Annual Security Survey – Call for Participation

ASERT team

It’s that time again! Arbor Networks is opening its 12th annual Worldwide Infrastructure Security Report survey. Findings from this survey are compiled and analyzed to provide insights on a comprehensive range of issues from threat detection and incident response to staffing, budgets and partner relationships.  A copy of the report will be sent to all participants. We […]

DDoS Attacks in the Wake of French Anti-terror Demonstrations

Kirk Soluk

On January 15th, France’s chief information systems defense official, Adm. Arnaud Coustilliere, announced a sharp rise in online attacks against French web sites: “Calling it an unprecedented surge, Adm. Arnaud Coustilliere, head of cyberdefense for the French military, said about 19,000 French websites had faced cyberattacks in recent days, …” [1]. As we’ve done in […]

DDoS Activity in the Context of Hong Kong’s Pro-democracy Movement

Kirk Soluk

In early August, we examined data demonstrating a striking correlation between real-world and online conflict [1], which ASERT tracks on a continual basis [2-7]. Recent political unrest provides another situation in which strong correlative indicators emerge when conducting time-series analysis of DDoS attack data. The latest round of pro-democracy protests in Hong Kong began on […]

The Revolution Will Be Written in Delphi

Dennis Schwarz

Since it has been a little while since we profiled a DDoS botnet family on the blog, let’s take a look at Trojan.BlackRev (also known as the “Black Revolution” trojan.) It was named for the Mutex set in early versions of the malware. This family is interesting from a research perspective because there are at […]

Estonia, six years later

Dan Holden

In April 2007, the Estonian government decided to relocate the Bronze Warrior, a Soviet World War II memorial located in Tallinn, as well as the remains of some Soviet WWII soldiers buried nearby. This decision caused great offense in Russia, starting at the top. Russian president Vladimir Putin said, “I find that this is an absolutely short-sighted […]

Syria taken offline

Darren Anstee

ATLAS is Arbor Networks innovative, one-of-a-kind Internet monitoring system. ATLAS is a collaborative effort with 250+ ISPs globally who have agreed to share anonymous traffic data on an hourly basis (leveraging Arbor’s technology that sits on ISP networks), together with data from Arbor dark address monitoring probes, as well as third-party and other data feeds. […]

Scavenging Connections On Dynamic-IP Networks Redux

Dennis Schwarz

While a lot has changed since Seth McGann’s 1998 Phrack magazine article “Scavenging Connections On Dynamic-IP Networks,” it’s not hard to extrapolate his idea into modern day malware sinkholes. In this blog post we would like to share some of the connections scavenged over a short period from the No-IP dynamic DNS network–a network we […]

Lessons learned from the U.S. financial services DDoS attacks

By Dan Holden and Curt Wilson of Arbor’s Security Engineering & Response Team (ASERT) During the months of September and October we witnessed targeted and very serious DDoS attacks against U.S. based financial institutions. They were very much premeditated, focused, advertised before the fact, and executed to the letter. In the case of the September […]