Tim Greene
Author Archives: Tim Greene
- Home → Author's archive:
Tim Greene
0
DDoS attack overwhelmed Dyn despite mitigation efforts
Dyn says that the DDoS attack that swamped its DNS resolution service last week was backed by far fewer internet of things (IoT) devices than it thought before. Previously it said it was hit by traffic from tens of millions of IP addresses, some of which were likely spoofed, making the actual number of bots involved far fewer. “We are still working on analyzing the data but the estimate at the time of this report is up to 100,000 malicious endpoints,” the company says in a status update. The attacks, which knocked out access to some high-profile Web sites, threw as many packets at Dyn’s infrastructure as it could and the company responded with its own mitigation actions as well as cooperation from upstream internet providers who blocked some of the attack flow. “These techniques included traffic-shaping incoming traffic, rebalancing of that traffic by manipulation of [DNS querying] anycast policies, application of internal filtering and deployment of scrubbing services,” the company says.To read this article in full or to leave a comment, please click here
0
DDoS attack overwhelmed Dyn despite mitigation efforts
Dyn says that the DDoS attack that swamped its DNS resolution service last week was backed by far fewer internet of things (IoT) devices than it thought before. Previously it said it was hit by traffic from tens of millions of IP addresses, some of which were likely spoofed, making the actual number of bots involved far fewer. “We are still working on analyzing the data but the estimate at the time of this report is up to 100,000 malicious endpoints,” the company says in a status update. The attacks, which knocked out access to some high-profile Web sites, threw as many packets at Dyn’s infrastructure as it could and the company responded with its own mitigation actions as well as cooperation from upstream internet providers who blocked some of the attack flow. “These techniques included traffic-shaping incoming traffic, rebalancing of that traffic by manipulation of [DNS querying] anycast policies, application of internal filtering and deployment of scrubbing services,” the company says.To read this article in full or to leave a comment, please click here
0
Was the Dyn DDoS attack actually a script kiddie v. PSN?
The massive DDoS attack that disrupted the internet address-lookup service Dyn last week was perhaps pulled off by a script kiddie targeting PlayStation Network and using Mirai malware to assemble a massive IoT botnet, according to research by Flashpoint.“Flashpoint assesses with moderate confidence that the most recent Mirai attacks are likely connected to the English-language hacking forum community, specifically uses and reads of the forum “hackforums.net,” according to a blog by Allison Nixon, director of security research at Flashpoint.She says the company has discovered the infrastructure used in the Dyn attack also targeted “a well-known video game company” that she doesn’t name. A post on hackforums.net seems to agree with this possibility. It indicates the target was PlayStation Network and that Dyn was hit because it provides DNS services to PSN. Going after the name servers (NS) that provide lookups for PSN would prevent traffic from reaching PSN.To read this article in full or to leave a comment, please click here
0
Was the Dyn DDoS attack actually a script kiddie v. PSN?
The massive DDoS attack that disrupted the internet address-lookup service Dyn last week was perhaps pulled off by a script kiddie targeting PlayStation Network and using Mirai malware to assemble a massive IoT botnet, according to research by Flashpoint.“Flashpoint assesses with moderate confidence that the most recent Mirai attacks are likely connected to the English-language hacking forum community, specifically uses and reads of the forum “hackforums.net,” according to a blog by Allison Nixon, director of security research at Flashpoint.She says the company has discovered the infrastructure used in the Dyn attack also targeted “a well-known video game company” that she doesn’t name. A post on hackforums.net seems to agree with this possibility. It indicates the target was PlayStation Network and that Dyn was hit because it provides DNS services to PSN. Going after the name servers (NS) that provide lookups for PSN would prevent traffic from reaching PSN.To read this article in full or to leave a comment, please click here
0
Answers to ‘Is the internet broken?’ and other Dyn DDoS questions
The massive DDoS attacks that took down internet address-translation service Dyn and its customers last week raise a lot of need-to-know questions about the overall security of online infrastructure and its performance.While the attacks were ultimately mitigated and have subsided, the means for carrying out others are still viable and could crop up at any time with other targets. Here are some questions and answers that address what happened, how it happened, whether it could happen again and what the consequences might be.Is the internet broken?No, or at least not any more than it was before. It’s made up of a system of independent vendors and institutions working cooperatively to provide access to sites around the world. Each works in its own best interests but also cooperates with the others to make the system work for everybody. Like any such system, it’s got flaws and weaknesses. The Dyn attackers targeted some of these vulnerabilities and exploited them for maximum effect.To read this article in full or to leave a comment, please click here
0
Answers to ‘Is the internet broken?’ and other Dyn DDoS questions
The massive DDoS attacks that took down internet address-translation service Dyn and its customers last week raise a lot of need-to-know questions about the overall security of online infrastructure and its performance.While the attacks were ultimately mitigated and have subsided, the means for carrying out others are still viable and could crop up at any time with other targets. Here are some questions and answers that address what happened, how it happened, whether it could happen again and what the consequences might be.Is the internet broken?No, or at least not any more than it was before. It’s made up of a system of independent vendors and institutions working cooperatively to provide access to sites around the world. Each works in its own best interests but also cooperates with the others to make the system work for everybody. Like any such system, it’s got flaws and weaknesses. The Dyn attackers targeted some of these vulnerabilities and exploited them for maximum effect.To read this article in full or to leave a comment, please click here
0
How the Dyn DDoS attack unfolded
Today's attacks that overwhelmed the internet-address lookup service provided by Dyn were well coordinated and carefully plotted to take down data centers all over the globe, preventing customers from reaching more than 1,200 domains Dyn was in charge of.The attacks were still going on at 7 p.m. Eastern time, according to ThousandEye, a network monitoring service.Dyn’s service takes human-language internet addresses such as www.networkworld.com and delivers the IP addresses associated with them so routers can direct the traffic to the right locations.To read this article in full or to leave a comment, please click here
0
How the Dyn DDoS attack unfolded
Today's attacks that overwhelmed the internet-address lookup service provided by Dyn were well coordinated and carefully plotted to take down data centers all over the globe, preventing customers from reaching more than 1,200 domains Dyn was in charge of.The attacks were still going on at 7 p.m. Eastern time, according to ThousandEye, a network monitoring service.Dyn’s service takes human-language internet addresses such as www.networkworld.com and delivers the IP addresses associated with them so routers can direct the traffic to the right locations.To read this article in full or to leave a comment, please click here
0
Extensive DDoS attack against Dyn restarts, could indicate a new use of old criminal tech
Attacks against DNS service provider Dyn resumed today after a two and a half hour lull, and could indicate a new application of an old criminal technology, experts say.Dyn hasn’t shared details on the type of DDoS attacks used nor the size of those attacks that have affected access to sites including Amazon, Etsy, GitHub, Shopify, Twitter and the New York Times.+More on Network World: Gartner Top 10 strategic technology trends you should know for 2017To read this article in full or to leave a comment, please click here
0
Extensive DDoS attack against Dyn restarts, could indicate a new use of old criminal tech
Attacks against DNS service provider Dyn resumed today after a two and a half hour lull, and could indicate a new application of an old criminal technology, experts say.Dyn hasn’t shared details on the type of DDoS attacks used nor the size of those attacks that have affected access to sites including Amazon, Etsy, GitHub, Shopify, Twitter and the New York Times.+More on Network World: Gartner Top 10 strategic technology trends you should know for 2017To read this article in full or to leave a comment, please click here
0
Russian hacker group used phony Google login page to hack Clinton campaign
A Russian hacking group used spearphishing to steal the Gmail login credentials of Hillary Clinton campaign staff, and that may be how campaign emails now being released were stolen, according to Secure Works. The attack targeted 108 hillaryclinton.com email addresses, and was carried out by a Russian group called Threat Group-4127 (TG-4127), according to Secure Works’ Counter Threat Unit (CTU) blog. CTU can’t directly link the spearphishing operation against the Clinton campaign with the hack of Democratic National Committee emails revealed June 14, but “CTU researchers suspect that TG-4127 used the spearphishing emails or similar techniques to gain an initial foothold in the DNC network. “To read this article in full or to leave a comment, please click here
0
Russian hacker group used phony Google login page to hack Clinton campaign
A Russian hacking group used spearphishing to steal the Gmail login credentials of Hillary Clinton campaign staff, and that may be how campaign emails now being released were stolen, according to Secure Works. The attack targeted 108 hillaryclinton.com email addresses, and was carried out by a Russian group called Threat Group-4127 (TG-4127), according to Secure Works’ Counter Threat Unit (CTU) blog. CTU can’t directly link the spearphishing operation against the Clinton campaign with the hack of Democratic National Committee emails revealed June 14, but “CTU researchers suspect that TG-4127 used the spearphishing emails or similar techniques to gain an initial foothold in the DNC network. “To read this article in full or to leave a comment, please click here
0
IoT botnets powered by Mirai continue to grow
Level 3 Threat Research has noted an uptick in activity by new IoT botnets that are backed by the Mirai malware, with some attacks enlisting 100,000 individual hijacked devices.A significant number of these zombie devices are enslaved by more than one botnet, according to the research described in the Level 3 Beyond Bandwidth blog, and some of these botnets use overlapping infrastructure.Source code for Mirai was released Sept. 30, “which has inspired a significant number of new bad actors, all working to exploit similar pools of vulnerable devices,” the Level 3 researchers write.To read this article in full or to leave a comment, please click here
0
IoT botnets powered by Mirai continue to grow
Level 3 Threat Research has noted an uptick in activity by new IoT botnets that are backed by the Mirai malware, with some attacks enlisting 100,000 individual hijacked devices.A significant number of these zombie devices are enslaved by more than one botnet, according to the research described in the Level 3 Beyond Bandwidth blog, and some of these botnets use overlapping infrastructure.Source code for Mirai was released Sept. 30, “which has inspired a significant number of new bad actors, all working to exploit similar pools of vulnerable devices,” the Level 3 researchers write.To read this article in full or to leave a comment, please click here
0
Cisco fashions tactical ransomware defense
Cisco has taken a look at its security capabilities and those of its partners and come up with a playbook to address ransomware.Ransomware Defense can incorporate a range of Cisco products and address different levels of concern customers might have about ransomware, says Dan Hubbard, the CTO for Cisco’s security business.More on Network World: Cisco Talos: Spam at levels not seen since 2010To read this article in full or to leave a comment, please click here
0
Record IoT DDoS attacks raise bar for defenders
Now that its source code has been released you can expect more attacks from Mirai, the malware behind the largest DDoS attack on record, which was powered by hijacked IoT devices.Since release of that code last week it has been responsible for smaller attacks that look like newcomers experimenting with the malware in preparation for bigger things, say security researchers at Incapsula. “Likely, these are signs of things to come and we expect to deal with Mirai-powered attacks in the near future,” they say in their blog post.That concern is echoed by researchers at F5, who say, “we can definitely expect the IoT DDoSing trend to rise massively in the global threat landscape.”To read this article in full or to leave a comment, please click here
0
Record IoT DDoS attacks raise bar for defenders
Now that its source code has been released you can expect more attacks from Mirai, the malware behind the largest DDoS attack on record, which was powered by hijacked IoT devices.Since release of that code last week it has been responsible for smaller attacks that look like newcomers experimenting with the malware in preparation for bigger things, say security researchers at Imperva. “Likely, these are signs of things to come and we expect to deal with Mirai-powered attacks in the near future,” they say in their blog post.That concern is echoed by researchers at F5, who say, “we can definitely expect the IoT DDoSing trend to rise massively in the global threat landscape.”To read this article in full or to leave a comment, please click here
0
Juniper CEO: On the cusp of transforming economics of optical networking
Juniper Networks CEO Rami Rahim believes his company’s recent purchase of silicon-photonics vendor Aurrion may lead to a major cost reduction for high-speed networking gear.Rahim says he thinks “we are potentially on the cusp of a real breakthrough that will transform the economics of the optics in networking equipment, which obviously will be of great interest to anybody that is building a large, mission-critical network.”The big benefit for customers will be a better price per bit per second in Juniper’s high-speed networking gear, Rahim said in a phone interview during a break from the company’s NXTWORK 2016 (see highlights of the audio interview below). “It will also help Juniper in maintaining its long-term objective for growth margins of our products.”To read this article in full or to leave a comment, please click here
0
Juniper CEO: On the cusp of transforming economics of optical networking
Juniper Networks CEO Rami Rahim believes his company’s recent purchase of silicon-photonics vendor Aurrion may lead to a major cost reduction for high-speed networking gear.Rahim says he thinks “we are potentially on the cusp of a real breakthrough that will transform the economics of the optics in networking equipment, which obviously will be of great interest to anybody that is building a large, mission-critical network.”The big benefit for customers will be a better price per bit per second in Juniper’s high-speed networking gear, Rahim said in a phone interview during a break from the company’s NXTWORK 2016 (see highlights of the audio interview below). “It will also help Juniper in maintaining its long-term objective for growth margins of our products.”To read this article in full or to leave a comment, please click here
0
Waratek upgrades Java protection
Waratek is introducing a feature to its Java-protection platform that enables upgrading to the current version of Java without having to install Java updates or touch the apps running within the Java virtual machine.The latest version of its AppSecurity for Java uses secure virtual containers around the entire Java application stack to apply the security and performance features of the current Java 8 platform’s security and performance levels without having to install Java 8, the company says.The alternative would be to replace the Java Runtime Environment (JRE) and upgrade the application code directly. That would involve taking the application offline while the upgrades are performed.To read this article in full or to leave a comment, please click here