NSFOCUS Stops Massive DDoS Attack for Australia's Micron21

NSFOCUS reported that its Anti-DDoS System (ADS) has been used to mitigate a sustained, 90-Gbps Distributed Denial of Services (DDoS) attack against Australian service provider Micron21, which offers mission-critical data center capabilities to clients around the world.

NSFOCUS said the January 14th attack started relatively small, then rapidly increased over the course of 30 minutes. It eventually consumed a staggering 23 Terabytes of inbound data in only two hours, before the assailant(s) ceased the DDoS attack. The peak was 90 Gbps. Given the sheer scale of the problem, a full-blown outage would have potentially cost the customer the equivalent of at least $1.3 Million.

“Welcome to the modern world—this is the painful reality for data center operators everywhere, and why it’s absolutely critical for every corner of the industry to have solid DDoS mitigation capabilities in place,” said Allan Thompson, COO at NSFOCUS IB. “We’re honored that NSFOCUS ADS platform played such a vital role in helping Micron21 mitigate this criminal barrage, and we remain committed to developing and offering technologies that help our customers stay vigilant and protected against future attacks.”

http://www.micron21.com
http://www.nsfocus.com

Read More

IoT is Contributing to Rise in Simple Service Discovery Protocol Amplification Attacks

There has been a significant growth in Simple Service Discovery Protocol (SSDP)-based amplification attacks, according to a recently published DDoS Threat Report from NSFocus, which specializes in enterprise-level, carrier-grade solutions for DDoS mitigation, Web security and enterprise-level network security.

The NSFOCUS report cites the rise of IoT-connected devices, such as webcams, as primary agents responsible for an increase in SSDP reflection attacks.

The report is based on statistical analysis and key observations from actual DDoS attacks that occurred during the second half of 2014. This data was collected from a mix of global enterprises, Internet service providers, regional telecom operators and Internet hosting companies.

Some key findings:

• Any network-connected device with a public IP address and vulnerable operating system will increase the number of devices that could be used to launch SSDP–based reflection attacks. This particular type of DDoS attack was seen as the second most dominant threat, after NTP-based attacks, in 2H2014.
  
• More than 30 percent of compromised SSDP attack devices were network-connected devices such as home routers and webcams. Findings also revealed that globally, more than 7 million SSDP-controlled devices could potentially be exploited.
  
• While 90 percent of DDoS attacks lasted less than 30 minutes, one attack lasted 70 hours. This shorter attack strategy is being employed to improve efficiency as well as distract the attention of IT personnel away from the actual intent of an attack: deploy malware and steal data. These techniques indicate that today’s attacker continues to become smarter and more sophisticated.
  
• Online retailers, media and gaming remain top targets: As retailers, entertainment and gaming companies increasingly employ online environments, consumers demand the highest level of quality of service. By slowing down or flooding these servers, attackers look to take advantage of online businesses through a variety of means, including blackmail, unfair business competition or asset theft.

"We are watching the evolution of attack technologies that amount to nothing less than 'bullying' (flood attacks) and 'leveraging' (resource exhaustion) tactics that enhance the impact by exploiting network bandwidth. To counteract these assaults, organizations must look to traffic- cleaning devices in conjunction with other security protocols," stated Yonggang Han, COO of NSFOCUS.

http://www.nsfocus.com

Read More

NSFOCUS Unveils Anti-DDoS for Hosting SPs and Data Centers

NSFOCUS has launched an active DDoS attack mitigation appliance that defends against both known and unknown attacks and is specifically designed for hosting service providers, Internet data centers (IDCs), telecom carriers and managed security service providers (MSSPs).

The ADS 8000 boasts up to 40 Gbps of mitigation capacity with a single unit and provides hundreds of Gbps of larger scalable mitigation capacity via simple cluster deployment.

NSFOCUS said it is able to counter DDoS threats with up-to-the-minute behavior statistics, reputation mechanisms and mitigation algorithms targeted at new botnet-based DDoS attacks, providing a more granular and precise DDoS mitigation.

http://www.nsfocus.com

Read More

High-Intensity, Short Duration DDoS Attacks Rise in Frequency

The majority of DDoS attacks are short in duration and repeated frequently, according to a newly issued 2014 Mid-Year Threat Report from NSFOCUS, which specializes in distributed denial of service (DDoS) mitigation solutions.

However, the number of high-volume and high-rate DDoS attacks continued to rise in the first half of 2014 as well.  The report drew on statistical analysis of actual DDoS attacks.

Some of the key findings from the report include:

• Attacks continue to be short in duration with repeated frequency: More than 90 percent of attacks detected lasted less than 30 minutes. This ongoing trend indicates that latency-sensitive websites, such as online gaming, eCommerce and hosting service should be prepared to implement security solutions that support rapid response.
  
• High-rate, high-volume attacks increased: DDoS traffic volume was up overall with a third peaking at over 500Mbps and more than five percent reaching up to 4Gbps. In addition, findings showed that over 50% DDoS attacks were above 0.2Mpps in the first half of 2014, increasing from around 16%. And over 2% of DDoS attacks were launched at a rate of over 3.2Mpps.
  
• Top three DDoS attack methods revealed: HTTP Flood, TCP Flood and DNS Flood were the top three attack types, together making up 84.6 percent of all attacks. DNS Flood attacks held their place as the most popular attack method, accounting for 42 percent of all attacks. While the number of DNS and HTTP Flood attacks decreased, TCP Flood attacks grew substantially.
  
• Increase in ISPs, enterprises and online gaming targets: Attacks targeting ISPs increased by 87.2 percent, enterprises by 100.5 percent and online gaming by 60 percent.
  
• Longest, largest and highest-frequency attacks: The longest single attack lasted nine days and 11 hours, or 228 hours, while the single largest attack in terms of packet-per-second (pps) hit at a volume of 23 million pps. More than 42 percent of attack victims were targeted multiple times while one in every 40 victims was repeatedly hit more than 10 times. The highest frequency of attacks experienced by a single victim was 68 separate DDoS attacks.

“NSFOCUS has maintained a continuous review of DDoS attacks over recent years, and we have observed that the trends constantly change as attacks morph and hacker behavior evolves. To stay ahead of these trends, we strongly encourage our customers to take a defensive approach in identifying and mitigating these threats before they happen,” stated Terence Chong, Solutions Architect, NSFOCUS.

http://www.nsfocus.com

Read More