123-Reg drowns in ongoing DDoS tsunami

Data centre target of attack of 30+ Gbps

Beleaguered web host 123-Reg has suffered a “huge scale” distributed denial of service (DDoS) attack to its data centre – knocking the Brit outfit’s website offline and a number of users’ services.

The attack began this morning and is still ongoing but no performance-related issues have been reported since the traffic was rerouted.

The Register understands that the outfit experienced a DDoS attack of 30-plus Gbps to its data centre, with its protection systems kicking in within seconds of the attack being detected.

Consequently the business redirected traffic through its secondary “DDoS protection platform” in Germany, which doubled its capacity.

No servers were offline, although customers experienced intermittent connection issues such as our website, control panel, email or websites.

A 123-Reg spokeswoman said: “At about 10:10am we received a huge scale DDoS attack to our data centre.

“Our protection systems kicked in immediately and the attack was contained by 10:40am. We apologise for any intermittent connection issues to our services that some of our customers may have experienced during this time.”

Back in November, internet provider Eclipse was hit by a DDoS attack. ®

Source: http://www.theregister.co.uk/2016/08/02/123reg_suffers/

Hong Kong Student Gets Probation Time for DDoS Attack During Occupy Campaign

A judge at the Fanling Court in Hong Kong has sentenced Chu Tsun-wai, 20, of Hong Kong, to 15 months of probation for launching a DDoS attack on a Chinese bank’s website during the 2014 Hong Kong Occupy protests.

The judge also ruled that the suspect’s Mac computer be confiscated as punishment for carrying out the attack, SCMP reports.

Chu, who is one of the top students at his university, had decided to get involved in the Occupy protests that were taking place in Hong Kong during the autumn of 2014.

Teen was inspired by one of Anonymous Asia’s videos

The teen saw a video posted online by the Anonymous hacker collective, which was warning Hong Kong police to stop the violence against Hong Kong Occupy protesters.

The group threatened to hack government websites and release personal information belonging to Hong Kong police officers. The group also called out for others to participate in its protests.

The prosecution says that Chu went online and searched on Google for ways to carry out DDoS attacks.

He launched one such DDoS attack against the Shanghai Commercial Bank’s website. Police say that the student sent 6,652 HTTP requests in 16 seconds on the bank’s website, on October 12, 2014.

Bank website barely noticed the attack

This sounds odd since a Web server should, in theory, be capable of handling much more than 6,000 requests per second, but Chinese authorities have come down hard on people who participated in the protests, to begin with.

The judge was lenient on Chu because this was his first offense and because the bank’s website didn’t go offline.

Chinese news outlet Ejinsight reports that one of Chu’s professors wrote the judge a letter asking the judge to give the suspect a second chance.

Public broadcaster RTHK reported that Chu also stands to face disciplinary hearings at his university.

Below is the original video that started it all, with the Anonymous group calling out for attacks against Hong Kong police officials during the Occupy protests.

Source: http://news.softpedia.com/news/hong-kong-student-gets-probation-time-for-ddos-attacks-during-occupy-campaign-506720.shtml

DDoS attacks increase by over 80 percent

In the second quarter of this year DDoS attacks increased by 83 percent to more than 182,900, according to the latest threat report from security solutions company Nexusguard.

The report shows that Russia has become the number one victim country. Starlink — a Russian ISP supporting small, medium and large enterprises — received more than 40 percent of the DDoS attacks measured over a two-day period. This targeted DNS attack also pushed the mean average DDoS duration to hours instead of minutes, as measured in the previous quarter.

Nexusguard’s researchers attributed this increase to nationalist hactivists organizing a targeted attack to take out Russian businesses, rather than outbreaks driven by popular DDoS-for-hire activity. As a result, they advise businesses to safeguard their infrastructures and check service provider security to ensure continuity for their web presence.

The United States and China continue to hold spots in the top three target countries. Brazil remains in the top 10, as well, but saw its attacks decline by more than half. Nexusguard also recorded increases in other attack varieties, including routing information protocol (RIP) and multicast domain name system (mDNS) threats. Hackers are experimenting with new attack methodologies, and with the upcoming Olympics in Brazil and political tensions around the world, researchers predict these factors will contribute to a DDoS spike in Q3.

“We were surprised to see an increase in DDoS attacks this quarter, especially as hackers experiment with ransomware, phishing schemes and other data-grabbing methods for monetary gain,” says Terrence Gareau, chief scientist at Nexusguard. “Organizations can expect cyberattacks to continue growing in frequency this year, especially with more attention on the Summer Olympics and the November election season in the US. The results from this quarter also show how important it is to not only protect your website, but also to plan for new payloads and attacks on your infrastructure”.

Source: http://betanews.com/2016/07/27/ddos-attacks-increase-by-over-80-percent/

Internet Service Providers in Mumbai targeted in DDoS attack

By Asheeta Regidi

Internet service providers (ISPs) in Mumbai are being targeted in a distributed denial of service attack (DDoS), said to be India’s largest ever attack, and also the world’s largest attack against ISPs. The attack is of a huge magnitude of 200 gigabytes per second. This is the reason behind the recent slowing down of the internet experienced by users around Mumbai. In a first, an FIR was filed against the DDoS attack with the Mumbai police.

What is a DDoS attack?

Most websites are designed to handle a certain amount of traffic at a given time. A denial of service attack will bombard the websites with requests, overloading the website until its server crashes, thus denying access of the website to legitimate users. A distributed denial of service attack is the same attack on a much larger scale, using a large number of computers infected with malware, known as a botnet, to overload the website.

In the present case, the DDoS attack is being conducted against the ISPs themselves, preventing legitimate internet access to all of the ISP’s customers. The motive behind the current attack is unknown, which can range from anything between blackmail, disrupting a competitor or just miscreants having fun. The effects on the ISPs can be quite harmful, losing customer loyalty being the primary one.

Increasing number of DDoS attacks around the world

All around the world, DDoS attacks have been on a rise. Most recent were the attacks on the Pokemon Go servers and the websites of the US Library of Congress. In fact, hackers have threatened to take Pokemon Go offline on August 1st through a DDoS attack. The reason for this rise is that DDoS attacks are very easy to conduct. The earlier effort required in creating a botnet is also no longer required, since botnets are now available for hire and on sale. Symantec reports a price range of between USD 10 to 1000 per day for acquiring such botnets on the cyber black market. In fact, botnets-for hire were reported to be responsible for almost 40% of the DDOS attacks in 2015.

Combating the DDoS attack

Fighting a DDoS attack is not easy. The Mumbai police are reported to be blocking out the IP addresses from which the requests are originating in the current attack. However, since these IP addresses belong to the botnet, it does not block out the actual perpetrator, who will be controlling them remotely. In fact, the easy availability of botnets gives the cybercriminal the ability to combat preventive measures by putting more and more infected computers at work on the attack.  Another method is to make more hardware and bandwidth available, in order toallow legitimate users to enter. This is one of the few methods which temporarily mitigates the flood of requests. This option, however, is only available to larger ISPs. This is probably why the favoured targets in the current Mumbai attacks are small and medium sized ISPs, who do not have the infrastructure and resources to combat the attack.

DDoS attacks can last for a few hours, to weeks, to even months. Inevitably, they only stop when the perpetrator decides to stop. Finding an effective solution to this is urgent.

Indian laws inadequate for international investigation

The real problem, however, arises with finding the perpetrator. The requests being sent in a DDoS attack involves going through routers, and the investigative process gets more complicated with every new router involved, which are usually several in number. Additionally, the botnet need not be entirely in India. Even if the botnet is entirely in India, chances are that the perpetrator himself is located outside India.

The current Mumbai attack is reported to have originated from Eastern Europe and China. Legally, the Information Technology Act, 2000 and the Indian Penal Code, 1860 are adequately equipped to deal with the situation. Section 43(f) of the IT Act punishes ‘causing denial of access’ to a computer resource. Section 4 of the IPC gives the Indian police the power to act against a person outside India committing a crime against an Indian computer resource.

Though the basic laws are in place, laws enabling investigation overseas and extradition of a criminal from abroad are missing. Such laws are usually in the form of individual treaties between countries or through ratifying multilateral treaties. Existing Indian treaties for investigation and extradition do not include cybercrimes.  The Budapest Convention on Cybercrime is at present the only multilateral international convention enabling investigations and extradition w.r.t, cybercrime. India, however, has refused to ratify this Convention, since it was drafted without the involvement of developing countries like India.The result is that despite the fact that a large number of cybercrimes originate outside India, investigation outside India can take any amount of time. The time factor plays a major role in cybercrime investigation, where the evidence is so delicate that it can be deleted or modified in seconds. The result is that though on paper, the laws are in place, practically speaking investigations are difficult.

Investigating and catching the criminals behind this increasing number of cybercrime from abroad is in itself a difficult process, without adding the issue of inadequate laws. Even if the Indian government chooses not to ratify the Budapest Convention, it needs to provide police and cybercrime investigative authorities with an alternative solution to enable international investigation.

The author is a lawyer with a specialisation in cyber laws and has co-authored books on the subject.

Source: http://tech.firstpost.com/news-analysis/internet-service-providers-in-mumbai-targeted-in-ddos-attack-326708.html

DDoS attacks are getting worse

Just a couple of days after a horrendous DDoS attack took down Pokemon GO servers for a day, Arbor releases its new report on the state of DDoS around the globe, which basically says things are only getting worse.

The reasons are still the same — DDoS attacks are simple to launch, cheap and easy to obtain, for anyone “with a grievance and an internet connection”.

Over the past 18 months, Arbor detected an average of 124,000 DDoS attacks a week. The peak size jumped a stunning 73 percent compared to 2015, up to 579Gbps. Just in the first six months of 2016, there have been 274 attacks over 100Gbps — in the whole of 2015 there have been 223 such attacks.

When it comes to attacks over 200Gbps, things are even worse — 46 such attacks in the first half of this year, compared to 16 in all of 2015. Great Britain, the US and France are the top three targets for attacks of over 10Gbps.

“The data demonstrates the need for hybrid, or multi-layer DDoS defense,”, said Darren Anstee, Arbor Networks’ chief security technologist. “High bandwidth attacks can only be mitigated in the cloud, away from the intended target.  However, despite massive growth in attack size at the top end, 80 percent of all attacks are still less than 1Gbps and 90 percent last less than one hour. On-premise protection provides the rapid reaction needed and is key against ‘low and slow’ application-layer attacks, as well as state exhaustion attacks targeting infrastructure such as firewalls and IPS”.

Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.

Source: http://betanews.com/2016/07/22/ddos-attacks/

US Congress websites recovering after three-day DDoS attack

Library of Congress among the victims to go temporarily offline.

Several websites owned and operated by the United States Congress are recovering from a three-day distributed denial-of-service (DDoS) attack.

The DDoS campaign began on July 17 when the websites for the Library of Congress (LoC) began experiencing technical difficulties. A day later, the websites went temporarily offline:

During the attack, Library of Congress employees were unable to access their work emails or visit any of the Library’s websites.

Softpedia reports the attackers ultimately overcame initial defense measures to escalate their campaign. Specifically, they brought down two additional targets: congress.gov, the online portal for the United States Congress; and copyright.gov, the website for the United States Copyright Office.

On Tuesday morning, things started to get back to normal. Some email accounts were functioning, writes FedScoop, but other online properties by the LoC remained offline.

As of this writing, the three government portals affected by the attack are back online.

Tod Beardsley, a senior research manager for Boston-based cybersecurity firm Rapid7, feels that denial-of-service attacks remain popular because of how difficult it is for a target to mitigate a campaign while it is still in progress.

As he told FedScoop:

“DoS attacks that leverage DNS as a transport is a common mechanism for flooding target sites with unwanted traffic for two reasons. [First,] DNS traffic is often passed through firewalls without traffic inspection, since timely responses to DNS are critical for many networked environments. [And] second, DNS nearly always uses User Datagram Protocol, or UDP, rather than Transmission Control Protocol, or TCP, and UDP-based protocols like DNS are connectionless. As a result of this design, it’s easier for attackers to forge data packets with many fake source addresses, making it difficult to filter good data over bad.”

Network filtering devices can help, but only if a company decides to buy one. Perhaps the Library of Congress didn’t own such a device or lacked a service provider with expertise in mitigating DoS/DDoS attacks.

There’s little companies can do to protect against DDoS attacks, as script kiddies with a few bucks can rent a botnet online to attack whichever target they choose. With that in mind, organizations should prepare for these attacks by investing in DDoS mitigation technologies that can in the event of an attack help accommodate and filter attack traffic.

Source: https://www.grahamcluley.com/2016/07/congress-website-ddos/

DDoS attack size up 73% from 2015

Distributed denial of service attacks continue to be popular with attackers, increasing in size, complexity and frequency in the first half of 2016, according to the latest global report by Arbor Networks

The most powerful distributed denial of service (DDoS) attack in the first half of 2016 was 579 gigabits per second (Gbps), according to the latest global report from Arbor Networks.

This represents a 73% increase from the largest attack recorded in 2015 by Arbor Networks, the security division of Netscout.

The report shows not only an increase in the size of DDoS attacks, but also an increase in frequency, based on data gathered from Atlas, a collaborative partnership with more than 330 service provider customers who share anonymous traffic data with Arbor to gain a comprehensive, aggregated view of global traffic and threats.

DDoS remains a common attack type due to the easy availability of free tools and inexpensive online services that enable anyone with a grievance and an internet connection to launch an attack.

This has led to an increase in the frequency, size and complexity of attacks in recent years, the report said, with an average of 124,000 DDoS attacks a week in the past 18 months.

In the past six months, Atlas recorded 274 attacks over 100Gbps, compared with 223 in all of 2015, and 46 attacks over 200Gbps compared with 16 in all of 2015.

The UK, the US and France are the top targets for attacks over 10Gbps, the report said.

But as Arbor’s researchers reported in June, large DDoS attacks no longer require the use of reflection amplification techniques.

An internet of things (IoT) LizardStresser botnet was used to launch attacks as large as 400Gbps, targeting gaming sites worldwide, Brazilian financial institutions, ISPs and government institutions.

According to the researchers, the attack packets do not appear to be from spoofed source addresses, which means the traffic originates from the source addresses in the packets without amplification relying on the user datagram protocol (UDP), such as the network time protocol (NTP) or the simple network management protocol (SNMP).

However, reflection amplification allows an attacker to both magnify the amount of traffic they can generate, and obfuscate the original sources of that attack traffic. Consequently, most recent large attacks used this technique, exploiting domain name system (DNS) servers, NTP and simple service discovery protocol (SSDP), the report said.

As a result, in the past six months, DNS was the most prevalent protocol, taking over from NTP and SSDP in 2015. The average size of DNS reflection amplification attacks grew strongly, and the peak monitored reflection amplification attack size was 480Gbps.

The report also highlights the fact that even attacks that bombard targeted websites and networks at a rate of only 1Gbps can be enough to take most organisations completely off line.

In the first half of 2016, the average attack size was 986Mbps, a 30% increase over 2015, and the average attack size is projected to be 1.15Gbps by end of 2016.

“The data demonstrates the need for hybrid, or multi-layer DDoS defence,” said Darren Anstee, chief security technologist at Arbor Networks.

“High bandwidth attacks can only be mitigated in the cloud, away from the intended target,” he said. “However, despite massive growth in attack size at the top end, 80% of all attacks are still less than 1Gbps and 90% last less than one hour.”

According to Anstee, on-premise protection provides the rapid reaction needed and is key against “low and slow” application-layer attacks, as well as state exhaustion attacks targeting infrastructure such as firewalls.

Source: http://www.computerweekly.com/news/450300564/DDoS-attack-size-up-73-from-2015

Hackers claim responsibility for Pokémon Go DDoS attack

Hacker group OurMine has claimed credit for a DDoS attack on the Pokémon Go servers over the past weekend. Rumours of an attack were floating around on Saturday but Niantic didn’t comment on the reason the servers were down.

Talking to TechCrunch, a member of the group said that they were part of a trio of teenagers that uses these incidents to advertise their ‘security services’ and make people more aware of security issues.

“We don’t want other hackers attack their servers, so we should protect their servers,” the member said.

Apparently a message on their website says that they wouldn’t stop the attack until they were contacted by representatives from Niantic.

Another group called PoodleCorp also claimed responsibilty for the servers going down on their Twitter account.

The app has been crashing and experiencing server issues since release, so it’s entirely possible that it wasn’t a DDoS attack, but simply launch issues.

Either way, you can check the status of the server in your country at any time with the Pokémon Go outage map.

Source: https://www.vg247.com/2016/07/18/hackers-claim-responsibility-for-pokemon-go-ddos-attack/

68 gov’t websites attacked

Several Philippine government websites have been subjected to various forms of cyberattacks following the release of the ruling on the arbitration case filed by the Philippines against China.

The STAR learned yesterday that at least 68 websites have been subjected to attacks, which included attempts of hacking and defacement, slowdowns and distributed denial of service attacks.

Among those at the receiving end were agencies such as the Department of National Defense, the Philippine Coast Guard, Department of Foreign Affairs, Department of Health, the Presidential Management Staff and the gov.ph domain registry website.

The website of the Bangko Sentral ng Pilipinas was also subjected to a supposed hacking, although authorities were able to immediately foil it.

The websites of these agencies were all accessible yesterday.

The source of the attacks has yet to be determined, although initial investigation supposedly pointed to an entity supposedly operating from the Netherlands.

The Permanent Court of Arbitration (PCA) that issued the ruling on the Philippine case is based in The Hague in the Netherlands.

The Information and Communications Technology Office, the precursor of the newly created Department of Information and Communications Technology, has yet to respond to request for comment regarding the cyberattacks.

The Department of Science and Technology earlier provided additional protection to Philippine government websites amid repeated incidents of defacements and denial of service attacks.

PCA website hacking

Earlier, a cyber-security company reported that the PCA website was infected with a malware by “someone from China” in July 2015.

Citing information from ThreatConnect Inc., Bloomberg Business reported the attack happened in the midst of the week-long hearing on the jurisdiction of the arbitration case filed by Manila against Beijing over the territorial dispute in the South China Sea.

Gaelle Chevalier, a case manager at the PCA, told Bloomberg that they “have no information about the cause of the problems.”

Source: http://www.philstar.com/headlines/2016/07/16/1603250/68-govt-websites-attacked

Are you a victim of DDoS attacks?

Distributed denial-of-service (DDoS) attacks have been around for a long time, and are increasing at an unprecedented rate. According to the VeriSign Distributed Denial of Service Trends Report, in fourth quarter of 2015, there was an 85% increase in DDoS attacks compared to 2014. Not only are they increasing in quantity, they are also becoming more sophisticated. Often DDoS attacks are tied to ransomware, hacktivism, and nation-state to nation-state cyberwarfare. Repeat attacks against the same organisation are also on the rise.

Every industry is at an increased risk of DDoS attacks. Industries like IT services, cloud face the most number of DDoS attacks. The latest DDoS attacks are much more difficult to detect than ever before. If you are a victim of DDoS attacks, you should be aware of these 7 myths on DDoS to help you be better prepared:

Myth 1: DDoS attacks only occur on a large scale—with hundreds of gigabits.

Reality: The truth is most modern DDoS attacks are not large at all, averaging only between 30 to 40 Gbps. The issue is that they are often difficult-to-detect, low-and-slow application attacks or volumetric attacks, which use multiple systems or botnets to flood network layers with traffic. These attacks, which can easily be launched with minimal resources, can still create significant impact.

Myth 2: Our network or service is not down, so we’re not being attacked.

Reality: Unusually slow network performance is likely due to a DDoS attack. Sophisticated DDoS attacks are designed to strike simultaneously at any time, slowing down response times, which can result in decreased customer satisfaction—a big cause for concern.

Myth 3: DDoS attacks are really not so bad. No one will notice the difference, so there is no need to worry about them.

Reality: Actually, the average downtime of a DDoS attack—which could include crashes, slowdowns, and denied customer access—is 17 hours and can stretch up to 36 hours long. All those hours translate to substantial revenue loss and diminished customer loyalty.

Myth 4: The best protection against multi-vector DDoS is cloud protection.

Reality: External cloud DDoS solutions work great for volumetric attacks, but not for application layer attacks. An advanced multi-vector DDoS protection is a hybrid solution, which gives complete control over data streams—with no delays—and reduces concerns about the safety of critical data.

Myth 5: DDoS is a network administration issue.

Reality: From a technical standpoint, that’s true. But, since DDoS attacks are by nature malicious and can potentially compromise an organisation’s operations, security teams, including the CSO, need to join forces with the network IT team to mitigate, respond, and remediate. An overwhelming 95% of respondents of a recent A10 Networks and IDG survey agreed that DDoS is a problem not driven by security teams and network teams.

Myth 6: Having a firewall and intrusion detection system (IDS) protects against DDoS.

Reality: Today’s complex DDoS attacks often leverage spoofed traffic that originates from multiple sources, and firewalls can’t scale up to handle that. Multi-vector DDoS attacks also quickly drain CPU resources of legacy devices, rendering firewalls and IDS ineffective. Today, firms must think about scalable solutions rather than simple firewalls because DDoS attacks have grown in volume and in sophistication (example: application layer attacks). This is confirmed by a recent A10 Networks and IDG survey —where respondents mentioned that they face all three types of DDoS attacks: network layer attacks (35%), volumetric attacks (34%), and application layer attacks (30%).

Myth 7: Not wanting to invest too much; so a “good-enough solution” will do the job.

Reality: The most dangerous multi-vector DDoS attacks include volumetric and application layer attacks, so a defense that only handles routine, easy-to-detect threats is not sufficient. To mitigate today’s and tomorrow’s DDoS attacks, an aggressive mitigation plan is needed.

Prepare for the Future

When it comes to DDoS attacks, it pays to prepare for the future. These threats will continue to evolve and become even more sophisticated and evasive. A system that incorporates protection against the full spectrum of multi-vector DDoS attacks is ideal which will block the attack before any harm occurs.

Source: http://tech.firstpost.com/biztech/are-you-a-victim-of-ddos-attacks-325162.html