Most Updated News on How to Protect Against DoS Attacks!

Operator of DDoS protection service named as Mirai author
Activists plan DDoS attack on the White House website during Trump’s inauguration
2017 may be crisis year for DDoS attacks, warns Deloitte
Internet of Things based DDoS attacks to rise in 2017: Report
DDoS Attacks: A Threat to Businesses and Consumers
DDoS prevention as part of a robust I.T. Strategy
DDOS attacks intensify in EMEA
Three ways retailers can safeguard against cybercrime
Dark DDoS: hacker tools and techniques – the challenges faced
Someone is trying to take down the Drudge Report, and it’s a mystery who’s behind it

Operator of DDoS protection service named as Mirai author

Krebs says he’s fingered author of epic IoT web assault code

The author of the massive distributed denial-of-service attack malware Mirai, which ropes infected routers and internet of things devices into remotely controlled armies, is a New Jersey man, according to journo Brian Krebs.

On his website this week, Krebs names a chap called Paras Jha, owner of a distributed denial-of-service (DDoS) attack mitigation company ProTraf Solutions, for the creation and dissemination of the Mirai software nasty.

Mirai is one of the worst DDoS botnets ever to grace the internet and is fingered for downing large chunks of the internet, including record-breaking attacks on Krebs’ own site.

Previous analyses have suggested the malware was penned by a person named “Anna-Senpai”.

Krebs builds a case to link Anna-Senpai to Jha and says that he, along with other players, built the Mirai code and used it to attack Minecraft servers to lure disgruntled customers.

He tells of how Jha contacted upstream providers to have command and control servers of rival IoT firms shut down, and how the hacker built malcode into his botnet that eliminated rival Qbot botnets.

Those upstream providers that ignored Jha’s requests were also subject to large DDoS attacks.

Mirai evolved from earlier incarnations of botnet code designed for DDoS attacks. In 2014 an earlier variant was used to launch DDoS attacks against Minecraft servers which can generate up to US$50,000 a month.

Krebs found that Jha lists the same skills on his LinkedIn page as on HackForums, a large marketplace where low level grey hat activities, cybercrime, and bragging takes place.

He details many other compelling links between Jha’s older identities he used online while learning to code, including ‘OG_Richard_Stallman’, and his recent aliases including Anna-Senpai. ®

Source: http ://

Activists plan DDoS attack on the White House website during Trump’s inauguration

A software engineer is calling for protesters to flood the site with traffic during the presidential inauguration

It’s almost time. Ex-reality TV host and businessman Donald Trump will be officially sworn in as the US president on Friday January 20. His campaign was divisive, to say the least, and it seems his tenure as president is looking like having a bumpy start, with protests planned in all states of the US, including on the streets of Washington DC.

However, rather than stand outside, some protestors are choosing to target the President-elect with other, indoor-based, means. Software engineer, Juan Soberanis, is calling on protestors to attempt to take down the White House’s website in a DDoS attack – simply by flooding the website with traffic. Soberanis is calling it “Occupy White House”.

According to the International Business Times, Soberanis wrote on his online protest pledge: “”If you can’t make it to Washington DC on inauguration day to protest Trump’s presidency, you can still fight for the cause by helping to take down as a show of solidarity for the lives impacted by Trump’s policy agenda.

“It’s simple. By overloading the site with visitors, we will be able to demonstrate the will of the American people,” he continued.

Soberanis then goes on to tell fellow protestors to overwhelm the website by setting up auto-refresh on the homepage throughout the day.

The San-Francisco engineer is the creator of, a Kickstarter-type site that encourages individuals to get involved in online protests. However, only one protest is currently live on the site, a finished protest set up by Soberanis to incite people to join the ACLU as a protest against Trump. The alleged URL for his Occupy White House protest page on the site appears to be inaccessible at the moment.

Hacking group Anonymous is additionally, and allegedly, planning cyber attacks against Trump’s new administration.

It should be noted, though, that this type of attack is considered criminal activity in the US under the Computer Fraud and Abuse Act. The act dictates that sending a command to a protected computer with the intent to cause damage can be judged a criminal offence, and people affiliated with Anonymous have been charged in the past by the US government for launching DDoS attacks on government entities and trade groups.

Screen Shot 2017-01-19 at 14.38.54

Thousands of people are planning to protest Trump’s inauguration on January 20

As well as being a controversial choice for president, Trump’s inauguration is set to be a controversial affair, too. The likes of Cher, Chelsea Handler and Katy Perry have promised to take part in the Women’s March, either in the capital or in the states around, the day after the inauguration, to protest the Republican party’s threats to defund Planned Parenthood.

According to Google, the statewide searches for “inauguration protest” are much higher than “attend inauguration” searches on the site. During the transition from Obama stepping down and Trump stepping up, “Russia” has been one of the top searched-for big issuesin the States on Google, alongside immigration and Obamacare.


2017 may be crisis year for DDoS attacks, warns Deloitte

The proliferation of IoT devices and IoT exploit kits may make 2017 a turning point in DDoS attacks requiring new defence tactics, warns Deloitte

Organisations have generally been able to keep pace with the increasing size, frequency and impact of distributed denial of service (DDoS) attacks, but that may change in 2017, Deloitte has warned.

DDoS is not a new topic, but the potential scale of the problem in 2017 is, according to the latest Technology, media and telecommunications predictions report from Deloitte.

The size of DDoS attacks increased by an average of 30% a year from 2013 to 2015, but 2016 saw the first two attacks of one terabit per second (Tbps) or more, and Deloitte predicts that trend will continue in 2017.

According to the report, 2017 will see an average of one attack a month reaching at least 1Tbps in size, with the number of DDoS attacks for the year expected to reach 10 million.

Deloitte predicts an average attack size of 1.25Gbps to 1.5Gbps, and the report points out that an unmitigated attack in this size range would be sufficient to take many organisations offline.

The anticipated escalation is due to three concurrent trends, the report said.

First, the growing installed base of insecure internet of things (IoT) devices that are usually easier to incorporate into botnets than PCs, smartphones and tablets.

Second, the online availability of malware methodologies such as Mirai, which allow relatively unskilled attackers to corral insecure IoT devices and use them to launch attacks.

Third, the availability of ever-higher bandwidth speeds, which means that each compromised device can send a lot more junk data.

The report warns that the consequence of the growth of IoT devices alone could mean that content distribution networks (CDNs) and local mitigations may not be able to scale readily to mitigate the impact of concurrent large-scale attacks, requiring a new approach to tackling DDoS attacks.

Phill Everson, head of cyber risk services, Deloitte UK, said a DDoS attack aims to make a website or connected device inaccessible.

“DDoS attacks are the equivalent of hundreds of thousands of fake customers converging on a traditional shop at the same time. The shop struggles to identify genuine customers and quickly becomes overwhelmed. The consequence could see an online commerce site temporarily unable to transact, or a government site not able to process tax returns,” he said.

Everson said the expected volume and scale of DDoS attacks in 2017 would challenge the defences of most organisations, regardless of size.

“Businesses of all sizes should acknowledge the growing DDoS threat and consider how best to handle attacks of these magnitudes,” he said.

Any organisation that is increasing its dependence on the internet should be aware of a potential spike in the impact of such attacks, according to the report.

The entities that should remain alert include, but are not limited to, retailers with a high share of online revenues, online video game companies, video streaming services, online business and service delivery companies such as financial services firms, and government online services, the report said.

“Some organisations may have become a little blasé about DDoS attacks, however these attacks are likely to increase in intensity in 2017 and beyond, and the attackers are likely to become more inventive. Unfortunately, it may never be possible to relax about DDoS attacks,” authors of the report said.

Deloitte recommends that companies and governments should consider a range of options to mitigate the impact of DDoS attacks, such as decentralising critical functions like cloud computing, leasing a larger bandwidth capacity than they need, proactively identifying weaknesses and vulnerabilities related to DDoS attacks, developing agile defence techniques, and introducing granular traffic filtering capabilities.


Internet of Things based DDoS attacks to rise in 2017: Report

Cybercriminals will use DDoS attacks in 2017 to extend their reach as several IoT devices with outdated codes with well known vulnerabilities still operate.

Cybercriminals will use distributed denial of service (DDoS) attacks in 2017 to extend their reach as there are now several Internet of Things (IoT) devices containing outdated codes and operating with well known vulnerabilities, a global security firm warned on Monday.

According to Sophos, global network and endpoint security firm, financial infrastructure is at greater attack risk as the use of targeted “phishing” and “whaling” continues to grow.

Security is now high on the radar for the security C-suites. Unfortunately, many organisations still do not have their security basics right and remain vulnerable to cyberattacks,” said Sunil Sharma, Vice President (Sales) Sophos, India and Saarc.

Cybercriminals will use ever more sophisticated and convincing targeted attacks to lure users into compromising themselves by bringing together multiple technical and social elements and probe an organisation’s network to proactively attack a specific target.

With ‘old’ ransomware looming around web, users may fall victim to attacks that cannot be cured because payment locations no longer work, the report noted.

“There are six key measures that organisations should put in place to help keep more complex threats at bay: move from layered to integrated security; deploy next-generation endpoint protection; prioritise risk-based security; automate the basics; build staff and process to deter mitigate social attacks; and improve defender coordination,” Sharma added.

Using cameras and microphones to spy on households, cyber criminals may target people using home IoT devices to find a way to profit.

“But once attackers ‘own’ a device on a home network, they can compromise other devices such as laptops containing important personal data,” the report added.

As encryption makes it hard to inspect traffic, criminals can use it as a cover to sneak through a network.

“Security products will need to tightly integrate network and client capabilities, to rapidly recognise security events after code is decrypted on the endpoint,” Sophos suggested.

The company predicted that in 2017, societies will face growing risks from both disinformation and voting system compromise, as technology-based attacks have become increasingly political.


DDoS Attacks: A Threat to Businesses and Consumers

Distributed Denial of Service (DDoS) attacks are a growing concern for businesses and consumers alike. These attacks are on the rise along with all forms of cyber-attack. According to Kapersky, “43% of businesses experienced data loss in the past year due to a cyber-security incident.”

While DDoS attacks threaten the reputation and the bottom line for businesses, they also threaten consumers. In many cases a DDoS attack is launched as a decoy to hide the real intentions of the hacker – to steal corporate intellectual property and financial data, as well as consumer data. DDoS attacks have been a factor in some of the largest data breaches. Dave Larson of Infosecurity Magazine reports that “in a large proportion of data breaches reported over the last few years, DDoS attacks have been occurring simultaneously, as a component of a wider strategy; meaning hackers are utilizing this technique in a significant way.”

At its core a DDoS attack uses hundreds and sometimes thousands of computers to flood the business website with large volume of internet traffic to overwhelm the host server. When this happens the website often stops functioning for a period of time. Sometimes hackers will continue to randomly attack a website until the business pays a ransom – much like ransomware that targets individuals.

There are three major types of DDoS attacks available to a hacker.

  • Volumetric: Most common. Sends a large amount of internet traffic to the host server simultaneously.
  • Amplification: Sends a high volume of traffic using large packets of data. Requires fewer “zombie” or compromised computers to accomplish the same task as a volumetric DDoS attack.
  • Resource Depletion: Makes multiple requests through multiple ports or entry points into the targeted server until its capacity is exceeded.

To find out more about these types of DDoS attacks, go to Defending Your Network against DDoS Attacks.

There are a number of hardware and software tools to help defend against such attacks, but the primary methods of defense are knowledge, detection, and training.

  1. Businesses should analyze how their networks and the systems attached to that network interact with the internet to uncover and fix vulnerabilities before they are exploited by hackers.
  2. Train IT employees to recognize the hallmarks of a DDoS and other cyber-attacks, so they can react quickly.
  3. Train all employees to recognize and immediately report any unusual activity on any system connected to the internet.
  4. Train all employees to question unusual emails or texts requesting W-2’s, other personnel data, or corporate financial information.
  5. Develop specific rules for employees regarding usage of social media and the types of corporate information that can be shared online. A recent study has shown that social engineering is a precursor to 66% of cyber-attacks. Source: 7 Ways to Make Yourself Hack-Proof.

For more information on Decoy DDoS attacks, check out DDoS attacks: a perfect smoke screen for APTs and silent data breaches.

To report a scam, go to the BBB Scam Tracker. To find trustworthy businesses, go to


DDoS prevention as part of a robust I.T. Strategy

A decade ago the idea of loss prevention (LP) had been limited to the idea of theft of merchandise. With the advent of online retailing, retailers have discovered that loss must be viewed more broadly to “intended sales income that was not and cannot be realized” [Beck and Peacock, 28]. While Beck and Peacock regard malicious loses such as vandalism as part of sales that cannot be realized, Distributed Denial of Service (DDoS) attacks certainly could fit with that definition. Unlike other kinds of LP, where the attempt of the thief is to conceal their activities, a DDoS attack is designed for maximal visibility so the purpose of the attack is to deny the target customer’s access, and especially susceptible are businesses that have online payment gateways [Gordon, 20] which today includes many business and non-profit entities.

Particularly problematic for CIOs is that the nature of DDoS attacks is constantly changing. Many of these attacks occur at networking layers below the application level, which means for the CIO that buying an off-the-shelf software product is unlikely to provide an effective countermeasure [Oliveira et al, 19]. Of course, the determination of financial impact is an important consideration when weighing allocations of the IT security budget. While it is clear that the “loss of use and functionality” constitutes true losses to a company [Hovav and D’Arcy, 98], estimating a potential loss encounters difficulties given the lack of historical data and a perceived risk to putting an exact figure upon security breach losses. This presents a problem for the CIO because of the need to show ROI on security investments [Hovav and D’Arcy, 99]. Yet, a successful DDoS attack has the potential to cost a company millions of dollars in real financial losses from the direct costs of work time, equipment leases, and legal costs to the indirect costs, such as, loss of competitive advantage and damage done to the company’s brand. The direct cost of “a more complex breach that affects a cross-section of a complex organization” can often exceed £500,000 (624,000 USD) and does not include additional five or six figure fines if government regulatory agencies are involved [Walker and Krausz, 30].

If the CIO cannot buy an off-the-shelf software product to prepare against a DDoS attack, how does the CIO develop an I.T. security strategy that is appropriate to this specific threat? While this is by no means an exhaustive list: here are a few approaches that one can take that may help to developing an effective I.T. strategy that can deal with the DDoS threat. (1) Accept that developing an I.T. strategy effective against mitigating loss caused by DDoS requires resources, but your business is worth protecting. (2) Remember that the purpose of technology is to connect your business to people [Sharif, 348], and that connectivity is itself an asset that has real value. (3) Developing effective business partners can help you ensure business continuity. These partnerships could be with consultants, alliance partnerships that have successfully dealt with DDoS attacks, or businesses that specialize in dealing with this kind of security issue.


Beck, Adrian, and Colin Peacock. New Loss Prevention: Redefining Shrinkage Management. NY: Palgrave Macmillan, 2009.

Gordon, Sarah, “DDoS attacks grow,” Network Security (May 2015), 2, 20.

Horvav, Anat, and John D’Arcy, “The Impact of Denial-of-Service attack announcements on the market value of firms,” Risk Management and Insurance Review 6 (2003), 97-121.

Oliveira, Rui André, Nuno Larajeiro, and Marco Vieira, “Assessing the security of web service frameworks against Denial of Service attacks,” The Journal of Systems and Software 109 (2015), 18-31.

Sharif, Amir M. “Realizing the business benefits of enterprise IT,” Handbook of Business Strategy 7 (2006), 347-350.

Walker, John, and Michael Krausz, The True Cost of Information Security Breaches: A Business Approach. Cambrigdeshire, UK: IS Governance Publishing, 2013.

David A. Falk, , Ph.D.
Director of IT
DOSarrest Internet Security

DDOS attacks intensify in EMEA

Distributed denial-of-service (DDOS) attacks in the Europe, Middle East and Africa (EMEA) region witnessed an uptick in the last quarter and are set to intensify in 2017.

This is according to a report issued by F5 Networks, which revealed data from its Security Operations Centre (SOC), highlighting the growing scale and intensity of cyber attacks in the region.

DDOS attacks have been around since at least 2000. These attacks refer to a situation in which many compromised machines flood a target with requests for information. The target can’t handle the onslaught of requests, so it crashes.

Consultancy firm Deloitte also expects cyber attacks to enter the terabit era in 2017, with DDOS attacks becoming larger in scale, harder to mitigate and more frequent.

F5 Networks points out that in 2016 to date, it has handled and mitigated 8 536 DDOS instances.

The company notes that one of the attacks featured among the largest globally – a 448Gbps user datagram protocol (UDM) and Internet control message protocol (ICMP) fragmentation flood using over 100 000 IP addresses emanating from multiple regions.

It explains the incident highlights a growing trend for global co-ordination to achieve maximum impact, with IP attack traffic stemming largely from Vietnam (28%), Russia (22%), China (21%), Brazil (15%) and the US (14%).

“The EMEA Security Operations Centre has been experiencing rapid growth since launching in September last year, and it is entirely driven by the explosion of attacks across the region, as well as businesses realising they need to prepare for the worst,” says Martin Walshaw, senior engineer at F5 Networks.

In Q1 (October – December), the SOC experienced a 100% increase in DDOS customers, compared to the same period last year.

F5 Networks says UDP fragmentations were the most commonly observed type of DDOS attack in Q1 (23% of total), followed by domain name system reflections, UDP floods (both 15%), syn floods (13%) and NTP reflections (8%).

“Given the rise and variety of new DDOS techniques, it is often unclear if a business is being targeted,” Walshaw says. “This is why it is more important than ever to ensure traffic is being constantly monitored for irregularities and that organisations have the measures in place to react rapidly.

“The best way forward is to deploy a multi-layered DDOS strategy that can defend applications, data and networks. This allows detection of attacks and automatic action, shifting scrubbing duties from on-premises to cloud and back when business disruption from local or external sources is imminent at both the application and network layer.”


Three ways retailers can safeguard against cybercrime

Chinese New Year is always a shopping boom time in town. People are generous in spending on food, decorations, and fashion during the important cultural festival. While retailers are focused on ensuring that they successfully take advantage of spikes in online and in-store sales, are they as prepared as they need to be to defend against major distributed denial of service (DDoS) attacks?

Avoiding a cyber-crime catastrophe 

Thanksgiving officially kicks off the biggest shopping period of the year globally.

The period through to Chinese New Year may be a sales bonanza, but it’s also a period of high vulnerability that criminals exploit to maximize the threat to a retailer’s business.

Along with gaming and finance companies, retailers are popular targets because they store sensitive data that thieves can use for financial gain. Additionally, DDOS attacks are often used to distract organizations so that even more costly web application attacks can take place at the same time. But the truth is no industry is immune and the threat is increasing in its relentlessness.

With Chinese New Year sales accounting for a sizeable chunk of most retailers’ revenues, from a criminal’s perspective, there could hardly be a better time to launch a cyber attack. What’s more, with systems already creaking under a load of peak volumes, it might not take much of a straw to break the camel’s back.

The last thing a retailer wants is for their business to spectacularly and very visibly come to a sudden halt because they can’t defend against and mitigate a major distributed denial of service (DDoS) attack.

Retailers face a growing threat

Talk of cyber attacks are more than mere scaremongering – the threat is very real. For example, in September, the release of the Mirai code — a piece of malware that infects IoT devices enabling them to be used for DDoS attacks — opened a Pandora’s box of opportunities for ruthless cyber entrepreneurs who want to disrupt their target markets and exploit the vulnerabilities and weaknesses of companies who honestly serve their customers.

This code gives criminals the ability to orchestrate legions of unsecured Internet of Things (IoT) devices to act as unwitting participants in targeted DDoS attacks. These objects could be anything from domestic hubs and routers to printers and digital video recorders — as long as they’re connected to the internet.

The latest large DDoS attacks have used botnets just like this — proving that the bad guys are multiplying and, most likely, gearing up for bigger things.

Asia is not immune and Hong Kong is a prime target

According to a recent report by Nexusguard, DDoS attacks increased 43 percent in Q2 to 34,000 attacks in the Asia-Pacific region and 83 percent worldwide. The largest increase was seen in Hong Kong, where attacks rose an astonishing 57 percent.

China, which saw a 50% increase in attacks, is the number one target in the region. According to the report, over the course of a month, a Chinese website was attacked 41 times.

The fact is, that every company needs to pay this issue serious attention and put effective plans in place.

Prevention is the better than the cure 

There are no easy answers to the question of how to secure IoT smart devices — especially at the ‘budget conscious’ end of the market. That’s why we expect that these DDoS attacks will continue to proliferate, meaning that targeted DDoS attacks of increasing scale and frequency will almost certainly occur as a result.

So how can retailers defend themselves against the threat of an attack?

Organizations have to use a combination of measures to safeguard against even the most determined DDoS attack. This include:

1. Limiting the impact of an attack by absorbing DDoS traffic targeted at the application layer, deflecting all DDoS traffic targeted at the network layer and authenticating valid traffic at the network edge
2. Choosing an ISP that connects directly to large carriers and other networks, as well as internet exchanges — allowing traffic to pass efficiently
3. Employing the services of a network-based DDoS provider — with a demonstrable track record of mitigating DDoS attacks and sinking significant data floods. This will safeguard specific IP address ranges that organizations want to protect.

Chinese New Year is a critical period for retailers — and hopefully for all the right reasons. But in an increasingly digital world, consideration needs to be given to the IT infrastructure that underpins today’s retail business and the security strategy that protects it.


Dark DDoS: hacker tools and techniques – the challenges faced

In 2017 has the cyber landscape changed? What are the objectives of hackers? What are their methods? The variety of attacks used has increased, so how can you mitigate the risk?

Hackers can have many different possible objectives. For instance, they may aim to interrupt business, corrupt data, steal information – or even all of these at the same time.

To reach their goals, they continuously look for any vulnerability – and will use any vulnerability – to attack. They’re getting increasingly smarter and always looking for more, faster and easier ways to strike.

Furthermore, their attacks are no longer designed simply to deny service but to deny security. The initial service denial attack is often used as a camouflage to mask further – and potentially more sinister – activities.

These include data theft, network infiltration, data exfiltration, networks being mapped for vulnerabilities, and a whole host of other potential risks.

These types of attacks are often referred to as ‘Dark DDoS’ because of initial smokescreen attack which acts to distract organisations from the real breach that’s taking place.

In a large proportion of recent data breaches, DDoS (distributed denial of service attacks) have been occurring simultaneously – as a component of a wider strategy – meaning hackers are utilising this technique in a significant way.

According to a report by SurfWatch Labs, DDoS attacks rose 162% in 2016. SurfWatch Labs claims this is due to the increasing use of IoT devices and the attacks on the and on domain name provider, Dyn – believed to be some of the biggest DDoS attacks ever recorded.

Last year, France was also hit by one of the largest DDoS attacks when hosting company, OVH, was targeted through 174,000 connected cameras.

Today’s hackers have developed a high variety of DNS attacks that fall into three main categories:

Volumetric DoS attacks

An attempt to overwhelm the DNS server by flooding it with a very high number of requests from one or multiple sources, leading to degradation or unavailability of the service.

Stealth/slow drip DoS attacks

Low-volume of specific DNS requests causing capacity exhaustion of outgoing query processing, leading to degradation or unavailability of the service.


Attacks exploiting bugs and/or flaws in DNS services, protocol or on operating systems running DNS services.

Often DNS threats are geared towards a specific DNS function (cache, recursive & authoritative), with precise damage objectives.

This aspect must be integrated into the DNS security strategy to develop an in-depth defence solution, ensuring comprehensive attack protection.

The list below of the most common attacks aims to emphasise the diversity of the threats and details the extent of the attack surfaces:

Volumetric attacks

Direct DNS attacks

Flooding of DNS servers with direct requests, causing saturation of cache, recursion or authoritative functions. This attack is usually sent from a spoofed IP address.

DNS amplification

DNS requests generating an amplified response to overwhelm the victim’s servers with very large traffic.

DNS reflection

Attacks using numerous distributed open resolver servers on the Internet to flood victim’s authoritative servers (usually combined with amplification attacks).


Flooding of the DNS servers with non-existing domains requests, implying recursive function saturation.

Stealth/slow drip DoS attacks

Sloth domain attacks

Attacks using queries sent to hacker’s authoritative domain that very slowly answers requests – just before the time out, to cause victim’s recursive server capacity exhaustion.

Phantom domain attack

Attacks targeting DNS resolvers by sending them sub-domains for which the domain server is unreachable, causing saturation of cache server capacity.

Random subdomain attack (RQName)

Attacks using random query name, causing saturation of victim’s authoritative domain and recursive server capacity.


Zero-Day vulnerability

Zero-day attacks take advantage of DNS security holes for which no solution is currently available.

DNS-based exploits

Attacks exploiting bugs and/or flaws in DNS services, protocol or on operating systems running DNS services.

DNS tunnelling

The DNS protocol is used to encapsulate data in order to remotely control malware or/and the exfiltration of data.

Protocol anomalies

DNS Attacks based on malformed queries, intending to crash the service.

DNS cache poisoning

Attacks introducing data into a DNS resolver’s cache, causing the name server to return an incorrect IP address and diverting traffic to the attacker’s computer.

The DNS landscape security is continuously moving and DNS attacks are becoming more and more sophisticated, combining multiple attack vectors at the same time.

Today’s DDoS attacks are almost unrecognisable from the simple volumetric attacks that gave the technique its name. In 2017, they have the power to wreak significant damage – as all those affected by the Dyn breach last year will testify – they are far more sophisticated, deceptive and frequent.

To keep ahead of these threats, today’s security solutions must continuously protect against a family of attacks rather than a limited list of predefined attacks that must be frequently updated or tuned.


Someone is trying to take down the Drudge Report, and it’s a mystery who’s behind it

The Drudge Report, the highly trafficked conservative news website, has been knocked offline for extended periods during the past two weeks, succumbing to large distributed denial of service attacks, according to its founder, Matt Drudge.

And it’s a mystery who’s behind it.

Drudge wrote on Twitter that a December 30 attack was the “biggest DDoS since site’s inception.”

A DDoS attack is executed by using hijacked computers or electronic devices to flood a website with redundant requests, aiming to overload the website’s hosting server and render it unavailable.

But, according to cybersecurity experts who spoke with Business Insider, using such a method to take down the Drudge Report would not be easy.

The site is already equipped to handle a high volume of visitors and scale out to accommodate spikes in traffic. Moreover, a website that generates so many page views would most likely employ strong defense measures, the cybersecurity experts said.

“The Drudge Report has a massive readership,” said Ajay Arora, the CEO and cofounder of the cybersecurity firm Vera. “Generally someone that has that kind of viewership is going to have sophisticated hosting and counter defenses against DDoS attacks.”

Since emerging in 1996, the Drudge Report has been a home to conservatives who feel disenfranchised by traditional media. Drudge has marketed his site as a news destination not controlled by corporate interests or politicians. And he’s had great success.

SimilarWeb, an analytics firm, continually ranks the Drudge Report as one of the five most-trafficked media publishers in the US. According to analytics posted to the site, the Drudge Report has amassed about 775 million page views in the past 31 days — all with hardly any traffic coming from social-media channels.

It’s a high-prized target, one that now sees itself under attack by an unknown culprit.

Drudge has pointed the finger at the US government, tweeting that the traffic that downed his website had “VERY suspicious routing [and timing].”

“Attacking coming from ‘thousands’ of sources,” he wrote on Twitter. “Of course none of them traceable to Fort Meade…”

Drudge seemed to imply that his site was taken down in connection with punishment leveled against Russia for election-related hacking. The first attack on his site came hours after President Barack Obama announced the US would impose sanctions against Moscow, and the Drudge Report had previously been identified in a discredited Washington Post story as responsible for spreading Russian propaganda.

“Maybe they think this is a proportional counterattack to Russia,” tweeted Sharyl Attkisson, a former CBS News investigative journalist. “After all they have decided @Drudge is Russian fake news, right?”

Neither the White House nor the Office of the Director of National Intelligence responded to requests for comment. But cybersecurity experts who spoke with Business Insider discounted Drudge’s claim on grounds that the government attacking a US journalist’s site would be a blatant violation of the Constitution — as well as generally improbable.

“If Putin wanted to take down a website, I’m sure he could order it,” said Jared DeMott, a former security engineer for the National Security Agency who is now the chief technology officer of Binary Defense Systems. “If Obama wanted to do something like that, he’d have to go to different people. It would be a hard conversation to have.”

“Maybe if there was a military reason to have it,” DeMott added. “But domestically, there is no way.”

DeMott, however, posited that another nation-state could be the potential culprit.

“It definitely could be a nation-state,” he said. “They do stuff like that on an ongoing basis, whether they are looking for intel or trying to destabilize a political region.”

Arora of the firm Vera agreed, saying that only a “small number of groups” in the world had the sophistication necessary to execute an attack to take out the Drudge Report for extended periods.

“I would say it would be a group or nation-state that has pretty sophisticated methods and means,” he said. “Given the fact it’s happened a number of times and is persistent for well over a few minutes, and it’s coming from multiple sources, against a site that would have a lot of protection, it would indicate it’s someone pretty sophisticated.”

Chris Weber, the cofounder of Casaba Security, agreed that because the Drudge Report was “getting so much traffic already,” a DDoS attack would need to be on a far “greater magnitude” to be effective against it.

“It does seem unlikely that the Drudge Report would be easily taken down or slowed significantly by a standard DDoS attack,” he said. He surmised that the attack that took down the site was perhaps more on the scale of the massive cyberattack that temporarily knocked out Dyn, a large DNS company, in October. WikiLeaks said its supporters were behind that attack as a show of support for the group’s founder, Julian Assange.

Outside nation-states, it is equally probable that the Drudge Report has come under fire from a “hacktivist” organization, perhaps unhappy with the political views espoused by the site’s founder.

Drudge has always been a controversial conservative figure, but in 2016 he went all-in for President-elect Donald Trump, often igniting controversy with inflammatory headlines emblazoned on his site.

But hacktivist organizations almost always take credit after a successful attack has been executed, experts said. So far, no one has claimed credit for the attacks on the Drudge Report.

And without a group taking credit, it may be impossible to determine the culprit.

“Attribution has always been hard in cyber,” DeMott said. “The science is just quite not mature.”

Arora said any information Drudge “can provide in terms of motives” to a cybersecurity team would be helpful in identifying the responsible party.

“There’s a lot of people that don’t like Matt Drudge,” he said. “He likes to push people’s buttons. Anyone who he specifically has knowledge of, who would be out to get him.”

Arora added: “It’s not just a technology question. It’s also a motive question.”


Copyright © 2014. DoS Protection UK. All Rights Reserved. Website Developed by: 6folds Marketing Inc. | Demo Test