Showing posts with label DDoS. Show all posts
Showing posts with label DDoS. Show all posts

Friday, 21 October 2016

Twitter, Spotify and Reddit taken offline by a DDoS attack. Is anyone safe!?

Distributed Denial of Serivce (DDoS) has struck again, this time knocking some of the largest websites offline including the likes of Twitter, Spotify and Reddit.

Domain Name Servers (DNS) act as the Internet’s phone book. They facilitate your request to go to a certain webpage and make sure you are taken to the right place. So, when the DNS provider that gives you access to some of the world’s largest sites is hacked by a DDoS attack, you and I can't access those websites.

The attack happened early this morning. Some websites are coming back for some users, but problem looks by no means to be fully resolved.

Dyn posted the following update on its website: “Starting at 11:10 UTC on October 21th-Friday 2016 we began monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure. Some customers may experience increased DNS query latency and delayed zone propagation during this time. Updates will be posted as information becomes available".

Here’s a list of websites that readers have told us they are having trouble:
  • Reddit
  • Spotify
  • Esty
  • Twitter
  • PayPal
  • Yammer
  • Wired.com
  • Yelp
  • Starbucks
  • Airbnb
As these businesses slowly return to functioning as they should, a lot of us may just shrug it off and return to re-tweeting and streaming music. But often these attacks are used as 'smokescreens' to hack your personal and confidential information. So stay up to date with how this story unfolds. 

The frequency of DDoS attacks have sky-rocketed in the past couple of years and this attack only confirms this reality. Having increased 125% over the past year and with more than 2,000 attacks observed worldwide by Arbor Networks, its time you secure your business.

The size and duration of these attacks is also on the rise with a 35% increase in attack duration and a 73% increase in attack size since last year. Worryingly, the average size of an attack is 986Mbps, enough to take most organisations completely offline.



Make sure you're not next

Firebrand Training are offering a DDoS Defence in a Day training course aimed at teaching you the skills to avoid being the next headline of a DDoS attack. We’ll educate you on the growing threat and ramifications of a DDoS attack.

In just one day you'll:
  1. Understand a DDoS attack, how it's executed and the implications to your business
  2. Experience demonstrations of DDoS attacks and their effects in real-time
  3. Learn the tools to detect, analyse and mitigate DDoS attacks
DDoS attacks have become commonplace. Learn the skills to protect your business before it’s too late. 




Get the skills to defend against a DDoS attack!

Falling victim to a Distributed Denial of Service (DDoS) attack can cost your business £1.2 million in damages. In the past year alone, DDoS attacks have increased 125% in frequency and 35% in attack duration and the average DDoS attack is now large enough to throw most organisations completely offline.

It’s time you ask yourself, how well can I defend myself and my business from a DDoS attack?

To help you answer this and get educated on the growing threat and consequences of a DDoS attack, Firebrand have launched a one-day DDoS Defence training course in the heart of London this December. In this short, accelerated training you’ll:
  • Understand a DDoS attack, how it’s executed and the implications to your business.
  • Experience demonstrations of DDoS attacks and their effects in real-time
  • Learn the tools to detect, analyse and mitigate DDoS attacks
If you're looking to avoid the relentless, everyday threats of a DDoS attack, this is the event for you. You’ll leave us with a clear understanding of what a DDoS threat is and how you can bolster your defence against such attacks.

 What is a DDoS attack and why do I need to know about it?


A DDoS attack is an attempt to overwhelm an online service with traffic from multiple sources. In short, it prevents legitimate users from accessing a server’s information or services because it is overloaded or ‘flooded’ with requests.

The ramifications of this kind of attack on your business are huge. The costs of being forced offline can exceed £100,000 per hour. If you’re not as fortunate, costs may escalate up into the millions. This was found in a survey where 21% of IT professionals said a DDoS attack would cost their business more than £50,000 per hour. Following this, 52% of consumers are found to lose trust in your organisation as a result of the outage.

The potential repercussions can include; financial losses, reputational damage, consumer agitation and legal issues. 

On our DDoS Defence in a day event, you will not only learn what DDoS is and why it should top your chief of security's list of fears, but you'll also learn the real-life practical skills you can use to defend your business.  

Think this won’t happen to you?


There’s no doubt that DDoS attacks are now commonplace yet there is still a clear disconnect between people acknowledging the risk of DDoS and doing something to mitigate it. With 124,000 DDoS attacks observed worldwide each week, the failure to prepare yourself for this threat means it’s a matter of when and not if you join the long list of organisations thrown offline.

And it’s not just small businesses that need to be worried. The BBC, MI5, HSBC and PayPal are all recent victims of a DDoS attack. The damages range from being forced offline for several hours to millions in damages. PayPal experienced 3.5 million in damages and had 100 workers spend three weeks repairing the damage following a DDoS attack.

Here’s (some of) what you’ll cover:

  • Demonstrations of DoS attack tools and their effect
  • Using simple widely available tools to launch DoS attacks to highlight the skill levels required
  • The concepts of DDoS; Moving from a single source to multiple sources, amplification and reflection
  • Demonstration of Botnet launching a DDoS attack, controlled from a single source
  • Mitigation measures for DoS and DDoS, including services provided and methods used
  • NCA national DDoS strategy

What you’ll get:

In addition to excellent training from one of our most experienced cyber security experts, you’ll receive:
  • Five free EC-Council CSCU exam vouchers worth £495: The Certified Secure Computer User exam is an easy way to benchmark the IT security knowledge of you and your staff. These will be provided before the course.
  • Seven hours of learning towards maintaining your certifications with CPEs: Contribute to Continual Professional Education for maintaining certifications from IT security vendors including EC-Council, (ISC)2 and ISACA.
  • Courseware and tools: All course materials including access to the tools demonstrated will be provided for future use.
  • Lunch, snacks and refreshments: These will be provided throughout the day. 

Who should attend?

This course, which combines both theory and practical examples is ideally suited to both technicians and managers responsible for cyber security. Whether you're defending on the front line or managing strategy, this course will be of benefit in preventing DoS.

Want to find out more?

If you’re interested in keeping your business safe then join us on December 20th for a one-day training event in Central London. 

If you want to find out more or purchase tickets, please visit our course page

If you have any unanswered questions then just drop us an email at one@firebrandtraining.co.uk



Monday, 20 May 2013

How to defend yourself and your company from a DDoS attack


By 


DDoS mitigation


DDoS stands for Distributed Denial-of-Service attacks. They have become increasingly popular and have gone up in scale, intensity and frequency.

DDoS Map
Image Courtesy of 24hourhelpdesk.com.au
There are a wide range of reasons for DDoS attacks, including political (hacktivism), criminal, or just simply for their own amusement; which makes anyone with an online presence a potential target.

If you find that your site or organization is under attack, it’s important that you report such attacks quickly to parties that are best positioned to help you mitigate, weather, and restore normal service.

Here are some steps you can take to take out the sting

Simulate your own DDoS attacks


Create a simulated DDoS attack on your network. This will help you or your management see the best options to mitigate when under a real attack. Here’s a simple video of how to perform your own DDoS attack.



Manage communications


If you do get a DDoS attack, make sure you are prepared to have a single point of contact streamless information sharing. This contact can keep more of the organisation up to date with short updates so everyone understands the situation. By already completing the simulation process mentioned above, everyone in the team will know their specific roles in the mitigation process and how they can continue ‘business as usual’.

Make a plan, and keep planning again


Make a call tree, keep it updated and in the same place so it is easily referenced. Call trees are an important part of every disaster recovery plan. They are a telecommunications chain for notifying specific individuals of an event. It is very helpful if you need to reach certain employees after hours to notify them of a situation. This is in order to make sure the mitigation process is contained and in order. It helps turn an attack into an incident as everyone will know their role after the simulation and the plan created from it. You should also have teleconference bridges (where engineers can coordinate response efforts), a troubleshoot bridge for application owners to report issues, and a security and forensics bridge. This will help with the confusion and add speed again.

In April 2013, Prolexic (a DDoS mitigation service provider) mitigated a sustained DDoS attack peaking at 160 GBPS and 120 million packets per second - which is a very heavy attack. In the video below they explain and show you how they did it.


Source: Prolexic


Defend your business with a Certified Ethical Hacker (CEH) professional

EC-Council CEH logo

You too can learn how to perform DDoS attacks and help companies like PayPal defend themselves against it. Become a Certified Ethical Hacker (CEH) and earn on average £42,750 in the UK (ITjobswatch.co.uk). The CEH certification from the EC-Council is widely recognised as the entry into the hacking world. As an ethical hacker, you’d attempt to penetrate the networks or computers of your organisation or any organisation that hires you. "White hat" ethical hackers are widely sought after to help find and fix the vulnerabilities that would otherwise be exploited by "black hat" criminal hackers.

About the Author:
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.