacks targeting DNS resolvers by sending them sub-domains for which the domain server is unreachable, causing saturation of cache server capacity.

Random subdomain attack (RQName)

Attacks using random query name, causing saturation of victim’s authoritative domain and recursive server capacity.


Zero-Day vulnerability

Zero-day attacks take advantage of DNS security holes for which no solution is currently available.

DNS-based exploits

Attacks exploiting bugs and/or flaws in DNS services, protocol or on operating systems running DNS services.

DNS tunnelling

The DNS protocol is used to encapsulate data in order to remotely control malware or/and the exfiltration of data.

Protocol anomalies

DNS Attacks based on malformed queries, intending to crash the service.

DNS cache poisoning

Attacks introducing data into a DNS resolver’s cache, causing the name server to return an incorrect IP address and diverting traffic to the attacker’s computer.

The DNS landscape security is continuously moving and DNS attacks are becoming more and more sophisticated, combining multiple attack vectors at the same time.

Today’s DDoS attacks are almost unrecognisable from the simple volumetric attacks that gave the technique its name. In 2017, they have the power to wreak significant damage – as all those affected by the Dyn breach last year will testify – they are far more sophisticated, deceptive and frequent.

To keep ahead of these threats, today’s security solutions must continuously protect against a family of attacks rather than a limited list of predefined attacks that must be frequently updated or tuned.