Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Reflection amplification is a technique that allows cyber attackers to both magnify the amount of malicious traffic they can generate, and obfuscate the sources of that attack traffic. For the past five years, this combination has been irresistible to attackers, and for good reason. This simple capability, of turning small requests into larger, 'amplified' responses, changed the Distributed Denial of Service (DDoS) attack landscape dramatically. more
The recent NANOG 61 meeting was a pretty typical NANOG meeting, with a plenary stream, some interest group sessions, and an ARIN Public Policy session. The meeting attracted some 898 registered attendees, which was the biggest NANOG to date. No doubt the 70 registrations from Microsoft helped in this number, as the location for NANOG 61 was in Bellevue, Washington State, but even so the interest in NANOG continues to grow... more
The Mirai DDOS attack happened just over a year ago, on the 21st October 2016. The attack was certainly a major landmark regarding the sorry history of "landmark" DDOS attacks on the Internet. It's up there with the Morris Worm of 1988, Slammer of 2002, Sapphine/Slammer of 2009 and of course Conficker in 2008. What made the Mirai attack so special? more
In my last blog post I shared some of the general security challenges that come with the Internet of Things (IoT). In this post, I will focus on one particular security risk: distributed denial of service (DDoS) attacks. Even before the age of IoT, DDoS attacks have been turning multitudes of computers into botnets, attacking a single target and causing denial of services for the target's users. By "multitudes" we can be talking about thousands or even millions of victim devices. Now add IoT into the equation... more
Federal prosecutors in Virginia have shut down one of the world's largest Internet file-sharing sites, Megaupload.com, charging its founder and others with violating piracy laws, the Associated Press reports today. "The indictment was unsealed Thursday, one day after websites shut down in protest of two congressional proposals [SOPA & PIPA] intended to thwart the online piracy of copyrighted movies and TV programs." more
Well... Maybe not the world, but the Internet it seems. According to a Pastebin letter, Anonymous announced they will black-out Internet on 31st of March. They even explained how to do it by attacking the DNS Root Servers on Internet using a reflected amplification attack. If this is successful, the root DNS servers will become unresponsive and cannot handle any other requests... more
A story... ZZZ Telemarketing (not a real name) is locked in a heated fight with their bitter rival, YYY Telemarketing (also not a real name), to win a very large lead generation contract with Customer X. Customer X has decided to run a test pitting the two companies against each other for a week to see who can generate the most leads. The ZZZ CEO has said to his staff that it is "do or die" for the company. If they fail to win the contract, they will have to shut down -- they need to do "whatever it takes" to win over YYY. A ZZZ staffer discovers that part of why YYY has consistently underbid them is because they are using SIP trunks to reduce their PSTN connection costs. But the staffer also discovers that YYY is using very cheap voice service providers who run over the public Internet with no security... more
According to a 2017 Black Hat Attendee Survey, cyberattacks on U.S. enterprise and critical infrastructure are coming soon, and in most cases defenders are not prepared. more
The Qatar Crisis started with a targeted Poli-Cyber hack of an unprecedented nature. Its shockwaves and repercussions continue to alter political and business fortunes, directions and paradigms not only in the Gulf region but globally. Almost everyone around the world is now aware of the this crisis that started early June. By mid July a Washington Post report cited US intelligence officials that the UAE orchestrated hacking of Qatari government sites, sparking regional upheaval that started it all. more
Cloudflare's new report warns about the significant increase of DDoS attacks and their level of sophistication. The numbers doubled from Q1 to Q2 and doubled again in Q3, resulting in a four-fold increase compared to the pre-COVID level in the first quarter. more
Distributed Denial-of-Service (DDoS) attacks will become larger in scale, harder to mitigate and more frequent, says Deloitte in its annual Global Predictions report. more
Webstresser.org, considered the world’s biggest marketplace to hire DDoS services, has been taken down according to an announcement issued today by the European Union Agency for Law Enforcement (Europol). more
As the industry-wide paradigm shift to cloud computing and software-as-a-service gradually continues to make the transition from buzz to reality, security and availability continue to emerge as the main barriers to customer adoption. A recent ISACA survey of over 1,800 US IT professionals found that only 17 percent believe the benefits of cloud computing outweigh the risks. Only one in 10 respondents said they would consider using software-as-a-service (SaaS) for mission-critical applications. more
Last year there was a "threat" by anonymous group to black out Internet by using DNS Reflection/Amplification attack against the Internet DNS Root servers. I even wrote a little article about it: "End of the world/Internet". In the article I was questioning if this was even possible and what was needed as general interest and curiosity. Well, looking at the "stophaus" attack last week, we are getting some answers. more
According to a press release by the Openbaar Ministerie (the Public Prosecution Office), a dutch man with the initials SK has been arrested in Spain for the DDoS attacks on Spamhaus. more
A World-Renowned Source for Internet Developments. Serving Since 2002.