DDoS Archives - IT Security Guru

Amplification attacks and old botnets make a comeback

The Gurus — Fri, 27 Apr 2018 11:23:00 +0000

Kaspersky Lab has published its report looking at botnet-assisted DDoS attacks for the first quarter of 2018. The company’s experts note an increase in activity by both old and new botnets, growth in the popularity of amplification DDoS attacks and the return of long-lasting (multi-day) DDoS attacks.

In the first quarter of 2018, DDoS botnets attacked online resources in 81 countries. The countries experiencing the largest number of attacks were once again China, the US and South Korea, which all continue to lead in terms of the number of servers available to attackers and, hence, the number of sites and services hosted on them. Hong Kong and Japan, meanwhile, replaced the Netherlands and Vietnam among the top 10 most targeted countries.

The changes to the 10 countries hosting the most C&C servers were more pronounced, with Italy, Hong Kong, Germany and the United Kingdom replacing Canada, Turkey, Lithuania and Denmark. This is likely down to the number of active C&C servers of the Darkai (a clone of Mirai) and AESDDoS bots increasing dramatically, and the old Xor and Yoyo botnets resuming their activities. Although most of these botnets use Linux, the proportion of Linux-based botnets fell slightly in the first quarter compared to the end of last year, accounting for 66 per cent vs 71 per cent in 2017.

In addition, after a short respite, it appears long-lasting attacks are back: the longest DDoS attack of the quarter lasted 297 hours (more than 12 days). The last time we saw a longer attack was at the end of 2015.

The end of the reporting period was marked by the Memcached floods that were unprecedented in terms of their power – in some cases exceeding 1TB. However, Kaspersky Lab experts expect their popularity to be short-lived because Memcached flood attacks not only affect their targets, but also the companies unwittingly involved in carrying out the attacks.

For example, in February Kaspersky DDoS Protection technical support was contacted by a company complaining that their communication channels were overloaded, leading them to suspect they were being subjected to a DDoS attack. It turned out that one of the company’s servers with the vulnerable Memcached service was being used by criminals to attack another service and generated such huge volumes of outgoing traffic that the company’s own web resources crashed. That’s why these attacks are doomed to be short-lived; the unwitting accomplices in Memcached attacks soon notice the higher load and quickly patch the vulnerabilities to avoid losses, thereby reducing the number of servers available to attackers.

Overall, the popularity of amplification attacks, which was previously on the decline, gained momentum in the first quarter. For example, we registered a rare type of attack, despite its effectiveness, in which the LDAP service was used as an amplifier. Along with Memcached, NTP and DNS, this service has one of the biggest amplification rates. However, unlike Memcached, LDAP junk traffic is barely capable of clogging the outgoing channel completely, making it more difficult for the owner of a vulnerable server to identify and remedy the situation. Despite the relatively small number of available LDAP servers, it is possible that this type of attack will become a hit on the Darknet in the coming months.

“Our latest DDoS report has shown that it’s not only direct victims of DDoS attacks that are affected, but also companies whose infrastructure includes vulnerable components. Exploiting vulnerabilities is common for cybercriminals creating DDoS botnets, so this report emphasises the scale of the threat to organisations. A company’s multilayered online security strategy should include regular patching of vulnerabilities and protection against DDoS attacks as standard,” comments Russ Madley, Head of B2B, Channel, Kaspersky Lab.

The post Amplification attacks and old botnets make a comeback appeared first on IT Security Guru.

Number of DDoS Attacks Have Doubled in Six Months As Criminals Leverage Unsecured IoT Devices

The Gurus — Tue, 21 Nov 2017 12:35:14 +0000

Organisations experienced an average of 237 DDoS attack attempts per month during Q3 2017 – equivalent to 8 DDoS attack attempts every day – as hackers strive to take their organisations offline or steal sensitive data, according to the latest DDoS Trends and Analysis report from Corero Network Security (LSE: CNS), a leading provider of real-time DDoS defense solutions.
The data, which is based on DDoS attack attempts against Corero customers, represents a 35% increase in monthly attack attempts compared to the previous quarter (Q2 2017), and a 91% increase in monthly attack attempts compared to Q1 2017.
Corero attributes this increase in frequency to the growing availability of DDoS-for-hire services, and the proliferation of unsecured Internet of Things devices. For example, the ‘Reaper’ botnet is known to have already infected thousands of devices, and is believed to be particularly dangerous due to its ability to utilise known security flaws in the code of those insecure machines. Like a computer worm, it hacks in to IoT devices and then hunts for new devices to infect in order to spread itself further.
Ashley Stephenson, CEO at Corero, explains: “The growing availability of DDoS-for-hire services is causing an explosion of attacks, and puts anyone and everyone into the crosshairs. These services have lowered the barriers to entry in terms of both technical competence and price, allowing anyone to systematically attack and attempt to take down a company for less than $100. Alongside this trend is an attacker arms race to infect vulnerable devices, effectively thwarting other attackers from commandeering the device. Cyber criminals try to harness more and more Internet-connected devices to build ever larger botnets. The potential scale and power of IoT botnets has the ability to create Internet chaos and dire results for target victims.”

Sophisticated multi-vector attacks
In addition to the frequency of attacks, the Corero data reveals that hackers are using sophisticated, quick-fire, multi-vector attacks against an organisation’s security. A fifth of the DDoS attack attempts recorded during Q2 2017 used multiple attack vectors. These attacks utilise several techniques in the hope that one, or the combination of a few, can penetrate the target network’s security defences.
Ashley Stephenson continues, “Despite the industry fascination with large scale, Internet-crippling DDoS attacks, the reality is that they don’t represent the biggest threat posed by DDoS attacks today. Cyber criminals have evolved their techniques from simple volumetric attacks to sophisticated multi-vector DDoS attacks. Often lasting just a few minutes, these quick-fire attacks evade security teams and can sometimes be accompanied by malware and other data exfiltration threats. We believe they are often used in conjunction with other cyber-attacks, and organisations that miss them do so at their peril.
“The only way to keep up with these increasingly sophisticated, frequent and low volume attacks is to maintain comprehensive visibility and automated mitigation capabilities across a network, so that even everyday DDoS attacks can be instantly detected and blocked as they occur and before they cause damage.”

Ransom Denial of Service
Corero observed a return of Ransom Denial of Service, or RDoS, in Q3 2017. A widespread wave of ransom DDoS threats from hacker group, Phantom Squad, started in September, targeting companies throughout the US, Europe and Asia. The extortion campaign spanned a variety of industries – from banking and financial institutions, to hosting providers, online gaming services and SaaS organisations – and threatened to launch attacks on 30 September unless a Bitcoin payment was made.
Ashley Stephenson continues, “Ransom is one of the oldest tricks in the cyber criminal’s book, and with cryptocurrency, is an anonymous way for them to turn a profit. As IoT botnets continue to rise, we may soon see hackers put on more dramatic RDoS displays to demonstrate the strength of their cyber firepower, so that their future demands for ransom will have to be taken more seriously. Paying the ransom is rarely the best defence, as it just encourages these demands to spread like wildfire. It is proven that with proper protection in place to automatically eliminate the DDoS threat, organisations will be in a much stronger position.”
For access to the complete Corero DDoS Trends report, download it at: http://info.corero.com/DDoS-Trends-Report.html

The post Number of DDoS Attacks Have Doubled in Six Months As Criminals Leverage Unsecured IoT Devices appeared first on IT Security Guru.

FBI appeals to Businesses to Share DDoS Attack Info

The Gurus — Thu, 19 Oct 2017 09:59:19 +0000

The FBI has appealed to businesses to share info about DDoS attacks they may have fallen victim to, regardless of size, following the relentless wave of ransomware attacks this year.
View Full Story
ORIGINAL SOURCE: Threat Post

The post FBI appeals to Businesses to Share DDoS Attack Info appeared first on IT Security Guru.

Corero Network Security Expands Product Family to Include Real-Time Virtualized DDoS Protection

The Gurus — Wed, 18 Oct 2017 14:18:59 +0000

Enables greater flexibility for deploying automated DDoS mitigation at the scale, speed and efficacy Corero is best known for

Corero Network Security (LSE: CNS), a leading provider of real-time DDoS defense solutions, announced today the availability of its SmartWall Network Threat Defense – Virtual Edition (vNTD) with full detect and mitigate capabilities.
The SmartWall vNTD is a natural extension of the Corero family of automated DDoS protection solutions, enabling seamless deployment of high-performing, scalable, cost-effective protection across physical and virtual environments; on-premises or in the cloud.
“Corero is meeting the demand for real-time DDoS mitigation with an expansive portfolio of solutions for organizations looking to take control of the DDoS threat, eliminate attacks automatically and protect their network infrastructure to maintain service availability in the face DDoS attacks,” states Sean Newman, Director Product Management, Corero.
SmartWall vNTD, now available for KVM and vSphere platforms, enables the flexibility to choose physical or virtual form-factors when deploying DDoS protection.

High Performance, CPU efficient, protection with unified management

Mitigation deployed, in up to 10Gbps increments, at line-rate speeds
Protection scales to terabits per deployment
Industry leading performance per virtual CPU core
Mixed physical and virtual NTD deployments managed from single a console

SmartWall vNTD provides the scalability, agility and cost flexibility required to deliver DDoS protection for virtualized server infrastructures and SDN/NFV networks, enabling elastically scalable deployments, which can be based on demand for the applications and services being protected.
The expansion of Corero’s SmartWall portfolio with vNTD also enables third-party products, including Firewalls, IPS solutions and other security infrastructure to be enhanced with real-time DDoS mitigation.
“Corero continues to meet customer needs, including technology partners, who are working hard to protect their own customers from the impact of DDoS attacks. Through this process, the requirement for virtualized solutions to support SDN/NFV roll outs and technology partner solutions has been defined. This addition to Corero’s portfolio underscores our leadership in delivering robust, automated DDoS protection to the market,” Sean Newman adds.
For more information please visit https://www.corero.com/products/virtual-network-threat-defense-system.html
OEM partners and organizations committed to protecting their customers from DDoS attacks can reach us at info@corero.com
About Corero Network Security
Corero Network Security is the leader in real-time, high-performance DDoS defense solutions. Service providers, hosting providers and online enterprises rely on Corero’s award winning technology to eliminate the DDoS threat to their environment through automatic attack detection and mitigation, coupled with complete network visibility, analytics and reporting. This industry leading technology provides cost effective, scalable protection capabilities against DDoS attacks in the most complex environments while enabling a more cost effective economic model than previously available. For more information, visit www.corero.com.

The post Corero Network Security Expands Product Family to Include Real-Time Virtualized DDoS Protection appeared first on IT Security Guru.

Incapsula network to expand, in a bid to increase Performance and Speed Attack Mitigation

The Gurus — Thu, 12 Oct 2017 15:33:32 +0000

Imperva have announced this week that they are expanding their Incapsula network. Alongside this expansion of the Incapsula network, Imperva will also be engaging in a significant investment in second-generation DDoS attack mitigation technology. This investment will facilitate Imperva being able to perform faster, and will also mean the introduction of an industry-leading 10 second DDoS mitigation SLA (service level agreement) to minimize the disruption to business in the extremely unfortunate event of a DDoS attack.
This expansion is driven by a notable change in DDoS attack patterns. Research by the Imperva Incapsula security team shows that DDoS attack patterns are shifting, with a significant increase in high packet rate attacks, DDoS assaults in which the packet forwarding rate escalated to about 50 million packets per second (pps). In Q3, Imperva saw 197 high packet rate attacks among clients, more than half of which were greater than 100 million pps. Of these, 11 were more than 200 million pps with the largest hitting 238 million pps for more than 3.5 hours.
The following three areas constitute the bulk of the expansion programme:
New PoPs, Increased Transit Capacity and Peering
Imperva has expanded its Incapsula data center footprint into Delhi, Dubai, Moscow, Mumbai, and Vancouver. Seven more are planned to be online by the end of the year in Bangkok, Istanbul, Jakarta, Johannesburg, Mexico City, Seoul and Taipei. The addition of these new PoPs speeds up the internet experience for local users.
Network bandwidth has been expanded to 4.7 terabits per second through a relationship with Level 3 Communications that adds an additional 1.8 Tbps across 20 strategically located data centres. An additional 2 Tbps of transit capacity is expected to be added by the end of 2017.
Second-Generation Scrubbing Technology Deployed in Mesh Network
The Incapsula global network now includes the Behemoth 2, Imperva’s second-generation DDoS mitigation device that provides DDoS scrubbing capability of 650 million packets per second and 440 gigabits per second per device. The Behemoth 2 devices are linked via the Incapsula mesh network to form a virtual DDoS scrubbing center that can mitigate large scale attacks now and in the future. With the addition of the new PoPs and Behemoth 2, the Incapsula global network has a total DDoS packet scrubbing capacity of 65 billion pps.
“There is a growing sophistication in DDoS attack techniques, and Incapsula’s advanced technology provides the headroom and capacity to handle larger attacks that will inevitably occur,” said Yoav Cohen, vice president of Incapsula research and development at Imperva. “Our unique approach of strategically located PoPs, increased bandwidth, and the Behemoth 2 allows Incapsula to detect and start mitigating a DDoS attack in seconds, effectively protecting against downtime.”
In today’s DDoS heavy cyberworld, any expansion designed to keep us safe is okay with us!

The post Incapsula network to expand, in a bid to increase Performance and Speed Attack Mitigation appeared first on IT Security Guru.

New SANS & Infoblox survey finds insider threats and ransomware are most feared, followed by DDoS attacks

The Gurus — Thu, 07 Sep 2017 09:32:47 +0000

Infoblox Inc., the network control company that provides Actionable Network Intelligence, today released results of a new study that identifies the top threats, risks and fears related to securing data assets and keeping networks secure. The survey, conducted by SANS and co-sponsored by Infoblox, found that ransomware, insider threats and denial of service are considered the top three threats organizations face when it comes to securing sensitive data.
According to the study, 78 percent of respondents report encountering two or more threats to their data in the past 12 months, while 12 percent actually encountered a breach, with 43 percent of those encountering exfiltration of sensitive data through encrypted channels. User credentials and privileged account information, known as access data, represented the most common data types involved in these breaches, spotlighting the fact that privileged data is prized by attackers — proving more desirable to them than sensitive data being targeted for financial gain or destruction.
“This shows how highly attackers prize access data,” said Sean Tierney, Director of Threat Intelligence at Infoblox. “It’s proving more desirable to them than sensitive data being targeted for financial gain or destruction because it opens the door to significantly more exploitation opportunities.”
The study also found that 59 percent of respondents are using manual processes to identify sensitive assets —ultimately leaving their networks prone to massively automated attacks.
Tierney added: “Those still relying solely on manual processes are doing themselves a disservice by opening up their networks and customer data to highly automated, targeted attacks. In order to counter the chances of compromise, they must know how data should flow and design an in-depth defense strategy to secure assets like user IDs, credentials, roles and directories. Automating network processes helps uncover sensitive data in previously unknown areas of the network. It frees up time for IT admins to perform more important, high-level tasks.”
Other key findings from the “2017 SANS Data Protection Survey” report include:

Threats to Data: Overall, 78 percent of respondents have seen two or more different types of threats over the last 12 months, with 68 percent having seen the same threat types multiple times.
Data Exfiltration: 48 percent of those who sustained a breach report that the incident resulted in the exfiltration of sensitive data, with the primary transport of the data being an encrypted channel established by malware with a secondary factor being email.
Challenges in Securing Data: When asked what their organization’s greatest challenge is when it comes to sensitive data protection, 31 percent of respondents report lack of staffing and resources to be their biggest obstacle.
The Cost of Compromise: 41 percent of respondents report the most frequent underlying cause for breaches of sensitive data to be hacking or malware-related attacks, with 37 percent indicating insider compromise.
Watch Your DNS: While 42 percent of respondents report conducting scans of their DNS infrastructures, only 19 percent conduct regular scans on at least a weekly basis, with a mere 9 percent scanning continuously. 58 percent of respondents do not utilize DNS-based prevention/detection techniques at all or are unaware whether they do.

View the Webinar
To learn more about the results of this survey and best practices when it comes to securing your sensitive data, join the SANS on demand webinar.

Download Report
Download the “Sensitive Data at Risk Everywhere: The SANS 2017 Data Protection Survey,” which includes recommendations for securing sensitive data.

Methodology
Participants for the study included more than 250 IT and security administrators, engineers, IT managers, developers, and privacy experts.

About Infoblox
Infoblox delivers Actionable Network Intelligence to enterprise, government, and service provider customers around the world. As the industry leader in DNS, DHCP, and IP address management, the category known as DDI, Infoblox (www.infoblox.com) provides control and security from the core—empowering thousands of organizations to increase efficiency and visibility, reduce risk, and improve customer experience.

About SANS Institute
The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest provider of training and certification to professionals at governments and commercial institutions world-wide. Renowned SANS instructors teach over 50 different courses at more than 200 live cyber security training events as well as online. GIAC, an affiliate of the SANS Institute, validates employee qualifications via 30 hands-on, technical certifications in information security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers master’s degrees in cyber security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet’s early warning system–the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community.

The post New SANS & Infoblox survey finds insider threats and ransomware are most feared, followed by DDoS attacks appeared first on IT Security Guru.

Q2 2017 Akamai State of the Internet / Security Report analyses re-emergence of PBot Malware; domain generation algorithms; relationship between Mirai Command & control and attack targets

The Gurus — Wed, 23 Aug 2017 09:36:11 +0000

Newly released data shows that distributed denial of service (DDoS) and web application attacks are on the rise once again, according to the Second Quarter, 2017 State of the Internet / Security Report released by Akamai Technologies, Inc. (NASDAQ: AKAM). Contributing to this rise swas the PBot DDoS malware which re-emerged as the foundation for the strongest DDoS attacks seen by Akamai this quarter.
In the case of PBot, malicious actors used decades-old PHP code to generate the largest DDoS attack observed by Akamai in the second quarter. Attackers were able to create a mini-DDoS botnet capable of launching a 75 gigabits per second (Gbps) DDoS attack. Interestingly, the Pbot botnet was comprised of a relatively small 400 nodes, yet still able to generate a significant level of attack traffic.
Another entry on the “everything old is new again” list is represented by the Akamai Enterprise Threat Research Team’s analysis of the use of Domain Generation Algorithms (DGA) in malware Command and Control (C2) infrastructure. Although first introduced with the Conficker worm in 2008, DGA has remained a frequently used communication technique for today’s malware. The team found that infected networks generated approximately 15 times the DNS lookup rate of a clean network. This can be explained as the outcome of access to randomly generated domains by the malware on the infected networks. Since most of the generated domains were not registered, trying to access all of them created a lot of noise. Analysing the difference between behavioral characteristics of infected versus clean networks is one important way of identifying malware activity.
When the Mirai botnet was discovered last September, Akamai was one of its first targets. The company’s platform continued to receive and successfully defended against attacks from the Mirai botnet thereafter. Akamai researchers have used the company’s unique visibility into Mirai to study different aspects of the botnet, most specifically in the second quarter, its C2 infrastructure. Akamai research offers a strong indication that Mirai, like many other botnets, is now contributing to the commoditisation of DDoS. While many off the botnet’s C2 nodes were observed conducting “dedicated attacks” against select IPs, even more were noted as participating in what would be considered “pay-for-play” attacks. In these situations, Mirai C2 nodes were observed attacking IPs for a short duration, going inactive and then re-emerging to attack different targets.
“Attackers are constantly probing for weaknesses in the defenses of enterprises, and the more common, the more effective a vulnerability is, the more energy and resources hackers will devote to it,” said Martin McKeay, Akamai senior security advocate. “Events like the Mirai botnet, the exploitation used by WannaCry and Petya, the continued rise of SQLi attacks and the re-emergence of PBot all illustrate how attackers will not only migrate to new tools but also return to old tools that have previously proven highly effective.”

By the Numbers:
Other key findings from the report include:

The number of DDoS attacks in Q2 increased by 28 percent quarter over quarter following three quarters of decline.
DDoS attackers are more persistent than ever, attacking targets an average of 32 times over the quarter. One gaming company was attacked 558 times or approximately six times a day on average.
Egypt was the origin of the greatest number of unique IP addresses used in frequent DDoS attacks with 32 percent of the global total. Last quarter, the United States held that spot and Egypt was not among the top five.
Fewer devices were used to launch DDoS attacks this quarter. The number of IP addresses involved in volumetric DDoS attacks dropped 98 percent from 595,000 to 11,000.
The incidence of Web application attacks increased five percent quarter-over-quarter and 28 percent year-over-year
SQLi attacks were used in more than half (51 percent) of web application attacks this quarter—up from 44 percent last quarter—generating nearly 185 million alerts in the second quarter alone.

A complimentary copy of the Q2 2017 State of the Internet / Security Report is available for download at http://akamai.me/2i9vrdz. Download individual charts and graphs, including associated at http://akamai.me/2w6mI1v.

Methodology
The Akamai Second Quarter, 2017 State of the Internet / Security Report combines attack data from across Akamai’s global infrastructure and represents the research of a diverse set of teams throughout the company. The report provides analysis of the current cloud security and threat landscape, as well as insight into attack trends using data gathered from the Akamai Intelligent Platform. The contributors to the State of the Internet / Security Report include security professionals from across Akamai, including the Security Intelligence Response Team (SIRT), the Threat Research Unit, Information Security, and the Custom Analytics group.

About Akamai
As the world’s largest and most trusted cloud delivery platform, Akamai makes it easier for its customers to provide the best and most secure digital experiences on any device, anytime, anywhere. Akamai’s massively distributed platform is unparalleled in scale with over 200,000 servers across 130 countries, giving customers superior performance and threat protection. Akamai’s portfolio of web and mobile performance, cloud security, enterprise access, and video delivery solutions are supported by exceptional customer service and 24/7 monitoring. To learn why the top financial institutions, e-commerce leaders, media & entertainment providers, and government organisations trust Akamai please visit www.akamai.com, blogs.akamai.com, or @Akamai on Twitter.

The post Q2 2017 Akamai State of the Internet / Security Report analyses re-emergence of PBot Malware; domain generation algorithms; relationship between Mirai Command & control and attack targets appeared first on IT Security Guru.

Attackers Use Pulse Wave DDoS to Pin Down Multiple Targets

The Gurus — Thu, 17 Aug 2017 09:35:35 +0000

New findings from Imperva Incapsula research published today, details the emergence of a new DDoS assault pattern, which has been named Pulse Wave.
According to lead researcher Igal Zeifman, “Pulse Wave DDoS represents a new attack methodology, made up of a series of short-lived pulses occurring in clockwork-like succession, which accounts for some of the most ferocious DDoS attacks we mitigated in the second quarter of 2017. In the most extreme cases, they lasted for days at a time and scaled as high as 350 Gbps.”
The size of these attacks, and the amount of skill they exhibit, are likely the handiwork of skilled bad actors who have become practiced in portioning their attack resources to launch simultaneous assaults. Meaning the intervals between each pulse are being used to attack a secondary target.
This new approach shows that some offenders have grown to understand that it is not necessary to hit a target continuously to take it offline; rather, repeated short bursts are enough to disrupt routers and servers, producing the same effect. By the time the systems have recovered from the first burst, or pulse, the hackers hit them again. In this way, they can double their resource utilisation and pin down several targets.
With effective sniping, even more simultaneous attacks can be launched to pin down multiple targets and boost the offenders’ bottom line.
The existence of such capabilities spells bad news for everyone, as they enable bad actors to greatly increase their attack output. The pulse-like nature of these attacks, however, is especially harmful for appliance-first mitigation solutions, since it can cut down the communication between their two components, preventing effective fail over from the appliance to the cloud. Specifically, the attacks have the capacity to delay the time it takes for the cloud component of the mitigation solution to kick in. This increases the likelihood of the target going down and being forced to initiate a prolonged recovery process. Moreover, the pulse wave assaults can prevent transition of data collected in the early attack stages from the appliance and into the cloud to further harm its responsiveness.
As the research points out, while pulse wave attacks constitute a new attack method and have a distinct purpose, they haven’t emerged in a vacuum. Instead, they’re a product of the times and should be viewed in the context of a broader shift toward shorter-duration DDoS attacks. Multiple industry reports—including the Imperva Incapsula quarterly DDoS Threat Landscape report— point to an increased number of short-lived DDoS events over the past year. As a result, the majority of all DDoS attacks today, both at the network and application layers, consistently last less than one hour. Moreover, the percentage of such short-burst attacks is growing each quarter.
“For a commercial organisation, every such instance translates into tens of thousands of dollars in direct and indirect damages. For professional offenders—already inclined to split up their attack resources for optimised utilisation—this serves as another reason for them to launch pulse wave DDoS assaults. Consequently, we expect to continue encountering such assaults. We also forecast them to grow larger and become more persistent, fuelled by botnet resource evolution and the previously described macro trends we’ve observed in the DDoS landscape,” Zeifman added.
The full research paper ”Attackers Use DDoS Pulses to Pin Down Multiple Targets, Send Shock Waves,” presents a detailed dive-in into the nature of pulse wave attacks, the threat that they pose and their place in the DDoS threat ecosystem.

The post Attackers Use Pulse Wave DDoS to Pin Down Multiple Targets appeared first on IT Security Guru.

Corero Announces Edinburgh Office Expansion to fuel DDoS Research & Development

The Gurus — Fri, 14 Jul 2017 10:30:25 +0000

Corero Network Security, the leading provider of real-time DDoS defence solutions, today announced plans to expand its Research & Development office by doubling the number of engineers in the Edinburgh, UK office location. The office expansion reinforces Corero’s commitment to innovation within the DDoS mitigation market with real-time, automated DDoS defence solutions.

Julian Palmer, Vice President of Engineering, at Corero, added: “There are clear commercial drivers to our operations in Edinburgh. Scottish universities, particularly those in the Scottish Informatics and Computer Science Alliance (SICSA), are cultivating some of the best software engineers in the world, and helping to establish Scotland as a world leader in computer science research and education. We established the Edinburgh office in 2015, and our city centre location helps to attract the brightest and best. We have 100% employee retention at our Scottish offices, and we look forward to continued growth and success in the region.”

Corero CEO Ashley Stephenson was joined by Mr Keith Brown MSP, Cabinet Secretary for Economy, Jobs and Fair Work, to formally welcome the office expansion today. The company has benefitted from a Scottish Enterprise SMART: Scotland innovation grant, which has supported Corero’s specialised research into virtualization and software-defined networking (SDN) security for DDoS defence.

Cabinet Secretary for Economy Jobs and Fair Work, Keith Brown MSP, said: “I am delighted to see the expansion of Corero’s R&D facility in Edinburgh. The company is leading cyber security innovation and will undoubtedly continue to thrive in Scotland, where it benefits from the availability of specialist skills developed in local universities. Today’s announcement is further endorsement of Scotland as an attractive location for investment.”

Director of Innovation at Scottish Enterprise, Jim Watson, commented: “Scotland’s world class universities, rich culture of innovation and integrated business innovation support are why companies like Corero, which can locate anywhere in the world, are choosing to make their innovation investment in Scotland. This expansion also shows the value of companies having strong ties to Scotland through our GlobalScot network to make connections and act on growth opportunities quickly.”

As the DDoS threat landscape continues to evolve, the security and availability of the Internet remains at risk. According to the latest DDoS Trends and Analysis Report, Corero customers experienced an average of 4.1 DDoS attack attempts per day during Q1 2017, a 9% increase on the previous quarter. This is compounded by the short duration, low volume attack profile that cannot be detected and eliminated with traditional security infrastructure solutions.

Julian Palmer added: “As organisations around the world continue to fight against the latest DDoS threats, it’s essential that they maintain a comprehensive visibility across their networks to detect and defeat all DDoS attacks as they arise. Our Edinburgh engineers are focussed on ensuring our customers have effective real-time, scalable DDoS attack mitigation capabilities that meet their current and future needs.”

The post Corero Announces Edinburgh Office Expansion to fuel DDoS Research & Development appeared first on IT Security Guru.

U.K. Student Charged for Running DDoS Service

The Gurus — Wed, 05 Jul 2017 09:14:06 +0000

Jack Chappell, an 18-year-old student from Stockport, UK, has been charged over his alleged role in the operation of a service used by cybercriminals to launch distributed denial-of-service (DDoS) attacks against several major organizations.

Read Full Story
ORIGINAL SOURCE: Security Week

The post U.K. Student Charged for Running DDoS Service appeared first on IT Security Guru.