DDoS Attack

DDoS Attack / Most Viewed

RIPE 71 Meeting Report

The RIPE 71 meeting took place in Bucharest, Romania in November. Here are my impressions from a number of the sessions I attended that I thought were of interest. It was a relatively packed meeting held over 5 days. So this is by no means all that was presented through the week... As is usual for RIPE meetings, it was a well organised, informative and fun meeting to attend in every respect! If you are near Copenhagen in late May next year I'd certainly say that it would be a week well spent. more

Global DNS SSR Recap

This past February, around 100 DNS industry experts met in Atlanta, GA for the "The Global DNS Security, Stability, & Resiliency Symposium." Organized by ICANN and hosted by Georgia Tech, this event was to strengthen personal relationships between operators and review what we know about the DNS infrastructure... The content included three breakout groups over two days: Enterprise Use of DNS, DNS in Resource Constrained Environments, and Combating Malicious Use of DNS... more

U.S. Schools Targeted in Ransomware Attacks: White House Responds

In response to increasing ransomware attacks targeting U.S. educational institutions, the White House convened an inaugural cybersecurity summit this Tuesday. The malicious cyber onslaughts have led to the online leakage of confidential student data, ranging from medical files to reports on sexual assaults. more

DDoS Attack Size Breaks 100 Gbps for First Time, Up 1000% Since 2005

"2010 should be viewed as the year distributed denial of service (DDoS) attacks became mainstream as many high profile attacks were launched against popular Internet services and other well known targets," reports Arbor Networks in its just released Sixth Annual Worldwide Infrastructure Security Report. According to the report, the year also witnessed a sharp escalation in the scale and frequency of DDoS attack activity on the Internet. The 100 Gbps attack barrier was reached for the first time while application layer attacks hit an all-time high. Service providers experienced a marked impact on operational expense, revenue loss and customer churn as a result. more

The Cyberthreats and Trends Enterprises Should Watch in 2016

Every year, Verisign iDefense Security Intelligence Services produces its Cyberthreats and Trends Report, which provides an overview of the key cybersecurity trends of the previous year and insight into how Verisign believes those trends will evolve. This report is designed to assist in informing cybersecurity and business operations teams of the critical cyberthreats and trends impacting their enterprises, helping them to anticipate key developments and more effectively triage attacks and allocate their limited resources. more

“Capacity” - The Hidden Word?

What is so secret about the word, "Capacity"? As I read and talk with people I realize the word, "capacity" is typically missing from the DNS discussion. "Capacity" and "Security" are the two cornerstones to maximizing DNS resilience; both of which are typically missing from the DNS discussion. Have you seen a single DNS node easily process over 863,000 queries per second? Have you seen a network routinely handle over 50Gbits/second in outbound traffic alone without breaking a sweat? more

DDoS Attacks on US Banks This Week Peaked at 60 Gbps

Distributed denial-of-service (DDoS) attacks that targeted U.S. financial institutions this week have reached 60 Gbps, according to researchers from DDoS mitigation provider Arbor Networks. more

M3AAWG & i2Coalition Collaborate on Best Practices on Anti-Abuse in Hosting & Cloud Environments

I am excited to announce the recent release of the industry first Best Common Practices document for Cloud and Hosting providers for addressing abuse issues that was created by M3AAWG and the i2Coalition. M3AAWG has been collaborating with the Best Practices Working Group of the i2Coalition over the past 2 years to discuss ways to solve malicious activity within hosting and cloud ecosystems.  more

The Recent DDoS Attacks on Banks: 7 Key Lessons

Starting in mid-September, one of the largest and most sophisticated DDoS attacks ever targeted the titans of American banking. Initially, victims included Bank of America, JPMorgan Chase, Wells Fargo, PNC Bank, and U.S. Bancorp. In the weeks to come, others would also feel the pain. Websites crashed, customers were unable to make transactions and IT professionals and PR gurus went into panic mode. Leon Panetta, U.S. Secretary of Defense, said the attacks foreshadowed a "Cyber Pearl Harbor." more

Indonesia’s Largest Telecom Provider Leaks Large Portions of the Global Routing Table

Earl Zmijewski from Renesys reports: Yesterday, Indosat, one of Indonesia’s largest telecommunications providers, leaked large portions of the global routing table multiple times over a two-hour period. This means that, in effect, Indosat claimed that it “owned” many of the world’s networks. Once someone makes such an assertion, typically via an honest mistake in their routing policy, the only question remaining is how much of the world ends up believing them and hence, what will be the scale of the damage they inflict? more

Major Russian Banks Under a Multi-Day Cyberattack

The attack began Tuesday afternoon, and continued for two days straight, according to a source close to Russia’s Central Bank quoted by RIA Novosti. Sberbank confirmed the DDoS attack on its online services. more

Outlawing Botnets

The European Commission is apparently considering the promulgation and adoption of a directive that would, at least in part, criminalize botnets. As I understand it, the premise behind adopting such a directive is that since botnets are capable of inflicting "harm" on a large scale, we need to separately criminalize them. I decided to examine the need for and utility of such legislation in this post. more

Twitter, DDoS and the Motivations Behind the Attack

As we all know by now, last week, on Thursday, August 7, Twitter was hit with a denial-of-service attack that took it down for several hours. Other social networking sites like Facebook, LiveJournal, Youtube and Blogger were also hit. They managed to repel the attack although Facebook was not quite as successful as the other larger players. The theory floating about at the moment is that this was a politically oriented play designed to target one guy: a blogger. We are nearing the 1-year anniversary of a the Russian/Georgian 2008 war. There is a pro-Georgian blogger by the username of "Cyxymu" who had accounts on all of these services. more

A Cancerous Computer Fraud and Misuse Act

As I read through multiple postings covering the proposed Computer Fraud and Misuse Act, such as the ever-insightful writing of Rob Graham in his Obama's War on Hackers or the EFF's analysis, and the deluge of Facebook discussion threads where dozens of my security-minded friends shriek at the damage passing such an act would bring to our industry, I can't but help myself think that surely it's an early April Fools joke. more

DDoS Awareness Day - Oct 23, Register Today for Live Virtual Event

In support of National Cyber Security Awareness Month, DDoS Awareness Day is a virtual, global event focused on raising awareness and education around the threat of DDoS attacks. Hosted by Neustar with and exclusive media partner CSO, DDoS Awareness Day brings together top experts in global security to share their views, technical tips and from-the-trenches experience. Attendees will also be given access to a wealth of DDoS materials: white papers, surveys, presentations, best practices and more. more

Industry Updates

Alleviating BlackEnergy-Enabled DDoS Attacks

Meet the Speakers of the Cyber Threat Mitigation Webinar (by IPXO)

QAnon and 8Chan Digital Footprint Analysis and Investigation Expansion

How to Maintain Your Website’s Network Reachability with DNS Lookup Solutions

Under the Radar DDoS Attacks Increase by 158 Percent in Q2, 2019 Compared to the Same Time Last Year

Neustar Research Shows Large Attacks Growing as Multi-Vector Exploits Increasingly Become the Norm

Neustar to Acquire Verisign’s Security Services Customer Contracts

Q2 2018 DDoS Trends Report: 52 Percent of Attacks Employed Multiple Attack Types

Q1 2018 DDoS Trends Report: 58 Percent of Attacks Employed Multiple Attack Types

Q4 2017 DDoS Trends Report: Financial Sector Experienced 40 Percent of Attacks

Attacks Decrease by 23 Percent in 1st Quarter While Peak Attack Sizes Increase: DDoS Trends Report

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

Don’t Gamble With Your DNS

Defending Against Layer 7 DDoS Attacks