Most Updated News on How to Protect Against DoS Attacks!

Hong Kong Student Gets Probation Time for DDoS Attack During Occupy Campaign
DDoS attacks increase by over 80 percent
Internet Service Providers in Mumbai targeted in DDoS attack
DDoS attacks are getting worse
Latest massive DDoS attack suggests criminals are plotting long campaigns
US Congress websites recovering after three-day DDoS attack
DDoS attack size up 73% from 2015
Hackers claim responsibility for Pokémon Go DDoS attack
RT targeted by massive DDoS attack during attempted Turkey coup
68 gov’t websites attacked

Hong Kong Student Gets Probation Time for DDoS Attack During Occupy Campaign

A judge at the Fanling Court in Hong Kong has sentenced Chu Tsun-wai, 20, of Hong Kong, to 15 months of probation for launching a DDoS attack on a Chinese bank’s website during the 2014 Hong Kong Occupy protests.

The judge also ruled that the suspect’s Mac computer be confiscated as punishment for carrying out the attack, SCMP reports.

Chu, who is one of the top students at his university, had decided to get involved in the Occupy protests that were taking place in Hong Kong during the autumn of 2014.

Teen was inspired by one of Anonymous Asia’s videos

The teen saw a video posted online by the Anonymous hacker collective, which was warning Hong Kong police to stop the violence against Hong Kong Occupy protesters.

The group threatened to hack government websites and release personal information belonging to Hong Kong police officers. The group also called out for others to participate in its protests.

The prosecution says that Chu went online and searched on Google for ways to carry out DDoS attacks.

He launched one such DDoS attack against the Shanghai Commercial Bank’s website. Police say that the student sent 6,652 HTTP requests in 16 seconds on the bank’s website, on October 12, 2014.

Bank website barely noticed the attack

This sounds odd since a Web server should, in theory, be capable of handling much more than 6,000 requests per second, but Chinese authorities have come down hard on people who participated in the protests, to begin with.

The judge was lenient on Chu because this was his first offense and because the bank’s website didn’t go offline.

Chinese news outlet Ejinsight reports that one of Chu’s professors wrote the judge a letter asking the judge to give the suspect a second chance.

Public broadcaster RTHK reported that Chu also stands to face disciplinary hearings at his university.

Below is the original video that started it all, with the Anonymous group calling out for attacks against Hong Kong police officials during the Occupy protests.


DDoS attacks increase by over 80 percent

In the second quarter of this year DDoS attacks increased by 83 percent to more than 182,900, according to the latest threat report from security solutions company Nexusguard.

The report shows that Russia has become the number one victim country. Starlink — a Russian ISP supporting small, medium and large enterprises — received more than 40 percent of the DDoS attacks measured over a two-day period. This targeted DNS attack also pushed the mean average DDoS duration to hours instead of minutes, as measured in the previous quarter.

Nexusguard’s researchers attributed this increase to nationalist hactivists organizing a targeted attack to take out Russian businesses, rather than outbreaks driven by popular DDoS-for-hire activity. As a result, they advise businesses to safeguard their infrastructures and check service provider security to ensure continuity for their web presence.

The United States and China continue to hold spots in the top three target countries. Brazil remains in the top 10, as well, but saw its attacks decline by more than half. Nexusguard also recorded increases in other attack varieties, including routing information protocol (RIP) and multicast domain name system (mDNS) threats. Hackers are experimenting with new attack methodologies, and with the upcoming Olympics in Brazil and political tensions around the world, researchers predict these factors will contribute to a DDoS spike in Q3.

“We were surprised to see an increase in DDoS attacks this quarter, especially as hackers experiment with ransomware, phishing schemes and other data-grabbing methods for monetary gain,” says Terrence Gareau, chief scientist at Nexusguard. “Organizations can expect cyberattacks to continue growing in frequency this year, especially with more attention on the Summer Olympics and the November election season in the US. The results from this quarter also show how important it is to not only protect your website, but also to plan for new payloads and attacks on your infrastructure”.


Internet Service Providers in Mumbai targeted in DDoS attack

By Asheeta Regidi

Internet service providers (ISPs) in Mumbai are being targeted in a distributed denial of service attack (DDoS), said to be India’s largest ever attack, and also the world’s largest attack against ISPs. The attack is of a huge magnitude of 200 gigabytes per second. This is the reason behind the recent slowing down of the internet experienced by users around Mumbai. In a first, an FIR was filed against the DDoS attack with the Mumbai police.

What is a DDoS attack?

Most websites are designed to handle a certain amount of traffic at a given time. A denial of service attack will bombard the websites with requests, overloading the website until its server crashes, thus denying access of the website to legitimate users. A distributed denial of service attack is the same attack on a much larger scale, using a large number of computers infected with malware, known as a botnet, to overload the website.

In the present case, the DDoS attack is being conducted against the ISPs themselves, preventing legitimate internet access to all of the ISP’s customers. The motive behind the current attack is unknown, which can range from anything between blackmail, disrupting a competitor or just miscreants having fun. The effects on the ISPs can be quite harmful, losing customer loyalty being the primary one.

Increasing number of DDoS attacks around the world

All around the world, DDoS attacks have been on a rise. Most recent were the attacks on the Pokemon Go servers and the websites of the US Library of Congress. In fact, hackers have threatened to take Pokemon Go offline on August 1st through a DDoS attack. The reason for this rise is that DDoS attacks are very easy to conduct. The earlier effort required in creating a botnet is also no longer required, since botnets are now available for hire and on sale. Symantec reports a price range of between USD 10 to 1000 per day for acquiring such botnets on the cyber black market. In fact, botnets-for hire were reported to be responsible for almost 40% of the DDOS attacks in 2015.

Combating the DDoS attack

Fighting a DDoS attack is not easy. The Mumbai police are reported to be blocking out the IP addresses from which the requests are originating in the current attack. However, since these IP addresses belong to the botnet, it does not block out the actual perpetrator, who will be controlling them remotely. In fact, the easy availability of botnets gives the cybercriminal the ability to combat preventive measures by putting more and more infected computers at work on the attack.  Another method is to make more hardware and bandwidth available, in order toallow legitimate users to enter. This is one of the few methods which temporarily mitigates the flood of requests. This option, however, is only available to larger ISPs. This is probably why the favoured targets in the current Mumbai attacks are small and medium sized ISPs, who do not have the infrastructure and resources to combat the attack.

DDoS attacks can last for a few hours, to weeks, to even months. Inevitably, they only stop when the perpetrator decides to stop. Finding an effective solution to this is urgent.

Indian laws inadequate for international investigation

The real problem, however, arises with finding the perpetrator. The requests being sent in a DDoS attack involves going through routers, and the investigative process gets more complicated with every new router involved, which are usually several in number. Additionally, the botnet need not be entirely in India. Even if the botnet is entirely in India, chances are that the perpetrator himself is located outside India.

The current Mumbai attack is reported to have originated from Eastern Europe and China. Legally, the Information Technology Act, 2000 and the Indian Penal Code, 1860 are adequately equipped to deal with the situation. Section 43(f) of the IT Act punishes ‘causing denial of access’ to a computer resource. Section 4 of the IPC gives the Indian police the power to act against a person outside India committing a crime against an Indian computer resource.

Though the basic laws are in place, laws enabling investigation overseas and extradition of a criminal from abroad are missing. Such laws are usually in the form of individual treaties between countries or through ratifying multilateral treaties. Existing Indian treaties for investigation and extradition do not include cybercrimes.  The Budapest Convention on Cybercrime is at present the only multilateral international convention enabling investigations and extradition w.r.t, cybercrime. India, however, has refused to ratify this Convention, since it was drafted without the involvement of developing countries like India.The result is that despite the fact that a large number of cybercrimes originate outside India, investigation outside India can take any amount of time. The time factor plays a major role in cybercrime investigation, where the evidence is so delicate that it can be deleted or modified in seconds. The result is that though on paper, the laws are in place, practically speaking investigations are difficult.

Investigating and catching the criminals behind this increasing number of cybercrime from abroad is in itself a difficult process, without adding the issue of inadequate laws. Even if the Indian government chooses not to ratify the Budapest Convention, it needs to provide police and cybercrime investigative authorities with an alternative solution to enable international investigation.

The author is a lawyer with a specialisation in cyber laws and has co-authored books on the subject.


DDoS attacks are getting worse

Just a couple of days after a horrendous DDoS attack took down Pokemon GO servers for a day, Arbor releases its new report on the state of DDoS around the globe, which basically says things are only getting worse.

The reasons are still the same — DDoS attacks are simple to launch, cheap and easy to obtain, for anyone “with a grievance and an internet connection”.

Over the past 18 months, Arbor detected an average of 124,000 DDoS attacks a week. The peak size jumped a stunning 73 percent compared to 2015, up to 579Gbps. Just in the first six months of 2016, there have been 274 attacks over 100Gbps — in the whole of 2015 there have been 223 such attacks.

When it comes to attacks over 200Gbps, things are even worse — 46 such attacks in the first half of this year, compared to 16 in all of 2015. Great Britain, the US and France are the top three targets for attacks of over 10Gbps.

“The data demonstrates the need for hybrid, or multi-layer DDoS defense,”, said Darren Anstee, Arbor Networks’ chief security technologist. “High bandwidth attacks can only be mitigated in the cloud, away from the intended target.  However, despite massive growth in attack size at the top end, 80 percent of all attacks are still less than 1Gbps and 90 percent last less than one hour. On-premise protection provides the rapid reaction needed and is key against ‘low and slow’ application-layer attacks, as well as state exhaustion attacks targeting infrastructure such as firewalls and IPS”.

Published under license from, a Net Communities Ltd Publication. All rights reserved.


Latest massive DDoS attack suggests criminals are plotting long campaigns

Behind the scenes, DDoS attacks are still evolving. What, if anything, does it all mean?

DDoS is moving from individual attacks to whole campaigns

DDoS attackers just keep at it but the way they keep at it continues to evolve. According to an Akamai note, on 18 June, an unnamed “large European media organisation” (presumably e-gaming) experienced a sudden DDoS assault that in 10 minutes rose to a peak of 363 Gbps.


That’s a large attack by any standards Akamai’s description of the events of that day reveals other interesting trends worth paying attention to such as the way DDoS criminals are expanding the complexity of their attacks while the defenders find themselves building huge global defences simply to keep up.

It’s probably not a complete surprise that the attack bundles extreme size with the use of six different attack types; DNS reflection, SYN flood, UDP fragment, PUSH flood, TCP flood, and UDP flood. Barely 2 percent of attacks use this multi-pronged approach but it’s clearly a growing trend. As reported by Computerworld UK, on 14 June, days before the attack reported by Akamai, mitigation provider Incapsula recorded an even more massive flood that also used the spray and pray technique.

The attack also abused DNSSEC because, the criminals have cleverly fathomed, the DNS security protocol generates larger responses and can therefore be used to boost DNS amplification still further. Akamai has mentioned such tactics in several of its traffic reports during 2015 and 2016 but it is ironic that a security standard should end up being manipulated in this way.

It’s developed so the extent that, “malicious actors continue to use open DNS resolvers for their own purposes, effectively using these resolvers as a shared botnet. The attack techniques and duration of the attack point to the likelihood of booter services available for lease in the DDoS-for-hire underground marketplace.”

Intriguingly, a geographical analysis of the IP addresses used to generate a portion of the SYN traffic suggest that it came from home and SoHo routers hijacked by the KaitenSTD botnet.

 Latest massive DDoS attack suggests criminals plotting long campaigns

Why does any of this matter?  Almost without exception these attacks go unnoticed by Internet users and businesses are usually only affected if they are unlucky enough to share a datacentre with a targeted organisation.

“From a technical perspective, the discovery and subsequent increasing employment of new attack vectors or botnets always represent significant, albeit grim milestones,” Akamai concluded.

But that’s a technical way of looking at the problem. The real story hidden inside the numbers is that this was only the latest in a long string of much smaller attacks on the company by this group or groups over 34 weeks. The first conclusion is that a growing number of DDoS attacks are no longer best described as singular events so much as campaigns that go on for months and perhaps even, shortly, years.

As these attacks morph into larger and sometimes unpredictable surges, mitigation is also changing to meet that challenge with Akamai revealing that its scrubbing centres (the places traffic is diverted to be cleaned) spans several locations around the globe for this attack alone.

Disaster averted in a way – as with the huge Incapsula attack of 14 June the 363 Gbps was defended by Akamai, which has the resources to deal with it.  But as the recent downing of Pokemon GO shows, plenty hit the mark. The victims are out there even if we often don’t hear about them.


US Congress websites recovering after three-day DDoS attack

Library of Congress among the victims to go temporarily offline.

Several websites owned and operated by the United States Congress are recovering from a three-day distributed denial-of-service (DDoS) attack.

The DDoS campaign began on July 17 when the websites for the Library of Congress (LoC) began experiencing technical difficulties. A day later, the websites went temporarily offline:

During the attack, Library of Congress employees were unable to access their work emails or visit any of the Library’s websites.

Softpedia reports the attackers ultimately overcame initial defense measures to escalate their campaign. Specifically, they brought down two additional targets:, the online portal for the United States Congress; and, the website for the United States Copyright Office.

On Tuesday morning, things started to get back to normal. Some email accounts were functioning, writes FedScoop, but other online properties by the LoC remained offline.

As of this writing, the three government portals affected by the attack are back online.

Tod Beardsley, a senior research manager for Boston-based cybersecurity firm Rapid7, feels that denial-of-service attacks remain popular because of how difficult it is for a target to mitigate a campaign while it is still in progress.

As he told FedScoop:

“DoS attacks that leverage DNS as a transport is a common mechanism for flooding target sites with unwanted traffic for two reasons. [First,] DNS traffic is often passed through firewalls without traffic inspection, since timely responses to DNS are critical for many networked environments. [And] second, DNS nearly always uses User Datagram Protocol, or UDP, rather than Transmission Control Protocol, or TCP, and UDP-based protocols like DNS are connectionless. As a result of this design, it’s easier for attackers to forge data packets with many fake source addresses, making it difficult to filter good data over bad.”

Network filtering devices can help, but only if a company decides to buy one. Perhaps the Library of Congress didn’t own such a device or lacked a service provider with expertise in mitigating DoS/DDoS attacks.

There’s little companies can do to protect against DDoS attacks, as script kiddies with a few bucks can rent a botnet online to attack whichever target they choose. With that in mind, organizations should prepare for these attacks by investing in DDoS mitigation technologies that can in the event of an attack help accommodate and filter attack traffic.


DDoS attack size up 73% from 2015

Distributed denial of service attacks continue to be popular with attackers, increasing in size, complexity and frequency in the first half of 2016, according to the latest global report by Arbor Networks

The most powerful distributed denial of service (DDoS) attack in the first half of 2016 was 579 gigabits per second (Gbps), according to the latest global report from Arbor Networks.

This represents a 73% increase from the largest attack recorded in 2015 by Arbor Networks, the security division of Netscout.

The report shows not only an increase in the size of DDoS attacks, but also an increase in frequency, based on data gathered from Atlas, a collaborative partnership with more than 330 service provider customers who share anonymous traffic data with Arbor to gain a comprehensive, aggregated view of global traffic and threats.

DDoS remains a common attack type due to the easy availability of free tools and inexpensive online services that enable anyone with a grievance and an internet connection to launch an attack.

This has led to an increase in the frequency, size and complexity of attacks in recent years, the report said, with an average of 124,000 DDoS attacks a week in the past 18 months.

In the past six months, Atlas recorded 274 attacks over 100Gbps, compared with 223 in all of 2015, and 46 attacks over 200Gbps compared with 16 in all of 2015.

The UK, the US and France are the top targets for attacks over 10Gbps, the report said.

But as Arbor’s researchers reported in June, large DDoS attacks no longer require the use of reflection amplification techniques.

An internet of things (IoT) LizardStresser botnet was used to launch attacks as large as 400Gbps, targeting gaming sites worldwide, Brazilian financial institutions, ISPs and government institutions.

According to the researchers, the attack packets do not appear to be from spoofed source addresses, which means the traffic originates from the source addresses in the packets without amplification relying on the user datagram protocol (UDP), such as the network time protocol (NTP) or the simple network management protocol (SNMP).

However, reflection amplification allows an attacker to both magnify the amount of traffic they can generate, and obfuscate the original sources of that attack traffic. Consequently, most recent large attacks used this technique, exploiting domain name system (DNS) servers, NTP and simple service discovery protocol (SSDP), the report said.

As a result, in the past six months, DNS was the most prevalent protocol, taking over from NTP and SSDP in 2015. The average size of DNS reflection amplification attacks grew strongly, and the peak monitored reflection amplification attack size was 480Gbps.

The report also highlights the fact that even attacks that bombard targeted websites and networks at a rate of only 1Gbps can be enough to take most organisations completely off line.

In the first half of 2016, the average attack size was 986Mbps, a 30% increase over 2015, and the average attack size is projected to be 1.15Gbps by end of 2016.

“The data demonstrates the need for hybrid, or multi-layer DDoS defence,” said Darren Anstee, chief security technologist at Arbor Networks.

“High bandwidth attacks can only be mitigated in the cloud, away from the intended target,” he said. “However, despite massive growth in attack size at the top end, 80% of all attacks are still less than 1Gbps and 90% last less than one hour.”

According to Anstee, on-premise protection provides the rapid reaction needed and is key against “low and slow” application-layer attacks, as well as state exhaustion attacks targeting infrastructure such as firewalls.


Hackers claim responsibility for Pokémon Go DDoS attack

Hacker group OurMine has claimed credit for a DDoS attack on the Pokémon Go servers over the past weekend. Rumours of an attack were floating around on Saturday but Niantic didn’t comment on the reason the servers were down.

Talking to TechCrunch, a member of the group said that they were part of a trio of teenagers that uses these incidents to advertise their ‘security services’ and make people more aware of security issues.

“We don’t want other hackers attack their servers, so we should protect their servers,” the member said.

Apparently a message on their website says that they wouldn’t stop the attack until they were contacted by representatives from Niantic.

Another group called PoodleCorp also claimed responsibilty for the servers going down on their Twitter account.

The app has been crashing and experiencing server issues since release, so it’s entirely possible that it wasn’t a DDoS attack, but simply launch issues.

Either way, you can check the status of the server in your country at any time with the Pokémon Go outage map.


RT targeted by massive DDoS attack during attempted Turkey coup

A massive DDoS attack was staged on the servers of the Internet service provider that provides web streaming for the RT TV channel during the coverage of Friday’s attempted coup in Turkey, briefly taking the stream offline.

The channel was able to resume streaming, but the servers were attacked again after some time.

“We received a major DDoS attack when the Turkish coup started, second one from when we started streaming RT; this time HTTP headers were infested with some new code which our Firewall did not detect,” a representative of the service provider told RT.

The first wave of the attack continued for about two hours while the second one lasted around an hour. The streaming is currently fully restored, while the circumstances of the attack are still being clarified.

The RT website have been targeted by a number of DDoS attacks. In September 2014, the site was subjected to the biggest DDoS attack in its history, which was repelled by its

Previous attacks were launched against the site in February 2013, when ceased functioning for six hours, and in August 2012, when both RT International and RT Spanish websites were attacked. Hacker group AntiLeaks, opposing the Wikileaks project launched by Julian Assange, claimed responsibility for that attack.


68 gov’t websites attacked

Several Philippine government websites have been subjected to various forms of cyberattacks following the release of the ruling on the arbitration case filed by the Philippines against China.

The STAR learned yesterday that at least 68 websites have been subjected to attacks, which included attempts of hacking and defacement, slowdowns and distributed denial of service attacks.

Among those at the receiving end were agencies such as the Department of National Defense, the Philippine Coast Guard, Department of Foreign Affairs, Department of Health, the Presidential Management Staff and the domain registry website.

The website of the Bangko Sentral ng Pilipinas was also subjected to a supposed hacking, although authorities were able to immediately foil it.

The websites of these agencies were all accessible yesterday.

The source of the attacks has yet to be determined, although initial investigation supposedly pointed to an entity supposedly operating from the Netherlands.

The Permanent Court of Arbitration (PCA) that issued the ruling on the Philippine case is based in The Hague in the Netherlands.

The Information and Communications Technology Office, the precursor of the newly created Department of Information and Communications Technology, has yet to respond to request for comment regarding the cyberattacks.

The Department of Science and Technology earlier provided additional protection to Philippine government websites amid repeated incidents of defacements and denial of service attacks.

PCA website hacking

Earlier, a cyber-security company reported that the PCA website was infected with a malware by “someone from China” in July 2015.

Citing information from ThreatConnect Inc., Bloomberg Business reported the attack happened in the midst of the week-long hearing on the jurisdiction of the arbitration case filed by Manila against Beijing over the territorial dispute in the South China Sea.

Gaelle Chevalier, a case manager at the PCA, told Bloomberg that they “have no information about the cause of the problems.”


Copyright © 2014. DoS Protection UK. All Rights Reserved. Website Developed by: 6folds Marketing Inc. | Demo Test