Displaying items by tag: distributed denial of service
Gulf Air recently revealed a cybersecurity step-change as part of an ongoing campaign to safeguard its operations and deliver industry-leading customer service. The national carrier of the Kingdom of Bahrain has reinforced its network perimeter to pre-empt and combat Distributed Denial-of-Service (DDoS) attacks, improve data centre and application-level security and further enhance data and access protection measures.
A key component of Gulf Air’s DDoS strategy is the deployment of the F5 DDoS Hybrid Defender. Gulf Air was keen to select a solution with an industry-leading, multi-layered defense mechanism against both blended network attacks and sophisticated application attacks.
The DDoS Hybrid Defender’s features include full SSL decryption, anti-bot capabilities, and advanced detection methods. This ensures high line rate capabilities without impacting legitimate traffic. Crucially, the solution is compatible with Gulf Air’s current perimeter security controls to minimize maintenance efforts.
“Combating DDoS attacks requires a purpose-built system-level architecture that detects and mitigates increasingly sophisticated, complex and deceptive attacks,” said Dr. Jassim Haji, Director of Information Technology, Gulf Air.
“The solution delivers instantaneous controls and security measures against complex threats, exploits, saturation attacks, with an in-depth security mechanism that inspects application-layer events. It offers protection at all layers, protecting protocols – including those employing SSL and TLS encryption – as well as stopping DDoS bursts, randomized HTTP floods, cache bypass, and other attacks that can disrupt Gulf Air’s critical applications.”
Gulf Air’s new DDoS capabilities fit into a wider digital transformation vision that was recently underscored by becoming the world’s first airline to achieve seven IT ISO certifications. In 2012, it became the first business in Bahrain to introduce private cloud computing.
Technology is at the forefront of Gulf Air’s recent resurgence which has been driven by a number of major cost saving initiatives. The airline is thriving by deploying state of the art technological solutions according to the latest trends that swipe the aviation industry, and has been awarded in several international and regional forums.
Other Application Delivery Controller (ADC) solutions in use include F5 BIG-IP Local Traffic Manager (to simplify, automate, and customize application delivery) and F5 BIG-IP Access Policy Manager (a flexible, high-performance access and security solution that provides unified global access to applications and the network). In addition, F5 BIG-IP Link Controller manages and reroutes connections based on link type and quality, ensuring a better user experience and reducing downtime.
As well as improving overall operational efficiency and slashing total cost of ownership (TCO), F5’s solutions will scale to handle Gulf Air’s future growth trajectory, enabling the airline to tap into the benefits of emerging technologies such as Software-Defined Networking (SDN) and Software-Defined Storage (SDS).
Gulf Air currently runs over 200 applications online supported by F5 technology, including email services, reservation systems and enterprise resource planning (ERP) and Electronic Flight Bag, eEnablement setup for newly introduced aircrafts.
“We made a strategic decision to partner with F5 because they are consistently ranked as one of the top leaders in enterprise security,” said Dr. Haji. “F5 has also successfully provisioned crucial services to our users and customers in an efficient and secure manner for the past eight years. We are now proud to announce that we can protect the Gulf Air network from possible threats that are initiated from legitimate secure traffic based on behavior, rather than relying on traditional security measures.”
The Federal Communications Commission (FCC) in the United States was the subject of multiple recent DDoS attacks on Sunday, May 7, at midnight, according to Dr. David Bray, Chief Information Officer (CIO) at the organization. Dr. Bray issued a statement regarding the cause of delays experienced by consumers recently trying to file comments on the FCC’s Electronic Comment Filing System (ECFS).
“Beginning on Sunday night at midnight, our analysis reveals that the FCC was subject to multiple distributed denial-of-service attacks (DDos),” said Dr. Bray in his statement. “These were deliberate attempts by external actors to bombard the FCC’s comment system with a high amount of traffic to our commercial cloud host. These actors were not attempting to file comments themselves; rather they made it difficult for legitimate commenters to access and file with the FCC. “
Dr. Bray added: “While the comment system remained up and running the entire time, these DDoS events tied up the servers and prevented them from responding to people attempting to submit comments. We have worked with our commercial partners to address this situation and will continue to monitor developments going forward.”
Russian internet security giant Kaspersky recently announced that massive DDoS attacks had hit at least five of Russia’s largest banks. One of Russia’s largest state-owned banks, Sberbank, said it had been hacked into on Tuesday, November 8, but it managed to neutralize the attack automatically without disturbing its operations.
In a media statement, Kaspersky said that the distributed denial of service (DDoS) attacks began at 1300 GMT which targeted “the websites of at least five well-known financial institutions in the top 10” in Russia. The attacks reportedly continued for an extended period of time. Most of the attacks lasted for about an hour, while the others lasted almost 12 hours.
DDoS attacks involve flooding websites with more traffic than they can handle, making them difficult to access or taking them offline entirely. According to an AFP report, the attacks in Russia saw as many as 660,000 requests being sent per second using a network of more than 24,000 hijacked devices located in 30 countries. More than half the devices were in the United States, India, Taiwan and Israel, Kaspersky said.
Russia’s central bank reached out to AFP and confirmed that it had identified “attacks on a number of large banks,” and described the attacks’ intensity as “medium” adding that they did not necessarily disrupt access to banking services for customers. The bank also confirmed that the attacks used botnets made up of devices linked via the Internet of Thing (IoT) – this includes connected devices such as CCTV cameras of video recorders connected to offices and homes worldwide.
Speaking to Interfax news agency, Stanislav Kuznetsov, a senior executive at Sberbank, said the bank had suffered 68 DDoS attacks this year and that the latest was among the largest. Kaspersky says DDoS attacks “have long been one of the most popular instruments used by criminals to attack businesses.”
DDoS attacks are threatening the world on a global scale. Over the course of just one month, two major recent attacks have unfolded against nations. On October 21, internet service provider Dyn, which routes and manages internet traffic in the U.S., suffered a distributed denial of service (DDoS) attack on its domain name service. As a result, many leading internet services including Twitter, Spotify and Amazon suffered service outages and interruptions. Two weeks later, on November 4, the West African nation of Liberia suffered a similar targeted DDoS attack which took the country’s internet intermittently offline for a week, according to security experts. These incidents have raised serious concerns about the security of IoT, and the need to defend against such malice.
The recent attack against Dyn in the United States and the attack on Liberia are worrying because it proves just how sophisticated hackers are becoming. Dyn, which is based in New Hampshire, said the cyber attack on October 21 targeted its domain name service, which caused massive interruptions and slowdowns for its users. The attack meant that millions of internet users were unable to access the websites of online companies using Dyn, such as Netflix and Reddit, as well as the crafts marketplace Etsy and the software developer site Github.
DDoS attacks involve flooding websites with traffic, making it difficult to access them or take them offline. The attacks are used for various purposes including censorship, protest and extortion. Such attacks can have an extremely disruptive effect on the likes of Dyn, as domain name servers are an essential element of internet infrastructure, converting numbered Internet Protocol addresses into the domain names that allow users to connect to websites.
The characteristics of the recent attack in Liberia point to the same type of cyber attack that crippled Dyn, according to experts. Using software called ‘Mirai’, hackers deployed a network of infected computers known only as ‘Botnet 14’ to repeatedly overload the country's broadband network, taking Liberia offline for minutes at a time, internet security expert Kevin Beaumont, who monitors attacks using Mirai botnets, told AFP.
The Mirai botnet was effective in the U.S. attack because of the way it harnessed infected, internet-connected devices such as CCTV cameras and DVR players. That same method of attack was used in Liberia. “We’re seeing attacks over 600gbps (gigabits per second) aimed at two companies which co-own the only fibre going into Liberia,” Beaumont told The Guardian. He added that the recent DDoS attacks “are huge in volume – among the most amount of traffic the internet has seen.”
Beaumont said there is no definitive reason why Liberia was attacked, but the country’s vulnerable internet infrastructure and lack of technical expertise could have made it a useful target for testing out even larger attacks in the future. "There is only one internet link to the country for broadband, so it might be the ideal test bed for attacks," said Beaumont.
The large attacks prove that the world has transitioned from an era where people would attempt to penetrate someone’s network for fun just to see if they can do it. We are now in an era that is a lot more dangerous, because today, cybercrime is an industry. For hackers, it’s not just about bringing down a network; it’s about stealing data, intellectual property and sensitive documents.
“Operators need to plan for the inevitable”
“The recent DDoS attack on Liberia, cutting out the country’s entire network infrastructure, proves the catastrophic damage that can be caused by cyber hackers that target connected devices,” commented Ultan Kelly, Senior Product Line Director at Cobham Wireless, discussing the risks of devices connected via the Internet of Things (IoT). “In such attacks, it is not only public web services that can be affected, but also the online business systems used in hospitals and other public services that people rely on.
“The Mirai botnet used by the hackers targets poorly secured connected devices which are ever more ubiquitous in the growing IoT landscape, and many internet service providers (ISPs) are woefully underprepared,” Kelly added. “But rather than looking at the problem at the device level, they must act now to address the threat at the network level, to ensure that consumers and businesses are not cut off from the world.”
A majority of Liberia’s population wasn’t affected by the DDoS attack because most people access the internet via their mobile smartphone. However, the Network World website reported that Liberian mobile phone service providers themselves had felt the effects of the attack since they rely on cable-based internet to power their businesses. Such outages only register for a few seconds, but are devastating for companies that require constant connections to servers in order to function, such as healthcare institutions.
“ISPs must continuously stress test their networks against the variety of attacks that could befall them, employing technology that provides a comprehensive recourse for proactively protecting and hardening their systems,” said Kelly. “The threat today is global and requires continuous, automated testing of ever changing policies that are verified with systems that have the latest cybersecurity and malware signatures. This maximizes the chances of identifying any potential security holes across their entire business.”
It is inevitable, as Kelly points out, that with increasing connectivity as a result of the Internet of Things, vulnerabilities will emerge for hackers to expose. Many security experts believe that it’s only a matter of time before vulnerabilities are exposed in smart city infrastructure, such as transportation clouds. Hackers could potentially control traffic lights, street lighting, automated bus stops, and many other digitally controlled city systems.
That power in the hands of a crazed activist could result in mass casualties. In Russia for example, a researcher from Kaspersky Lab, Denis Lagezo, was able to manipulate traffic sensors and capture data by simply looking up what kind of software was used, and then finding a user manual online from the sensor manufacturer. A recent Kaspersky survey revealed that expensive cyber attacks are now almost routine with 90 percent of the 5,500 companies surveyed reporting at least one security incident, and nearly half (46 percent of businesses) lost sensitive data due to an internal or external security threat.
What’s more, determining the reasons behind cyber attacks isn’t always clear. The malice of the hackers behind the recent Liberia attack has caused great concern, because the hackers have threatened those who seek to oppose them. For instance, the botnet used, officially named ‘Botnet 14 14’, has its own Twitter account: @MiraiAttacks. After Mr. Beaumont looked into the attack against Liberia, the hackers tweeted threatening messages to him, which led him to label this particular Mirai botnet “Shadows Kill”.
“The attacks are extremely worrying because they suggest a Mirai operator who has enough capacity to seriously impact systems in a nation state,” Beaumont said in a blog post. It is not yet known who is wielding the Mirai botnet against Liberia, or whether it is a state actor or independent hackers.
“What happened in Liberia could just as easily occur anywhere in the world, and operators need to plan for the inevitable,” said Kelly. “It’s not a case of if another DDoS hack will take place, but when.”
Internet service provider Dyn, which routes and manages internet traffic in the U.S., suffered a major distributed denial of service (DDoS) attack on October 21 (Friday), on its domain name service shortly after 1100 GMT. As a result, many leading internet services including Twitter, Spotify and Amazon suffered services outages and interruptions. Services were back on within two hours, according to Dyn.
The internet provider which is based in New Hampshire, said the attack targeted its domain name service, which caused massive interruptions and slowdowns for its users. “This morning, October 21, Dyn received a global DDoS attack on our Managed DNS infrastructure in the east cost of the United States,” saif Scott Hilton, executive vice president at Dyn. “We have been aggressively mitigating the DDoS attack against our infrastructure.”
The attack meant that millions of internet users were unable to access the websites of the major online companies using Dyn, such as Netflix and Reddit, as well as the crafts marketplace Etsy and the software developer site Github, AFP reported. Gizmodo, a design, technology and science fiction website, said it had received reports of difficulty at sites for media outlets including CNN, The Guardian, Wired, HBO and People as well as the money transfer service PayPal.
The website downdetector.com published a map detailing the service interruptions experienced for Level3 Communications, a so-called ‘backbon’ internet service provider serving much of the U.S. east coast and Texas. What’s more, Amazon Web Services, which hosts popular websites such as Netflix and Airbnb, said users of the websites experienced errors including ‘hostname unknown’ when attempting to access hosed sites. The problem was resolved by 1310 GMT.
DDoS attacks involved flooding website with traffic, making it difficult to access them or take them offline. The attacks are used for various purposes including censorship, protest and extortion. Such attacks can have an extremely disruptive effect on the likes of Dyn, as domain name servers are an essential element of internet infrastructure, converting numbered Internet Protocol addresses into the domain names that allow users to connect to websites.
"The internet continues to rely on protocols and infrastructure designed before cyber security was an issue," said Ben Johnson, a former engineer at the National Security Agency and founder of the cybersecurity company Carbon Black. He believes that growing interconnection of ordinary devices to the internet is increasing the risks to networks. "DDoS, especially with the rise of insecure IOT devices, will continue to plague our organizations. Sadly, what we are seeing is only the beginning in terms of large scale botnets and disproportionate damage done."