corero Archives - IT Security Guru

Number of DDoS Attacks Have Doubled in Six Months As Criminals Leverage Unsecured IoT Devices

The Gurus — Tue, 21 Nov 2017 12:35:14 +0000

Organisations experienced an average of 237 DDoS attack attempts per month during Q3 2017 – equivalent to 8 DDoS attack attempts every day – as hackers strive to take their organisations offline or steal sensitive data, according to the latest DDoS Trends and Analysis report from Corero Network Security (LSE: CNS), a leading provider of real-time DDoS defense solutions.
The data, which is based on DDoS attack attempts against Corero customers, represents a 35% increase in monthly attack attempts compared to the previous quarter (Q2 2017), and a 91% increase in monthly attack attempts compared to Q1 2017.
Corero attributes this increase in frequency to the growing availability of DDoS-for-hire services, and the proliferation of unsecured Internet of Things devices. For example, the ‘Reaper’ botnet is known to have already infected thousands of devices, and is believed to be particularly dangerous due to its ability to utilise known security flaws in the code of those insecure machines. Like a computer worm, it hacks in to IoT devices and then hunts for new devices to infect in order to spread itself further.
Ashley Stephenson, CEO at Corero, explains: “The growing availability of DDoS-for-hire services is causing an explosion of attacks, and puts anyone and everyone into the crosshairs. These services have lowered the barriers to entry in terms of both technical competence and price, allowing anyone to systematically attack and attempt to take down a company for less than $100. Alongside this trend is an attacker arms race to infect vulnerable devices, effectively thwarting other attackers from commandeering the device. Cyber criminals try to harness more and more Internet-connected devices to build ever larger botnets. The potential scale and power of IoT botnets has the ability to create Internet chaos and dire results for target victims.”

Sophisticated multi-vector attacks
In addition to the frequency of attacks, the Corero data reveals that hackers are using sophisticated, quick-fire, multi-vector attacks against an organisation’s security. A fifth of the DDoS attack attempts recorded during Q2 2017 used multiple attack vectors. These attacks utilise several techniques in the hope that one, or the combination of a few, can penetrate the target network’s security defences.
Ashley Stephenson continues, “Despite the industry fascination with large scale, Internet-crippling DDoS attacks, the reality is that they don’t represent the biggest threat posed by DDoS attacks today. Cyber criminals have evolved their techniques from simple volumetric attacks to sophisticated multi-vector DDoS attacks. Often lasting just a few minutes, these quick-fire attacks evade security teams and can sometimes be accompanied by malware and other data exfiltration threats. We believe they are often used in conjunction with other cyber-attacks, and organisations that miss them do so at their peril.
“The only way to keep up with these increasingly sophisticated, frequent and low volume attacks is to maintain comprehensive visibility and automated mitigation capabilities across a network, so that even everyday DDoS attacks can be instantly detected and blocked as they occur and before they cause damage.”

Ransom Denial of Service
Corero observed a return of Ransom Denial of Service, or RDoS, in Q3 2017. A widespread wave of ransom DDoS threats from hacker group, Phantom Squad, started in September, targeting companies throughout the US, Europe and Asia. The extortion campaign spanned a variety of industries – from banking and financial institutions, to hosting providers, online gaming services and SaaS organisations – and threatened to launch attacks on 30 September unless a Bitcoin payment was made.
Ashley Stephenson continues, “Ransom is one of the oldest tricks in the cyber criminal’s book, and with cryptocurrency, is an anonymous way for them to turn a profit. As IoT botnets continue to rise, we may soon see hackers put on more dramatic RDoS displays to demonstrate the strength of their cyber firepower, so that their future demands for ransom will have to be taken more seriously. Paying the ransom is rarely the best defence, as it just encourages these demands to spread like wildfire. It is proven that with proper protection in place to automatically eliminate the DDoS threat, organisations will be in a much stronger position.”
For access to the complete Corero DDoS Trends report, download it at: http://info.corero.com/DDoS-Trends-Report.html

The post Number of DDoS Attacks Have Doubled in Six Months As Criminals Leverage Unsecured IoT Devices appeared first on IT Security Guru.

Corero Network Security Expands Product Family to Include Real-Time Virtualized DDoS Protection

The Gurus — Wed, 18 Oct 2017 14:18:59 +0000

Enables greater flexibility for deploying automated DDoS mitigation at the scale, speed and efficacy Corero is best known for

Corero Network Security (LSE: CNS), a leading provider of real-time DDoS defense solutions, announced today the availability of its SmartWall Network Threat Defense – Virtual Edition (vNTD) with full detect and mitigate capabilities.
The SmartWall vNTD is a natural extension of the Corero family of automated DDoS protection solutions, enabling seamless deployment of high-performing, scalable, cost-effective protection across physical and virtual environments; on-premises or in the cloud.
“Corero is meeting the demand for real-time DDoS mitigation with an expansive portfolio of solutions for organizations looking to take control of the DDoS threat, eliminate attacks automatically and protect their network infrastructure to maintain service availability in the face DDoS attacks,” states Sean Newman, Director Product Management, Corero.
SmartWall vNTD, now available for KVM and vSphere platforms, enables the flexibility to choose physical or virtual form-factors when deploying DDoS protection.

High Performance, CPU efficient, protection with unified management

Mitigation deployed, in up to 10Gbps increments, at line-rate speeds
Protection scales to terabits per deployment
Industry leading performance per virtual CPU core
Mixed physical and virtual NTD deployments managed from single a console

SmartWall vNTD provides the scalability, agility and cost flexibility required to deliver DDoS protection for virtualized server infrastructures and SDN/NFV networks, enabling elastically scalable deployments, which can be based on demand for the applications and services being protected.
The expansion of Corero’s SmartWall portfolio with vNTD also enables third-party products, including Firewalls, IPS solutions and other security infrastructure to be enhanced with real-time DDoS mitigation.
“Corero continues to meet customer needs, including technology partners, who are working hard to protect their own customers from the impact of DDoS attacks. Through this process, the requirement for virtualized solutions to support SDN/NFV roll outs and technology partner solutions has been defined. This addition to Corero’s portfolio underscores our leadership in delivering robust, automated DDoS protection to the market,” Sean Newman adds.
For more information please visit https://www.corero.com/products/virtual-network-threat-defense-system.html
OEM partners and organizations committed to protecting their customers from DDoS attacks can reach us at info@corero.com
About Corero Network Security
Corero Network Security is the leader in real-time, high-performance DDoS defense solutions. Service providers, hosting providers and online enterprises rely on Corero’s award winning technology to eliminate the DDoS threat to their environment through automatic attack detection and mitigation, coupled with complete network visibility, analytics and reporting. This industry leading technology provides cost effective, scalable protection capabilities against DDoS attacks in the most complex environments while enabling a more cost effective economic model than previously available. For more information, visit www.corero.com.

The post Corero Network Security Expands Product Family to Include Real-Time Virtualized DDoS Protection appeared first on IT Security Guru.

Independent Study Reveals 82% of Service Providers see Clear Business Opportunity in Providing Premium DDoS Protection-as-a-Service to Their Customers

The Gurus — Fri, 26 May 2017 12:15:24 +0000

Corero Network Security announced this week the results of the second annual study of service providers, with the objective uncovering the drivers, benefits, and barriers to enhanced DDoS protection with providers offering services like VoIP, UC, transit, public and private cloud services and E-Line and E-LAN functionality.
The findings offer valuable insights into the group’s needs for positioning DDoS protection across their networks, as well as the valuable business benefit to position themselves as leading the charge against DDoS attacks, both in protecting their own infrastructure and offering more comprehensive security solutions to their customers, as a paid-for managed service.
As Stephanie Weagle, VP of marketing at Corero explains- “given that DDoS attacks are growing in frequency and sophistication, it’s not at all surprising that providers are prioritizing and enhancing DDoS mitigation service offerings, and understand the revenue opportunity that such a service brings to the table. It’s much more cost effective—and less complicated—for a business to secure DDoS protection from their trusted provider”.
And she is not wrong; 93 percent of service providers see providing DDoS mitigation in relation to other types of security services to their customers as a high priority, with 37 percent ranking it as more important and 56 percent saying it was just as important. This is an increase of 10 points from last year. A full 82 percent see a clear business opportunity in providing a DDoS Protection as-a-Service (DDPaaS) to their customers.
Even as service providers are clearly concerned about DDoS and its effects, the top issue in providing DDPaaS was proving the value of the service to customers, as cited by 39 percent survey respondents. Other concerns in deploying DDPaaS include a requirement for per-customer visibility and protection capabilities from a single management console (held by 23 percent); and cost (21 percent).
In ranking what providers are looking for in an ideal DDoS solution, unsurprisingly, the results display a wide range of requirements.

The ability maintain bandwidth/throughput in the face of a DDoS attack was ranked most important at 42 percent, similarly to last year.
Unsurprisingly, the ability to handle high-volume, indiscriminate attacks ranked second highest in importance to 29 percent of respondents.
The ability to mitigate attacks in seconds’ vs minutes or more, and ability to handle attacks that are aimed at disrupting specific applications, 25 percent each.
The ability to reduce overall CAPEX/OPEX was key for about a fifth of service providers, 22 percent

The capability to integrate DDoS attack mitigation with third-party DDoS detection tools, the ability to provide reporting and visibility into attack types and mitigation that was executed, as well as a solution with low false blocking rates all scored relatively equally as requirements in deploying a DDoS mitigation solution.
With the end user demand for a premium DDoS as a service options, providers which position themselves with automated, sophisticated DDoS protection will not only find themselves rewarded with customer loyalty, but with an edge over their competitors as well.
For more on how ISPs can take advantage of dedicated DDPaaS offerings and how Corero is paving the way for real-time protection and significant services revenue potential, download the full Executive Summary: http://www.fiercetelecom.com/future-ddos-protection-turning-threat-into-a-revenue-generating-opportunity.

The post Independent Study Reveals 82% of Service Providers see Clear Business Opportunity in Providing Premium DDoS Protection-as-a-Service to Their Customers appeared first on IT Security Guru.

Corero Network Security Expands Real-Time DDoS Mitigation Capabilities to Include 100Gbps Ethernet

The Gurus — Tue, 14 Feb 2017 11:03:38 +0000

Corero Network Security has announced the expansion of its award-winning, real-time, DDoS mitigation solutions, with the SmartWall® Network Threat Defense 1100 (NTD1100). The SmartWall family of appliances now extends its real-time, line-rate, DDoS detection and automatic mitigation, to 100 Gigabit Ethernet connections. Protection is delivered in a compact 1 RU form-factor – an industry first – scaling to 4Tbps of protection in a single rack.
The expansion of the SmartWall product line is a direct response to industry leading Internet service providers, hosting providers and online enterprises evolving their businesses to realize the maximum value from their Internet connectivity and ultimately, their investment in DDoS mitigation.
“The evolution of our product reinforces our leadership role in delivering the robust, real-time, DDoS protection Corero customers are used to, while maintaining industry disrupting economies of scale. Corero continues to re-write the book on DDoS defense, with high security efficacy, matched with superior performance and overall value to the customer,” said Ashley Stephenson, CEO, Corero.
The SmartWall NTD1100 is capable of supporting large-scale transit and peering point deployments with in-line protection or scrubbing-center topologies, with benefits including:

New extensible architecture, positioned for future scaling and support of virtual, cloud and SDN/NFV deployment models.
Automatic surgical mitigation of volumetric DDoS attacks, in seconds, not minutes
Comprehensive traffic visibility and DDoS attack analytics
Centralized Management and analysis; offered as either physical or virtual appliances

The SmartWall NTD family of solutions is also available as a component of the Corero SmartProtect program, designed to enable Internet service and hosting provider operators to deliver high-value, premium DDoS Protection as-a-Service (DDPaaS) to their customers, with a disruptive pricing model which eases adoption.
SmartWall NTD1100 will be on display at Booth # 2333 during RSA 2017 in San Francisco. SmartWall NTD1100 maintains a pricing scale that is up to four times less than traditional mitigation solutions, with flexible procurement options. Shipment planned in Q2, 2017.

The post Corero Network Security Expands Real-Time DDoS Mitigation Capabilities to Include 100Gbps Ethernet appeared first on IT Security Guru.

80% of European Businesses Under Threat of DDoS Ransom Attacks Over Next 12 Months, Corero Finds

The Gurus — Wed, 06 Jul 2016 10:10:17 +0000

Research from Corero Network Security has found that 80% of European IT security professionals expect DDoS ransom attacks to target their business within the next 12 months.
A poll of experts at the InfoSecurity Europe conference made evident the fears of cyber extortion attempts in the UK and Europe. Furthermore, warnings were issued by the City of London Police in May this year following risks identified from warnings by Lizard Squad, who were threatening charges of around £1,500 to stop DDoS attacks orchestrated by them. Corero also observed a sharp increase in DDoSers targeting theircustomers at the end of 2015, giving further gravity to the findings of this research.
Even more concerning was the finding that almost half of these IT security professionals (43%) thought that it was possible that their organization might pay such a ransom demand.
Dave Larson, COO at Corero Network Security, comments: “Extortion is one of the oldest tricks in the criminal’s book, and one of the easiest ways for today’s hackers to turn a profit. When your website is taken offline, it can cost businesses over $6500 a minute in lost revenue, so it’s understandable why some organizations choose to pay the ransom. But this is a dangerous game, because just a few willing participants encourage these threats to spread like wildfire. Rather than trying to negotiate with criminals, the only way to beat these attacks is to have a robust, real-time DDoS mitigation system in place, which can defend against attacks and prevent downtime.
“Our research data indicates that DDoS ransom attack threats are not only increasing in frequency but also being used by cyber criminals in new and creative ways to extract money from victims. For example, low-level, sub-saturating DDoS attacks are usually used as a precursor to ransomware attacks. Because they are so short – typically less than five minutes in duration – they are usually not detected by security teams and allow hackers to find pathways and test for vulnerabilities within a network which can later be exploited through other techniques.”
We have heard also that companies that meet ransom dfemands often risk putting themselves on a “suckers list” that means they’re known to cough up and will be targeted again in future on the assumption they’ll pay again.
As DDoS attacks become increasingly sophisticated, many organizations are looking further upstream to their Internet Service Provider to protect them against DDoS threats. The majority of those surveyed (59%) worry that their ISP does not provide enough protection against DDoS attacks, and almost a quarter (24%) of respondents believes that their ISP is to blame if a DDoS attack affects their business.
Furthermore, over half of those surveyed (53%) believe that ISPs are hiding behind net neutrality laws – the concept of treating all online traffic equally – as a way to dodge their responsibilities in terms of protecting their customers from cyber attacks, such as DDoS.
Telecoms companies have traditionally been regarded as responsible for directing traffic, without judging the content – the prized concept of net neutrality. Dave Larson tells us “the tide of opinion is changing and many customers now want their telcos to deliver not a decaying mélange of Internet traffic and increasingly sophisticated attack vectors, but a ‘clean pipe’ of good traffic, where the threats have been proactively removed. Providers now have a golden opportunity to offer their customers DDoS protection-as-a-service, and open up valuable new revenue streams in the process – or risk losing their customers.”
Almost 60% of those surveyed (58%) said that would leave their service provider because of poor service, and over a fifth (21%) would leave if they did not offer adequate protection against DDoS attacks.
The research report was compiled by Corero Network Security and examined the views of 103 European IT security professionals at the Infosecurity Europe conference in London during 7-9 June 2016.

The post 80% of European Businesses Under Threat of DDoS Ransom Attacks Over Next 12 Months, Corero Finds appeared first on IT Security Guru.

The Three Little Pigs and the Big Bad Botnet

The Gurus — Mon, 16 May 2016 08:38:32 +0000

I’ll huff and I’ll puff and I’ll…bring your web application offline!
The possibility of a business being targeted by some huge zombie army, or botnet, is enough to send shivers down the spine of many seasoned security veterans. Modern botnets are of vast size and power, with more sophisticated features and capabilities than ever before. Modern botnet attacks can be very precise and controlled, being pulsed and sent in different ways to make the attackers impossible to trace and the impact that much more damaging. So who is behind these botnets, what can we expect to see in the future and how can organisations put their fears to bed and defend themselves effectively from them?
Botnets have transformed the DDoS landscape. Once, attacks were the preserve of a small, technical elite who had enough coding skills to launch a strike. But now, DDoS-for-hire botnets have significantly lowered the barriers to entry. A quick Google search and a PayPal account makes botnets readily available for just a few dozen dollars, with no coding experience necessary. And they are becoming increasingly popular – DDoS-for-hire botnets are now estimated to be behind as many as 40 per cent of all network layer attacks.
But while the majority of purchasers are likely to be low-level attackers, seeking to cause mischief and settle personal grievances, more powerful botnets-for-hire are also being utilised by state actors and organised crime syndicates. In recent years, DDoS attacks have been getting bigger and bigger. Our Security Operations Centre recorded a dramatic (25%) increase in very large attacks of more than 10Gb per second among our customer base in the second half of last year. And in terms of individual attacks, the strike on the BBC in January was one of the biggest ever reported, at an enormous 600Gb per second. While these attacks clearly cause significant damage, we believe that their primary purpose is often just to demonstrate their attackers’ capabilities so that they can be sold as a service in the future. The kind of gigantic attacks that make headlines aren’t cheap to rent, and would probably cost upwards of $150,000 to engage. As a result, these are only likely to be utilised by criminal or nation state attackers, who have access to a sophisticated infrastructure with money laundering capabilities.
Looking forward, there is really no limit to the potential size and scale of future botnet-driven DDoS attacks, particularly when they harness the full range of smart devices incorporated into our Internet of Things. By using amplification techniques on the millions of very high bandwidth density devices currently accessible, such as baby video monitors and security cameras, DDoS attacks are set to become even more colossal in scale. Terabit -class attacks may be increasingly common and ‘breaking the Internet’ – or at least clogging it in certain regions – could soon become a reality. The bottom line is that attacks of this size can take virtually any company offline, and are a reality that anyone with an online presence must be prepared to defend against..
But it isn’t just the giant attacks that organisations need to worry about. Before botnets are mobilised, hackers need to make sure that their techniques are going to work. This is usually done through the use of small, sub-saturating attacks which most IT teams wouldn’t even recognise as a DDoS attack. Due to their size – the majority are less than five minutes in duration and under 1Gbps – these shorter attacks typically evade detection by most legacy out-of-band DDoS mitigation tools, which are generally configured with detection thresholds that ignore this level of activity. This allows hackers to perfect their methods under the radar, leaving security teams blindsided by subsequent attacks. If these techniques are then deployed at full scale with a botnet, the results can be devastating.
Besides harnessing enormous power, botnets are also notoriously difficult to spot. Once deployed, they utilise sophisticated techniques to hide their tracks. Their command and control infrastructure can be automated or set on autopilot, they can sleep for long periods of time, they can have ubiquitous bandwidth available at any time of day by waking up different regions at different times – they are a complex and vast maze, often operated by some of the brightest minds in cybercrime. But that’s no reason for organisations to resign themselves to eventually getting attacked. So what are the most effective methods of defence?
The old way was to use a cloud-based scrubbing centre, where the security team can divert traffic for analysis and filtering when they see a DDoS attack. But asking a human to monitor the edge of the network and intervene when they think they’ve spotted a DDoS attack is very labour intensive and won’t react fast enough to the automated attacks of today. Furthermore this won’t apprehend the sub-saturation attacks that experiment on your networks undetected, finding vulnerabilities and testing new methods.
So a proper modern method is one that’s always on, deployed in-line and doesn’t require human intervention in order to maintain clean traffic. The technology, whilst relatively new, is available on premises and from upstream prviders, so there are options open to most organisations no matter their size, budget and likelihood of being targeted. It also frees up your manpower to focus on preventing data exfiltration and other malicious activity taking place, making your staff much mroe productive.
So there you have it – maybe the three little pigs don’t need to worry about the big bad botnet after all! There’s methods on offer to help you build your proverbial “house” (security infrastructure) out of bricks and mitigate the most serious botnet-driven DDoS attacks on their networks.
Dave Larson is Chief Operating Officer at Corero Network Security. To find out more about Corero, head over to their website or follow them on twitter.

The post The Three Little Pigs and the Big Bad Botnet appeared first on IT Security Guru.

Customer Trust and Revenues are where DDoS hits hardest

The Gurus — Thu, 24 Mar 2016 11:45:16 +0000

Corero Network Security has unveiled research from this year’s RSA showing that the most damaging consequence of DDoS attacks is the loss of customer trust.
After polling tech decision makers at RSA, Corero also foud that 34% of respondents felt loss of revenue was the biggest threat.
Dave Larson, Coerero’s chief operating officer, informed us that ‘network or website service availability is crucial to ensure customer trust and satisfaction, and vital to acquire new customers in a highly competitive market. When an end user is denied access to Internet-facing applications or if latency issues obstruct the user experience, it immediately impacts the bottom line.’
DDoS attacks make the media regularly, but get much more attention when there’s actually a firewall failre or a service/website is fully derailed. However Corero’s recent research has found that that there’s been a huge increase in sub-saturation attacks – those which are part of alrge plan, designed to knock one particular aspect of a service or site down as other nefarious activities take place or intelligence is gathered on behalf of the attackers.
Larson noted that small DDoS attacks often escape the radar of traditional scrubbing solutions. Many organizations have no systems in place to monitor DDoS traffic, so they are not even aware that their networks are being attacked regularly.
‘Industry research, as well as our own detection technology, shows that cyber criminals are increasingly launching low-level, small DDoS attacks,’ said Larson. The problem with such attacks is two-fold: small, short-duration DDoS attacks still negatively impact network performance, and-more importantly, such attacks often act as a smokescreen for more malicious attacks. While the network security defenses are degraded, logging tools are overwhelmed and IT teams are distracted, the hackers may be exploiting other vulnerabilities and infecting the environment with various forms of malware.’
Corero also found that many companies rely on upstrea providers to eliminate the attacks, with 30% of respondents saying this was their technique for protection. 85% of those surveyed believe their upstream provider should offer this protection as a service to their subscribers – over half of respondents said they’d pay their provider for this as a premium service.
When looking at the current methods of handling the DDoS threat used by companies, nearly one third (30%) of respondents rely on traditional security infrastructure products (firewall, IPS, load balancers) to protect their businesses from DDoS attacks. ‘Those companies are very vulnerable to DDoS attacks because it’s well-documented that traditional security infrastructure products aren’t sufficient to mitigate DDoS attacks,’ said Larson.

The post Customer Trust and Revenues are where DDoS hits hardest appeared first on IT Security Guru.

Almost half of Endpoint Systems Compromised in the last 12 months, finds SANS Insititute

The Gurus — Thu, 17 Mar 2016 15:49:52 +0000

Cyber attackers are still riding the wave of success by attacking those surfing the web through their endpoint systems.
All the valuable data – logins, access credentials and more – are still being regularly accessed by hackers, SANS has found in their 3rd endpoint security survey.
After quizzing 829 IT professionals, they’ve concluded that there’s a clear need for a more proactive approach to detecting threats and compromises. 44% of respondents said their endpoint systems had been compromised ovethe last 2 years, with a brave 15% admitting they didn’t know how many threats were detected through actively hunting for them.
Over 1 in 4 respondents said it was a third party that notified them of the breach, rather than it being detected initially by the company under attack. So does someone, or something, need to get its act together? Or are the hackers one step ahead of the security community?
Well we know that hackers are always looking for new methods and we know that they have several methods at their disposal – with new phishing methods, new exploit kits and like cropping up left right and centre. What’s more, methods that have been used consistently for decades (quite literally a lifetime in computing terms), such as DDoS attacks, have been found to evolve and change in nature to evade security measures, as found by companies such as Corero in their analyses.
Many experts have in the past cited a lack of network visibility as the core factor undermining their security posture. However it depends who you ask and what experiences they’ve had in the past – ask the CISO of a company that was badly phished and they’ll say their end users are the weak point, as hackers target their lack of awareness in order to get in. Ask someone who’s had an APT lurking on their system for 12 months that then blew up and they’ll say it’s a visibility problem.
What SANS has found is that 41% of respondents said they were unable to acquire information about unauthorised sesnsitive data that they need to detect threats. Furthermore 74% of those surveyed said that they want results from endpoint quesries in an hour or less – 38% want that data in 5 minutes or less!
As is so often with apprehending crime and fraud, it appears that SPEED is of the essence, with the ability to act quickly beng essential to prevent further damage and expense.

The post Almost half of Endpoint Systems Compromised in the last 12 months, finds SANS Insititute appeared first on IT Security Guru.

DDoS Attack on the San Jose PD Website and IT Assets

The Gurus — Fri, 27 Nov 2015 10:01:05 +0000

San Jose, Calif., city officials confirmed a distributed denial of service (DDoS) attack on the San Jose Police Department website and possibly other IT assets, making services unavailable to users. According to reports, the attack began as early as last Thursday, Nov. 5, and was said to be resolved early this week. As a San Jose PD spokesperson acknowledged, this attack is part of a growing trend of cyber-based attacks that continue to increase.
ITSG caught up with Dave Larson, Chief Operating Officer of Corero Network Security, who told us “Motivations for DDoS attacks can be wide ranging. Regardless of the motivations, this DDoS attack event highlights the need for a proactive defence woven into enterprise IT infrastructure, upstream hosting and internet service provider networks, in order to protect our growing dependence on online business and activity.”
Dave added: “Further, DDoS attacks are often used as a distraction technique for ulterior motives. They’re not always intended for denying service, but rather as a means of obfuscation, intended to degrade security defenses, overwhelm logging tools and distract IT teams while various forms of malware sneak by.”
View full story
ORIGINAL SOURCE: Information Security Buzz

The post DDoS Attack on the San Jose PD Website and IT Assets appeared first on IT Security Guru.

The Evolution of DDoS

The Gurus — Wed, 04 Nov 2015 17:11:48 +0000

By Dave Larson, Chief Technical Officer of Corero Network Security

The World Wide Web is only 25 years old, but it has overseen countless advances in the way it is written and manipulated. Look at DDoS attacks – once simple volumetric attacks have now become deceptive and capable of carrying out several functions at once. Yet responses to this threat have not enjoyed the same rapid developments. This article examines what ISPs and carriers can do to mitigate the threat, as well as analysing what approaches are on offer to technical staff fighting the cyber-criminals.
The evolution of DDoS
In the early days of DDoS attacks (c. 2000), DDoS mitigation technology utilized in the Service Provider industry focused on the ability to determine that a DDoS attack was occurring, simply by sampling edge routers and interrogating NetFlow records from those routers. As a result, an operator could see the increase in DDoS traffic but they had few if any defenses at their disposal to block the attacks. Without any true solutions available or in place, a network operator would first interpret that an attack was in progress, then manually inject a null-route – sometimes referred to as a black-hole route – into the routers at the edge of the service provider’s network, and block the attack. This null-route effectively blocked all attack traffic headed toward the intended victim.
However, this approach had negative connotations as well. Null-route injections also blocked all good traffic along with the bad. The target victim was taken completely offline by the null route and this actually perfected the attack by dropping all packets destined to the victim’s IP addresses. This approach provided a way of at least blunting the flow of the attack and served as a tool to eliminate the collateral damage to other customers or infrastructure as a result of the DDoS attack.
Fast forward several years and we find improvements to DDoS mitigation, and an evolution in protection techniques available to operators. It became clear that a null-route was not an approach that operators preferred to use. Instead of injecting a null-route when an operator observes a large spike, they were now able to inject a new route instead. By implementing a new route, operators could now gain the ability to redirect all traffic through an appliance or bank of appliances that inspected traffic and attempted to remove the DDoS attack traffic from the good user flows. This approach spawned the existence of DDoS scrubbing-centers and DDoS scrubbing-lanes that are commonly deployed today.
This DDoS scrubbing approach, while a significant improvement, still required a considerable amount of human intervention. A DDoS attack would have to be detected (again by analyzing NetFlow records) then an operator would have to determine the victim’s destination IP address(s). Once the victim was identified, a BGP route update would take place to inject a new route to redirect or “swing” the victim’s incoming traffic to a scrubbing lane. The appliances in the scrubbing lane would attempt to remove the DDoS traffic from the good traffic and forward it to the downstream customer. In order to forward the good traffic back to the original destination, in most cases an operator would also have to create a GRE tunnel from the scrubbing lane back to the customer’s border router. This approach represents a significant improvement over null-route solutions but it also introduces significant complexity to the carrier network topology and requires dedicated and costly security personnel in order to ensure proper execution.
Recently, the complexity of the DDoS challenge has been evolving and attacks have been increasing in size, sophistication and frequency. Additionally, as large network operators have succeeded and grown, the sheer size and scale of their infrastructures and their massive customer base presents an incredibly attractive attack surface due to the multiple entry points and significant aggregate bandwidth that acts as a conduit for damaging and disruptive DDoS attacks. The combination of these trends is now driving the need for an even more sophisticated approach to DDoS mitigation that utilizes purpose-built technology to enable a better economic model for defeating these attacks and creating new revenue streams around clean-pipe services.
As we approach the modern day DDoS threat, with advanced mitigation techniques that have evolved over the last decade, innovative protection, sophisticated visibility and scalable deployment options are emerging. In-line deployments of mitigation technology at the Internet or transit and peering points offer much needed relief from the frequent and damaging attacks that providers are dealing with on a regular basis. Alternatively, many providers prefer a scrubbing-lane approach, but require enhanced visibility into the traffic patterns as well as the need to scale the scrubbing operation for increased bandwidth.
DDoS mitigation approaches and real-time threat responses
The weaknesses of old methods – being slow to react, expensive to maintain and unable to keep up with shifting and progressive threats – tell us that solutions appropriate for today need to be always-on and instantly reactive. It’s clear they also need to be adaptable and scalable so that defences can be quickly and affordably updated to respond to the future face of DDoS threats – whatever those may be.
The increasingly popular method of fulfilling these aims is dynamic, in-line DDoS mitigation bandwidth licensing. With this technique, an in-line DDoS mitigation engine is employed but the operator pays for only the bandwidth of attacks actually mitigated. The benefit of this approach is that it delivers full edge protection for locations in the network that are most affected by DDoS, at a fraction of the cost of traditional scrubbing centre solutions. The desirability of these tools is due to the fact that they can be constantly on, with no need for human intervention, and they provide non-stop threat visibility and network forensics.
Another aspect of effective DDoS mitigation is security event reporting. One of the Achilles heels of traditional DDoS scrubbing centre solutions is that they rely on coarse sampling of flows at the edge of the network to determine an attack is taking place. DDoS attackers are well aware of the shortcomings of this approach and have modified many of their techniques to ride under the radar, below the detection threshold, in order to evade ever being redirected to a scrubbing centre. Your security posture will only be as good as your ability visualize the security events in your environment, and a solution that relies on coarse sampling will be unable to even detect, let alone act on, the vast majority of the modern DDoS attack landscape. A robust modern DDoS solution will provide both instantaneous visibility into DDoS events as well as long-term trend analysis to identify adaptations in the DDoS landscape and deliver corresponding proactive detection and mitigation techniques.
New software and hardware makes real-time responses possible, mainly because the traffic from DDoS attacks generally forms a bell curve. The reason they behave this way is to elude the sample-based anomaly detectors that are supposed to spot and kill DDoS attacks. However the modern data analytics in newer solutions enables DDoS detection far before the system’s critical threshold is reached.
As a result, companies don’t have to accept DDoS as one of those risks that you just can’t avoid – either by paying for it themselves or asking for it from their service providers, they can now acquire the technology that will stop these attacks and prevent the costly downtime that they incur.

Visit Corero’s website for more information: www.corero.com

The post The Evolution of DDoS appeared first on IT Security Guru.