Tag Archives: Distributed Denial of Service Attacks

DDoS Attacks Increase by 151% in First Half of 2020 : Neustar

[news release] Neustar, Inc., a global information services and technology company and leader in identity resolution, Wednesday released its latest cyberthreats and trends report which identifies significant shifts in distributed denial-of-service (DDoS) attack patterns in the first half of 2020. Neustar’s Security Operations Center (SOC) saw a 151% increase in the number of DDoS attacks compared to the same period in 2019.

Continue reading DDoS Attacks Increase by 151% in First Half of 2020 : Neustar

DDoS Attacks Inflicting Serious Damage To Brands: Neustar

DDoS attacks continue to be an effective means to distract and confuse security teams while inflicting serious damage to brands, according to a report released last week by Neustar, Inc.

The first quarter 2019 Cyber Threats and Trends report highlights new areas of growth in Distributed Denial of Service (DDoS) attacks over the past year. One issue the report highlights is that while volumetric attacks over 50Gbps remain a relatively small segment of the overall threat picture at only 12% of attacks, their frequency has grown enormously when compared to the same period in 2018. The latest attacks morph over the course of the attack using a variety of ports and protocols to locate and exploit vulnerabilities. In Q1, 2019, over 77% of attacks used two or more vectors.

In particular, the trend of targeting subnets and classless inter-domain routing (CIDR) blocks to slow or stop network traffic across the internet is a disruptive DDoS threat, identified in the report. By using DDoS methods aimed completely at subnets, rather than specific IP addresses, an attack is often more difficult to detect and mitigate. These attacks often feature multiple vectors, and will switch between them as they migrate from subnet to subnet.

Neustar handled a mitigation for just such an attack in an around-the-clock collaboration between SOC engineers and a new customer who was quickly onboarded by Neustar after being dropped [during the attack] by their Tier 1 Internet Service Provider (ISP).

“Today’s artificial intelligence and machine learning technologies enable us to identify anomalous traffic and patterns, correlate data across systems, and perform behavioral analytics on users and entities,” said Rodney Joffe, Neustar Senior Vice President, Technologist and Fellow. “But none of these systems function without professionals who know how to deploy them, interpret their data, identify the existence and location of problems, and mitigate them.”

Such immediate personal involvement with expert engineers is a significant benefit in working with an estab-lished firm such as Neustar, particularly when under attack. “Neustar’s 10+Tbps of scrubbing capacity and variety of offerings are world class, and we have more power than ever to defend against the range of DDoS attacks,” said Michael Kaczmarek, Neustar Vice President of Security Products. “But it’s important to remember our most powerful defense: people.”

Neustar provides its customers with the resources and assurance that are needed to ensure data and infra-structure is continually protected against any type or size of DDoS attack. Neustar’s DDoS Mitigation Solutions offer the largest dedicated global network with over 10Tbps + of scrubbing capacity in North America, Europe, Asia, South America, Africa, Australia and India.

A free copy of The Neustar Q1’19 Cyber Threats and Trends Report is available here.

World’s biggest marketplace selling internet paralysing DDoS attacks taken down

The administrators of the DDoS marketplace webstresser.org were arrested on 24 April 2018 as a result of Operation Power Off, a complex investigation led by the Dutch Police and the UK’s National Crime Agency with the support of Europol and a dozen law enforcement agencies from around the world. The administrators were located in the United Kingdom, Croatia, Canada and Serbia. Further measures were taken against the top users of this marketplace in the Netherlands, Italy, Spain, Croatia, the United Kingdom, Australia, Canada and Hong Kong. The illegal service was shut down and its infrastructure seized in the Netherlands, the US and Germany.

Webstresser.org was considered the world’s biggest marketplace to hire Distributed Denial of Service (DDoS) services, with over 136,000 registered users and 4 million attacks measured by April 2018. The orchestrated attacks targeted critical online services offered by banks, government institutions and police forces, as well as victims in the gaming industry.

Devastation for hire

In a DDoS attack enabled by such a service, the attacker remotely controls connected devices to direct a large amount of traffic at a website or an online platform. Whether this traffic eats up the website’s bandwidth, overwhelms the server, or consumes other essential resources, the end result of an unmitigated DDoS attack is the same: the victim website is either slowed down past the point of usability, or it’s knocked completely offline, depriving users from essential online services.

It used to be that in order to launch a DDoS attack, one had to be pretty well versed in internet technology. That is no longer the case. With webstresser.org, any registered user could pay a nominal fee using online payment systems or cryptocurrencies to rent out the use of stressers and booters. Fees on offer were as low as EUR 15.00 a month, thus allowing individuals with little to no technical knowledge to launch crippling DDoS attacks.

International law enforcement cyber sweep

International police cooperation was central to the success of this investigation initiated by the Dutch National High Tech Crime Unit and the UK National Crime Agency, as the administrators, users, critical infrastructure and victims were scattered across the world.

Europol’s European Cybercrime Centre (EC3) and the Joint Cybercrime Action Taskforce (J-CAT) supported the investigation from the onset by facilitating the exchange of information between all partners. A command and coordination post was set up at Europol’s headquarters in The Hague on the action day.

“We have a trend where the sophistication of certain professional hackers to provide resources is allowing individuals – and not just experienced ones – to conduct DDoS attacks and other kind of malicious activities online”, said Steven Wilson, Head of Europol’s European Cybercrime Centre (EC3). “It’s a growing problem, and one we take very seriously. Criminals are very good at collaborating, victimising millions of users in a moment form anywhere in the world. We need to collaborate as good as them with our international partners to turn the table on these criminals and shut down their malicious cyberattacks.”

“Stresser websites make powerful weapons in the hands of cybercriminals” said Jaap van Oss, Dutch Chairman of the Joint Cybercrime Action Taskforce (J-CAT). “International law enforcement will not tolerate these illegal services and will continue to pursue its admins and users. This joint operation is yet another successful example of the ongoing international effort against these destructive cyberattacks.”

DDoS-ing is a crime

DDoS attacks are illegal. Many IT enthusiasts get involved in seemingly low-level fringe cybercrime activities, unaware of the consequences that such crimes carry. The penalties can be severe: if you conduct a DDoS attack, or make, supply or obtain stresser or booter services, you could receive a prison sentence, a fine or both.

The individuals that become involved in cybercrime often have a skill set that could be put to a positive use. Skills in coding, gaming, computer programming, cyber security or anything IT-related are in high demand and there are many careers and opportunities available to anyone with an interest in these areas.

This Europol news release was sourced from:
https://www.europol.europa.eu/newsroom/news/world’s-biggest-marketplace-selling-internet-paralysing-ddos-attacks-taken-down

Neustar Finds DNSSEC Reflection Severe DDoS Risk

Neustar logoNeustar recently published research that detailed how Domain Name System Security Extensions (DNSSEC) can be subverted as an amplifier in Distributed-Denial-of-Service (DDoS) attacks.

In the research, “DNSSEC: How Savvy DDoS Attackers Are Using Our Defenses Against Us”, Neustar found that on average, DNSSEC reflection can transform an 80-byte query into a 2,313-byte response, an amplification factor of nearly 30 times, which can easily cause a network service outage during a DDoS attack, resulting in lost revenue and data breaches.

“DNSSEC emerged as a tool to combat DNS hijacking, but unfortunately, hackers have realized that the complexity of these signatures makes them ideal for overwhelming networks in a DDoS attack,” said Joe Loveless, Director Product Marketing, Security Services, Neustar. “If DNSSEC is not properly secured, it can be exploited, weaponized and ultimately used to create massive DDoS attacks.”

DNSSEC was designed to provide integrity and authentication to DNS, which it accomplishes with complex digital signatures and key exchanges. As a result, when a DNS record is transferred to DNSSEC, an extraordinary amount of additional information is created. Additionally, when issuing the DNS command, “ANY,” the amplified response from DNSSEC is exponentially larger than a normal DNS reply.

Key findings and recommendations from the research included:

  • DNSSEC Vulnerabilities Are Prolific – Neustar examined one industry with 1,349 domains and determined 1,084 of them (80 percent) could be maliciously repurposed as a DDoS attack amplifier (they were signed with DNSSEC and responded to the “ANY” command).
  • The Average DNSSEC Amplification Factor is 28.9 – Neustar tested DNSSEC vulnerabilities with an 80-byte query, which returned an average response of 2,313-bytes. The largest amplification response was 17,377-bytes, 217 times greater than the 80-byte query.
  • The Anatomy of a DNSSEC Reflection Attack – Neustar illustrates the command and control servers required to run the botnets and scripts that target DNS nameservers to execute DNSSEC amplification attacks.
  • Best Practices for Mitigation –For organizations that rely on DNSSEC, Neustar recommends ensuring that your DNS provider does not respond to “ANY” queries or has a mechanism in place to identify and prevent misuse.

“Neustar is focused on using connected sciences to connect people, places and things, which is why network security is so imperative,” said Loveless. “As more organizations adopt DNSSEC, it is critically important to understand how to secure it. The time to fix it is now.”

For more information about “DNSSEC: How Savvy DDoS Attackers Are Using Our Defenses Against Us” see:
https://hello.neustar.biz/dnssec_report_it_security_lp.html

Akamai Releases Q1 2016 State of the Internet Security Report

Latest Cloud Security Trends Shared in Akamai’s Q1 2016 State of the Internet – Security Report Show Retail, Gaming Industries Hardest Hit with Web Application and DDoS attacks

Akamai Technologies logo[news release] Akamai Technologies, Inc., the global leader in content delivery network (CDN) services, today published the Q1 2016 State of the Internet – Security Report. The quarterly report provides a detailed view of the global cloud security threat landscape and in-depth analysis and insight into malicious activity observed across the Akamai Intelligent Platform™. Download the latest State of the Internet – Security Report at stateoftheinternet.com/security-report.“We have continued to witness significant growth in the number and frequency of DDoS and web application attacks launched against online assets, and Q1 2016 was no exception,” said Stuart Scholly, senior vice president and general manager, Security Business Unit, Akamai. “Interestingly, nearly 60 percent of the DDoS attacks we mitigated used at least two attack vectors at once, making defense more difficult. Perhaps more concerning, this multi-vector attacks functionality was not only used by the most clever of attackers, it has become a standard capability in the DDoS-for-hire marketplace and accessible to even the least skilled actors.”

DDoS attack activity at a glance

During Q1, Akamai mitigated more than 4,500 DDoS attacks, a 125 percent increase compared with Q1 2015. As in recent quarters, the vast majority of these attacks were based on reflection attacks using stresser/booter-based tools. These tools bounce traffic off servers running vulnerable services such as DNS, CHARGEN, and NTP. In fact, 70 percent of the DDoS attacks in Q1 used the reflection-based DNS, CHARGEN, NTP, or UDP fragment vectors.

More than half of the attacks (55 percent) targeted gaming companies, with another 25 percent targeting the software and technology industry.

Q1 2016 also set a record for the number of DDoS attacks exceeding 100 Gigabits per second (Gbps): 19. The largest of these mega attacks mitigated by Akamai peaked at 289 Gbps. Fourteen attacks relied on DNS reflection methods. Last quarter, there were only five mega attacks; the previous record was 17, set in Q3 2014.

During Q4 2015, repeat DDoS attacks became the norm, with an average of 24 attacks per targeted customer in Q4. The trend continued this quarter; targeted customers were attacked an average of 39 times each. One customer was targeted 283 times – an average of three attacks per day.

DDoS metrics

Compared with Q1 2015

  • 125.36 percent increase in total DDoS attacks
  • 142.14 percent increase in infrastructure layer (layers 3 & 4) attacks
  • 34.98 percent decrease in the average attack duration: 16.14 vs. 24.82 hours
  • 137.5 percent increase in attacks > 100 Gbps: 19 vs. eight

Compared with Q4 2015

  • 22.47 percent increase in total DDoS attacks
  • 23.17 percent increase in infrastructure layer (layers 3 & 4) attacks
  • 7.96 percent increase in the average attack duration: 16.14 vs. 14.95 hours
  • 280 percent increase in attacks > 100 Gbps: 19 vs. five

Web application attack activity

Web application attacks increased nearly 26 percent compared with Q4 2015. As in past quarters, the retail sector remained the most popular attack target, targeted in 43 percent of the attacks. But in a shift from last quarter, we saw a two percent decrease in web application attacks over HTTP and a 236 percent increase in web application attacks over HTTPS. There was also an 87 percent increase in SQLi attacks compared with the previous quarter.

As in recent quarters, the US was both the most frequent source of web application attack traffic (43 percent) and the most frequent target (60 percent).

Web application attack metrics

Compared with Q4 2015

  • 25.52 percent increase in total web application attacks
  • 1.77 percent decrease in web application attacks over HTTP
  • 235.99 percent increase in web application attacks over HTTPS
  • 87.32 percent increase in SQLi attacks

Bot activity snapshot

For the first time, we’ve included an analysis of bot activity in the State of the Internet – Security Report. Looking at bot activity over 24 hours, we tracked and analyzed more than two trillion bot requests. While identified and known, so-called good bots represented 40 percent of the bot traffic, 50 percent of the bots were determined to be malicious and were engaged in scraping campaigns and related activity.

Growth in DDoS reflectors

Using firewall data from the perimeter of the Akamai Intelligent Platform, our analysis showed a 77 percent growth in active Quote of the Day (QOTD) reflectors, a 72 percent increase in NTP reflectors and a 67 percent increase in CHARGEN reflectors compared to Q4 2015. Active SSDP reflectors declined by 46 percent.

Download the report

A complimentary copy of the Q1 2016 State of the Internet – Security Report is available for download at stateoftheinternet.com/security-report.

About Akamai

As the global leader in Content Delivery Network (CDN) services, Akamai makes the Internet fast, reliable and secure for its customers. The company’s advanced web performance, mobile performance, cloud security and media delivery solutions are revolutionizing how businesses optimize consumer, enterprise and entertainment experiences for any device, anywhere. To learn how Akamai solutions and its team of Internet experts are helping businesses move faster forward, please visit www.akamai.com or blogs.akamai.com, and follow @Akamai on Twitter.

This Akamai news release was sourced from:
https://www.akamai.com/us/en/about/news/press/2016-press/akamai-releases-first-quarter-2016-state-of-the-internet-security-report.jsp

Neustar’s Third DDoS Survey Finds Attacks Unrelenting in 2015 with 73% of Global Brands and Organisations Attacked

Neustar logo[news release] Neustar, Inc., a trusted, neutral provider of real-time information services, today released the findings from its third global DDoS Attacks and Protection Report titled The Threatscape Widens: DDoS Aggression and the Evolution of IoT Risks.

The April 2016 report follows a survey of over 1,000 IT professionals across six continents, and reveals that few organisations globally are being spared DDoS attacks. With the bombardment fairly constant throughout 2015, it is no longer a matter of if or when attacks might happen, but how often and how long the attack will last. Faced with this ongoing onslaught, the report demonstrates that increasingly DDoS-defense savvy organizations are now arming themselves accordingly.

The research results show that although revenue loss caused by a DDoS related outage is usually the main concern, 57% of all breaches involved some sort of theft including intellectual property and customer data as well as financial information. More troubling, following the initial breach, 45% of organizations reported the installation of a virus or malware – a sign that attackers are interested in causing ongoing harm.

The research highlights that although DDoS attack tactics continue to evolve from single large attacks intended to take a website offline to the multi-vector attacks we are seeing today, organizations are fighting back. The good news is 76% of companies are investing more in DDoS protection than in 2014 and 47% of the attacked organizations are participating in security consortiums to share information on threats and counter measures.

Headline findings from the research include:

  • 73% (7 in 10) of global brands and organizations were attacked, which should put virtually every organization with a digital presence on notice.
  • 82% of organizations experiencing a DDoS attack were then attacked repeatedly, with 45% reporting they were attacked 6 or more times. In EMEA, 47% of organization have been struck more than 5 times.
  • More than half (57%) of organizations reported theft after attack, including loss of customer data, finances or intellectual property.
  • 50% of organizations would lose at least $100,000 per hour in a peak-time DDoS related outage (33% would lose more than $250,000 per hour), and 42% needed at least three hours to detect that they were under DDoS attack.
  • 76% of organizations are investing more than last year in response to the DDoS threat.
  • 71% of financial services firms attacked experienced some form of theft and 38% found viruses or malware activation after an attack. With big money, customer trust and regulatory implications on the line, 79% of financial services organizations are investing more this year than last.

“The findings of our most recent report are clear: attacks are unrelenting around the world but organizations are now recognizing DDoS attacks for what they are – an institutionalized weapon of cyber warfare – and so are protecting themselves,” says Rodney Joffe, Head of IT Security Research at Neustar. “We present the data from our third DDoS survey as a means to inform the public of the dangers associated with DDoS attacks, and advance a conversation about the importance of multi-layered cybersecurity. This should be a discourse that reaches from security through to marketing, as when a DDoS attack hits, the reverberations are felt like a domino effect throughout all departments.”

Why IoT offers a second chance to improve security

In addition to examining the DDoS trends of 2015, for the first time the survey also asked respondents to consider what the future portends for companies deploying IoT connected devices, providing insight into why security needs to be a central tenet for devices in the future. The survey found that while 63% of companies have IoT devices already deployed only 34% have security measures in place, indicating the IoT is opening up new threat vectors but too few organizations are focused on preventing connected devices from being compromised.

Hank Skorny, Neustar IoT expert, comments on security and IoT: “Although IoT is already here, the Internet was never built with security in mind; ease of use and convenience were paramount. By 2017, 81% of organizations will have devices deployed to collect and analyze data so today, we have the opportunity to learn from our mistakes and make security a cornerstone of every IoT device moving forward. From design conception, every IoT device, sensor, and software system needs a multi-tiered security driven approach, including timely patches and updates. Just as important, or perhaps more so, is for security to be an intrinsic part of every network. Every IT professional knows it can take just one successful hack on an IoT device to access and compromise an entire network. As IoT devices continue to become ingrained into our electrical grid, hospitals, assembly lines and other essential areas of life, the stakes are simply too high to leave security to chance.”

The Neustar April 2016 DDoS Attacks and Protection Report: The Threatscape Widens: DDoS Aggression and the Evolution of IoT Risks is based on answers received from over 1,000 directors, managers, CISOs, CSOs, CTOs and other security directors from six continents in the technology (18% of respondents), financial services (16%), retail (12%), and government (8%) sectors and others.

This news release was sourced from:
https://www.neustar.biz/about-us/news-room/press-releases/2016/neustartwentysixteenaprddos

Vocus Communications Contributes to Responsive and Resilient Internet with L-Root Instance in Australia

ICANN logoEstablishment of instance in Australia helps further decentralise the top level of the DNS, mitigate certain network outages, and reduce DNS-related delays

[news release] The L-Root instance in Australia has been successfully installed in Sydney, increasing the Domain Name System’s (DNS) overall fault tolerance and its resilience against certain types of cyber threats, such as Denial of Service (DoS) attacks.

The launch of the L-Root server node is a joint operation between ICANN and Vocus Communications which supplied the equipment necessary for the installation of the new L-Root node. Vocus also provided the colocation in their datacenter and the bandwidth needed for the node’s operation.

“We are delighted to support the installation of the L-root server, boosting stability and security in the network. Last year saw a massive 121 per cent increase in infrastructure based DDoS attacks, which means security is more important than ever. Creating greater redundancy in the DNS is great news for Australian businesses which increasingly require the reliability of a fast and secure network,” said Vocus Chief Technology Officer, Luke Mackinnon.

“I am very pleased with our partnership with Vocus. We have a very close working relationship with Australia’s multi-stakeholder Internet Governance community and I am happy to facilitate the deployment of another root server instance into Australia,” said Savé Vocea, ICANN‘s Global Stakeholder Engagement Vice President for Pacific Islands.

This cooperation signifies an effort between ICANN and Vocus to enhance the security, stability and resiliency of the DNS for Australian Internet users and reduce the response time experienced when making some DNS queries.

ICANN is pleased to augment the number of L-Root instances in Australia. We appreciate the tremendous effort from Vocus in hosting the L-Root. Their work speaks volumes to their commitment to both the Domain Name System and the stability and resiliency of the global Internet,” said Terry Manderson, Director of DNS Engineering at ICANN.

There are 13 “root” DNS servers, identified by the letters A through M — the “L” root server operated by ICANN being one. Computers typically communicate with each other using numeric addresses, while humans find it easier to use and remember names (for instance, users typically remember the domain name “ICANN.ORG” more easily than the Internet Protocol address, 2620:0:2d0:200::7). The DNS translates domain names into addresses and the root servers provide the pointers to the servers for top-level domains (the last part of domain names, for example, “ORG” in “ICANN.ORG”).

Spreading the service that provides these pointers out geographically by duplicating the root servers leads to a more resilient, dispersed system that reduces the risk of users being taken offline by a problem or attack and reduces the time it takes to look up names on the Internet.

The Vocus hosted L-Root instance is the sixth root server instance in Australia.

For more information about L-root, please visit www.dns.icann.org/.



About ICANN

ICANN‘s mission is to coordinate and ensure a stable, secure and unified global Internet identifier system. To reach another person on the Internet you have to type an identifier into your computer – a name or a number. That identifier has to be unique so computers know where to find each other. ICANN helps coordinate these unique identifiers across the world. ICANN was formed in 1998. It is a not-for-profit public-benefit corporation that supports and coordinates participants from all over the world dedicated to keeping the Internet secure, stable and interoperable. ICANN promotes competition and develops policy on some of the Internet’s unique identifiers. ICANN doesn’t control content on the Internet. It cannot stop spam and it doesn’t deal with access to the Internet. But through its coordination role of the top level of the Internet’s identifier systems, it does have an important impact on the expansion and evolution of the Internet. For more information please visit: www.icann.org.

About VOCUS

Vocus Communications is an ASX listed leading telecommunications provider of Data Centre, Dark Fibre and International Internet connectivity across Australia, NZ, Singapore and the US. The company provides high performance, high availability, and highly scalable communications solutions, which allow service providers to quickly and easily deploy new services for their own customer base.

Europe Leads With IPv6 Adoption, While DDoS Attacks Decline: Akamai

Europe continues to lead in IPV6 adoption with eight of the top ten countries, the latest Akamai State of the Internet report finds while DDoS attacks decrease by 20 percent quarter-over-quarter, but rise 27 percent year-over-year.The report, covering the first quarter of 2014, found more than 795 million unique IPv4 addresses from 240 countries/regions connected to the Akamai Intelligent Platform. This was 1.6 percent more than in the fourth quarter of 2013 and 7.8 percent more than a year prior. Quarterly growth was seen in six of the top 10 countries/regions. Brazil was again a standout with 12 percent and 50 percent of quarterly and yearly growth, respectively.European countries continued to lead in IPv6 adoption, taking eight of the top ten slots. Belgium grew nearly 200 percent quarter-over-quarter, jumping to first place with 14 percent of its traffic over IPv6. The United States and Peru were the only two countries from the Americas within the top 10, while Japan fell out of the top 10, leaving the Asia Pacific region unrepresented within the group.Looking at attack traffic and security, the report found the concentration of attacks decreased significantly as compared to the fourth quarter of 2013, with the top ten countries/regions originating 75 percent of observed attacks, down from 88 percent in the prior quarter.On Distributed Denial of Service (DDoS) attack traffic, the report found most regions of the world saw a decline in reported DDoS attacks during the first quarter of 2014. The Americas continued to account for approximately 49 percent (139) of all attacks, followed by the Asia Pacific region with 31 percent (87) of attacks and Europe, Middle East and Africa (EMEA) receiving the remaining 20 percent (57) of DDoS traffic. The enterprise sector saw a 49 percent quarter-over-quarter reduction in attack traffic, while public sector attack traffic grew by 34 percent, primarily attributable to attacks against government targets within Singapore.The report also covers global mobile connectivity (South Korea was fastest with average download speeds of 14.7 Mbps), 4K readiness (globally, 11 percent of connections were at speeds of 15 Mbps or above, fast enough to stream 4K TV, in the first quarter) and global average connection speeds and global broadband connectivity (global average connection speed climbed 1.8 percent to continue its steady growth over recent quarters, and while global average peak connection speeds dropped 8.6 percent in the first quarter of 2014, year-over-year trends remained positive with a 13 percent increase).For more information, see the Akamai news release below, or follow the link to the Akamai site where there are links to download further information. The news release was sourced from: www.akamai.com/html/about/press/releases/2014/press-062614.html.Akamai Releases First Quarter 2014 ‘State of the Internet’ Report

  • Global average connection speeds up 1.8%, while global average peak connection speeds drop 8.6%
  • Europe continues to lead in IPV6 adoption with eight of the top 10 countries
  • DDoS attacks decrease by 20% quarter-over-quarter, but rise 27% year-over-year
  • 11% of global connections are “4K ready”

Akamai Technologies, Inc., the leading provider of cloud services for delivering, optimizing and securing online content and business applications, today (26 June) released its First Quarter, 2014 State of the Internet Report. Based on data gathered from the Akamai Intelligent Platform™, the report provides insight into key global statistics such as connection speeds, overall attack traffic, network connectivity/availability issues, and traffic patterns across leading Web properties and digital media providers.The report also includes insight into NTP reflection and WordPress XML-RPC pingback attacks, the status of IPv4 exhaustion and IPv6 adoption, and global 4K readiness.Data and graphics from the First Quarter, 2014 State of the Internet Report can be found on the Akamai State of the Internet site and through the Akamai State of the Internet app for iPads and iPhones.Highlights from Akamai’s First Quarter, 2014 State of the Internet Report:Global Average Connection Speeds and Global Broadband Connectivity
The global average connection speed climbed 1.8% to continue its steady growth over recent quarters, and while global average peak connection speeds dropped 8.6% in the first quarter of 2014, year-over-year trends remained positive with a 13% increase.With the global average connection speed at 3.9 Mbps as of quarter-end, it is expected that the measurement will surpass the 4 Mbps broadband threshold next quarter. In the first quarter, nine of the top 10 countries/regions saw increases in average connection speeds, including an 8% jump for first place South Korea (23.6 Mbps), which is now 9 Mbps ahead of second place Japan (14.6 Mbps). Of the top 10 countries, only the Czech Republic experienced a decrease in average connection speed, remaining in eighth place with a 1.9% drop.With the global average connection speed at 3.9 Mbps as of quarter-end, it is expected that the measurement will surpass the 4 Mbps broadband threshold next quarter. In the first quarter, nine of the top 10 countries/regions saw increases in average connection speeds, including an 8% jump for first place South Korea (23.6 Mbps), which is now 9 Mbps ahead of second place Japan (14.6 Mbps). Of the top 10 countries, only the Czech Republic experienced a decrease in average connection speed, remaining in eighth place with a 1.9% drop.Year-over-year, global average connection speeds grew by 24% and increases were seen in all but seven countries/regions. Growth ranged from a low of 0.7% in Panama (2.6 Mbps) to a high of 196% in Sudan (3.2 Mbps). South Korea showed a 145% increase from the first quarter of 2013, a growth rate that nearly tripled Ireland’s 47% increase, which ranked second in year-over-year growth among the top 10.Increases in global average peak connection speeds during the first quarter of 2014 ranged from 0.2% in Colombia (16.8 Mbps) to 76% in Sudan (13.4 Mbps). A total of 43 qualifying countries/regions saw quarter-over-quarter increases in their average peak connection speeds, whereas 92 qualifying countries/regions saw declines.The year-over-year story remains positive. Since the first quarter of 2013, global average peak connection speeds increased 13%. Yearly growth rates among the top 10 countries/regions ranged from 0.3% in Hong Kong (66 Mbps) to an impressive 206% in Uruguay (45.4 Mbps).Global high broadband (>10 Mbps) adoption rates in the first quarter improved by 9.4% quarter-over-quarter, climbing above the 20% mark for the first time, to 21%. Once again, all of the countries/regions in the top 10 had high broadband adoption rates of 30%, with South Korea (77%), Japan (54%) and Switzerland (45%) topping the list. The year-over-year growth rate was 65%, with six of the top 10 countries/regions seeing increases of 50% or more.The global broadband (>4 Mbps) adoption rate grew a nominal 1.7% from the fourth quarter of 2013 to reach 56% in the first quarter of 2014. Of the countries/regions that qualified, 76 had higher broadband adoption rates this quarter – growth ranged from 0.2% in Canada (82% adoption) to 1,208% in Sudan (21% adoption). Since the first quarter of 2013, global broadband adoption rates grew by 24%, with extremely large year-over-year upticks seen in Kenya (1,100% to 4.9% adoption), Uruguay (3,298% to 34% adoption) and Sudan (5,926%).”While there continues to be room for improvement in high broadband adoption and average peak connection speeds in some areas of the world, the trends we’re seeing remain very positive,” said David Belson, the author of the report. “Steady year-over-year growth suggests that a strong, global foundation is being built for the enjoyment of next generation content and services like 4K video and increasingly connected homes and offices, and that connectivity will continue to evolve to support the growing demands these emerging technologies will place on the Internet.”4K Readiness
With 4K (Ultra HD) adaptive bitrate streams generally requiring between 10 – 20 Mbps of bandwidth, the new “4K Readiness” metric presented for the first time in the First Quarter, 2014 State of the Internet Report highlights the percentage of connections to Akamai at speeds above 15 Mbps, with the goal of identifying candidate geographies most likely to be able to sustain such streams. The findings do not account for other “readiness” factors, including availability of 4K-encoded content or 4K-capable televisions and players.Globally, 11% of connections were at speeds of 15 Mbps or above in the first quarter. Seven of the top 10 countries/regions on the 4K readiness list overlapped with those on the global high broadband connectivity list. South Korea led the list with 60% 4K readiness while Japan had 32% of its connections at that level in the first quarter. Of the top 10, the Czech Republic had the lowest level of 4K readiness with 17%. Overall, 47 countries/regions qualified for inclusion.Attack Traffic and Security
Akamai maintains a distributed set of unadvertised agents deployed across the Internet to log connection attempts that the company classifies as attack traffic. Based on the data collected by these agents, Akamai is able to identify the top countries from which attack traffic originates, as well as the top ports targeted by these attacks. It is important to note, however, that the originating country as identified by the source IP address may not represent the nation in which an attacker resides.During the first quarter of 2014, Akamai observed attack traffic originating from 194 unique countries/regions – six more than the fourth quarter of 2013. China was again responsible for originating the most attacks, but dropped slightly from 43% in the fourth quarter of 2013 to 41% in the first quarter of 2014. The United States followed in second place, but also saw a decline from 19% to 11%, and Indonesia saw a slight uptick from 5.7% to 6.8% to secure third place. Overall, the concentration of attacks decreased significantly as compared to the fourth quarter of 2013, with the top 10 countries/regions originating 75% of observed attacks, down from 88% in the prior quarter.Port 445 (Microsoft-DS) remained the most targeted port in the first quarter of 2014, but the associated attack traffic volume was down to 14% of observed attack traffic (from 30% in the third quarter of 2013). Conversely, Port 5000 (Universal Plug & Play/UPnP) saw a significant increase during the quarter – from less than a tenth of a percent in the fourth quarter of 2013 to 12% this quarter – an increase of more than 100 times. Port 23 (Telnet) ranked third with 8.7% of observed attack traffic.Distributed Denial of Service (DDoS) Attack Traffic
In addition to observations on attack traffic, the State of the Internet Report includes insight into DDoS attacks based on reports from Akamai’s customers. The number of DDoS attacks reported in the first quarter of 2014 declined to 283 from 346 in the last quarter of 2013. This represents a 20% decrease quarter-over-quarter and a 27% increase year-over-year.Most regions of the world saw a decline in reported DDoS attacks during the first quarter of 2014. The Americas continued to account for approximately 49% (139) of all attacks, followed by the Asia Pacific region with 31% (87) of attacks and Europe, Middle East and Africa (EMEA) receiving the remaining 20% (57) of DDoS traffic. The enterprise sector saw a 49% quarter-over-quarter reduction in attack traffic, while public sector attack traffic grew by 34%, primarily attributable to attacks against government targets within Singapore.IPv4 and IPv6
In the first quarter of 2014, more than 795 million unique IPv4 addresses from 240 countries/regions connected to the Akamai Intelligent Platform. This was 1.6% more than in the fourth quarter of 2013 and 7.8% more than a year prior. Quarterly growth was seen in six of the top 10 countries/regions. Brazil was again a standout with 12% and 50% of quarterly and yearly growth, respectively.European countries continued to lead in IPv6 adoption, taking eight of the top 10 slots. Belgium grew nearly 200% quarter-over-quarter, jumping to first place with 14% of its traffic over IPv6. The United States and Peru were the only two countries from the Americas within the top 10, while Japan fell out of the top 10, leaving the Asia Pacific region unrepresented within the group.The report also lists the top 20 network providers based on their number of IPv6 requests made to Akamai during the first quarter. The highest request volumes came from cable and wireless providers in the United States. Verizon Wireless had the highest percentage (45%) of requests over IPv6, while 12 other providers also had more than 10% of their requests to Akamai over IPv6 during the first quarter. European providers were also heavily represented, including three providers from Belgium with strong showings. KDDI (Japan) and Telekom Malaysia were the only two providers to represent the Asia Pacific region, while Telefonica del Peru was the only South American provider on the list.Mobile Connectivity
In the first quarter of 2014, average mobile connection speeds ranged from 1.0 Mbps in Argentina to 14.7 Mbps in South Korea. Though the latter was the only country/region with average mobile connection speeds above the 10 Mbps high-broadband threshold, 20 countries/regions had average connection speeds above the 4 Mbps threshold. A total of 56 countries/regions qualified for inclusion in the mobile section. Note that starting with the First Quarter, 2014 State of the Internet Report, mobile connectivity is being aggregated at a country level, rather than at a provider level.Average peak mobile connection speeds among qualifying countries spanned a broad range, from 114.2 Mbps in Australia down to just 5.0 Mbps in Iran. In total, 43 countries showed average peak connection speeds above 10 Mbps.The State of the Internet Report now includes a broadband adoption statistic within the Mobile Connectivity section. This quarter, Ukraine had the highest level of mobile broadband adoption, with 89% of mobile connections to Akamai from the country at speeds above 4 Mbps.About the Akamai State of the Internet Report
Each quarter, Akamai publishes a “State of the Internet” report. This report includes data gathered from across the Akamai Intelligent Platform about attack traffic, broadband adoption, mobile connectivity and other relevant topics concerning the Internet and its usage, as well as trends seen in this data over time. To learn more and to access the archive of past reports, please visit www.akamai.com/stateoftheinternet. To download the figures from the First Quarter, 2014 State of the Internet Report, please visit: http://wwwns.akamai.com/soti/soti_q114_figures.zip.About Akamai
Akamai® is the leading provider of cloud services for delivering, optimizing and securing online content and business applications. At the core of the Company’s solutions is the Akamai Intelligent Platform™ providing extensive reach, coupled with first class reliability, security, visibility and expertise. Akamai removes the complexities of connecting the increasingly mobile world, supporting 24/7 consumer demand, and enabling enterprises to securely leverage the cloud. To learn more about how Akamai is accelerating the pace of innovation in a hyperconnected world, please visit www.akamai.com or blogs.akamai.com, and follow @Akamai on Twitter.

Recommendations for Adding Cybersecurity Intelligence to the Smart Grid Josh Ray, Verisign

Verisign logoOver the last few years, there has been an increased effort to modernize the U.S. electric grid. Building a “Smart Grid” has been central in the effort to help utilities better manage their resources, minimize power outages and reduce energy consumption. However, adding more electronic devices and sensors to the grid’s network has made it a prime target of cyberattacks, like Distributed Denial of Service (DDoS) attacks, which if successful, could cause wide-spread disruption of services affecting many other sectors.

According to a recent ICS-CERT incident response from The United States Computer Emergency Readiness Team (US-CERT), an organization within the Department of Homeland Security’s National Protection and Programs Directorate, of the 257 reported incidents ICS-CERT collected in 2013, 56 percent, or 151 incidents, occurred in the energy sector, which exceeded all incidents reported in the other sectors combined. Keep in mind that because reporting of cyber incidents is done on a voluntary basis, ICS-CERT estimates that many more incidents occurred but were not reported.

As new, advanced cyberattacks on public utilities are expected to grow in frequency, what should these organizations be doing to prepare? Below are recommendations for a new approach to cybersecurity for critical infrastructure based on recent research from Verisign iDefense Security Intelligence Services:

 

  1. Build security solutions into the front-end design: It is important that the energy sector build security solutions into the front-end design, manufacturing and deployment of Smart Grid systems and components. And as the roll out of the Smart Grid continues to take place, the energy sector will need to address legacy equipment issues and access control usage, while continuing to tighten its security policies and procedures.
  2. Examine the use of remote connections: While threat mitigation is an ongoing concern, organizations managing critical infrastructure will also need to examine the use of remote connections to their enterprises and determine how to best manage user access from the perspective of the least-privilege principle for access control.
  3. Frequently monitor for vulnerabilities and have a mitigation plan in place: The energy sector should frequently monitor their systems and networks for vulnerabilities, and embrace a full-scope risk management program for both the Information Technology (IT) and Industrial Control Systems (ICS) sides of the house. This will be critical for the success of their security programs.
  4. Protect availability of critical systems:  It is imperative that public utilities have a multilayered mitigation strategy in place to restore services quickly in the event of a DDoS attack. Due to the critical nature of smart grid networks, a hybrid approach to DDoS mitigation, which includes a dedicated appliance on the network, layered with a cloud-based DDoS solution to provide real-time adaptive mitigation that protects against both high-volume and targeted application-level DDoS attacks, may provide the most comprehensive protection.
  5. Invest in third-party expertise: Working with third-party security providers and experts can provide energy/utility companies with powerful tools to combat today’s cybersecurity risks as well as help them develop advanced threat intelligence capabilities to proactively protect their assets. Given what is at stake, all energy companies should consider making this investment.

To learn more about cybersecurity intelligence or DDoS protection services, visit www.VerisignInc.com/cybersecurity.

This article by Verisign’s Josh Ray was sourced with permission from the Verisign blog at:
blogs.verisigninc.com/blog/entry/recommendations_for_adding_cybersecurity_intelligence

Neustar 2014 ‘DDoS Attacks and Impact Report’ Finds Unpredictable DDoS Landscape

Neustar logo[news release] Neustar, Inc. … today (22/4) released its third annual “DDoS Attacks and Impacts Report,” delivering key insights on Distributed Denial of Service (DDoS) attacks and the business impact of these incidents. The survey reveals that DDoS attacks are now more unpredictable and damaging than ever, crippling websites, shutting down operations, and costing millions of dollars in downtime, customer support and brand damage. Nearly twice as many businesses surveyed suffered a DDoS attack last year and more than 40 percent estimated DDoS losses at more than $1 million per day.

Other key findings include a growing trend toward quicker, more concentrated attacks, suggesting a spurt in “smokescreening” – where criminals use DDoS attacks to distract IT staff while inserting malware to breach bank accounts and customer data.  In fact, 49 percent of businesses who suffered a DDoS attack and a breach in 2013 reported that a virus or malware was installed or activated and 55 percent of DDoS targets reported that they were also victims of theft. Attackers stole funds, customer data and intellectual property.

“DDoS attacks create an ‘all hands on deck’ mentality, and the potential for damage is high as criminals take advantage of the distraction to grab and clone private data to tap into funds, intellectual property and more,” said Rodney Joffe, senior vice president and senior technologist at Neustar. “Businesses should look out for shorter, more intense attacks without the traditionally expected extortion or policy demands. It is critical that they protect themselves by dedicating staff to watch entry systems during attacks, making sure everything is patched and having dedicated DDoS protection.”

Additional insights from the survey include:

  • Almost 90 percent of companies attacked were hit repeatedly
  • Larger attacks almost tripled. The number of attacks between 1-5 Gbps in size grew by 150 percent
  • DDoS attacks are consuming more manpower. Attacks requiring more than 10 people to put out the fire more than doubled compared to 2012
  • The costs of DDoS attacks were not only higher, but were felt more widely across the enterprise. Non-IT/security departments absorbed more than 50 percent of attack-related costs and customer support felt the impact most acutely at 63 percent of companies
  • There are now very few companies (under five percent) with no DDoS protection in place. Of the vast majority with protection, most still use traditional solutions like firewalls, switches and routers

Neustar surveyed nearly 450 North American companies in the financial services, technology, retail, government/public sector, health care, energy, telecommunications, e-commerce, Internet services and media industries. The full report, including comprehensive results from the survey and best practices from Neustar’s DDoS experts, may be found here.

 

###

 About Neustar

Neustar, Inc. (NYSE:NSR) is the first real-time provider of cloud-based information services and data analytics, enabling marketing and IT security professionals to promote and protect their businesses. With a commitment to privacy and neutrality, Neustar operates complex data registries and uses its expertise to deliver actionable, data-driven insights that help clients make high-value business decisions in real time, one customer interaction at a time. More information is available at www.neustar.biz.

This Neustar news release was sourced from:
www.neustar.biz/about-us/news-room/press-releases/2014/neustar-2014-ddos-attacks-and-impact-report-finds-unpredictable-ddos-landscape