Tuesday, 25 November 2008

DDoS attackers start to up the Ante

According to a report published by Arbor Networks, over the past twelve months DDoS attacks as high as 40 Gb have been recorded. This represents an increase of 67% compared with the previous highest recorded attack in 2006 and a 100% increase compared with 2001. Whilst this new level is not yet the norm it is symptomatic of the general upward trend in the scale of attacks and an indication that it is a serious threat to ecommerce businesses that is unlikely to stop anytime soon. Suprisingly despite the high levels of reported DDoS victims, and the even higher level of unreported attacks, many companies are still prepared to risk their online revenues and corporate reputations by not putting adequate defences in place.

With more companies taking advantage of the new high speed connectivity to run their bandwidth hungry appplications such as VoIP and video streaming the need for a defence system capable of operating in that environment is even more pressing. At the moment very few vendors can offer a solution that is capable of handling anything much above 3 Gb and even then this usually involves some form of offline IP scrubbing technology,which seiuosly impacts the performance of the network to a level which means that voice systems become inopearble. Webscreen is one of the few dedicated DDoS technologies that is scalable to 10 Gb without the need to divert traffic offline and will provide protection aagainst 99.99% of the attacks that any organisation is ever likely to experience. Fortunately 40 Gb attacks are likely to remain very rare but for those organisations that have chosen to ignore the problem completely they can't say that they haven't been warned.

Monday, 8 September 2008

Should DDoS Victims Own Up or Cover Up?

When a popular Web site is taken down by a DDoS attack the typical response by many companies is often to go into “denial” themselves or at least play hard to get should anyone want to the question them as to why their online services suddenly aren’t (online). The general view from the Web publisher’s side seems to be that by coming clean, and acknowledging the root cause, they are somehow opening the flood gates to copycat attacks. When many attacks can be stopped by agreeing to paying a substantial ransom it is perhaps understandable that companies decide to take the least worst option.

Whilst there may be some logic in taking this approach, perhaps if more companies in this position were more open about the problem it could ultimately be much better for the wider ecommerce community. One of the consequences of sweeping this under the carpet is that the perception is that DDoS is a less prevalent threat than it actually is, which in turn means that many companies down grade the risk factor and do not put in place adequate defence mechanisms. The reality is that DDoS attacks are an increasing weapon of choice with up to 5,000 recorded attacks per day in the US alone in the past 12 months.

The recent rumours circulating about the non-availability of Amazon’s Web site is a classic case in point and a missed opportunity to really bring the problem of DDoS into the open and maybe start to get a real industry debate going on how to solve the problem. It may be a naïve view but perhaps if more Web sites were protected the bot-herders might find that their efforts were not as lucrative in the future and decide to get a proper job.
However it is no less naïve than thinking that keeping the details private cannot hurt the company. Allowing customers and stakeholders to speculate fuels rumours and signals weakness and continuing vulnerability. Simply and honestly saying this is what happened and this is what we are doing about it ends the speculation and signals competence and strength, but if you wait too long it will sound like spin.
With technologies like Webscreen’s WS series available and proven effective in protecting some of the world’s busiest Web sites it makes little sense to sit and suffer in silence. For an investment of less than the average ransom figure demanded by the attackers it is possible to have a permanent solution and preserve the corporate reputation – and help the rest of the online business sector at the same time.

Monday, 11 August 2008

Georgia Under Cyber Attack

The reports in today's news that Russia is once again suspected to have resorted to DDoS attacks to jerk the chain of one of their former Soviet Union members should not really surprise anyone, least of all the Georgian Government. It is what they do after all - as both Estonia and Lithuania can testify to their cost. With such a track record it seems pretty obvious that any Country that is on a collision course with Moscow should ensure that their cyber-defences are in place before they decide to escalate the problem.

Saturday, 12 July 2008

WEBSCREEN SELECTED TO PROTECT ASIAN ONLINE CASINOS


Webscreen, the UK based anti-DDoS technology development business has announced a major contract with Philippines based Bayview Technologies, the IT services division of one of South East Asia’s fastest growing gambling companies, AsianLogic Ltd. (ALL) The contract is to supply Bayview with Webscreen WS Series appliances that will be used to protect ALL’s online casino and online poker Web sites from any distributed denial of service (DDoS) attacks targeted at the company’s Web servers.

Webscreen is widely deployed by some of the world’s largest online gaming and betting companies to stop their Web sites from being taken off line by targeted attacks that are typically timed to coincide with major sporting events or other heavy betting periods. Using a unique algorithm Webscreen is able to block malicious DDoS traffic whilst keeping the Web site accessible for genuine customers.

The AsianLogic Group operates a number of online casinos tailored mostly to the Asian market offering over 100 interactive games. These include classic table and card games, integrated live videostream casino games and games designed specifically for the Asian market, such as Solo, Mahjong and Pachinko.All gaming takes place online via the Bayview servers located in the Philippines, which enables customers of the Group to play on a common platform and access the same games and common progressive jackpots. The Webscreen appliances are positioned in-line at the Bayview network gateway as part of its integrated security shield. All Internet traffic entering the network is monitored by Webscreen, with any suspicious traffic being dropped before it reaches the ALL Web servers, guaranteeing service for regular players.

ALL Director, Itamar Shamshins, said “We selected Webscreen because of the technology’s proven capability to automatically track and block attack traffic and the company’s excellent 24/7 hardware and software support services. We have been particularly impressed by the software’s reporting capability that enables us to detect smaller daily incidents, denying potential attackers perimeter defence intelligence that could be used to mount a full scale attack. This means that Webscreen acts as both an attack mitigation and prevention tool, giving us the confidence that our business has the maximum level of protection backed by a highly responsive partner at the other end of the telephone line should anything go wrong.”

Monday, 7 July 2008

EU Proposal to force ISPs to share DDoS Information

The news that the EU's Cybercrime proposal, due for publication later in the year, is to include punitive measures against ISPs who do not cooperate promptly to block compromised machines is a welcome move in the fight against DDoS. However, whilst many European countries have signed up in principle to the Council of Europe's Cybercrime Convention there is still a number of mainly Eastern Europe states that have yet to agree. The fact that these Countries include Andorra, Azerbaijan, Georgia, Liechtenstein, Monaco, Russia, San Marino, and Turkey, many of the favoured locations of the bot-herders behind the hundreds of DDoS attacks hitting ecommerce businesses around the world, is not so good news. Unless these countries can be brought in line, this latest initiative is doomed to failure before it gets started. As they are outside the jurisdiction of the EU it is difficult to see what can be done to force compliance, hopefully the recent experience of the Lithuanians will help them to see that it is in everyone's interest to put their houses in order.

Friday, 4 July 2008

Lithuanian's braced for full blown DDoS attacks


Last weekend's mass Web site defacement that affected hundreds of Lithuanian businesses is being interpreted in some quarters as a warning shot and a pre-cursor to an all out DDoS attack on the Country's Internet infrastructure. The defacement of the Web sites with pro-soviet messages is being strongly linked with the recent law introduced by the Lithuanian Government banning the use of Soviet symbols in the Country and has chilling echoes of what happened last year in Estonia.

In this case the Lithuanian Government had been warned of the attack and were able to take appropriate action to harden their defences but many commercial sites were caught unawares. Fortunately in this particular case the damage was limited to some inconvenience for those who were victims but they may not get off so lightly if a DDoS attack is unleashed. Non-availability of critical Web services could have a devastating effect on any country's economy and if it is over a sustained period could seriously threaten individual companies who have built their businesses online.

As it would seem unlikely that the law will be changed any time soon both Government departments and the business community needs to seriously re-examine their DDoS defences as quickly as possible.

Thursday, 3 July 2008

What is DDoS?

On the Internet, a distributed denial-of-service (DDoS) attack is one in which a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to the system to legitimate users.
A hacker begins a DDoS attack by exploiting a vulnerability in one computer system and making it the DDoS "master." It is from the master system that the intruder identifies and communicates with other systems that can be compromised. The intruder loads cracking tools available on the Internet on multiple -- sometimes thousands of -- compromised systems. With a single command, the intruder instructs the controlled machines to launch one of many flood attacks against a specified target. The inundation of packets to the target causes a denial of service.
While the press tends to focus on the target of DDoS attacks as the victim, in reality there are many victims in a DDoS attack -- the final target and as well the systems controlled by the intruder