Tag Archives: ddos

Sorry, Not Sorry: WHOIS Data Must Remain Public

In March, I posted a call to action to those of us in the community who have the inclination to fight against a movement to redact information critical to anti-abuse research. Today, I felt compelled to react to some of the discussions on the ICANN discussion list dedicated to the issue of WHOIS reform:

Sorry, not sorry: I work every working hour of the day to protect literally hundreds of millions of users from privacy violating spam, phish, malware, and support scams.

Should access to WHOIS data be redacted in any way beyond what it is at present, my work will be made impossible. I spend 90% of my day in WHOIS data, the other 10% sculpting the data in a manner to provide reason and proof to hosting provider and registrars to take action against real-life criminals on their networks.

I also prepare cases for law enforcement to act upon. Contrary to popular belief in some quarters, LE cannot possibly begin to know about the stuff I (and my many, many colleagues) see until we tell them. That’s how it works. Any of the big botnet and crime ring take-downs and arrests you’ve ever seen have involved a public-private collaboration between individuals, researchers such as myself, and law enforcement.

So, I’d like to issue congratulations to all those who want to redact. You will, without a single iota of uncertainty, will expose many more people to real — not potential or hypothetical — privacy issues of a far more serious nature than you could possibly imagine, all in the badly mangled, misguided, and muddleheaded notion of what privacy actually is in the real world. ‘Cut off your nose to spite your face’ has never been more apt.

I hope you tell your Mom, family and your friends what you are trying to do here, while I spend my time trying to protect them from real evil: Revenge porn. Identity Theft. Plain old theft. Stalking. Photographic representation of the rape of children. Trolling, leading to the destruction of people’s lives. Emptied bank accounts.

Tell them you don’t want me to be able to do my job, and that you are trying to make it impossible, because you think access to the data that has been public and without challenge under the world’s privacy laws for twenty years is better off limited to the point of uselessness, sacrificed on some misshapen altar of privacy.

If I sound angry at what you are attempting to do, then I’ve hit my mark. I am furious. The security sector is furious. We are terrified that you may have any degree of success in this regard, because you apparently don’t know, or don’t care what the actual results will be. Placating with ‘gated access’ means there will be some among my peers and colleagues, far more talented and effective than I, who simply cannot gain access, and the resulting mess will be on your head, and at risk of overstating my case, the blood on your hands.

So again, congratulations. Mother’s Day is coming up. Be sure to make mention of this in the card you send. Now, if you’ll excuse me, I’ll go back to diving in the data lake of WHOIS, trying to keep spam and far worse evil off’ve your network.

K bye tnx.

Neil Schwartzman

Executive Director

Coalition Against Unsolicited Commercial Email

http://cauce.org

Twitter : @cauce

Written by Neil Schwartzman, Executive Director, The Coalition Against unsolicited Commercial Email – CAUCE

Follow CircleID on Twitter

More under: Cyberattack, Cybercrime, DDoS, DNS, Security, Spam, Whois

Continue reading

Posted in circleid | Tagged , , , , , , | Comments Off on Sorry, Not Sorry: WHOIS Data Must Remain Public

Permanent Denial-of-Service Attacks on the Rise, Incidents Involve Hardware-Damaging Assaults

Also known loosely as “phlashing” in some circles, Permanent Denial-of-Service (PDoS) is an increasing popular form of cyberattack that damages a system so badly that it requires replacement or reinstallation of hardware. “By exploiting security flaws … Continue reading

Posted in circleid | Tagged , , , | Comments Off on Permanent Denial-of-Service Attacks on the Rise, Incidents Involve Hardware-Damaging Assaults

So Long, Farewell: The Worst DDoS Attacks of 2016

The year 2016 will go down in infamy for a number of reasons. It was the year an armed militia occupied an Oregon wildlife refuge, Britain voted to Brexit, an overarching event that will simply be referred to as The Election occurred, and Justin Bieber made reluctant beliebers out of all of us.

2016 was also the worst year on record for distributed denial of service (DDoS) attacks by a margin that can only be considered massive. This year’s DDoS attacks — cyberattacks launched from botnets or large clusters of connected devices — ushered in a new breed of botnet: ones comprised of devices from the Internet of Things.

The abominable snowstorm(s)

What happened: Following the release of the Legion expansion to the mega-popular World of Warcraft game in August, Blizzard Entertainment was slammed with three distributed denial of service attacks in August and another one in September.

The DDoS details: While the company has not released specifics on the attacks, the modus operandi was standard for taking aim at a gaming company: wait until the servers are overloaded with users excited about a new game or expansion, then push those servers over the brink with malicious traffic. DDoS for hire service PoodleCorp has claimed responsibility.

The damage done: These attacks affected not only World of Warcraft players, but people trying to use the Blizzard platform for other games, including Diablo III and Overwatch. Gamers are known for their emotional reactions to outages, which is one of the reasons gaming platforms are frequently targeted, and PoodleCorp succeeded in causing widespread anger over Blizzard’s failure to protect their platform from DDoS attacks once again.

The lesson that needs to be learned: website or platform users don’t get used to DDoS-related outages, they get increasingly angry over them. Gaming platforms are at a disadvantage due to their overworked servers, the single point of failure nature of their systems, and the emotional reactions of their users.

The jewelry store hold-up

What happened: In June a brick and mortar jewelry store had their website taken offline for days by a distributed denial of service attack. They got their website restored, only to have it knocked offline again.

The DDoS details: As small as the jewelry store may have been, this is big news since the attack came from a botnet fully made up of CCTV cameras, 25,000 of them, sending 50,000 requests per second.

The damage done: This wasn’t a large-scale attack affecting hundreds of thousands of people like the others in this list, but what makes it stand out was that it was one of the first known uses of an IoT botnet that used only CCTV devices.

The lesson that needs to be learned: As the world becomes increasingly connected, DDoS attackers are amassing more and more weapons. There are two lessons here: secure your IoT devices by changing the default passwords, and get professional DDoS mitigation if your website does not have it. There are simply too many opportunities for attackers now.

The Mirai deluge

What happened: This is actually a set of three separate attacks, all coming courtesy of the Mirai botnet. First computer security blogger Brian Krebs had his site rendered useless by a 620 Gbps attack in September. Days later French hosting provider OVH was hit with a 1 Tbps attack. The biggest one came in October: the Dyn DNS provider was slammed by a 1.2 Tbps attack that knocked major websites and platforms offline, including Netflix, Twitter and PayPal.

The DDoS details: It’s hard to get a handle on just how big the Mirai botnet is, but security experts agree it’s an IoT botnet consisting of well over 100,000 devices capable of throwing attack traffic from tens of millions of IP addresses. Due to the sheer number of devices in this botnet, its attackers tend to use it for distributed denial of service flooding attacks.

The damage done: Each of these three DDoS attacks held the title of biggest ever, at least until the next one came along. The Dyn attack reigns supreme, for now. The Dyn attack was one of the first DDoS attacks to grab the attention of the public due to the high-profile nature of the websites and platforms affected. It became such a major news story that the White House had to give multiple briefings and updates on it.

The lesson that needs to be learned: IoT botnets are currently grabbing headlines for these staggering attacks, but the average website owner needs to know that the biggest use of these botnets is assuredly going to be as DDoS for hire services. That means the extraordinary power of these botnets can be rented for a nominal fee, and everyone is a potential target.

Make no mistake about it. We haven’t even begun to scratch the surface of what went on in DDoS attacks this year. As ugly as this round-up is, next year’s is likely only going to be worse. May a new Justin Bieber album soothe us all!

Written by Patrick Vernon, Writer

Follow CircleID on Twitter

More under: Cyberattack, Cybercrime, DDoS

Continue reading

Posted in circleid | Tagged , , | Comments Off on So Long, Farewell: The Worst DDoS Attacks of 2016

Deloitte: DDoS Attacks to Enter Terabit Era in 2017

Distributed Denial-of-Service (DDoS) attacks will become larger in scale, harder to mitigate and more frequent, says Deloitte in its annual Global Predictions 2017 report. It predicts “there will be on average a Tbit/s (terabit per second) attack per month, over 10 million attacks in total, and an average attack size of between 1.25 and 1.5 Gbit/s (gigabit per second) of junk data being sent. An unmitigated Gbit/s attack (one whose impact was not contained), would be sufficient to take many organizations offline.”

Anticipated escalation in DDoS threat is based on three concurrent trends: the growing installed base of insecure Internet of Things (IoT) devices; the online availability of malware methodologies, such as Mirai, which allow relatively unskilled attackers to corral insecure IoT devices and use them to launch attacks; and the availability of ever higher bandwidth speeds.

Entities that should remain particularly alert, according to the report, include: retailers with a high share of online revenues; online video games companies; video streaming services; online business and service delivery companies (financial services, professional services); and government online services (for example, tax collection).

The report also shares a range of options that companies and governments should consider to mitigate the impacts of DDoS attacks – they include: decentralizing, bandwidth oversubscription, testing, dynamic defense among others. (Full report available here)

Follow CircleID on Twitter

More under: Cyberattack, DDoS, Internet of Things, Security

Continue reading

Posted in circleid | Tagged , , , | Comments Off on Deloitte: DDoS Attacks to Enter Terabit Era in 2017

Deloitte: DDoS Attacks to Enter Terabit Era in 2017

Distributed Denial-of-Service (DDoS) attacks will become larger in scale, harder to mitigate and more frequent, says Deloitte in its annual Global Predictions 2017 report. It predicts “there will be on average a Tbit/s (terabit per second) attack per month, over 10 million attacks in total, and an average attack size of between 1.25 and 1.5 Gbit/s (gigabit per second) of junk data being sent. An unmitigated Gbit/s attack (one whose impact was not contained), would be sufficient to take many organizations offline.”

Anticipated escalation in DDoS threat is based on three concurrent trends: the growing installed base of insecure Internet of Things (IoT) devices; the online availability of malware methodologies, such as Mirai, which allow relatively unskilled attackers to corral insecure IoT devices and use them to launch attacks; and the availability of ever higher bandwidth speeds.

Entities that should remain particularly alert, according to the report, include: retailers with a high share of online revenues; online video games companies; video streaming services; online business and service delivery companies (financial services, professional services); and government online services (for example, tax collection).

The report also shares a range of options that companies and governments should consider to mitigate the impacts of DDoS attacks – they include: decentralizing, bandwidth oversubscription, testing, dynamic defense among others. (Full report available here)

Follow CircleID on Twitter

More under: Cyberattack, DDoS, Internet of Things, Security

Continue reading

Posted in circleid | Tagged , , , | Comments Off on Deloitte: DDoS Attacks to Enter Terabit Era in 2017