This new type of DDoS attack takes advantage of an old vulnerability

A newly-uncovered form of DDoS attack takes advantage of a well-known, yet still exploitable, security vulnerability in the Universal Plug and Play (UPnP) networking protocol to allow attackers to bypass common methods for detecting their actions. Attacks are launched from irregular source ports, making it difficult to determine their origin and blacklist the ports in […]

OpenFlow SDN protocol flaw affects all versions, could lead to DoS attack

OpenFlow, a protocol used widely in software-defined networking (SDN), suffers from a serious security bug: Important authentication and authorization steps are missing from its handshake process. OpenFlow is maintained by the Open Networking Foundation(ONF) and came about in 2011. It is designed to be a vendor-neutral protocol for managing packet movement between switches and building software-defined networks. Securing […]

Mirai DDoS attack against KrebsOnSecurity cost device owners $300,000

The distributed denial-of-service (DDoS) which knocked KrebsOnSecurity offline for days cost owners of devices unwittingly involved in the attack upwards of $300,000, researchers suggest. The DDoS attack took place in 2016 and was made possible through the Mirai botnet, a network of enslaved Internet of Things (IoT) devices including routers, surveillance cameras, and smart home systems. […]

Why DDoS Just Won’t Die

Almost every organization has been affected by a distributed denial-of-service (DDoS) attack in some way: whether they were hit directly in a traffic-flooding attack, or if they suffered the fallout from one of their partners or suppliers getting victimized. A powerful flooding attack can not only take down a company’s network, but also its business. […]

Europe and Asia Take on More DDoS Attacks

In case you haven’t noticed, 2017 was somewhat of a milestone in the DDoS industry: it was absent a major world record-setting DDoS event. The bad news is that in 2018, DDoS attacks are slamming back in full force. The number of attacks mitigated globally by F5 from 2016 to 2017 increased by 26%. Q1 […]

‘Webstresser’ DDoS Attack Site Shut Down in International Operation

The world’s largest online marketplace for selling and lauching distributed denial-of-service (DDoS) attacks was shut down this week as part of Operation Power Off, an international investigation into the so-called site. The effort was led by the UK National Crime Agency and Dutch National Police, with support from Europol and a dozen global law […]

Real-time detection of consumer IoT devices participating in DDoS attacks

Could we detect compromised consumer IoT devices participating in a DDoS attack in real-time and do something about it? A group of researchers Princeton University have presented some encouraging results showing that the first part of that equation can be relatively easily solved. As IoT traffic is often distinct from that of other Internet connected […]

Can this ‘national DDoS radar’ plan help fight off attacks on Dutch critical systems?

A team of cybersecurity researchers has come up with a proposal to help the Netherlands ward off the threat of distributed denial-of-service (DDoS) attacks. Their concept is to create a “national DDoS radar system” that could, in extreme cases, see Dutch networks disconnected from the outside world. The Netherlands was earlier this year hit by a […]

Do you have what it takes to withstand modern DDoS attacks?

As the latest record DDoS attack hit GitHub and threatened to overwhelm its edge network, the popular Git-repository hosting service quickly switched to routing the attack traffic to their DDoS mitigation service. In the end, GitHub ended up completely unavailable for five minutes and intermittently unavailable for four. But while the effect of the attack […]

Are DDoS Attacks Increasing or Decreasing? Depends on Whom You Ask

Distributed denial-of-service (DDoS) attacks remain unpredictable and dangerous for enterprises, but actual details on how the threat is evolving can differ substantially by the reporting source. Two reports released this week, one by Verisign and the other from Nexusguard, indicate a general increase in multivector attacks and an overall decrease in the number of DDoS attacks in the […]