Category - Denial of Service

DDoS Attack on German Energy Company RWE
Who’s hacking into UK unis? Spies, research-nickers… or rival gamers living in res hall?
DDoS attacks are getting even larger
Cyber policies: More than just risk transfer
Brit teen arrested for involvement in DDoS attack on ProtonMail
How to Protect Businesses Against DDoS Attacks
Your data center?s IT is lock-tight, are the facility?s operations?
A DDoS Knocked Spain’s Central Bank Offline
DDoS Attack Volume Rose 50% in Q2 2018
DDoS attackers increasingly strike outside of normal business hours

DDoS Attack on German Energy Company RWE

Protesters in Germany have been camping out at the Hambach Forest, where the German energy company RWE has plans to mine for coal. Meanwhile, it?s been reported that RWE?s website was under attack as police efforts to clear the protesters from the woods were underway.

According to Deutsche Welle, unknown attackers launched a large-scale distributed denial-of-service (DDoS), which took down RWE?s website for virtually all of Tuesday. No other systems were attacked, but efforts to clear away the protesters have been ongoing for the better part of the month, and activists have reportedly made claims that they will be getting more aggressive in their tactics.

Activists have occupied the forest in hopes of preventing RWE from moving forward with plans to expand its coal mining operations, which would effectively clear the forest. In addition to camping out in the forest, the protesters have reportedly taken to YouTube to spread their message.

Reports claim that a clip was posted last week by Anonymous Deutsch that warned, “If you don’t immediately stop the clearing of the Hambach Forest, we will attack your servers and bring down your web pages, causing you economic damage that you will never recover from,” DW reported.

“Together, we will bring RWE to its knees. This is our first and last warning,? the voice from the video reportedly added.

DDoS attacks are intended to cripple websites, and the attack on RWE allowed the activists to make good on their threat, at least for one day.

??This is yet another example that illustrates the DDoS threat to [softer targets in]?CNI [critical network infrastructure]. ?RWE is an operator of an essential service (energy) in Germany. The lights didn?t go out but their public-facing website was offline as a result of this attack,? said Andrew Llyod, president, Corero Network Security.

In a recent DDoS report, Corero researchers found that??after facing one attack, one in five organizations will be targeted again within 24 hours.?


Who’s hacking into UK unis? Spies, research-nickers… or rival gamers living in res hall?

Report fingers students and staff for academic cyber-attacks

Who’s hacking into university systems? Here’s a clue from the UK higher education tech crew at Jisc: the attacks drop dramatically during summer break.

A new study from Jisc (formerly the Joint Information Systems Committee) has suggested that rather than state-backed baddies or common criminals looking to siphon off academic research and personal information, staff or students are often the culprits in attacks against UK higher education institutions.

The non-profit body, which provides among other things internet connectivity to universities, analysed 850 attacks in the 2017-18 academic year and found a consistent pattern that occurred during term time and the UK working day.

Holidays brought with them a sharp reduction in attacks, from a peak 60-plus incidents a week during periods of the autumn term to a low of just one a week at times in the summer. It acknowledged that part of the virtual halt in summer may be down to cops and Feds cracking down on black hat distributed denial-of-service tools in the months prior, however.

Jisc is perhaps better known among Reg readers for providing the Janet network to UK education and research institutions.

Its data covered cyber-attacks against almost 190 universities and colleges and focused on denial-of-service and other large-scale infosec hits rather than phishing frauds and malware.

Staff and students with a grudge or out to cause mischief are more credible suspects in much of this rather than external hackers or spies. More sophisticated hackers might be inclined to use DDoS as some sort of smokescreen.

In a blog post, Jisc security operations centre head John Chapman admitted some of the evidence suggesting staff and students might be behind DDoS attacks is circumstantial. However, he pointed out evidence from law enforcement and detected cyber assaults supported this theory. For example, a four-day DDoS attack the unit was mitigating against was traced back to a university hall of residence ??and turned out to be the result of a feud between two rival gamers.

Whoever might be behind them, the number of incidents is growing. Attacks are up 42 per cent to reach this year’s 850; the previous academic year (2016-17) witnessed less than 600 attacks against fewer than 140 institutions.

Matt Lock, director of solutions engineers at Varonis, said: “This report is another reminder that some of the biggest threats facing organisations today do not involve some hoodie-wearing, elusive computer genius.”

Education is targeted more often than even the finance and retail sectors, according to McAfee research (PDF).

Nigel Hawthorn, data privacy expert at McAfee, commented in March:

“The kind of data held by universities (student records/intellectual property) is a valuable commodity for cyber criminals, so it is crucial that the security and education sectors work together to protect it.


DDoS attacks are getting even larger

Average DDoS attack is five times stronger this year, compared to the year before.
The average DDoS attack is five times stronger this year, compared to the year before, and the biggest DDoS attack is four times stronger than last year?s strongest, according to new reports.

Nexusguard?s Q2 2018 Threat Report analysed thousands of DDoS attacks worldwide and came to the conclusion that the average DDoS attack is now bigger than 26 Gbps, and the maximum attack size is now 359 Gbps.

IoT botnets are still largely in use, mostly because of the increasing number of IoT-related malware exploits, as well as the huge growth in large-scale DDoS attacks.

The report says that CSPs and susceptible operations should ?enhance their preparedness to maintain their bandwidth, especially if their infrastructure don?t have full redundancy and failover plans in place?.

?The biggest zero-day risks can stem from various types of home routers, which attackers can exploit to create expansive DDoS attacks against networks and mission-critical services, resulting in jumbo-sized attacks intended to cripple targets during peak revenue-generating hours,? said Juniman Kasman, chief technology officer for Nexusguard. ?Telcos and other communications service providers will need to take extra precautions to guard bandwidth against these supersized attacks to ensure customer service and operations continue uninterrupted.?

Universal datagram protocol, or UDP, is the hacker?s favourite attack tool, with more than 31 per cent of all attacks using this approach. This is a connectionless protocol which helps launch mass-generated botnets.

Top two sources of these attacks are the US and China.


Cyber policies: More than just risk transfer

Digital connectivity continues apace ? but brings with it increased cyber risks.?These relatively new and complex risk profiles require approaches that go far?beyond traditional insurance, argues Munich Re?s reinsurance boss Torsten Jeworrek.

Self-learning machines, cloud computing, digital ecosystems: in the steadily expanding Internet of Things, all objects communicate with others. In 2017, 27 billion devices around the world were online, but this number is set to increase five-fold to 125 billion by the year 2030. And many industries are profiting from the connectivity megatrend.

In virtually every sector, automated processes are delivering greater efficiency and therefore higher productivity. By analysing a wide range of data, businesses also hope to gain new insights into existing and prospective customers, their purchasing behaviour, or the risk that they might represent. This will facilitate a more targeted customer approach. At the same time, greater levels of interconnection are leading to new business models. Examples include successful sharing concepts and online platforms.

Growing risk of ransomware

But just as there are benefits to growing connectivity, there are also risks. Ensuring data security at all times is a serious challenge in this complex world. When setting up and developing digital infrastructure, companies must constantly invest in data-security expertise and in technical security systems, not least to protect themselves against cyber attacks. This became clear in 2017, when the WannaCry and NotPetya malware attacks caused business interruption and production stoppages around the world. T

he costs of WannaCry in the form of lost data and business interruption were many times greater than the losses from ransom demands. With other attacks, the objective was not even extortion ? but rather to sabotage business operations or destroy data. Phishing, which is the attempted capture of sensitive personal and log-in data, and distributed denial of service (DDoS) attacks, which take down entire servers by systematically overloading them, also cause billions of dollars in damage each year. It is difficult to calculate the exact amounts involved, but business losses from cyber attacks are currently estimated at between $400bn and $1tn each year.

And the number of cyber attacks continues to rise ? as do the resulting losses. According to estimates from market research institute Cybersecurity Ventures, companies around the world will fall victim to such attacks every 14 seconds on average in 2019. Europol also notes that there have been attacks on critical national infrastructure in the past, in which people could have died had the attacks succeeded.

Increasing demand for cyber covers from SMEs as well

As the risks increase, so too does the number of companies that attach importance to effective prevention measures and that seek insurance cover. The pressure to improve data protection has also increased as a result of legal requirements such as the EU?s General Data Protection Regulation, which came into force in May 2018 and provides for severe penalties in the event of violations. In a world of digital dependency, automated processes, and networked supply chains, small- and medium- sized companies in particular realise that it is no longer enough to focus on IT security within their own four walls.

For the insurance industry, cyber policies are gradually becoming an important field of business in their own right. According to estimates, further significant increases in premium volume are on their way. In 2017, premium volume was at between $3.5bn and $4bn. That figure is expected to increase to between $8bn and $9bn by 2020. So there will be good growth opportunities over the next few years, particularly in Europe.

Cyber risks difficult to assess

Cyber risks pose unique challenges for the insurance industry, above all in connection with accumulation risk: a single cyber event can impact many different companies at the same time, as well as leading to business interruption for other companies.

How can the market opportunities be exploited, while at the same time managing the new risks? Are cyber risks ultimately uninsurable, as many industry representatives have said? One thing is certain: there are a number of extreme risks that the insurance industry cannot bear alone. At present, these include network outages that interrupt the electricity supply, or internet and telecommunication connections. Scenarios like these, and the costs that come with them, should be borne jointly by governments and companies, for example in the form of pool solutions.

Cyber as a new type of risk

There are key differences between cyber risks and traditional risks. Historical data such as that applied to calculate future natural hazards, for example, cannot tell us much about future cyber events. Data from more than ten years ago, when there was no such thing as cloud computing and smartphones had not yet taken off, are of little use when assessing risks from today?s technologies. Insurers and reinsurers must be able to recognise and model the constantly evolving risks over the course of these rapid advances in technology. An approach that relies on insurance expertise alone will rapidly reach its limits. Instead, the objective of all participants should be to create as much transparency as possible with regard to cyber risks. IT specialists, authorities, and the scientific and research communities can all help to raise awareness of the risks and contribute their expertise for the development of appropriate cyber covers.

Working together to enhance security

Munich Re relies on collaboration with technology companies and IT security providers to develop solutions for cyber risks. This is because the requirements for comprehensive protection are complex, and safeguarding against financial losses is only one component of an overall concept. Accordingly, in consultation with our technology partners, we are developing highly effective, automated prevention services for our clients. These are designed to permanently monitor the client infrastructure, identify risks promptly, and prevent losses. And ? importantly ? a company needs to respond quickly to limit the loss from an event and allow it to resume normal operations without delay. In this context, we assist our clients with a network of experts.

But cyber risks remain a challenge, and one that the insurance industry needs to tackle. Insurers can only remain relevant for their clients if they constantly adapt their offerings to new or changed risks and requirements. Opportunities for new fields of business are arising.


Brit teen arrested for involvement in DDoS attack on ProtonMail

George Duke-Cohan was recruited by criminal group Apophis Squad

A 19-YEAR-OLD MEMBER of hacking group Apophis Squad has been arrested by British cops.

George Duke-Cohan from Watford, who uses the aliases ‘7R1D3N7′, ?DoubleParalla’ and ?optcz1′, was identified after the criminal group launched a series of DDoS attacks on Swiss-based encrypted email and VPN provider ProtonMail in June.

Writing on the ProtonMail blog, CEO Andy Yen said that a team of security researchers had assisted the firm in investigating those responsible for the attacks.

“Our security team began to investigate Apophis Squad almost immediately after the first attacks were launched. In this endeavour, we were assisted by a number of cybersecurity professionals who are also ProtonMail users,” he said.

“It turns out that despite claims by Apophis Squad that federal authorities would never be able to find them, they themselves did not practice very good operational security. In fact, some of their own servers were breached and exposed online.”

Yen did not go into details about how Duke-Cohan was ‘conclusively’ identified, save to say that “intelligence provided by a trusted source” played a part.

The group attacked ProtonMail in June, apparently on a whim, but the attacks intensified after CTO Bart Butler responded to a tweet from the group, saying “we’re back you clowns”. Apophis Squad also attacked Tutanota, another encrypted email provider.

Users of ProtonMail email and VPN services saw them briefly disrupted, but “due to the efforts of Radware, F5 Networks, and our infrastructure team, we were able keep service disruptions to a minimum,” Yen said.

As a member of Apophis Squad, Duke-Cohan was also involved in making hoax bomb threats to schools and colleges and airlines which saw 400 educational facilities in the UK and USA evacuated and a United Airlines flight grounded in San Francisco in March.

He pleaded guilty in Luton Magistrates Court to three counts of making bomb threats and is due to appear before Luton Crown Court on September 21 to face further charges. He also faces possible extradition to the US.

Marc Horsfall, senior investigating officer at the National Crime Agency said: “George Duke-Cohan made a series of bomb threats that caused serious worry and inconvenience to thousands of people, not least an international airline. He carried out these threats hidden behind a computer screen for his own enjoyment, with no consideration for the effect he was having on others.”

Duke-Cohan’s parents have said he was “groomed” by “serious people” online through playing the game Minecraft. Apophis Squad is thought to be based in Russia.

ProtonMail’s Yen said other attackers have also been identified and the authorities notified.

“We will investigate to the fullest extent possible anyone who attacks ProtonMail or uses our platform for crime. We will also cooperate with law enforcement agencies within the framework of Swiss law,” he said.


How to Protect Businesses Against DDoS Attacks

Security, for any business today, is important; we, at HackerCombat, have already reported on the rising costs of IT security on the global level. More and more business today invest heavily in security; they have started realizing that without security, it?s almost impossible for any business to flourish in today?s circumstances.

We have arrived at a stage when businesses cannot handle security by simply relying on their ISPs. Proactive measures that businesses adopt for ensuring proper and better security really counts.

Businesses today are often targeted by DDoS (Distributed Denial of Service) attacks, planned and executed by cybercriminals all the world over. Hence it becomes important that every business today is armed, in all ways possible, to combat DDoS attacks, in the most effective of manners. Let?s discuss how businesses can secure themselves against such attacks. Let?s begin by discussing how DDoS attacks happen and what they are, in the first place?

DDoS Attacks: An Introduction

The basic principle of a DDoS attack is this- a very large number of requests are sent from several points targeting a network or server, and that too in a very short span of time. This kind of bombardment causes an overload on the server, which consequently leads to the exhaustion of its resources. The obvious result is that the server would fail and sometime would even become inaccessible, thereby causing a total denial of service, hence the name Distributed Denial of Service attack.

The main issue, however, is not that the server or network becomes inaccessible; on the other hand, it pertains to the security of the data stored in the network. A DDoS attack makes a server vulnerable and hackers can penetrate the information system and cause huge losses to the business that?s targeted. The cybercriminals behind a DDoS attack can thus make big money at the expense of the company that?s targeted.

The motives behind DDoS attacks vary; such attacks could be carried out for political or financial gains, while some such attacks would have retaliation as the sole purpose. Those who look for political gains would target those who hold contradicting political, social or religious beliefs. Crippling them through a well-planned and well-executed DDoS attack would be the motive here. Retaliatory attacks happen when a botnet or a large cybercriminal network is dismantled and those who stood by the authorities need to be targeted. DDoS attacks that are carried out for financial gains follow a simple pattern. Those who want a business targeted would hire the services of cybercriminals who would carry out the DDoS attack. The hackers are paid for the work they do.

Well, irrespective of the motive, the end result for the business that?s targeted is always the same. The network and online services become unavailable, sometimes for a short period and sometimes for a really long period of time, and data security also is at risk.

How to protect a business from DDoS attacks

ISPs may offer layer 3 and layer 4 DDoS protection, which would help businesses save themselves from many volumetric attacks. But most such ISPs fail when it comes to detecting small, layer 7 attacks. That?s why it?s said that businesses should not depend on their ISPs alone for protecting themselves against DDoS attacks. They should be set to implement measures that ensure comprehensive protection against DDoS attacks. Here?s a look at the different things that need to be done to combat DDoS attacks in the most effective of manners:

Go for a good solution provider- There are many service providers who provide Layer 3, 4 and 7 protection against DDoS attacks. There are providers of all kinds, ranging from those that offer low-cost solutions for small websites to those that provide multiple coverages for large enterprises. Most of them would offer custom pricing option, based on your requirements. If yours is a large organization, they would offer advanced layer 7 discovery services with sensors to be installed in your data center. Well, always go for a good provider of security solutions, as per your needs.

Always have firewall or IPS installed- Modern firewall software and IPS (Intrusion Prevention Systems) claim to provide a certain level of protection against DDoS attacks. The New Generation Firewalls offers both DDoS protection as well as IPS services and thus would suffice to protect you against most DDoS attacks. There, of course, are some other aspects that need to be kept in mind. Your New Generation Firewall might get overwhelmed by volumetric attacks and might not even suffice for layer 7 detections. Similarly, enabling DDoS protection on your firewall or IPS could even impact the overall performance of your system/network in an adverse manner.

Use dedicated appliances that fight DDoS attacks- Today, there are many hardware devices that protect you from DDoS attacks. Some of these provide protection against layer 3 and 4 attacks while some advanced ones give protection against layer 7 DDoS attacks. Such appliances are deployed at the main point of entry for all web traffic and they monitor all incoming and outgoing network traffic. They can detect and block layer 7 threats. There are two versions of these hardware solutions- one for enterprises and the other for telecom operators. The ones for enterprises are cost-effective ones while the ones for providers are too expensive. Investing in getting such hardware appliances would always be advisable. It?s always good to go for devices that use behavior-based adaptation methods to identify threats. These appliances would help protect from unknown zero-day attacks since there is no need to wait for the signature files to be updated.

Remember, for any organization, big or small, it?s really important today to be prepared to combat DDoS attacks. For any organization that has a web property, the probability of being attacked is higher today than ever before. Hence, it?s always good to stay prepared. Prevention, as they say, is always better than cure!


Your data center?s IT is lock-tight, are the facility?s operations?

Data centers are the lifeblood of the enterprise, allowing for scale never before imagined and access to critical information and applications.

Businesses are increasingly migrating to the cloud, making the role of the data center more and more valuable. In 2017 alone, companies and funds invested more than $18 billion in data centers, both a record and nearly double that of 2016. But as much growth as this unparalleled level of computing has given SMBs to the enterprise, a level of risk remains ? and data center operators often aren?t looking in the right places when identifying security threats.

As these data centers evolve, so too do the tools and techniques used by hackers ? both novice and pro. Securing the physical spaces that house these critical facilities is becoming more important by the day, and operators are doing themselves a disservice by solely focusing on IT as the only line of defense against attacks. Often, the physical operation of the building is the wide-open door for a hacker to exploit, and if done correctly, can cause as much devastation as an attack on software.

Even if data center operators think their security operation is lock-tight, there still are several important considerations to ensure a holistic plan is in place. The bottom line? If these important measures haven?t been incorporated as part of a data center?s security plan and ongoing upgrades, there is risk to the entire operation.

Your physical operation is more connected

Smoke detection, CCTV, power management systems and your cooling control are all becoming increasingly more connected. The Internet of Things (IoT) has allowed building management systems to become far more advanced than ever imagined when managing the more industrial side of your operation. But as these once-mechanical and manual systems start talking, there also are far more opportunities for malicious damage.

If they aren?t already, IT and building operations must be in constant contact, updating one another about the most recent changes to either one?s systems. Without this important dialogue, processes and standards change in a vacuum and can leave back doors open for hackers.

Threats are evolving

Your security plan should too. Many times, operators are solely worried about the data inside the servers, and don?t consider external threats. Gaining access to secure and encrypted servers takes an extremely experienced and skilled hacker. However, infrastructure like HVAC or fire control sprinkler systems are far less complicated to access for a less seasoned cyber-criminal.

While a DDoS attack or breach can be dangerous, a cooling operation taken offline or activated fire sprinklers can be downright devastating. Hackers consider this low-hanging fruit, and are almost always looking to do the most damage. Consider updating your security plan with a roadmap of every physical system in place, and sit down with building operations to address potential new areas of weakness.

Consider outside advice to ensure security

No single person can be expected to be an expert on the security of all physical assets. Consulting with a third-party that understands how facilities and IT should be working together within a data center can an extremely valuable investment.

Consider this: Gartner has estimated that a single minute of network downtime costs $5,600 on average. That?s certainly not a huge sum if the interruption is only 10 minutes due to a DDoS attack, but consider the damage if servers catch fire because of a cooling system shutdown. If a data center spends weeks cleaning up physical damage to a poorly secured physical operation, the results could be devastating.

To provide true security, data center operators have to stop assuming hackers can only do damage in the zeros and ones. In reality, as systems become more advanced, true security at data centers is reliant on a close relationship between IT and facilities, making sure they frequently and accurately communicate about changes, upgrades and observations at their operations. Not doing so risks a lot more than a little downtime.


A DDoS Knocked Spain’s Central Bank Offline

In a distributed-denial-of-service (DDoS) attack that began on Sunday, 26 August, and extended into today, Spain’s central bank was knocked offline. While Banco de Espana struggled to fight off the attack, business operations were not disrupted, according to Reuters.

“We suffered a denial-of-service attack that intermittently affected access to our website, but it had no effect on the normal functioning of the entity,” a spokeswoman for Banco de Espana wrote in an email.

DDoS attacks interrupt services by overwhelming network resources. Spain?s central bank is a noncommercial bank, which means that it does not offer banking services online or on site, and communications with the European Central Bank were not impacted.

?Worryingly, as of Tuesday afternoon their website remained offline despite the attack having started on Sunday. Whether this was as a result of an ongoing attack, recovering from any resulting damage or as a precaution pending a forensic investigation is not clear,? said Andrew Lloyd, president, Corero Network Security.

?The recent guidance from the Bank of England (BoE) requires banks to have the cyber-resilience to ‘resist and recover’?with a heavy emphasis on ‘resist.’ The BoE guidance is a modern take on the old adage that ‘prevention is better than cure.’? Whatever protection the Bank of Spain had in place to resist a DDoS attack has clearly proven to be insufficient to prevent this outage.”

To help mitigate the risk of a DDoS attack, banks and other financial institutions can invest in real-time protection that can detect attacks before they compromise systems and impact customer service.

As of the time of writing this, the bank’s website appears to be back online.


DDoS Attack Volume Rose 50% in Q2 2018

Distributed Denial of Service (DDoS) attacks aimed at disruption remain a massive problem for businesses big and small, despite the shutdown of the Webstresser DDoS-for-hire service. Attackers are also increasingly striking outside of normal business hours, researchers have found.

A new report shows attack volumes rose 50% to an average 3.3 Gbps during May, June and July 2018, from 2.2 Gbps in Q1. Despite a 36% decrease in the overall number of attacks ? likely as a result of DDoS-as-a-service website Webstresser being shuttered in an international police operation ? attack volumes increased.

46% of incidents used two or more vectors in Q2, with a total of 9,325 attacks recorded during the quarter. That?s 102 per day, on average. A 50% increase in hyper-scale attacks (80 Gbps+) was also recorded, while the most complex attacks used 13 vectors in total, researchers found.

Broadly speaking, DDoS attacks can be divided into three main categories, which point to the attack vectors employed by bad actors:

  • Volume Based Attacks ? bad actors saturate the bandwidth of the attacked site (measured in bits per second / Bps)
  • Protocol Attacks ? attackers consume actual server resources (measured in packets per second / Pps).
  • Application Layer Attacks ? hackers seek to crash the web server (measured in requests per second / Rps)

High-volume attacks were assisted by Memcached reflection, SSDP reflection and CLDAP. The highest attack bandwidth was recorded at 156 Gbps (gigabits per second), while the total duration of attacks during the quarter was 1,221 hours.

Attackers used two vectors 17% of the time, and three vectors 16% of the time. The most-frequently observed attacks were UDP floods (59.7%), TCP SYN floods (3.3%) and ICMP floods (0.9%).

773 attacks used the Memcached reflection amplification technique, while the SSDP reflection technique generated the greatest proportion of DDoS packets.

New data from a similar study, by Nexusguard, recently showed that the number of unguarded Memcached servers is dropping, yet many remain vulnerable to attacks.

The same research uncovered that DNS amplification attacks have increased 700% worldwide since 2016 and, in the first quarter of 2018, 55 DNS amplification attacks relied on vulnerable Memcached servers to amplify their DDoS efficiency by a factor of 51,000.


DDoS attackers increasingly strike outside of normal business hours

DDoS attack volumes have increased by 50% to an average of 3.3 Gbps during May, June and July 2018, compared to 2.2 Gbps during the previous quarter, according to Link11. Attacks are also becoming increasingly complex, with 46% of incidents using two or more vectors.

DDoS attacks outside business hours

While attack volumes increased, researchers recorded a 36% decrease in the overall number of attacks. There was a total of 9,325 attacks during the quarter: an average of 102 attacks per day.

While the number of attacks decreased overall ? possibly as a result of DDoS-as-a-service website Webstresser being closed down following an international police operation, both the scale and complexity of the attacks increased. The LSOC registered a 50% increase in hyper-scale attacks (80 Gbps+). The most complex attacks seen used 13 vectors in total.

Link11?s Q2 DDoS Report revealed that threat actors targeted organisations most frequently between 4pm CET and midnight Saturday through to Monday, with businesses in the e-commerce, gaming, IT hosting, finance, and entertainment/media sectors being the most affected.

The report reveals that high volume attacks were ramped up via Memcached reflection, SSDP reflection and CLDAP, with the peak attack bandwidth recorded at 156 Gbps. Other key findings from the Q2 report include:

  • The total duration of attacks during the quarter was 1,221 hours
  • 17% of attacks used two vectors, while 16% used three
  • The most frequently observed attacks were UDP floods (59.7%), TCP SYN floods (3.3%) and ICMP floods (0.9%)
  • Memcached was the most used reflection amplification technique, with 773 attacks observed using this technique, highlighting that Memcached is still an issue. The SSDP reflection technique generated the greatest proportion of DDoS packets.

DDoS attacks outside business hours

?Attacks in Q2 2018 continued to grow in scale and complexity. Nearly half of attacks were multi-vector, making them harder to defend against, and with the rapid growth in ?hyper attacks? with volumes of over 80 Gbps, we must now consider these large, complex attacksto be the new normal,? said Aatish Pattni, Regional Director UK & Ireland for Link11.

?It?s only a matter of time until a new DDoS-for-hire service emerges to replace Webstresser, so attacks will inevitably increase over the coming months. Given the scale of the threat that organizations are facing, and the fact that the attacks are deliberately aimed at causing maximum disruption, it?s clear that businesses need to deploy advanced techniques to protect themselves against DDoS exploits,? added Pattni.


Copyright © 2013. Created by Meks. Powered by WordPress.