Monday, July 3, 2017

DDOS Threat Creates Demand for "Protected Internet Service"

He told me that the reason DDoS attacks became the company’s sole focus was based on the fact that so many companies are now demanding such prevention from their service providers.

“Enterprises increasingly are interested in buying protected Internet service as opposed to raw Internet service, so they want to pay for connectivity that’s already had the DDoS removed,” he said. And they’re prepared to pay a premium. They openly will declare, yes, I will pay more for the higher quality Internet connectivity.” Corero recently validated this requirement by conducting a survey at the RSA conference.

Thursday, April 28, 2016

Crooks Earn Big Bucks By Just Threatening DDOS Attacks

"'It doesn’t cost any money to send out a blanket of emails once you have the right contacts,' Yuri Frayman, CEO of ZenEdge, told The Verge. 'You often get payments for almost no effort. It’s a spray-and-pray approach to getting paid.'"

These "fake DDOS attacks" have earned one hacker group over $100k, the report says.

Read the story here:

Saturday, April 23, 2016

10 Steps to Prepare for a DDOS Attack: Dark Reading

"Step 1: Identify what services are really critical

Start by asking, what are the most business-critical services that are accessible via the Internet? What are the services in which the Internet really has to work? Some organizations, like a cement factory, can be offline for the better part of a day. But an online bank has to have the Internet functioning at all times.

Understand that it’s impossible to protect everything, so the company has to prioritize. Decide on what are the most critical services needed to maintain the organization’s mission. The goal is to minimize the anxiety of what will or won’t be restored. Start by coming to an agreement internally on the critical services that will be restored during an attack and develop a plan to keep those services up and running."

Thursday, January 22, 2015

France's "Charlie" Massacre and Increase in DDOS Incidents: Parallel Between Online and Offline Attacks

"...the firm noted in a recent blog post that the number of DDoS attacks after the march rose by 26 percent with the average size of DDoS attack growing 35 percent. In the eight days prior to the attack, the average size was 1.21Gbps but this later increased to 1.64Gbps.

The vast majority of these DDoS attacks were low-level although the number of attacks larger than 5Gbps did double in the days after the protest. Arbor reports that one attack measured as high as 63.2 Gbps on January 11.

'This is yet another striking example of significant online attacks paralleling real-world geopolitical events,' wrote Arbor's threat intelligence and response manager Kirk Soluk.

Speaking to SC after it first emerged that ‘thousands' of French websites were facing cyber-attacks, Corero Network Security CEO Ashley Stephenson said that DDoS attacks were increasingly being used as an attack tool during international conflicts."

Tuesday, January 6, 2015

Don't Miss this Great Real-time Global Map of Cyber Attacks with Sound FX

See the map here:

Part of must-see story at Krebs on Security #security

BTW, apparently Krebs has been under attack by DDOS or some other hack...

Friday, January 2, 2015

Sony and Microsoft Game Sites Knew DDOS Attacks Were Coming, But Couldn't Stop Them

DDOS attacks still work in 2015. The article below also discusses one interesting DDOS variant...

"Microsoft may have the most to lose here in terms of reputation. Like Sony, it sells video games and consoles. But it also has built a multibillion-dollar business around selling security software and hosting other companies’ computing operations on a cloud service called Azure, which itself suffered an outage on Nov. 18. The fact that it can’t guarantee its own security may raise big questions in customers’ minds.

Xbox Live was hosted by a mere 500 servers at Microsoft data centers when it launched in 2002. The company upgraded that to a whopping 300,000 hardware units when it unveiled Xbox One last year,according to Data Center Knowledge. But it still wasn’t enough to beat back Lizard Squad. “There is no 100 percent defense against this. One thing you’ve seen in 2014 is that no matter how much money you throw at this problem, it’s a continuous game,” said Lawrence Pingree, a cybersecurity analyst at Gartner. 'On the Internet we’re playing art-of-war directly, but it’s not physical; it’s not with tanks.'"

Wednesday, December 31, 2014

How DDOS Attacks Work & Why They're Hard to Prevent

"For example: the High Orbit Ion Cannon (HOIC), a free piece of software that allows anyone to flood a website with overwhelming amounts of dummy traffic created by custom scripts. Anyone with a computer can download this program, type in the URL of a website, and watch the HOIC generate fake user after fake user in hopes of overloading that site's servers and bringing it down. And when multiple people use the HOIC at once on the same target, the damage can grow exponentially higher.

Taking on a multi-billion-dollar corporation like Sony requires more sophisticated methods, though. David Larson, CTO of the cybersecurity firm Corero Network Security, said he suspects that this PSN attack was the result of some sort of combination of DDoS tools that may have included botnets—collections of computer servers designed to connect and perform a unified action. Anyone can rent a botnet, Larson said—and combining botnets and Ion Cannon-like flooding programs can cause a lot of devastation across the web."

Search This Blog