Network-layer DDoS attack trends for Q3 2020

Network-layer DDoS attack trends for Q3 2020
Network-layer DDoS attack trends for Q3 2020

DDoS attacks are surging — both in frequency and sophistication. After doubling from Q1 to Q2, the total number of network layer attacks observed in Q3 doubled again — resulting in a 4x increase in number compared to the pre-COVID levels in the first quarter. Cloudflare also observed more attack vectors deployed than ever — in fact, while SYN, RST, and UDP floods continue to dominate the landscape, we saw an explosion in protocol specific attacks such as mDNS, Memcached, and Jenkins DoS attacks.

Here are other key network layer DDoS trends we observed in Q3:

  • Majority of the attacks are under 500 Mbps and 1 Mpps — both still suffice to cause service disruptions
  • We continue to see a majority of attacks be under 1 hr in duration
  • Ransom-driven DDoS attacks (RDDoS) are on the rise as groups claiming to be Fancy Bear, Cozy Bear and the Lazarus Group extort organizations around the world. As of this writing, the ransom campaign is still ongoing. See a special note on this below.

Number of attacks

The total number of L3/4 DDoS attacks we observe on our network continues to increase substantially, as indicated in the graph below. All in all, Continue reading

Giant space antenna designed to beam 5G to Earth

Cambridge Consultants is working to deliver the largest airborne communications antenna available commercially.The technology consultancy and product development firm, which part of Capgemini, has built a functioning, scaled-down version of a wireless antenna designed to beam connectivity from the sky. The prototype, announced this month, is part of a four-year project with UK-based start-up Stratospheric Platforms Limited (SPL).SPL is developing a High-Altitude Platform (HAP) and communication system that's designed to deliver affordable, fast connectivity. The HAP aircraft system, as envisaged, would beam its Internet from the stratosphere, which is the second major layer of Earth's atmosphere. The aircraft, with a 60-meter wingspan, would be powered by hydrogen and could deliver nine days of flight stamina. Each HAP could supply coverage over an area of up to 140 kilometres in diameter, and around 60 aircraft could blanket a country the size of the U.K., according to Cambridge Consultants.To read this article in full, please click here

Why Is OSPF not Using TCP?

A Network Artist sent me a long list of OSPF-related questions after watching the Routing Protocols section of our How Networks Really Work webinar. Starting with an easy one:

From historical perspective, any idea why OSPF guys invented their own transport protocol instead of just relying upon TCP?

I wasn’t there when OSPF was designed, but I have a few possible explanations. Let’s start with the what functionality should the transport protocol provide reasons:

Read more …

Why Is OSPF not Using TCP?

A Network Artist sent me a long list of OSPF-related questions after watching the Routing Protocols section of our How Networks Really Work webinar. Starting with an easy one:

From historical perspective, any idea why OSPF guys invented their own transport protocol instead of just relying upon TCP?

I wasn’t there when OSPF was designed, but I have a few possible explanations. Let’s start with the what functionality should the transport protocol provide reasons:

Read more …

German IoT startup Dryad wants to help prevent forest fires

A German startup wants to use IoT sensors and a wireless-mesh network to detect forest fires within 10 minutes to an hour of when they start as opposed to the hours or even days it can take using current methods based on thermal imaging, satellite surveillance and human smoke spotters.Dryad Networks is developing sensors to detect gases associated with forest fires and engineering how to network them using LoRaWAN and other wireless technologies so the data they gather can be analyzed in the company’s cloud.The sensors are best placed about 10 feet off the ground in trees, secured by screws, making it more difficult for people or wildlife to disturb them and ensuring they won’t be obscured by grass or fallen leaves, according to founder and CEO Carsten Brinkschulte, a veteran of Apple and SAP.To read this article in full, please click here

Threat Intelligence Report: Targeted Snake Ransomware

In the last few weeks, VMware NSX threat telemetry revealed the submission of a Windows executable Ransomware sample, written in Go, which is related to the Snake Ransomware family.

This ransomware specifically targeted the Honda network, and was found to be quite sophisticated. The ransomware appears primarily to be targeting servers, as it has logic to check for the type of host it is infecting, and it attempts to stop many server-specific services/processes. Hard-coded strings are encrypted, source code is obfuscated, and the ransomware attempts to stop anti-virus, endpoint security, and server log monitoring and correlation components. This ransomware family has ties to Iran and has historically been observed targeting critical infrastructure such as SCADA and ICS systems. More recently, the malware has been observed targeting healthcare organizations. Most interestingly, and unlike other variants, the malware analyzed in this threat report does not drop any ransom note to desktop machines.

To learn more, read our Targeted Snake Ransomware Report.

The post Threat Intelligence Report: Targeted Snake Ransomware appeared first on Network and Security Virtualization.

InfiniBand Is Still Setting The Network Pace For HPC And AI

If this is the middle of November, even during a global pandemic, this must be the SC20 supercomputing conference and there either must be a speed bump that is being previewed for the InfiniBand interconnect commonly used for HPC and AI or it is actually shipping in systems.

InfiniBand Is Still Setting The Network Pace For HPC And AI was written by Timothy Prickett Morgan at The Next Platform.

On the Road to Better Routing Security: What Are MENA’s Next Steps?

In a region with a wealth of resources and network expertise but a higher than average number of global routing incidents, the Mutually Agreed Norms for Routing Security (MANRS) initiative can help networks champion a more secure routing environment.

Networks in the Middle East and North Africa (MENA) region fall between two regional Internet registries: Réseaux IP Européens Network Coordination Centre (RIPE NCC) and African Network Information Centre (AFRINIC). This gives these networks access to many resources and tools that support them to adopt best practices in routing security, including resource public key infrastructure (RPKI). There’s also great technical expertise in the region, with specialists working to keep more than 800 MENA-based networks up and running.

The region is, however, over represented in terms of routing incidents. Despite representing only 1.18% of all the networks visible on the Internet, the region has been responsible for 2.5-3% of global routing incidents so far this year as of October. Last month, the MANRS Observatory recorded 24 routing incidents from 22 networks in the region. The incidents range from Bogon announcements to more serious route leaks and route mis-originations, as detailed in the screen capture from MANRS Observatory above.

MANRS for Continue reading

Technologies that Didn’t: Asynchronous Transfer Mode

One of the common myths of the networking world is there were no “real” networks before the early days of packet-based networks. As myths go, this is not even a very good myth; the world had very large-scale voice and data networks long before distributed routing, before packet-based switching, and before any of the packet protocols such as IP. I participated in replacing a large scale voice and data network, including hundreds of inverse multiplexers that tied a personnel system together in the middle of the 1980’s. I also installed hundreds of terminal emulation cards in Zenith Z100 and Z150 systems in the same time frame to allow these computers to connect to mainframes and newer minicomputers on the campus.

All of these systems were run through circuit-switched networks, which simply means the two end points would set up a circuit over which data would travel before the data actually traveled. Packet switched networks were seen as more efficient at the time because the complexity of setting these circuits up, along with the massive waste of bandwidth because the circuits were always over provisioned and underused.

The problem, at that time, with packet-based networks was the sheer overhead of switching Continue reading

Rate Limiting by the Numbers

As a critical part of Docker’s transition into sustainability, we’ve been gradually rolling out limits on docker pulls to the heaviest users of Docker Hub. As we near the end of the implementation of the rate limits, we thought we’d share some of the facts and figures behind our effort. Our goal is to ensure that Docker becomes sustainable for the long term, while continuing to offer developers 100% free tools to build, share, and run their applications.

We announced this plan in August with an effective date of November 1. We also shared that “roughly 30% of all downloads on Hub come from only 1% of our anonymous users,” illustrated in this chart:

This shows the dramatic impact that a very small percentage of anonymous, free users have on all of Docker Hub. That excessive usage by just 1%–2% of our users results not only in an unsustainable model for Docker but also slows performance for the other 98%–99% of the 11.3 million developers, CI services, and other platforms using Docker Hub every month. Those developers rely upon us to save and share their own container images, as well as to pull images from Docker Verified Publishers Continue reading

Anchoring Trust: A Hardware Secure Boot Story

Anchoring Trust: A Hardware Secure Boot Story
Anchoring Trust: A Hardware Secure Boot Story

As a security company, we pride ourselves on finding innovative ways to protect our platform to, in turn, protect the data of our customers. Part of this approach is implementing progressive methods in protecting our hardware at scale. While we have blogged about how we address security threats from application to memory, the attacks on hardware, as well as firmware, have increased substantially. The data cataloged in the National Vulnerability Database (NVD) has shown the frequency of hardware and firmware-level vulnerabilities rising year after year.

Technologies like secure boot, common in desktops and laptops, have been ported over to the server industry as a method to combat firmware-level attacks and protect a device’s boot integrity. These technologies require that you create a trust ‘anchor’, an authoritative entity for which trust is assumed and not derived. A common trust anchor is the system Basic Input/Output System (BIOS) or the Unified Extensible Firmware Interface (UEFI) firmware.

While this ensures that the device boots only signed firmware and operating system bootloaders, does it protect the entire boot process? What protects the BIOS/UEFI firmware from attacks?

The Boot Process

Before we discuss how we secure our boot process, we will first Continue reading

SD-WAN needs a dose of AIOps to deliver automation

Software-defined WAN (SD-WAN) is getting a big boost from AIOps as vendors look to simplify operations, lower costs, and optimize WAN performance in the modern cloud era.SD-WAN decouples the control aspect of a network from the hardware to create a virtualized network overlay, while AIOps applies machine learning and data analytics to IT operations to automate processes. The convergence of the two – a.k.a. AI-driven WAN – promises to usher in a new era of WAN networking that enables IT to go beyond optimizing network and application experiences to delivering the best experiences to individual users. To read this article in full, please click here

How Fast Can We Detect a Network Failure?

In the introductory fast failover blog post I mentioned the challenge of fast link- and node failure detection, and how it makes little sense to waste your efforts on fast failover tricks if the routing protocol convergence time has the same order of magnitude as failure detection time.

Now let’s focus on realistic failure detection mechanisms and detection times. Imagine a system connecting a hardware switching platform (example: data center switch or a high-end router) with a software switching platform (midrange router):

Read more …

How Fast Can We Detect a Network Failure?

In the introductory fast failover blog post I mentioned the challenge of fast link- and node failure detection, and how it makes little sense to waste your efforts on fast failover tricks if the routing protocol convergence time has the same order of magnitude as failure detection time.

Now let’s focus on realistic failure detection mechanisms and detection times. Imagine a system connecting a hardware switching platform (example: data center switch or a high-end router) with a software switching platform (midrange router):

Read more …

World’s fastest supercomputers: Fugaku is still No. 1 at 3X the speed of No. 2

The latest semiannual TOP500 list of the world's fastest supercomputers is topped by Fugaku, the same machine that won in June. Built by Fujitsu, Fugaku is three times as fast as its nearest rival.TOP500 says that competition for its list seems to be lessening, with the full list of 500 systems having the fewest number of new entries since the organization started its tracking. The list is updated every June and November and has tracked the development of supercomputer performance and architecture since 1993. Nevertheless, two brand new systems managed to break into the top 10 list on their first try.To read this article in full, please click here

1 848 849 850 851 852 3,842