DDoS attacks increasingly used as diversions for data theft or fraud

Posted by Tyler Van Fossen on August 20, 2014 in DDOS Protection
Comments Off

By John E. Dunn
A growing number of the DDoS attacks that hit UK organisations in 2013 were probably diversions designed to distract defenders from attempted data breaches or frauds, a survey and analysis by mitigation firm Neustar has suggested.

Almost one in three of the 331 UK firms surveyed reported they had been victims of DDoS attacks during the period, up from about one in five the year before, with attacks getting longer, somewhat larger and more persistent.

The overwhelming majority of attacks lasted from a few hours to two days in duration, with very long-lived attacks of a week or more falling from 22 percent in 2012 to 9 percent in 2013.

Reflecting greater investment in defence, attacks have grown in size with 60 percent now anything from 1Gbps to 20Gbps or larger. As has been well documented, extremely large attacks of 100Gbps or higher are a new trend although at that size the nuisance value is quickly passed to service providers rather than enterprises.

Read More

Cyber criminals ride Google coattails in DDoS attacks

Posted by Tyler Van Fossen on July 30, 2014 in Dedicated Hosting
Comments Off

Cyber Criminals Ride Google Coattails in DDoS Attack

Whenever we hear that one security loophole has been closed, another instantly materializes, and usually in a sneakier and more deceptive fashion. An emerging trend in DDoS attacks has pointed to a clever old trick being applied in a new fashion – spoofing. By spoofing traffic to resemble a Google crawler, something totally innocuous, hackers are bypassing virtually every safeguard employed by even the most seasoned IT professionals. When multiple crawlers all converge on a site, it creates a DDoS attack.

By Antone Gonsalves

The easy access Google’s Web crawlers have to sites is increasingly being exploited by cyber criminals in launching distributed denial-of-service attacks, a security vendor says.

Fake Web crawlers accounted for 4 percent of the total number of legitimate ones, called Googlebots, analyzed by Incapsula.

In investigating more than 50 million fake Googlebot sessions, Incapsula found about 34 percent were clearly malicious, with roughly 24 percent of those used in DDoS attacks against a website’s application layer.

A Googlebot is the search software Google uses to collect documents from the Web in order to build its searchable index. Googlebot requests to Web servers are identifiable through a user-agent, which is the online equivalent of an ID card.

Cyber criminals are creating imposter user-agents to trick Web servers, Incapsula said. While careful inspection would reveal the fakes, website administrators tend to be lax when it comes to Googlebots in order to get the highest possible rankings on the search engine’s results.

“Most website operators know that to block Googlebot is to disappear from Google,” Igal Zeifman, product evangelist for Incapsula, said in the company’s blog. “Consequently, to preserve their SEO (search engine optimization) rankings, these website owners will go out of their way to ensure unhindered Googlebot access to their site, at all times.

“In practical terms, this may translate into exceptions to security rules and lenient rate limiting practices.”

Incapsula has rated fake Googlebots the third most commonly used technology in DDoS attacks. The U.S. is the top source, followed by China and Turkey, respectively.

Identifying and blocking malicious Web crawlers involves using tools that can separate the fake and legitimate ones through their point of origin.

However, such technology carries an additional cost, due to the need for more processing power and software capabilities.

The findings were based on an analysis of 400 million search engine visits to 10,000 sites, which resulted in 2.2 billion page crawls over a 30-day period.

Hacker puts ‘full redundancy’ code-hosting firm out of business

Posted by Tyler Van Fossen on July 23, 2014 in Dedicated Hosting, Web Security
Comments Off

Hacker Puts Full Redundancy
When clients look to outside companies to secure and back up their data, they come in with the expectation that the company practices what they preach. Unfortunately, marketing hype is not always the same as the actual service. In this case, the company was proudly marketing their “redundancy” and “multiple backups to off-site locations,” but the reality is that none of these services were in place to prevent one hacker from completely tearing down the system.

By only gaining access to the company’s Amazon EC2 account, whole swaths of data – including customer information and backups – were removed permanently. Now, with no credibility remaining and payouts to angry customers looming, there’s nothing left to do but shut down operations. If you were working with a company who specializes in security, and their security is lax, how angry would you be?
By Lucian Constantin
A code-hosting and project management services provider was forced to shut down operations indefinitely after a hacker broke into its cloud infrastructure and deleted customer data, including most of the company’s backups.

The customers of CodeSpaces.com, run by a company based in Wayne, New Jersey, called AbleBots, were informed Wednesday that their data might have been permanently lost following the compromise of the company’s account on Amazon’s Elastic Compute Cloud (EC2).

The devastating security breach happened over a span of 12 hours and initially started with a distributed denial-of-service attack followed by an attempt to extort money from the company.

The attacker also gained access to Cloud Spaces’ control panel on EC2 and deleted the company’s digital assets from Amazon’s infrastructure when the company tried to regain control of its account.

“We finally managed to get our panel access back but not before he had removed all EBS [Amazon Elastic Block Store] snapshots, S3 [Amazon Simple Storage Service] buckets, all AMI’s [Amazon Machine Images], some EBS instances and several machine instances,” Cloud Spaces said in an announcement on its website. “In summary, most of our data, backups, machine configurations and offsite backups were either partially or completely deleted.”

According to a cached version of the Cloud Spaces site, the company said that “more than 200 companies a week” used the service.

Read More

GigeNET: Delivering Dedicated Hosting and DDoS Protection

Posted by Tyler Van Fossen on July 11, 2014 in Dedicated Hosting
Comments Off

GigeNET recently received recognition in the July 2014 issue of CIOReview’s CIONetworking 2014 Most Promising Network Companies. Read the article below, or check out page 18 in the online version of the magazine.

CIO Page

The Internet has provided businesses across the world with a tool in which they can reach unprecedented growth and a broad audience they could never have reached 20 years ago. Since most companies now store and access their data and information via the internet, it has become subject to insecurity, scrutiny, and concern. Organizations today have become increasingly aware of threats initiated from the internet such as Distributed Denial of Service (DDoS) attacks that can deter the online services they offer. Additionally, several other web vulnerabilities have surfaced, becoming a point of contention for business leaders, including large scale infiltrations, personal privacy, and security.

Founded in 1997, Ameen Pishdadi started with a mission to deliver the whole range of hosting products that any consumer would require to offload their IT needs. Now specializing in preventing DDoS attacks, GigeNET uses its tools, support, and expertise and ensures the businesses remain online at all times. In addition, GigeNET provides dedicated and cloud hosting, hybrid computing, and co-location solutions. The company also offers superior network performance, 100 percent uptime guaranteed and EPIC support from their datacenters across the country. “We have been around since the first hosting companies have existed. We own and operate our own datacenter and network/fiber infrastructure, developing our own portal and automation software for our cloud services, and DDOS Security Services. We have a high performing and reliable network infrastructure that has not experienced a network wide outage in over six years,” says Ameen.

Offering Whole Range of Hosting Needs GigeNET, headquartered in Arlington Heights, IL, offers two unique DDoS protection services. The latest, Automated DDoS protection, "scrubs" incoming traffic, only passing legitimate requests to client’s servers. DDoS Proxyshield®,ideally suited for SMB’s, is the industry’s leading DDoS mitigation system and virtually wipes out even the largest attacks. For small and startup companies, GigeNET provides its services to fulfill their need of high performance servers on limited budgets. For clients looking for more robust solutions, GigeNET’s engineers can build complex hybrid solutions using combinations of all their products to meet client requirements. The company runs distinctive and lucrative partner programs, appealing to individuals, re-sellers, and commercial developers, including Affiliate, Re-seller, and Channel Partner Programs. GigeNET deliversa full cloud infrastructure backed by their support team who are available 24 hours a day, 7 days a week. Its services include Hybrid Solution integration, their TurboIO storage platform, account Snapshots, API Integration, flexible billing options,and IPv6 support. Looking forward, the company is planning to open new locations, pioneer innovative technologies, and developing new products for current and future clients.

Second arrest in response to DDoS attack on Spamhaus

Posted by Tyler Van Fossen on July 09, 2014 in Dedicated Hosting
Comments Off


By: Quentin Jenkins
The Spamhaus Project again offers congratulations and thanks to the law enforcement community in the matter of the massive Distributed Denial of Service (DDoS) attack perpetrated against our systems in March 2013 by a Russian-based anti-Spamhaus group calling themselves ‘Stophaus’, consisting of several individuals with grievances against Spamhaus for naming and blocklisting their cybercrime hosting enterprises, spam and botnet operations. This time we offer our congratulations and thanks to the UK’s National Cyber Crime Unit (NCCU), the cybercrime arm of the National Crime Agency (NCA). In a statement released on 27 Jun 2014, the NCA announced:

“A 17 year old male from London has today been charged with computer misuse, fraud and money laundering offences following a National Crime Agency investigation. He was arrested in April 2013 after a series of distributed denial of service (DDoS) attacks which led to worldwide disuption of internet exchanges and services. On his arrest officers seized a number of electronic devices.”

This was the first formal announcement of the arrest. The actual arrest occurred in 2013, shortly after the arrest of a Dutch national living in Spain. That individual has been charged by the Dutch Public Prosecution Service for leading and orchestrating the DDoS attack. That criminal case is proceeding to trial through the Dutch legal system.

At the time, the record-breaking attacks were initially directed at Spamhaus infrastructure such as websites, mailservers and nameservers. Then, over the course of the following two weeks, the attacks escalated to targeting Spamhaus’ supporting networks and services including various Internet exchanges. While the DDoS caused disruptions to our website, our hosts and DNS partners, the worldwide distribution of the Spamhaus anti-spam data that now protects over 2.2 billion mailboxes was never interrupted.

With two of the attackers now charged and awaiting trial, Spamhaus has hopes that the other conspirators, consisting of two United States nationals, two Russians and a Chinese national will also soon be charged. Several more spammers and cybercrime-involved server hosting company owners were peripherally involved and at this time most have been identified by both Spamhaus and law enforcement.

NCA charges 17-year-old London man for role in massive Spamhaus DDoS attack

Posted by Tyler Van Fossen on July 02, 2014 in Dedicated Hosting
Comments Off

Carrying over from one of our previous posts, we get another look at just how easy it is to DDoS attack websites. Spamhaus, the online resource for spam was targeted in 2013 by an (at the time) 16 year old, and was briefly taken down by DDoS attacks. Quickly after, the perpetrator was arrested and charged. Looking forward, should we all be concerned at the potential threat of our sites being shuttered?
By: Adam Greenberg
A 17-year-old male from London was charged on Friday with computer misuse, fraud and money laundering offenses, according to a statement released by the National Crime Agency (NCA).

The NCA made the decision not to identify the teenager because he is a minor, but he was apprehended last year for his role in distributed denial-of-service (DDoS) attacks that led to “worldwide disruption of internet exchanges and services,” according to the statement.

Notably, the teenager was charged for his role in the March 19, 2013 DDoS attacks aimed at Spamhaus, a Dutch anti-spam group and international nonprofit, according to The Register.

In April 2013, the then 16-year-old attacker was taken into custody secretly by the National Cyber Crime Unit, but reports on the arrest did not start coming out until September 2013.

This article was originally published on SCMagazine.com.

Cloud Computing’s Second Act Is All Business

Posted by Tyler Van Fossen on June 18, 2014 in Dedicated Hosting
Comments Off

Although most signs point to adoption of the cloud either stagnating or declining, it seems that cloud has taken a different path, establishing itself as an invaluable IT solution. Companies on the forefront of the cloud revolution are according to an IBM study, more likely to benefit from the decision then sticking with traditional computing methods. Cloud services are invaluable to our business at GigeNET, and make up a good portion of our computing and solutions. Have you adopted the cloud yet?
By: Joe McKendrick
In a recent post, Bernard Golden, one of the most respected thought leaders in the cloud space, asked the question: “Has cloud computing been a failed revolution?” He conveys the observation that Google search traffic for the term “cloud computing” peaked in 2011 and has trailed off since then.

It’s also notable that much of the excitement seen in the trade press and by analysts has shifted to the “Internet of Things” and “digital enterprise.”

Just because there’s less of a spotlight on it doesn’t mean that cloud has diminished in strength and appeal. If anything, it is becoming a necessity for organizations, just as phones and electricity are necessities. Bernard notes that “I certainly don’t think that cloud computing adoption is finished. Far from it. In fact, I’d say most IT organizations have barely started working with cloud computing, much less completed their journey.”

But IT is but one small piece of the cloud story. A much bigger story is coming from the business itself. The curtain is now opening on cloud computing’s second act, which is all business. But this is also the hard part.

Read More

Councils ‘wasting millions’ ignoring government IT cloud

Posted by Tyler Van Fossen on June 14, 2014 in Dedicated Hosting
Comments Off

Councils wasting millions IT cloud

By: Matthew Wall

UK county councils could be “wasting millions” on IT services they could buy more cheaply through the government’s central digital marketplace, research suggests.

In the 2012-13 financial year, county councils spent nearly £440m in total on IT services, including staffing costs, but just £385,000 of that through the government’s “G-Cloud” framework.

The G-Cloud initiative, launched in 2012, aims to shave £120m a year off the public sector IT bill by encouraging all public sector bodies to buy IT products and services through the government’s CloudStore digital marketplace.

Cloud services are “quicker, cheaper and more competitive”, according to Cabinet Office Minister Francis Maude, with some tech companies estimating that they can be 25% to 60% cheaper than traditional long-term IT contracts.

Despite this, G-Cloud is largely being ignored by county councils,

For example, Kent County Council, the biggest IT spender, committed £38.5m to IT services in 2012-13, but just £94,750 of that went through G-Cloud.

Similarly, Hampshire County Council spent £38m, but nothing through G-Cloud.

Read More

Anonymous takes aim at World Cup sponsors

Posted by Tyler Van Fossen on June 10, 2014 in Dedicated Hosting
Comments Off

With the recent revelations of potential misconduct involving soccer/futbol’s organizing body FIFA, the light is starting to shine on who and what goes into making the World Cup happen every four years. The hacking group Anonymous, having heard of the allegations against FIFA, has decided to take action against the sponsors, stressing the conditions surrounding the tournament.
By: Esteban Israel and Anthony Boadle
The hacker group Anonymous is preparing a cyber-attack on corporate sponsors of the World Cup in Brazil to protest the lavish spending on the soccer games in a country struggling to provide basic services, said a hacker with knowledge of the plan on Friday.

Earlier this week, Anonymous attacked the Brazil’s Foreign Ministry computer networks and leaked dozens of confidential emails.

“We have already conducted late-night tests to see which of the sites are more vulnerable,” said the hacker who operates under the alias of Che Commodore. “We have a plan of attack.”

“This time we are targeting the sponsors of the World Cup,” he said in a Skype conversation from an undisclosed location in Brazil. Asked to name the potential targets he mentioned Adidas , Emirates airline, the Coca-Cola Co and Budweiser, which is owned by Anheuser-Busch InBev.

Read More

Dating Website Plenty of Fish Hit By DDoS Attack

Posted by Tyler Van Fossen on May 27, 2014 in DDOS Protection, Dedicated Hosting
Comments Off

With DDoS attacks no further away then $10 on the internet, several big websites have been getting attacked – and held for ransom – by attacks that up until a year or so were of unimaginable size. Sites that specialize in all ranges of services were targeted, usually with an email several hours before warning them of the impending attack. Was your access to PlentyofFish.com affected?
By Sarah Perez
Add Plenty of Fish to the list of technology companies whose websites have come under DDoS attacks from unknown cybercriminals in recent days. The company says that it was the victim of a five-hour attack today that affected approximately 1 million users. Initially, the attacks took down the Plenty of Fish website, then later the company’s mobile apps on iPhone, iPad and Android.

As per the usual M.O., the attacker first contacted the site to warn them of the impending DDoS at 6:45 AM PT, then the attack started at 8:13 AM PT where it continued for several hours, off and on. The company says it was only recently able to mitigate the flood, and is now fully up and running again.

Read More

^ Back to Top