Blog

 
Whenever we hear that one security loophole has been closed, another instantly materializes, and usually in a sneakier and more deceptive fashion. An emerging trend in DDoS attacks has pointed to a clever old trick being applied in a new fashion – spoofing. By spoofing traffic to resemble a Google crawler, something totally innocuous, hackers are bypassing virtually every safeguard employed by even the most seasoned IT professionals. When multiple crawlers all converge on a site, it creates a DDoS attack.

 
By Antone Gonsalves
 

The easy access Google’s Web crawlers have to sites is increasingly being exploited by cyber criminals in launching distributed denial-of-service attacks, a security vendor says.

Fake Web crawlers accounted for 4 percent of the total number of legitimate ones, called Googlebots, analyzed by Incapsula.

In investigating more than 50 million fake Googlebot sessions, Incapsula found about 34 percent were clearly malicious, with roughly 24 percent of those used in DDoS attacks against a website’s application layer.

A Googlebot is the search software Google uses to collect documents from the Web in order to build its searchable index. Googlebot requests to Web servers are identifiable through a user-agent, which is the online equivalent of an ID card.

Cyber criminals are creating imposter user-agents to trick Web servers, Incapsula said. While careful inspection would reveal the fakes, website administrators tend to be lax when it comes to Googlebots in order to get the highest possible rankings on the search engine’s results.

“Most website operators know that to block Googlebot is to disappear from Google,” Igal Zeifman, product evangelist for Incapsula, said in the company’s blog. “Consequently, to preserve their SEO (search engine optimization) rankings, these website owners will go out of their way to ensure unhindered Googlebot access to their site, at all times.

“In practical terms, this may translate into exceptions to security rules and lenient rate limiting practices.”

Incapsula has rated fake Googlebots the third most commonly used technology in DDoS attacks. The U.S. is the top source, followed by China and Turkey, respectively.

Identifying and blocking malicious Web crawlers involves using tools that can separate the fake and legitimate ones through their point of origin.

However, such technology carries an additional cost, due to the need for more processing power and software capabilities.

The findings were based on an analysis of 400 million search engine visits to 10,000 sites, which resulted in 2.2 billion page crawls over a 30-day period.

GigeNET recently received recognition in the July 2014 issue of CIOReview’s CIONetworking 2014 Most Promising Network Companies. Read the article below, or check out page 18 in the online version of the magazine.

The Internet has provided businesses across the world with a tool in which they can reach unprecedented growth and a broad audience they could never have reached 20 years ago. Since most companies now store and access their data and information via the internet, it has become subject to insecurity, scrutiny, and concern. Organizations today have become increasingly aware of threats initiated from the internet such as Distributed Denial of Service (DDoS) attacks that can deter the online services they offer. Additionally, several other web vulnerabilities have surfaced, becoming a point of contention for business leaders, including large scale infiltrations, personal privacy, and security.

Offering Whole Range of Hosting Needs GigeNET, headquartered in Arlington Heights, IL, offers two unique DDoS protection services. The latest, Automated DDoS protection, "scrubs" incoming traffic, only passing legitimate requests to client’s servers. DDoS Proxyshield®,ideally suited for SMB’s, is the industry’s leading DDoS mitigation system and virtually wipes out even the largest attacks. For small and startup companies, GigeNET provides its services to fulfill their need of high performance servers on limited budgets. For clients looking for more robust solutions, GigeNET’s engineers can build complex hybrid solutions using combinations of all their products to meet client requirements. The company runs distinctive and lucrative partner programs, appealing to individuals, re-sellers, and commercial developers, including Affiliate, Re-seller, and Channel Partner Programs. GigeNET deliversa full cloud infrastructure backed by their support team who are available 24 hours a day, 7 days a week. Its services include Hybrid Solution integration, their TurboIO storage platform, account Snapshots, API Integration, flexible billing options,and IPv6 support. Looking forward, the company is planning to open new locations, pioneer innovative technologies, and developing new products for current and future clients.

 
By: Quentin Jenkins
 
The Spamhaus Project again offers congratulations and thanks to the law enforcement community in the matter of the massive Distributed Denial of Service (DDoS) attack perpetrated against our systems in March 2013 by a Russian-based anti-Spamhaus group calling themselves ‘Stophaus’, consisting of several individuals with grievances against Spamhaus for naming and blocklisting their cybercrime hosting enterprises, spam and botnet operations. This time we offer our congratulations and thanks to the UK’s National Cyber Crime Unit (NCCU), the cybercrime arm of the National Crime Agency (NCA). In a statement released on 27 Jun 2014, the NCA announced:

“A 17 year old male from London has today been charged with computer misuse, fraud and money laundering offences following a National Crime Agency investigation. He was arrested in April 2013 after a series of distributed denial of service (DDoS) attacks which led to worldwide disuption of internet exchanges and services. On his arrest officers seized a number of electronic devices.”

This was the first formal announcement of the arrest. The actual arrest occurred in 2013, shortly after the arrest of a Dutch national living in Spain. That individual has been charged by the Dutch Public Prosecution Service for leading and orchestrating the DDoS attack. That criminal case is proceeding to trial through the Dutch legal system.

At the time, the record-breaking attacks were initially directed at Spamhaus infrastructure such as websites, mailservers and nameservers. Then, over the course of the following two weeks, the attacks escalated to targeting Spamhaus’ supporting networks and services including various Internet exchanges. While the DDoS caused disruptions to our website, our hosts and DNS partners, the worldwide distribution of the Spamhaus anti-spam data that now protects over 2.2 billion mailboxes was never interrupted.

With two of the attackers now charged and awaiting trial, Spamhaus has hopes that the other conspirators, consisting of two United States nationals, two Russians and a Chinese national will also soon be charged. Several more spammers and cybercrime-involved server hosting company owners were peripherally involved and at this time most have been identified by both Spamhaus and law enforcement.

 
Carrying over from one of our previous posts, we get another look at just how easy it is to DDoS attack websites. Spamhaus, the online resource for spam was targeted in 2013 by an (at the time) 16 year old, and was briefly taken down by DDoS attacks. Quickly after, the perpetrator was arrested and charged. Looking forward, should we all be concerned at the potential threat of our sites being shuttered?
 
By: Adam Greenberg
 
A 17-year-old male from London was charged on Friday with computer misuse, fraud and money laundering offenses, according to a statement released by the National Crime Agency (NCA).

The NCA made the decision not to identify the teenager because he is a minor, but he was apprehended last year for his role in distributed denial-of-service (DDoS) attacks that led to “worldwide disruption of internet exchanges and services,” according to the statement.

Notably, the teenager was charged for his role in the March 19, 2013 DDoS attacks aimed at Spamhaus, a Dutch anti-spam group and international nonprofit, according to The Register.

In April 2013, the then 16-year-old attacker was taken into custody secretly by the National Cyber Crime Unit, but reports on the arrest did not start coming out until September 2013.

This article was originally published on SCMagazine.com.

 
Although most signs point to adoption of the cloud either stagnating or declining, it seems that cloud has taken a different path, establishing itself as an invaluable IT solution. Companies on the forefront of the cloud revolution are according to an IBM study, more likely to benefit from the decision then sticking with traditional computing methods. Cloud services are invaluable to our business at GigeNET, and make up a good portion of our computing and solutions. Have you adopted the cloud yet?
 
By: Joe McKendrick
 
In a recent post, Bernard Golden, one of the most respected thought leaders in the cloud space, asked the question: “Has cloud computing been a failed revolution?” He conveys the observation that Google search traffic for the term “cloud computing” peaked in 2011 and has trailed off since then.

It’s also notable that much of the excitement seen in the trade press and by analysts has shifted to the “Internet of Things” and “digital enterprise.”

Just because there’s less of a spotlight on it doesn’t mean that cloud has diminished in strength and appeal. If anything, it is becoming a necessity for organizations, just as phones and electricity are necessities. Bernard notes that “I certainly don’t think that cloud computing adoption is finished. Far from it. In fact, I’d say most IT organizations have barely started working with cloud computing, much less completed their journey.”

But IT is but one small piece of the cloud story. A much bigger story is coming from the business itself. The curtain is now opening on cloud computing’s second act, which is all business. But this is also the hard part.

Read More

By: Matthew Wall

UK county councils could be “wasting millions” on IT services they could buy more cheaply through the government’s central digital marketplace, research suggests.

In the 2012-13 financial year, county councils spent nearly £440m in total on IT services, including staffing costs, but just £385,000 of that through the government’s “G-Cloud” framework.

The G-Cloud initiative, launched in 2012, aims to shave £120m a year off the public sector IT bill by encouraging all public sector bodies to buy IT products and services through the government’s CloudStore digital marketplace.

Cloud services are “quicker, cheaper and more competitive”, according to Cabinet Office Minister Francis Maude, with some tech companies estimating that they can be 25% to 60% cheaper than traditional long-term IT contracts.

Despite this, G-Cloud is largely being ignored by county councils,

For example, Kent County Council, the biggest IT spender, committed £38.5m to IT services in 2012-13, but just £94,750 of that went through G-Cloud.

Similarly, Hampshire County Council spent £38m, but nothing through G-Cloud.

Read More

 
With the recent revelations of potential misconduct involving soccer/futbol’s organizing body FIFA, the light is starting to shine on who and what goes into making the World Cup happen every four years. The hacking group Anonymous, having heard of the allegations against FIFA, has decided to take action against the sponsors, stressing the conditions surrounding the tournament.
 
By: Esteban Israel and Anthony Boadle
 
The hacker group Anonymous is preparing a cyber-attack on corporate sponsors of the World Cup in Brazil to protest the lavish spending on the soccer games in a country struggling to provide basic services, said a hacker with knowledge of the plan on Friday.

Earlier this week, Anonymous attacked the Brazil’s Foreign Ministry computer networks and leaked dozens of confidential emails.

“We have already conducted late-night tests to see which of the sites are more vulnerable,” said the hacker who operates under the alias of Che Commodore. “We have a plan of attack.”

“This time we are targeting the sponsors of the World Cup,” he said in a Skype conversation from an undisclosed location in Brazil. Asked to name the potential targets he mentioned Adidas , Emirates airline, the Coca-Cola Co and Budweiser, which is owned by Anheuser-Busch InBev.

Read More