The Short List of Who Protects Companies Against DDoS Attacks

Here’s a question: when was the last time you got something truly useful for free? Like that time it turned out your phone company was giving you mobile data even though it wasn’t included in the plan you selected, or that time you turned up at the car dealership for a major repair, and they informed you the cost was covered because you’re just such a great customer.

Oh right: it was never.

So why is it that so many companies seem to think somebody else is responsible for protecting them against distributed denial of service (DDoS) attacks? DDoS mitigation is an important and complex service that requires careful expertise, on-demand or always-on deployment, nearly limitless scalability and huge amounts of network bandwidth. If a company hasn’t taken the steps to invest in this kind of protection, they don’t have it.

Attack overview
A DDoS attack is a distributed denial of service attack, which is a cyberattack that uses a botnet, a network of internet-connected devices that have been hijacked for remote use, to direct large amounts of malicious traffic at a website that has been targeted. This traffic overwhelms the website, its server or its resources to take it offline or render it so frustratingly slow it can’t be used.

Distributed denial of service attacks have been a problem for websites and organizations of all sizes for over 15 years, and the problem is becoming a crisis as DDoS for hire services steadily gain popularity, and botnets steadily gain in size due to unsecured Internet of Things devices. For larger organizations, a successful DDoS attack can cost between $20,000 and $100,000 per hour, and while unquantifiable, the loss of user trust or loyalty that can result from such an attack can be even worse.

Erroneous assumptions
DDoS attacks haven’t exactly been flying under the radar lately. Their frequency, as well as the threat they pose, should be well known to anyone working in online security. Yet a recent survey by Kaspersky uncovered some staggering statistics. Thirty percent of companies surveyed indicated that they haven’t taken action against the threat of DDoS attacks because they believe they won’t be targeted, 40% believe their ISP will provide protection, and a further 30% believe data centers will provide protection. Perhaps most misguided of all, 12% believe a small amount of DDoS-caused downtime would not have a negative impact on the company.

Why ISPs won’t provide complete protection
While some ISPs do provide complete DDoS protection as an added service that clients pay good money for, most provide only partial protection. Due to the large amounts of bandwidth an ISP has available, they can do well against large volumetric attacks, but craftier application layer attacks are a problem. Also, while ISPs can be good at identifying malicious traffic, they don’t deal with that malicious traffic efficiently, meaning that while it’s struggling to deal with an influx of malicious traffic, legitimate traffic will be caught in the bottleneck with it or even discarded alongside the bad traffic, resulting in users unable to get through to the website. In other words, while a basic DDoS attack could be thwarted by an ISP, the result – users unable to access the website – ends up being the same.

Further, some DDoS attacks like the Slowloris are made up of traffic and requests that are seemingly legitimate, making them difficult to detect for even some intrusion detection systems, let alone an ISP.

Perhaps the biggest problem with relying on an ISP for protection is that regardless of what type of attack is launched, there isn’t going to be a quick response from an ISP. They aren’t built for the kind of real-time monitoring and deployment that can catch an attack within seconds. Most often, it will be several hours before an ISP begins to deal with an attack. By then, the damage is done.

Why data centers won’t provide complete protection either
There’s a caveat here: just as with ISPs, some data centers do provide complete protection against distributed denial of service attacks, but again it is an added service that definitely adds to the data center bill. Similar to ISPs, data centers do provide some measure of DDoS protection, but it can generally only protect against basic attacks that can be stopped with rate limiters, or attacks that are not directly aimed at an application service. Large or complex attacks cannot be stopped by basic data center protection.

Moreover, not only do ISPs and data centers not provide complete protection against DDoS attacks, but they also put their clients at a bigger risk of second-hand DDoS damage. If an ISP or data center is struggling with a large or complex attack, websites that weren’t targeted will nonetheless suffer the effects.

A-Z protection
Professional DDoS protection is built to provide the quickest, most proactive and most complete protection against distributed denial of service attacks. Cloud-based protection is especially excellent at protecting against both network-layer and application-layer attacks, and with the use of a scrubbing server, attack traffic will be kept from ever touching the target website while legitimate traffic is let through unfettered.

For companies after a more bang-for-their-buck solution, it may be preferable to look into a quality content delivery network (CDN). CDNs are designed to improve site speed and performance, and all CDNs offer some level of DDoS protection due to the built-in load balancing that comes from their multi-server environments. However, CDNs will also offer additional DDoS protection on top of that.

High-quality distributed denial of service protection won’t become a freebie or throw-in until the internet reaches a phase where there’s something so much worse and so much more common than DDoS attacks that they become almost after-thoughts for all the malicious cyberattackers out there. So companies can either root for that reality, or take protection into their own hands by investing in solid DDoS protection.


  • 0

Russian bank Alfa Says it was Under DNS Botnet Attacks

The Russian banking giant Alfa announced, in a press statement, that hackers targeted its cyber infrastructure in a large-scale DNS Botnet attack. The purpose appears to have been to make it seem as though the bank had been communicating with the Trump Organization. The bank is now asking U.S. to assist it to uncover the culprits.

On Friday, the bank revealed that their servers were under three cyber attacks targeting the domain name server (DNS) since mid-February. It is unclear who was behind these attacks; the details show unknown hackers allegedly used Amazon and Google servers to send requests to a Trump Organization server posing to look like they came from Alfa Bank, pushing the Trump server to respond back to the bank.

An Alfa Bank spokesperson said: “The cyber attacks are an attempt by unknown parties to manufacture the illusion of contact between Alfa Bank’s DNS servers and ’Trump servers’’.

Furthermore, Alfa Bank revealed that it is ready to work with the U.S. law enforcement agency to identify the individuals involved in the campaign. The bank has already hired Stroz Friedberg, a US-based cyber security firm to get into the depth of the matter.

“The cyber attacks are an attempt by unknown parties to manufacture the illusion of contact between Alfa Bank’s DNS servers and ‘Trump servers,” an Alfa Bank representative said in a statement. “We have gone to the U.S. Justice Department and offered our complete cooperation to get to the bottom of this sham and fraud.”

On February 18, 2017, the bank claims it experienced suspicious cyber activity from an unidentified third-party. Specifically, the unidentified third-party repeatedly sent suspicious DNS queries from servers in the U.S. to a Trump Organization server. The unidentified individuals made it look as though these queries originated from variants of MOSCow.ALFAintRa.nET.

The use of upper and lower case indicated the human intervention in the process. Moreover, Alfa Bank says it received more than 1,340 DNS responses containing

Last week, CNN reported that the FBI’s counterintelligence team was investigating if there was a computer server connection between the Trump Organization and Alfa Bank during the U.S. election, according to sources close to the investigation. The bank has now denied that there was ever a conversation between both parties.

Mark McArdle, CTO at cyber security company eSentire commented on the issue and said that:

“A botnet is typically associated with an attack that leverages scale, as it can employ thousands (potentially millions with IoT devices) of devices and use them to coordinate an attack on a target. We’ve seen this with some big DDoS attacks. We also see botnets being used as platforms for large-scale spamming. However, the number of DNS connections reported in the Alfa Bank attacks (1,340 in once case) don’t indicate massive scale. A botnet, however, can be used to add another layer of obfuscation between you and your attacker. Following the breadcrumbs back could bring you to a PVR that has been hacked and is now part of a botnet. I suspect in this case, the botnet is being used more for obfuscation of identity than scale. The attackers may be using a botnet to send spoofed DNS requests to a legitimate Trump server using a spoofed “reply-to” address inside Alfa-Bank’s infrastructure.

Spoofing DNS lookups is not very difficult since DNS is not authenticated, and the ability to spoof source addresses is unfortunately still available – all you need is a system to launch your attack from that is connected to the Internet via an ISP that doesn’t filter out spoofed source addresses. While this type of attack has been around for a while, what’s new in this case is that someone is using it to try and contrive evidence of a relationship where neither party sought one.

Additionally, there is also reference in Alfa Bank’s statement about Spam messages from It’s also possible to spoof email (spammers do this all the time). A spoofed email could include a reference to a legitimate Trump Org server and a real connection would be established if a user clicked on it (or selected “show images” in the email). Again, this does not mean the email came from Trump Org, just that it was sent in order to attempt to solicit “a connection” between Trump Org and Alfa-Bank.”

Either way, identity is difficult to determine unless cryptographic certificates are used, and ultimate hack attribution is even more difficult.

This is not the first time that allegations surrounding Trump’s relations with Russia have emerged. Some believe Russia hacked the US election to give Trump a way to win the presidency while some believe that Russian media was involved in spreading fake news against Trump’s opponent Hillary Clinton. Either way, nothing has been proven yet.


  • 0

Taiwan high-tech industry hardest hit by DDoS attacks in last 30 days

TAIPEI (Taiwan News)—Most denial-of-service (DDoS) attacks launched by hackers from Feb. 15 to March 14, 2017 in Taiwan targeted the high-tech industry, according to statistics compiled by leading global content delivery network provider Akamai Technologies.

Industries in Taiwan that were most severely attacked by hackers were the high technology industry (61.8 percent), manufacturing industry (17.6 percent) and the financial services industry (7 percent), according to statistics compiled by Akamai’s intelligent platform that delivers 30 percent of the global Internet traffic.Screen Shot 2017-03-15 at 11.45.27

Industries in Taiwan under DDoS attacks from February 15 to March 14, 2017. (Taiwan News)

The majority of the hacks were launched from IP addresses in Taiwan, followed by Alabama in the U.S., and Brazil.

“It is often a misconception that most attacks are launched from abroad,” said Akamai’s Security Business Unit director Amol Mathur. “Attacks are coming both domestic and outside.”

The premium CDN provider works customizes solutions for clients from different industries in Taiwan, including hospitality, banking, travel and airline services.

Taiwan’s financial institutes are still recovering from a cybersecurity scare last month,  in which 15 banks received threats from an anonymous hacker group to shell out 10 Bitcoins each (equivalent to US$10,466), or brace themselves for DDoS attacks that would compromise their server systems.

DDoS attacks launched by hackers often compromise institute’s servers data processing capacity by delivering a sudden deluge of data that overtakes bandwidth resources, for instance if the company server bandwidth only allows 10 Gigabyte per second (Gbps) of capacity it can be paralyzed by a 100 Gbps attack.

Hackers might use DDoS as a distraction to conceal other malign operations, such as stealing personal information or credential theft, added Mathur.

Industries affected by hacker attacks vary monthly, depending on whether there is a major geopolitical event, said Mathur. For instance global hacker group Anonymous took down the London Stock Exchange system for two hours as part of its campaign against global central banks in June 2016.

Mathur advised banks should not heed hacker demands to pay ransom.

“In real life you would not pay ransom, so why would you pay hackers,” he said.

The cybersecurity expert noted a rise in DDoS attacks globally during the fourth quarter of 2016, and pointed out DDoS attacks data size was increasing exponentially every quarter.

Globally, attacks over 100 Gbps jumped 140 percent year-on-year during 4Q16, with the largest-size attack recorded reaching 517 Gbps, according to the Akamai “Fourth quarter 2016 State of the Internet/Security Report.”

Mathur noted the cause of increased DDoS attacks was partly due to easy access for people to rent bots online, for as cheap as US$10 by going to a site and simply keying in the website address.

Hackers can generate a monthly income of US$180,000 to US$200,000 from bot rentals.

It remains extremely difficult for law enforcement agencies from a single country to track down hackers that spread the attacks launched by rented bots around the globe, and hide behind the protection of anonymity offered by the dark web. Additionally, the preferred Bitcoin currency used for business transactions by hackers is hard to trace to an IP address, explained Mathur.

Introduction of mobile devices, mobile payment, IP surveillance cameras and emerging Internet of Things (IoT) trends introduce new cybersecurity vulnerabilities as hackers can utilize attacks through large number of connected devices.

The Mirai bot for instance exposed vulnerabilities in the default user administrator name and passwords used by thousands of connected IP surveillance cameras and their DVR worldwide, said Mathur.

He urged the IoT industry to form a joint standard, and for countries to start implementing regulations that set cybersecurity standards for connected devices.

Hackers are also finding ways to target vulnerabilities in smartphone application programming interface (API) to obtain credentials, and data from mobile transactions.

Apple Pay and some other mobile payment technologies periodically publish white papers announcing how it is securing data, but are mostly for tech savvy readers, said Mathur.

One way consumers can safeguard credit card transactions is to check if the online shopping sites or App they use have The Payment Card Industry Data Security Standard (PCI DSS), noted Mathur.

The proprietary information security standard launched nearly a decade ago by major credit card companies Visa, MasterCard, American Express, JCB and others follows a stringent standard and heavily fines companies that do not follow its compliance.


  • 0

7 Security Steps To Defend Your Company Fram A DDoS Attack

Of all the cybersecurity threats today’s businesses face, distributed denial-of-service (DDoS) attacks are among the most complex and devastating. This type of breach involves multiple compromised systems that work in conjunction to shut down service.

Although security technology is becoming more sophisticated, so are hackers, and you don’t want to be caught unprepared if (or more likely, when) your company’s data gets compromised. Below, a few members of Forbes Technology Council each offer one important prevention measure to help your IT department defend against a DDoS attack.

1. Continue To Add Layers Of Defense

Remain vigilant, continuing to add layers of security as they become available. Also provide your department with signs to look for so they have a better idea of potential threats. This provides for a much more proactive approach to security. – Chalmers Brown, Due

 2. Practice Your Response Plan

Have a plan on what to do and who should do it, then do a dry run against it a few times a year. Go further than just your IT team – involve your vendors, executive team, etc. and ask for feedback on what would help them help you in the face of a DDoS attack. Update your plan each time. This practice helps your team execute fast and has the added benefit of showing those around you that you’re prepared. – Brian Fritton, Patch of Land

3. Use A Web Application Firewall (WAF)

A Web Application Firewall (WAF) is your best line of defense against a DDoS attack. It acts like an antivirus that blocks all malicious attacks on your website. It sits above your application at the network level to provide protection before the attacks reach your server. Using a WAF not only protects you against DDoS attacks, but also improves application performance and enhances user experience. – Thomas Griffin, OptinMonster

4. Leverage Cloud Services And Educate Yourself Continually

Cloud providers will handle security better than you can do in-house — especially if you’re a target. Even the U.S. government leverages cloud providers to consult and augment security. Amazon has DDoS mitigation services, and their DNS is both inexpensive and secure. Educate yourself to stay aware of the potential threats and mitigation services that are available to you. – Tim Maliyil, AlertBoot

5. Help Employees Educate Each Other

Since our inception, we’ve had a personal ‘buddy’ assigned to any new team member. They are responsible for teaching the new person all of the dos and don’ts of the department, and also get them more culturally aligned with the team/company. – Pin Chen, ONTRAPORT

6. Get Senior Management Involved In Security Planning

It is critical for companies to include senior management in DDoS prevention planning. Most attacks are due to poor ongoing security practices or setups. Ransomware attacks alone cost over $1B in 2017. Companies should consider cloud solutions that offer cost-effective managed security solutions, with ongoing security and maintenance updates, so that they can focus on building their core business. – Cristina Dolan, Trading Screen

 7. Segment Your IoT Devices Behind A Firewall

While DDoS attacks are difficult to prevent, you can minimize the impact by enabling DDoS and flood protection on your organization’s firewalls. To restore order quickly in the event of an attack, develop a DDoS response plan. To minimize the chance of your IoT infrastructure being used in a DDoS attack, make sure all IoT devices are segmented on a dedicated safe zone behind a firewall. – Bill Conner, SonicWall


  • 0

Homeland Security Wants To End The Scourge Of DDoS Attacks

In 2017, Homeland Security has as much to do with securing digital borders as it does geographical ones. One push the DHS is leading to make cyberspace safe for Americans is the DDoSD project.

The first four letters — DDoS — should be familiar enough by now. We’ve numerous distributed denial-of-service attacks in the recent past, with targets ranging from African wireless carriers to cybercrime bloggers to one of the largest DNS providers in the world.

It’s the last letter in DDoSD that makes all the difference. That D stands for defense, and the Department of Homeland Security’s Cyber Security Division (CSD) is funding multiple systems that have the potential to stem the rising tide of DDoS attacks.

In a post published last week, the DHS stated that its goal is to “build effective and easily implemented network defenses and promote adoption of best practices by the private sector.” With the right tools and the public’s cooperation, the DHS hopes “to bring about an end to the scourge of DDoS attacks.”

The DHS post points to a best practices document that was shared by The Internet Society way back in the year 2000. That document describes “a simple, effective, and straightforward method for using[…]traffic filtering to prohibit DoS attacks.” It’s a good starting point, but the DHS post notes that no one defense system can repel every attack.

That’s why the DHS has multiple teams working on multiple solutions. One is a peer-to-peer system that would allow Internet providers around the globe to collaborate on the automated detection and mitigation of DDoS attacks. Others are focused on neutralizing high-powered attacks.

There’s still work to do, but it’s great to see the DHS leading a coordinated effort because something needs to be done. Last year, DDoS protection provider Imperva Incapsula reported helping its customers fend off an average of 445 attacks every week. Their intensity increased dramatically, too, up from around 200Gbps in 2015 to 470Gbps in 2016.

Add in a report from Verizon that named the three biggest targets of DDoS attacks as cloud and IT service providers (49% of all attacks), the public sector (32%), and banks (9%), and it becomes very clear why we need the DDoSD project to succeed.


  • 0

74 Percent of Companies that Suffer a Data Breach Don’t Know How It Happened

And just two thirds of IT pros say their current IT security budget is sufficient, a recent survey found.

According to the results of a recent survey [PDF] of 250 IT professionals, 34 percent of companies in the U.S. were breached in the past year, and 74 percent of the victims don’t know how it happened.

The survey, conducted by iSense Solutions for Bitdefender, also found that two thirds of companies would pay an average of $124,000 to avoid public shaming after a breach, while 14 percent would pay more than $500,000.

One third of CIOs say their job has become more important in their company’s hierarchy, and another third say their job has been completely transformed in the past few years.

And while nine in 10 IT decision makers see IT security as a top priority for their companies, only two thirds say their IT security budget is suifficient — the remainder say they would need an increase of 34 percent on average to deliver efficient security policies.

 Cloud security spending increased in the past year at 48 percent of companies, while the budget for other security activities remained the same.

On average, respondents say only 64 percent of cyber attacks can be stopped, detected or prevented with their current resources.

Separately, a survey of 403 IT security professionals in the U.S., U.K., Canada and Europe found that only three percent of organizations have the technology in place and only 10 percent have the skills in place to address today’s leading attack types.

The survey, conducted by Dimensional Research and sponsored by Tripwire, also found that just 44 percent of organizations have the skills, and 43 percent have the technology, to address ransomware attacks effectively.

“Most organizations can reasonably handle one or two key threats, but the reality is they need to be able to defend against them all,” Tripwire senior director of IT security and risk strategy Tim Erlin said in a statement. “As part of the study, we asked respondents which attack types have the potential to do the greatest amount of damage to their organization. While ransomware was cited as the top threat, all organizations were extremely concerned about phishing, insider threats, vulnerability exploitation and DDoS attacks.”

Respondents felt most confident in their skills to handle phishing (68 percent) and DDoS attacks (60 percent), but less confident in their abilities to deal with insider threats (48 percent) and vulnerability exploitations (45 percent).

Similarly, respondents felt more confident in the technology they have in place to address phishing (56 percent) and DDoS attacks (63 percent), but less confident in the technology to address insider threats (41 percent) and vulnerabilities (40 percent).

A separate survey of 5,000 U.S. consumers by Kaspersky Lab and HackerOne found that 22 percent of respondents are more likely to make a purchase if they know a company hired hackers to help boost security.

Knowing what they do about their own company’s cyber security practices, just 36 percent of respondents said they would choose to be a customer of their own employer.

Almost two in five U.S. adults don’t expect companies to pay a ransom if hit by ransomware.

When asked what types of data they would expect a company to pay a ransom for, 43 percent expect companies to do so for employee Social Security numbers, followed by customer banking details (40 percent) and employee banking details (39 percent).


  • 0

Everything old is new again: Experts predict a flood of denial-of-service attacks

As IoT goes mainstream Mirai-style denial-of-service botnet attacks are escalating, and hackers are targeting health care companies, financial services, and the government.

The hottest trend in cyberattacks is an archaic and simplistic hacker tool. Propelled by the rise of IoT, the popularity of denial-of-service attacks rebounded in late 2016 and early 2017. Accompanying the rapid acceleration of the IoT and connected device market, warn cybersecurity experts, will be a zombie botnet swarm of network-crippling attacks.

Denial-of-service attacks are simple but effective weapons that bring down websites and services by flooding networks with junk traffic from commandeered botnets. Digital fallout will often cripple the target and ripple across the web to knock out unaffiliated but connected services and sites. “After an attack [clients] often feel angry and violated,” said Matthew Prince, CEO of denial-of-service mitigation service CloudFlare in an interview with TechRepublic. “A distributed denial-of-service (DDoS) attack is not a sophisticated attack. It’s the functional equivalent of a caveman with a club. But a caveman with a club can do a lot of damage.”

“DDoS outages are causing companies to completely rethink their cybersecurity strategies,” said cyber-defence strategist Terrence Gareau in a report by threat identification firm Nexusguard. Nexusguard examines network data to identify threat vector trends like duration, source, and variation of denial-of-service attacks.”Hackers’ preferences for botnets over reflection attacks are typical of cyclical behavior, where attackers will switch to methods that have fallen out of popularity to test security teams with unexpected vectors.”

Screen Shot 2017-02-08 at 11.04.11

Denial-of-service attacks are a broad umbrella used to describe a number of technological sub-tactics. Denial-of-service attacks are common and relatively easy to pull off because these attacks simply crowdsource web IP addresses. The hacker group Anonymous made DDoS attacks famous by championing a tool nicknamed the “Low Orbit Ion Cannon” that made denial-of-service accessible and easy. The downside, of course, is that all cyberattacks are illegal, and unsophisticated DDoS attacks are easy for law enforcement to pursue.

The Nexusguard report shows that hackers are switching from DDoS to IoT botnet-based attacks like last year’s devastating Mirai hack. “Distributed denial-of-service attacks fell more than 40 percent to 97,700 attacks in the second quarter of the year,” Gareau said. IoT attacks targeted at French data provider OVH broke records for speed and size, the report said, and were so severe that France broke into Nexusguard’s Top 3 [cyberattack] victim countries.

“The preferred programming language for the Mirai botnet helped to better handle a massive number of nodes compared to other typical languages for DDoS attacks,” Gareau said. “Researchers attribute the [DDoS] attack dip and these massive attacks to hackers favoring Mirai-style botnets of hijacked connected devices, demonstrating the power IoT has to threaten major organizations.”

Hackers are also diversifying attacks against large organizations in financial services, healthcare, and government sectors, Gareau said in the Nexusguard report. “Hackers favored blended attacks, which target four or more vectors, in attempts to overload targeted monitoring, detection, and logging systems.”

To fend off attacks, experts like Prince, Gareau, and Cyberbit’s chief technology officer Oren Aspir agree enterprise companies need to develop a response plan. “Attacks on an endpoint device will always leave some sort of trail or evidence to analyze,” Aspir said. “Since the speed of detection is vital, analysts need tools that will allow them to quickly detect behavior at the endpoint, validate the threat, and perform an automated forensic investigation in real time on that endpoint.”

Aspir also suggested companies prepare for DDoS and other hacks by reviewing previous attack metrics, conduct vulnerability assessment and penetration testing exercises, and simulate attacks to help evaluate team preparedness. “It’s important for organizations to build a baseline that consists of what ‘good behavior’ should look like on an endpoint. This allows for organizations to take unknown threats and validate them quickly.”

Though IoT botnet denial-of-service attacks are relatively new enterprise organizations have learned from previous attacks and already shifted defense tactics. “Researchers predict the attention from recent botnet attacks will cause companies to strengthen their cybersecurity… and ensure business continuity despite supersized attacks,” Gareau said.



  • 0

DDoS Attack Takes Down Austrian Parliament Website

The DDoS attack, one of the most common cyber threats, is being investigated by authorities

The Austrian parliament’s website was hit by a suspected cyber attack over the weekend which took the site down for 20 minutes.

Hackers are believed to have used a Distributed Denial of Service (DDoS) attack to flood the website with digital service requests and, although no data was lost, authorities are now investigating the attack.

“The hacker attack was most likely a so-called DDoS-attack; a similar attack took place last November targeting the websites of the Foreign Affairs and Defence Ministries,” the parliament said in a statement.

Cyber attack

One of the most common cyber threats around, DDoS attacks have been growing in size and prevalence in recent times, with Corero Network Security predicting that such threats will become the top security priority for businesses and the new norm in 2017.

“While the Mirai botnet is certainly fearsome in terms of its size, its capacity to wreak havoc is also dictated by the various attack vectors it employs, said Dave Larson, CTO/COO at Corero Network Security.

“If a variety of new and complex techniques were added to its arsenal next year, we may see a substantial escalation in the already dangerous DDoS landscape, with the potential for frequent, Terabit-scale DDoS events which significantly disrupt our Internet availability.”

In January, a DDoS attack was responsible for an outage at Lloyds Banking Group that left customers unable to access online banking services for three days, after web security firm Imperva had earlier that month issued a warning to businesses after fending off the largest DDoS attack ever recorded on its network.

But the most high-profile attack in recent months affected domain name service provider Dyn and resulted in a slew major sites – including Twitter, Spotify and Reddit – being taken offline.


  • 0

Get ready for the cyber war in 2017: know your enemy

The current state of the cyber security industry is troubling to say the least, with 2016 experiencing a greater number of successful, more vicious cyber attacks than ever before

The past few months have summed up the current state of the cyber security industry.

In a matter of days at the end of November the European Commission was brought offline by a distributed denial-of-service (DDoS) attack, San Francisco’s Municipal Railway was held to ransom by ransomware in a system-wide attack and it was revealed that in September the Japanese Defence Ministry and Self-Defence Forces were hacked, which may have compromised Japan’s internal military network.

It seems almost farcical, and from these recent examples it is evident that critical infrastructure is totally unprepared for an attack and will continue to be severely vulnerable at the beginning of 2017.

It is not just the public sector that is suffering, with private organisations facing daily hacking attacks despite serious investment in cyber security strategies.

The problem is inherently twofold. The first is that cyber criminals and their tactics are constantly evolving, becoming more overwhelming and hard to detect by the day, it seems.

The ferocity of cyber attacks was illustrated last year by the Mirai botnet n(or Dyn) attacks that overran a number of systems using corrupted Internet of Things (IoT) devices.

When the malicious code was first published online in October, it gave a suspected group of teenagers the ability to shut down the likes of Twitter and Spotify.

In the preceding month, Liberia’s internet was taken offline using the same code. Improving the security of IoT devices will be crucial during 2017. This is where the most devastating cyber attacks will originate.


  • 0

53% of service providers are seeing over 21 DDoS attacks per month

More than half (53 percent) of service providers indicated they are seeing more than 21 DDoS attacks per month, up from 44 percent last year.

New research from Arbor Networks’ 12th Annual Worldwide Infrastructure Security Report (WISR) focuses on the operational challenges internet operators face daily from network-based threats and the strategies adopted to address and mitigate them.

The survey polled 356 respondents that included services providers, hosting, mobile, enterprise and other types of network operators around the world.

Since the WISR began in 2005, DDoS attack size has grown 7900 percent. Attacks increased by 60 percent in 2016.

Twenty-one percent of data centre respondents saw more than 50 attacks per month, as opposed to only eight percent last year. More than 10 attacks per month were experienced by 45 percent of enterprise, government and education (EGE) respondents.

 Two-thirds (67 percent) of service providers and 40 percent of EGE respondents reported seeing multi-vector attacks on their networks.

Sixty-one percent of data centre operators reported attacks totally saturating data centre bandwidth. A quarter of data centre and cloud providers saw the cost of a major DDoS attack rise above £79,000, and five percent cited costs of over £793,000. Forty-one percent of EGE organisations reported reportedDDoS attacks exceeding their total internet capacity.

 Nearly 55 percent of EGE respondents now carry out DDoS defence simulations, with about 40 percent carrying them out at least on a quarterly basis.

Data centre and cloud provider respondents using firewalls for DDoS defence has fallen from 71 percent to 40 percent.

“The survey respondents have grown accustomed to a constantly evolving threat environment with steady increases in attack size and complexity over the past decade. However, IoT botnets are a game changer because of the numbers involved. There are billions of these devices deployed, and they are being easily weaponised to launch massive attacks. Increasing concern over the threat environment is reflected in the survey results, which show significant improvements in the deployment of best practice technologies and response processes,” said Darren Anstee, chief security technologist at Arbor Networks.


  • 0