Displaying items by tag: DDOS

Russian internet security giant Kaspersky recently announced that massive DDoS attacks had hit at least five of Russia’s largest banks. One of Russia’s largest state-owned banks, Sberbank, said it had been hacked into on Tuesday, November 8, but it managed to neutralize the attack automatically without disturbing its operations.

In a media statement, Kaspersky said that the distributed denial of service (DDoS) attacks began at 1300 GMT which targeted “the websites of at least five well-known financial institutions in the top 10” in Russia. The attacks reportedly continued for an extended period of time. Most of the attacks lasted for about an hour, while the others lasted almost 12 hours.

DDoS attacks involve flooding websites with more traffic than they can handle, making them difficult to access or taking them offline entirely. According to an AFP report, the attacks in Russia saw as many as 660,000 requests being sent per second using a network of more than 24,000 hijacked devices located in 30 countries. More than half the devices were in the United States, India, Taiwan and Israel, Kaspersky said.

Russia’s central bank reached out to AFP and confirmed that it had identified “attacks on a number of large banks,” and described the attacks’ intensity as “medium” adding that they did not necessarily disrupt access to banking services for customers. The bank also confirmed that the attacks used botnets made up of devices linked via the Internet of Thing (IoT) – this includes connected devices such as CCTV cameras of video recorders connected to offices and homes worldwide.

Speaking to Interfax news agency, Stanislav Kuznetsov, a senior executive at Sberbank, said the bank had suffered 68 DDoS attacks this year and that the latest was among the largest. Kaspersky says DDoS attacks “have long been one of the most popular instruments used by criminals to attack businesses.”

 

Published in Government

How can we defend against the rising flood of DDoS attacks?

Written on Monday, 07 November 2016 12:02

DDoS attacks are threatening the world on a global scale. Over the course of just one month, two major recent attacks have unfolded against nations. On October 21, internet service provider Dyn, which routes and manages internet traffic in the U.S., suffered a distributed denial of service (DDoS) attack on its domain name service. As a result, many leading internet services including Twitter, Spotify and Amazon suffered service outages and interruptions. Two weeks later, on November 4, the West African nation of Liberia suffered a similar targeted DDoS attack which took the country’s internet intermittently offline for a week, according to security experts. These incidents have raised serious concerns about the security of IoT, and the need to defend against such malice.

The recent attack against Dyn in the United States and the attack on Liberia are worrying because it proves just how sophisticated hackers are becoming. Dyn, which is based in New Hampshire, said the cyber attack on October 21 targeted its domain name service, which caused massive interruptions and slowdowns for its users. The attack meant that millions of internet users were unable to access the websites of online companies using Dyn, such as Netflix and Reddit, as well as the crafts marketplace Etsy and the software developer site Github.

DDoS attacks involve flooding websites with traffic, making it difficult to access them or take them offline. The attacks are used for various purposes including censorship, protest and extortion. Such attacks can have an extremely disruptive effect on the likes of Dyn, as domain name servers are an essential element of internet infrastructure, converting numbered Internet Protocol addresses into the domain names that allow users to connect to websites.

The characteristics of the recent attack in Liberia point to the same type of cyber attack that crippled Dyn, according to experts. Using software called ‘Mirai’, hackers deployed a network of infected computers known only as ‘Botnet 14’ to repeatedly overload the country's broadband network, taking Liberia offline for minutes at a time, internet security expert Kevin Beaumont, who monitors attacks using Mirai botnets, told AFP.

The Mirai botnet was effective in the U.S. attack because of the way it harnessed infected, internet-connected devices such as CCTV cameras and DVR players. That same method of attack was used in Liberia. “We’re seeing attacks over 600gbps (gigabits per second) aimed at two companies which co-own the only fibre going into Liberia,” Beaumont told The Guardian. He added that the recent DDoS attacks “are huge in volume – among the most amount of traffic the internet has seen.”  

Beaumont said there is no definitive reason why Liberia was attacked, but the country’s vulnerable internet infrastructure and lack of technical expertise could have made it a useful target for testing out even larger attacks in the future. "There is only one internet link to the country for broadband, so it might be the ideal test bed for attacks," said Beaumont.

The large attacks prove that the world has transitioned from an era where people would attempt to penetrate someone’s network for fun just to see if they can do it. We are now in an era that is a lot more dangerous, because today, cybercrime is an industry. For hackers, it’s not just about bringing down a network; it’s about stealing data, intellectual property and sensitive documents.

“Operators need to plan for the inevitable”

“The recent DDoS attack on Liberia, cutting out the country’s entire network infrastructure, proves the catastrophic damage that can be caused by cyber hackers that target connected devices,” commented Ultan Kelly, Senior Product Line Director at Cobham Wireless, discussing the risks of devices connected via the Internet of Things (IoT). “In such attacks, it is not only public web services that can be affected, but also the online business systems used in hospitals and other public services that people rely on.

“The Mirai botnet used by the hackers targets poorly secured connected devices which are ever more ubiquitous in the growing IoT landscape, and many internet service providers (ISPs) are woefully underprepared,” Kelly added. “But rather than looking at the problem at the device level, they must act now to address the threat at the network level, to ensure that consumers and businesses are not cut off from the world.”

A majority of Liberia’s population wasn’t affected by the DDoS attack because most people access the internet via their mobile smartphone. However, the Network World website reported that Liberian mobile phone service providers themselves had felt the effects of the attack since they rely on cable-based internet to power their businesses. Such outages only register for a few seconds, but are devastating for companies that require constant connections to servers in order to function, such as healthcare institutions.

“ISPs must continuously stress test their networks against the variety of attacks that could befall them, employing technology that provides a comprehensive recourse for proactively protecting and hardening their systems,” said Kelly. “The threat today is global and requires continuous, automated testing of ever changing policies that are verified with systems that have the latest cybersecurity and malware signatures. This maximizes the chances of identifying any potential security holes across their entire business.”

It is inevitable, as Kelly points out, that with increasing connectivity as a result of the Internet of Things, vulnerabilities will emerge for hackers to expose. Many security experts believe that it’s only a matter of time before vulnerabilities are exposed in smart city infrastructure, such as transportation clouds. Hackers could potentially control traffic lights, street lighting, automated bus stops, and many other digitally controlled city systems.

That power in the hands of a crazed activist could result in mass casualties. In Russia for example, a researcher from Kaspersky Lab, Denis Lagezo, was able to manipulate traffic sensors and capture data by simply looking up what kind of software was used, and then finding a user manual online from the sensor manufacturer. A recent Kaspersky survey revealed that expensive cyber attacks are now almost routine with 90 percent of the 5,500 companies surveyed reporting at least one security incident, and nearly half (46 percent of businesses) lost sensitive data due to an internal or external security threat.

What’s more, determining the reasons behind cyber attacks isn’t always clear. The malice of the hackers behind the recent Liberia attack has caused great concern, because the hackers have threatened those who seek to oppose them. For instance, the botnet used, officially named ‘Botnet 14 14’, has its own Twitter account: @MiraiAttacks. After Mr. Beaumont looked into the attack against Liberia, the hackers tweeted threatening messages to him, which led him to label this particular Mirai botnet “Shadows Kill”.

“The attacks are extremely worrying because they suggest a Mirai operator who has enough capacity to seriously impact systems in a nation state,” Beaumont said in a blog post. It is not yet known who is wielding the Mirai botnet against Liberia, or whether it is a state actor or independent hackers.  

“What happened in Liberia could just as easily occur anywhere in the world, and operators need to plan for the inevitable,” said Kelly. “It’s not a case of if another DDoS hack will take place, but when.”

 

Published in Featured

Alibaba Cloud, the cloud computing arm of Alibaba Group, and PCCW Global, the international operating division of HKT, Hong Kong’s premier telecommunications service provider, jointly announced on August 25 their expanded strategic collaboration to provide cloud based anti-DDoS (distributed denial-of-service) security products to enterprises.

The two companies have cooperated to provide network and IDC (Internet Data Center) services in Hong Kong since June 2015. The new collaboration will deliver Alibaba Cloud’s world-class anti-DDoS products to international business customers through PCCW Global.

Alibaba Cloud’s anti-DDoS products sold and distributed through PCCW Global will offer businesses comprehensive protection against all types of DDoS threats, including complex layer 7 application-level attacks. The automatic cloud-based service monitors compliance violations and security breaches to provide real-time threat visibility.

Mr. Marc Halbfinger, Chief Executive Officer of PCCW Global, said: “We are pleased to be playing a role in extending Alibaba Cloud’s capabilities to new markets. The relationship with Alibaba Cloud is a remarkable opportunity to provide our combined customers with the very best in data security, customer-service quality, and network coverage. Adding Alibaba Cloud’s security products to our threat identification systems will offer enterprises a holistic perspective of complete security needs.”

Alibaba Cloud’s cloud platform has a proven track record in handling extremely high traffic levels which can easily be a target for DDoS attacks. Alibaba Cloud’s success in processing a peak order volume of over 140,000 orders per second during Alibaba Group’s 11.11 Global Shopping Festival last year is a powerful validation of Alibaba Cloud’s security reliability.

DDoS attacks occur when multiple systems are used to flood the access capacity of a targeted system. In recent years, sophisticated DDoS attacks have increased in frequency, size and complexity. Alibaba Cloud successfully thwarted one of the world’s largest cyberattacks on December 20, 2014, protecting a gaming app company from a 14-hour long DDoS attack with peak attacking traffic of 453.8 gigabits per second.

Not only has Alibaba Cloud nullified some of the largest cyberattacks in history, but its security technologies are now scalable such that PCCW Global will be able to offer service guarantees for various forms of security applications.

Since the acquisition of Crypteia Networks in 2014, PCCW Global has been a leading provider of cybersecurity for global enterprises across multiple network layers. In China, Alibaba Cloud has developed its own world class anti-DDOS software and security services. This collaboration will further protect their customers and businesses from the ever increasing threat of cyberattack.

Published in Telecom Vendors

DDoS on the rise in Asia, and China bears the brunt

Written on Wednesday, 17 August 2016 12:21

Distributed denial of service (DDoS) attacks increased 43 percent to more than 34,000 attacks in the second quarter of the year, according to Nexusguard's Q2 2016 Threat Report - Asia-Pacific.

Nexusguard scans attack data for trends in vectors, duration, sources and other characteristics to inform organizations across industries of the latest methods. Its latest report shows that network protocol time (NTP) attacks accounted for 90 percent of DDoS attack in the Asia-Pacific region, much higher than the global figure of 46 percent of NTP attacks worldwide.

Nexusguard said: “The top target was in China, and it appears that the location of the attack can be attributed to the target’s having hosted malware at this location within the last two years. Over the course of about a month of constant attacks, the Chinese target was hit 41 times.” It added: “Chinanet and Alibaba, both Chinese, reigned supreme in attacks on their networks in Q2, coming in at numbers 1 and 2, respectively. As for non-Chinese networks, Telstra (Australia) dropped from 6th place to number 8 in the rankings, while Kixs (Korea) saw a small decrease in the number of attacks (6 percent), putting it in 10th place, down from the number 8 spot in Q1.”

Nexusguard said Hackers had been experimenting with new attack methodologies, and Nexusguard researchers predicted that the Olympics in Brazil and political tensions in the APAC region would contribute to a DDoS spike in Q3.

In just a couple of weeks, the Pokemon Go online app has amassed a mammoth amount of popularity around the world. On Saturday, July 16, Pokemon Go servers appeared to crash, leaving millions of gamers unable to play the augmented reality game. A hacker group called PoodleCorp claimed responsibility for taking down the servers through a Denial of Service (DDOS) attack.

User of Pokemon Go across Europe and the U.S. reportedly began declaring problems with the game shortly after 2pm on Saturday. The game became either inaccessible or it regularly froze. The game servers have already crashed following the U.S. launch, due to overwhelming demand. Now that the game has launched in the UK, there could be more issues ahead.

The makers of the game issues a statement on Twitter on Saturday, saying: “We have been working to fix the #PokemonGO server issues. Thank you for your patience.”

Most Pokemon Go players were back online by Saturday night. The incident was one of many international news relating to the app game since its launch just a few weeks ago. In New York it was reported that a man crashed his car into a tree, later admitting to police that he had been distracted by the game.

Published in Apps