The Internet services of 500 customers, including banks and airlines, were inaccessible for several hours due to a breakdown at Akamai. This was not a cyber attack but a technical problem. The problems were caused by a mishandling of Akamai's DdoS protection service.

Among the customers affected are three major Australian banks: Commonwealth Bank of Australia, Westpac and ANZ. Australia Post was also affected, as was the airline Virgin Australia.

The latest major internet outage occurred last week and was caused by CDN Fastly. Many people were affected by the outage, including Europe.

 Read the article

Source : Kulture Geek

On October 16th , the Google Cloud team revealed a DDoS attack that targeted the Google service in September 2017. Having reached 2.54 Tbps, this is the largest DDoS attack recorded to date.

Researchers at Google's Threat Analysis Group (TAG) claim that this attack came from China, as it originated from the network of four Chinese Internet Service Providers (ASN 4134, 4837, 58453 and 9394).

Google Cloud reliability and security engineer Damian Menscher says the spike was the "culmination of a six-month campaign" that used multiple attack methods to hammer Google's server infrastructure. "The attacker used multiple networks to spoof 167 Mp/s (millions of packets per second) from 180,000 exposed CLDAP, DNS and SMTP servers, which then sent us significant responses".

Google revealed the incident last week for various reasons. Firstly, to raise awareness of the growing trend of state-sponsored groups of cyber attackers. But also to warn that DDoS attacks will intensify in the coming years as the bandwidth available to the Internet increases.

 Read the article

Source : ZDNet

The fixed Internet access service provided by SFR and Bouygues Telecom was unavailable for several hours last week. Indeed, the DNS (Domain Name System) servers of several operators were affected. "The DNS servers are used by all companies. It's a bit like a telephone directory. They translate the domain name of a website into an IP address to talk to it. So they have a key role as gatekeepers. They are often among the Top 3 critical applications for ISPs," explains Ronan David, head of strategy at Efficient IP.

The inability to connect, for most SFR and Bouygues Telecom customers last Tuesday, results from the fact that you use an operator's DNS servers by default when you subscribe to its fixed Internet access service. However, they could have connected to other DNS servers by configuring the network connection of their box because the DNS servers are always ready to communicate with everyone. And this is their weakness. "Since they are by definition very open, they are also very vulnerable. They are therefore prime targets for hackers," says Ronan David.

This type of aggression is common among ISPs, but SFR and Bouygues Telecom consider it particularly virulent. According to the Dutch DDoS protection organization NBIP, the DDoS (or denial of service) attack has also affected other ISPs in Belgium and the Netherlands. It recorded volumetric peaks of nearly 300 Gbit/s in volume. A level well above the average. Ronan David confirms, "The volume of 89% of DDos DNS attacks is below 50 Gbit/s. Here, it was up to 300 Gbit/s, six times more than usual. This is completely atypical."

This was a reflection attack, for example. "In the case of a DDos type DNS attack by amplification, there is one target, the DNS server, and then there is reflection, which means that other DNS servers are used to amplify the attacks and overwhelm the target server with requests so that it is no longer available," explains Ronan David.

Were other ISPs' DNS servers used to amplify the attack? Were SFR and Bouygues Telecom specifically targeted, or was their failure a collateral damage of a larger operation? Mystery, but this prospect would be daunting for all operators.

Another enigma remains to be solved: who are the attackers? Several hypotheses can be put forward. It could be a rogue gang... Unless the objective was political: to test communications and bring down an Internet gateway. In this case, it could be hostile foreign powers.

 Read the article

Source : 01net