Tag Archives: DDOS

Cloudflare Disrupts Largest DDoS Attack Over HTTPS Ever Recorded

Cloudflare’s systems recently automatically detected and mitigated a 15.3 million request-per-second (rps) DDoS attack — one of the largest HTTPS DDoS attacks on record, the cybersecurity company announced in a blog post last week.

Continue reading Cloudflare Disrupts Largest DDoS Attack Over HTTPS Ever Recorded

DDoS attacks in Q3 grow by 24%, become more sophisticated: Kaspersky

[news release] When compared to Q3 2020, the total number of Distributed Denial of Service (DDoS) attacks increased by nearly 24%, while the total number of smart attacks (advanced DDoS attacks that are often targeted) increased by 31% when compared to the same period last year. Some of the most notable targets were tools to fight the pandemic, government organizations, game developers, and well-known cybersecurity publications.

Continue reading DDoS attacks in Q3 grow by 24%, become more sophisticated: Kaspersky

DDoS Attacks Increase by 151% in First Half of 2020 : Neustar

[news release] Neustar, Inc., a global information services and technology company and leader in identity resolution, Wednesday released its latest cyberthreats and trends report which identifies significant shifts in distributed denial-of-service (DDoS) attack patterns in the first half of 2020. Neustar’s Security Operations Center (SOC) saw a 151% increase in the number of DDoS attacks compared to the same period in 2019.

Continue reading DDoS Attacks Increase by 151% in First Half of 2020 : Neustar

DDoS Attacks Inflicting Serious Damage To Brands: Neustar

DDoS attacks continue to be an effective means to distract and confuse security teams while inflicting serious damage to brands, according to a report released last week by Neustar, Inc.

The first quarter 2019 Cyber Threats and Trends report highlights new areas of growth in Distributed Denial of Service (DDoS) attacks over the past year. One issue the report highlights is that while volumetric attacks over 50Gbps remain a relatively small segment of the overall threat picture at only 12% of attacks, their frequency has grown enormously when compared to the same period in 2018. The latest attacks morph over the course of the attack using a variety of ports and protocols to locate and exploit vulnerabilities. In Q1, 2019, over 77% of attacks used two or more vectors.

In particular, the trend of targeting subnets and classless inter-domain routing (CIDR) blocks to slow or stop network traffic across the internet is a disruptive DDoS threat, identified in the report. By using DDoS methods aimed completely at subnets, rather than specific IP addresses, an attack is often more difficult to detect and mitigate. These attacks often feature multiple vectors, and will switch between them as they migrate from subnet to subnet.

Neustar handled a mitigation for just such an attack in an around-the-clock collaboration between SOC engineers and a new customer who was quickly onboarded by Neustar after being dropped [during the attack] by their Tier 1 Internet Service Provider (ISP).

“Today’s artificial intelligence and machine learning technologies enable us to identify anomalous traffic and patterns, correlate data across systems, and perform behavioral analytics on users and entities,” said Rodney Joffe, Neustar Senior Vice President, Technologist and Fellow. “But none of these systems function without professionals who know how to deploy them, interpret their data, identify the existence and location of problems, and mitigate them.”

Such immediate personal involvement with expert engineers is a significant benefit in working with an estab-lished firm such as Neustar, particularly when under attack. “Neustar’s 10+Tbps of scrubbing capacity and variety of offerings are world class, and we have more power than ever to defend against the range of DDoS attacks,” said Michael Kaczmarek, Neustar Vice President of Security Products. “But it’s important to remember our most powerful defense: people.”

Neustar provides its customers with the resources and assurance that are needed to ensure data and infra-structure is continually protected against any type or size of DDoS attack. Neustar’s DDoS Mitigation Solutions offer the largest dedicated global network with over 10Tbps + of scrubbing capacity in North America, Europe, Asia, South America, Africa, Australia and India.

A free copy of The Neustar Q1’19 Cyber Threats and Trends Report is available here.

Neustar Acquires Verisign’s Security Services Customer Contracts

Neustar and Verisign have announced that Neustar will be acquiring Verisign’s Security Services customer contracts. The acquisition consists of Distributed Denial of Service (DDoS) Protection, Managed DNS, DNS Firewall and fee-based Recursive DNS services customer contracts.

This acquisition will strategically grow Neustar’s leading Digital Defense and Performance solutions by expanding its enterprise customer footprint in several high-growth industries, such as technology, e-Commerce and financial services. Neustar features one of the industry’s most comprehensive security portfolios comprised of DDoS mitigation, web application firewall (WAF), authoritative and recursive DNS, IP and threat intelligence, and website performance management.

As part of the transaction, Verisign will continue to support the Security Services customers during the transition to Neustar, pursuant to a transition services agreement that is expected to be executed at closing.

“With this acquisition, Neustar will be able to accelerate its growth in the internet security market, supported by significant investments made to our DDoS and DNS infrastructure, and capacity over the last 12 months,” said Shailesh Shukla, General Manager, Digital Defense and Performance Solutions, Neustar. “We’re excited to introduce new customers to our broad portfolio of solutions and are dedicated to a seamless transition, working closely with the Verisign team. We are wholeheartedly committed to delivering innovative solutions that reduce the disruptions caused by malicious actors and providing world-class customer support.”

“We’ve grown the Neustar SiteProtect NG solution to be one of the world’s largest dedicated networks with more than 10 Tbps mitigation capacity and the Neustar NetProtect™ solution directly connects to a vast network of globally distributed data centers. This is a testament to our steadfast commitment to our customers and consumers. Our number one priority will remain providing all of our customers with a secure infrastructure built on a foundation of unmatched stability, resiliency and performance,” said Charles Gottdiener, President and Chief Executive Officer, Neustar.

“Verisign is committed to focusing on its core mission of providing critical internet infrastructure, including Root Zone management, operation of 2 of the 13 global internet root servers, operation of .gov and .edu, and authoritative resolution for the .com and .net top-level domains, which support the majority of global e-commerce. For this reason, Verisign is transitioning its Security Services customers to Neustar. Neustar has been focused on providing specialized web security and digital performance solutions for many years. Given this experience, we believe Neustar is well-suited to continue to deliver the innovative solutions and world-class performance to which Verisign’s Security Services customers are accustomed,” said Jim Bidzos, Verisign Founder, Chairman and CEO.

Commenting on the transaction, Jim Bidzos, Executive Chairman, President and Chief Executive Officer at Verisign said: “Verisign is committed to focusing on its core mission of providing critical internet infrastructure, including Root Zone management, operation of 2 of the 13 global internet root servers, operation of .gov and .edu, and authoritative resolution for the .com and .net top-level domains, which support the majority of global e-commerce. For this reason, Verisign is transitioning its Security Services customers to Neustar.”

World’s biggest marketplace selling internet paralysing DDoS attacks taken down

The administrators of the DDoS marketplace webstresser.org were arrested on 24 April 2018 as a result of Operation Power Off, a complex investigation led by the Dutch Police and the UK’s National Crime Agency with the support of Europol and a dozen law enforcement agencies from around the world. The administrators were located in the United Kingdom, Croatia, Canada and Serbia. Further measures were taken against the top users of this marketplace in the Netherlands, Italy, Spain, Croatia, the United Kingdom, Australia, Canada and Hong Kong. The illegal service was shut down and its infrastructure seized in the Netherlands, the US and Germany.

Webstresser.org was considered the world’s biggest marketplace to hire Distributed Denial of Service (DDoS) services, with over 136,000 registered users and 4 million attacks measured by April 2018. The orchestrated attacks targeted critical online services offered by banks, government institutions and police forces, as well as victims in the gaming industry.

Devastation for hire

In a DDoS attack enabled by such a service, the attacker remotely controls connected devices to direct a large amount of traffic at a website or an online platform. Whether this traffic eats up the website’s bandwidth, overwhelms the server, or consumes other essential resources, the end result of an unmitigated DDoS attack is the same: the victim website is either slowed down past the point of usability, or it’s knocked completely offline, depriving users from essential online services.

It used to be that in order to launch a DDoS attack, one had to be pretty well versed in internet technology. That is no longer the case. With webstresser.org, any registered user could pay a nominal fee using online payment systems or cryptocurrencies to rent out the use of stressers and booters. Fees on offer were as low as EUR 15.00 a month, thus allowing individuals with little to no technical knowledge to launch crippling DDoS attacks.

International law enforcement cyber sweep

International police cooperation was central to the success of this investigation initiated by the Dutch National High Tech Crime Unit and the UK National Crime Agency, as the administrators, users, critical infrastructure and victims were scattered across the world.

Europol’s European Cybercrime Centre (EC3) and the Joint Cybercrime Action Taskforce (J-CAT) supported the investigation from the onset by facilitating the exchange of information between all partners. A command and coordination post was set up at Europol’s headquarters in The Hague on the action day.

“We have a trend where the sophistication of certain professional hackers to provide resources is allowing individuals – and not just experienced ones – to conduct DDoS attacks and other kind of malicious activities online”, said Steven Wilson, Head of Europol’s European Cybercrime Centre (EC3). “It’s a growing problem, and one we take very seriously. Criminals are very good at collaborating, victimising millions of users in a moment form anywhere in the world. We need to collaborate as good as them with our international partners to turn the table on these criminals and shut down their malicious cyberattacks.”

“Stresser websites make powerful weapons in the hands of cybercriminals” said Jaap van Oss, Dutch Chairman of the Joint Cybercrime Action Taskforce (J-CAT). “International law enforcement will not tolerate these illegal services and will continue to pursue its admins and users. This joint operation is yet another successful example of the ongoing international effort against these destructive cyberattacks.”

DDoS-ing is a crime

DDoS attacks are illegal. Many IT enthusiasts get involved in seemingly low-level fringe cybercrime activities, unaware of the consequences that such crimes carry. The penalties can be severe: if you conduct a DDoS attack, or make, supply or obtain stresser or booter services, you could receive a prison sentence, a fine or both.

The individuals that become involved in cybercrime often have a skill set that could be put to a positive use. Skills in coding, gaming, computer programming, cyber security or anything IT-related are in high demand and there are many careers and opportunities available to anyone with an interest in these areas.

This Europol news release was sourced from:

Neustar Finds DNSSEC Reflection Severe DDoS Risk

Neustar logoNeustar recently published research that detailed how Domain Name System Security Extensions (DNSSEC) can be subverted as an amplifier in Distributed-Denial-of-Service (DDoS) attacks.

In the research, “DNSSEC: How Savvy DDoS Attackers Are Using Our Defenses Against Us”, Neustar found that on average, DNSSEC reflection can transform an 80-byte query into a 2,313-byte response, an amplification factor of nearly 30 times, which can easily cause a network service outage during a DDoS attack, resulting in lost revenue and data breaches.

“DNSSEC emerged as a tool to combat DNS hijacking, but unfortunately, hackers have realized that the complexity of these signatures makes them ideal for overwhelming networks in a DDoS attack,” said Joe Loveless, Director Product Marketing, Security Services, Neustar. “If DNSSEC is not properly secured, it can be exploited, weaponized and ultimately used to create massive DDoS attacks.”

DNSSEC was designed to provide integrity and authentication to DNS, which it accomplishes with complex digital signatures and key exchanges. As a result, when a DNS record is transferred to DNSSEC, an extraordinary amount of additional information is created. Additionally, when issuing the DNS command, “ANY,” the amplified response from DNSSEC is exponentially larger than a normal DNS reply.

Key findings and recommendations from the research included:

  • DNSSEC Vulnerabilities Are Prolific – Neustar examined one industry with 1,349 domains and determined 1,084 of them (80 percent) could be maliciously repurposed as a DDoS attack amplifier (they were signed with DNSSEC and responded to the “ANY” command).
  • The Average DNSSEC Amplification Factor is 28.9 – Neustar tested DNSSEC vulnerabilities with an 80-byte query, which returned an average response of 2,313-bytes. The largest amplification response was 17,377-bytes, 217 times greater than the 80-byte query.
  • The Anatomy of a DNSSEC Reflection Attack – Neustar illustrates the command and control servers required to run the botnets and scripts that target DNS nameservers to execute DNSSEC amplification attacks.
  • Best Practices for Mitigation –For organizations that rely on DNSSEC, Neustar recommends ensuring that your DNS provider does not respond to “ANY” queries or has a mechanism in place to identify and prevent misuse.

“Neustar is focused on using connected sciences to connect people, places and things, which is why network security is so imperative,” said Loveless. “As more organizations adopt DNSSEC, it is critically important to understand how to secure it. The time to fix it is now.”

For more information about “DNSSEC: How Savvy DDoS Attackers Are Using Our Defenses Against Us” see:

Akamai Releases Q1 2016 State of the Internet Security Report

Latest Cloud Security Trends Shared in Akamai’s Q1 2016 State of the Internet – Security Report Show Retail, Gaming Industries Hardest Hit with Web Application and DDoS attacks

Akamai Technologies logo[news release] Akamai Technologies, Inc., the global leader in content delivery network (CDN) services, today published the Q1 2016 State of the Internet – Security Report. The quarterly report provides a detailed view of the global cloud security threat landscape and in-depth analysis and insight into malicious activity observed across the Akamai Intelligent Platform™. Download the latest State of the Internet – Security Report at stateoftheinternet.com/security-report.“We have continued to witness significant growth in the number and frequency of DDoS and web application attacks launched against online assets, and Q1 2016 was no exception,” said Stuart Scholly, senior vice president and general manager, Security Business Unit, Akamai. “Interestingly, nearly 60 percent of the DDoS attacks we mitigated used at least two attack vectors at once, making defense more difficult. Perhaps more concerning, this multi-vector attacks functionality was not only used by the most clever of attackers, it has become a standard capability in the DDoS-for-hire marketplace and accessible to even the least skilled actors.”

DDoS attack activity at a glance

During Q1, Akamai mitigated more than 4,500 DDoS attacks, a 125 percent increase compared with Q1 2015. As in recent quarters, the vast majority of these attacks were based on reflection attacks using stresser/booter-based tools. These tools bounce traffic off servers running vulnerable services such as DNS, CHARGEN, and NTP. In fact, 70 percent of the DDoS attacks in Q1 used the reflection-based DNS, CHARGEN, NTP, or UDP fragment vectors.

More than half of the attacks (55 percent) targeted gaming companies, with another 25 percent targeting the software and technology industry.

Q1 2016 also set a record for the number of DDoS attacks exceeding 100 Gigabits per second (Gbps): 19. The largest of these mega attacks mitigated by Akamai peaked at 289 Gbps. Fourteen attacks relied on DNS reflection methods. Last quarter, there were only five mega attacks; the previous record was 17, set in Q3 2014.

During Q4 2015, repeat DDoS attacks became the norm, with an average of 24 attacks per targeted customer in Q4. The trend continued this quarter; targeted customers were attacked an average of 39 times each. One customer was targeted 283 times – an average of three attacks per day.

DDoS metrics

Compared with Q1 2015

  • 125.36 percent increase in total DDoS attacks
  • 142.14 percent increase in infrastructure layer (layers 3 & 4) attacks
  • 34.98 percent decrease in the average attack duration: 16.14 vs. 24.82 hours
  • 137.5 percent increase in attacks > 100 Gbps: 19 vs. eight

Compared with Q4 2015

  • 22.47 percent increase in total DDoS attacks
  • 23.17 percent increase in infrastructure layer (layers 3 & 4) attacks
  • 7.96 percent increase in the average attack duration: 16.14 vs. 14.95 hours
  • 280 percent increase in attacks > 100 Gbps: 19 vs. five

Web application attack activity

Web application attacks increased nearly 26 percent compared with Q4 2015. As in past quarters, the retail sector remained the most popular attack target, targeted in 43 percent of the attacks. But in a shift from last quarter, we saw a two percent decrease in web application attacks over HTTP and a 236 percent increase in web application attacks over HTTPS. There was also an 87 percent increase in SQLi attacks compared with the previous quarter.

As in recent quarters, the US was both the most frequent source of web application attack traffic (43 percent) and the most frequent target (60 percent).

Web application attack metrics

Compared with Q4 2015

  • 25.52 percent increase in total web application attacks
  • 1.77 percent decrease in web application attacks over HTTP
  • 235.99 percent increase in web application attacks over HTTPS
  • 87.32 percent increase in SQLi attacks

Bot activity snapshot

For the first time, we’ve included an analysis of bot activity in the State of the Internet – Security Report. Looking at bot activity over 24 hours, we tracked and analyzed more than two trillion bot requests. While identified and known, so-called good bots represented 40 percent of the bot traffic, 50 percent of the bots were determined to be malicious and were engaged in scraping campaigns and related activity.

Growth in DDoS reflectors

Using firewall data from the perimeter of the Akamai Intelligent Platform, our analysis showed a 77 percent growth in active Quote of the Day (QOTD) reflectors, a 72 percent increase in NTP reflectors and a 67 percent increase in CHARGEN reflectors compared to Q4 2015. Active SSDP reflectors declined by 46 percent.

Download the report

A complimentary copy of the Q1 2016 State of the Internet – Security Report is available for download at stateoftheinternet.com/security-report.

About Akamai

As the global leader in Content Delivery Network (CDN) services, Akamai makes the Internet fast, reliable and secure for its customers. The company’s advanced web performance, mobile performance, cloud security and media delivery solutions are revolutionizing how businesses optimize consumer, enterprise and entertainment experiences for any device, anywhere. To learn how Akamai solutions and its team of Internet experts are helping businesses move faster forward, please visit www.akamai.com or blogs.akamai.com, and follow @Akamai on Twitter.

This Akamai news release was sourced from:

Neustar’s Third DDoS Survey Finds Attacks Unrelenting in 2015 with 73% of Global Brands and Organisations Attacked

Neustar logo[news release] Neustar, Inc., a trusted, neutral provider of real-time information services, today released the findings from its third global DDoS Attacks and Protection Report titled The Threatscape Widens: DDoS Aggression and the Evolution of IoT Risks.

The April 2016 report follows a survey of over 1,000 IT professionals across six continents, and reveals that few organisations globally are being spared DDoS attacks. With the bombardment fairly constant throughout 2015, it is no longer a matter of if or when attacks might happen, but how often and how long the attack will last. Faced with this ongoing onslaught, the report demonstrates that increasingly DDoS-defense savvy organizations are now arming themselves accordingly.

The research results show that although revenue loss caused by a DDoS related outage is usually the main concern, 57% of all breaches involved some sort of theft including intellectual property and customer data as well as financial information. More troubling, following the initial breach, 45% of organizations reported the installation of a virus or malware – a sign that attackers are interested in causing ongoing harm.

The research highlights that although DDoS attack tactics continue to evolve from single large attacks intended to take a website offline to the multi-vector attacks we are seeing today, organizations are fighting back. The good news is 76% of companies are investing more in DDoS protection than in 2014 and 47% of the attacked organizations are participating in security consortiums to share information on threats and counter measures.

Headline findings from the research include:

  • 73% (7 in 10) of global brands and organizations were attacked, which should put virtually every organization with a digital presence on notice.
  • 82% of organizations experiencing a DDoS attack were then attacked repeatedly, with 45% reporting they were attacked 6 or more times. In EMEA, 47% of organization have been struck more than 5 times.
  • More than half (57%) of organizations reported theft after attack, including loss of customer data, finances or intellectual property.
  • 50% of organizations would lose at least $100,000 per hour in a peak-time DDoS related outage (33% would lose more than $250,000 per hour), and 42% needed at least three hours to detect that they were under DDoS attack.
  • 76% of organizations are investing more than last year in response to the DDoS threat.
  • 71% of financial services firms attacked experienced some form of theft and 38% found viruses or malware activation after an attack. With big money, customer trust and regulatory implications on the line, 79% of financial services organizations are investing more this year than last.

“The findings of our most recent report are clear: attacks are unrelenting around the world but organizations are now recognizing DDoS attacks for what they are – an institutionalized weapon of cyber warfare – and so are protecting themselves,” says Rodney Joffe, Head of IT Security Research at Neustar. “We present the data from our third DDoS survey as a means to inform the public of the dangers associated with DDoS attacks, and advance a conversation about the importance of multi-layered cybersecurity. This should be a discourse that reaches from security through to marketing, as when a DDoS attack hits, the reverberations are felt like a domino effect throughout all departments.”

Why IoT offers a second chance to improve security

In addition to examining the DDoS trends of 2015, for the first time the survey also asked respondents to consider what the future portends for companies deploying IoT connected devices, providing insight into why security needs to be a central tenet for devices in the future. The survey found that while 63% of companies have IoT devices already deployed only 34% have security measures in place, indicating the IoT is opening up new threat vectors but too few organizations are focused on preventing connected devices from being compromised.

Hank Skorny, Neustar IoT expert, comments on security and IoT: “Although IoT is already here, the Internet was never built with security in mind; ease of use and convenience were paramount. By 2017, 81% of organizations will have devices deployed to collect and analyze data so today, we have the opportunity to learn from our mistakes and make security a cornerstone of every IoT device moving forward. From design conception, every IoT device, sensor, and software system needs a multi-tiered security driven approach, including timely patches and updates. Just as important, or perhaps more so, is for security to be an intrinsic part of every network. Every IT professional knows it can take just one successful hack on an IoT device to access and compromise an entire network. As IoT devices continue to become ingrained into our electrical grid, hospitals, assembly lines and other essential areas of life, the stakes are simply too high to leave security to chance.”

The Neustar April 2016 DDoS Attacks and Protection Report: The Threatscape Widens: DDoS Aggression and the Evolution of IoT Risks is based on answers received from over 1,000 directors, managers, CISOs, CSOs, CTOs and other security directors from six continents in the technology (18% of respondents), financial services (16%), retail (12%), and government (8%) sectors and others.

This news release was sourced from:

Daily Wrap: .SHOP/.SHOPPING Auction Gets Weird, and Nordic Domain Days

IIS .SE Sweden logoThere is an auction coming up for the .shop and .shopping gTLDs and Domain Incite reports that it is getting “weird”.

The report notes that there are three ways the auction could play out, and it’s possible that the winning bidder(s) may not have to pay out anything in the auction.

There is reportedly a growing issue with security and DDOS attacks and IPv6 according to a report in Dark Reading. According to the report “because IPv6 occupies such a relatively small space, Internet security implementations that take it into full consideration are also lagging. This leaves a lot of networks vulnerable to distributed denial of service (DDoS) attacks.”

Nordic Domain Days is coming in late November and will be held in Stockholm. Nordic Domain Days will be part of the long-running and very popular Internet Days (Internetdagarna) organised by IIS, the registry for .se and .nu.

There will be a focus on the interaction between registrars and registries. Representatives from more than 10 registries including .se, .no, .fi, .dk, .nu, .de, .nl, .cloud, .global and .one will be present.

Registration costs 1000 SEK (approximately €106) plus 250 SEK (VAT) and more information, along with registration, can be found here.