In my last blog post I shared some of the general security challenges that come with the Internet of Things (IoT). In this post, I will focus on one particular security risk: distributed denial of service (DDoS) attacks. Even before the age of IoT, DDoS attacks have been turning multitudes of computers into botnets, attacking a single target and causing denial of services for the target's users. By "multitudes" we can be talking about thousands or even millions of victim devices. Now add IoT into the equation... more
Nokia Deepfield is another company that works in the background on the web, and that analyzes data traffic patterns for the big ISPs. Their June 4 report on web traffic reports about the same thing we're hearing from most large ISPs -- the volume of web traffic suddenly shot up since the onset of the pandemic. Nokia Deepfield says that the increase in traffic has settled in at about a 25% increase over pre-COVID levels. more
Federal prosecutors in Virginia have shut down one of the world's largest Internet file-sharing sites, Megaupload.com, charging its founder and others with violating piracy laws, the Associated Press reports today. "The indictment was unsealed Thursday, one day after websites shut down in protest of two congressional proposals [SOPA & PIPA] intended to thwart the online piracy of copyrighted movies and TV programs." more
Well... Maybe not the world, but the Internet it seems. According to a Pastebin letter, Anonymous announced they will black-out Internet on 31st of March. They even explained how to do it by attacking the DNS Root Servers on Internet using a reflected amplification attack. If this is successful, the root DNS servers will become unresponsive and cannot handle any other requests... more
A story... ZZZ Telemarketing (not a real name) is locked in a heated fight with their bitter rival, YYY Telemarketing (also not a real name), to win a very large lead generation contract with Customer X. Customer X has decided to run a test pitting the two companies against each other for a week to see who can generate the most leads. The ZZZ CEO has said to his staff that it is "do or die" for the company. If they fail to win the contract, they will have to shut down -- they need to do "whatever it takes" to win over YYY. A ZZZ staffer discovers that part of why YYY has consistently underbid them is because they are using SIP trunks to reduce their PSTN connection costs. But the staffer also discovers that YYY is using very cheap voice service providers who run over the public Internet with no security... more
Here we are with CircleID's annual roundup of top ten most popular posts featured during 2013 (based on overall readership). Congratulations to all the participants whose posts reached top readership and best wishes to the entire community for 2014. more
The Qatar Crisis started with a targeted Poli-Cyber hack of an unprecedented nature. Its shockwaves and repercussions continue to alter political and business fortunes, directions and paradigms not only in the Gulf region but globally. Almost everyone around the world is now aware of the this crisis that started early June. By mid July a Washington Post report cited US intelligence officials that the UAE orchestrated hacking of Qatari government sites, sparking regional upheaval that started it all. more
Cloudflare's new report warns about the significant increase of DDoS attacks and their level of sophistication. The numbers doubled from Q1 to Q2 and doubled again in Q3, resulting in a four-fold increase compared to the pre-COVID level in the first quarter. more
Distributed Denial-of-Service (DDoS) attacks will become larger in scale, harder to mitigate and more frequent, says Deloitte in its annual Global Predictions report. more
According to a 2017 Black Hat Attendee Survey, cyberattacks on U.S. enterprise and critical infrastructure are coming soon, and in most cases defenders are not prepared. more
Webstresser.org, considered the world’s biggest marketplace to hire DDoS services, has been taken down according to an announcement issued today by the European Union Agency for Law Enforcement (Europol). more
As the industry-wide paradigm shift to cloud computing and software-as-a-service gradually continues to make the transition from buzz to reality, security and availability continue to emerge as the main barriers to customer adoption. A recent ISACA survey of over 1,800 US IT professionals found that only 17 percent believe the benefits of cloud computing outweigh the risks. Only one in 10 respondents said they would consider using software-as-a-service (SaaS) for mission-critical applications. more
Last year there was a "threat" by anonymous group to black out Internet by using DNS Reflection/Amplification attack against the Internet DNS Root servers. I even wrote a little article about it: "End of the world/Internet". In the article I was questioning if this was even possible and what was needed as general interest and curiosity. Well, looking at the "stophaus" attack last week, we are getting some answers. more
While travelling home from Geneva, I was thinking quite a lot on the relationship between a ccTLD (registry) and a Country. This is because many countries are starting to talk louder and louder about the responsibilities Countries have on critical infrastructure, or (possibly more important) the management of the critical infrastructure. Will for example any (none?) of ccTLD operators (servers) sustain a denial of service attack of a scale similar to the attack on the root servers? What can ccTLD operators do to resist the malicious attacks? Should this be discussed? more
According to a press release by the Openbaar Ministerie (the Public Prosecution Office), a dutch man with the initials SK has been arrested in Spain for the DDoS attacks on Spamhaus. more
A World-Renowned Source for Internet Developments. Serving Since 2002.