Pentagon to Wage War on DDOS Attacks

Uploaded on 2015-09-09 in NEWS-Cybersecurity News, GOVERNMENT-Defence, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

ddos-timeline-100255289-orig.jpg

By next spring, researchers are expected to unveil new tools enabling the U.S. Defense Department to make a rapid response to distributed denial-of-service attacks. 

The Pentagon has in mind a three-pronged counterattack against a decades-old form of cyber assault that continues to paralyze government and industry networks, despite its low cost of sometimes $10 a hit.

Beginning next spring, military-funded researchers are scheduled to produce new tools that would quickly enable organizations to bounce back from so-called distributed denial-of-service attacks. A recovery rate of at most 10 seconds is the goal, according to the Defense Department.

Today, attackers have a relatively easy time aiming bogus traffic at computer servers to knock them offline. One reason is that computer systems often are consolidated, making for a wide target area. Another weakness is the predictable behavior of systems that support Web services. And finally, certain types of DDoS attacks that evince little malicious traffic go undetected. 

Researchers chosen by the Defense Advanced Research Projects Agency will attempt to deny attackers such openings through a three-year program called Extreme DDoS Defense, according to Pentagon officials. The tentative start date is April 1, 2016. 

The stability of agency operations, banking, online gaming and many other daily activities are at stake here.
A DDoS attack against Estonia in 2007 allegedly orchestrated by Russian-backed hackers downed government and industry Internet access nationwide for two weeks. More recently, crooks have begun offering Luddites DDoS-for-hire services at subscription rates of $10-$300 a month, according to journalist Brian Krebs. 

Lizard Squad, a major provider, allegedly was behind several persistent attacks on online gaming services Xbox and PlayStation. A string of 2011 cyber assaults against Wall Street banks, including Capital One and SunTrust Banks, was attributed to Iranian hackers.

Just this month, at the annual Black Hat security conference in Las Vegas, Trend Micro researchers said they observed attackers trying to overpower systems in Washington that monitor the physical security of gas pumps. Luckily, the devices were fake “honeypot” traps.
“Responses to DDoS attacks are too slow and manually driven, with diagnosis and formulation of filtering rules often taking hours to formulate and instantiate. In contrast, military communication often demands that disruptions be limited to minutes or less,” DARPA officials said in an Aug. 14 announcement about the new program.

The funding level for the project was not disclosed, but multiple grants are expected to be awarded. Interested researchers must submit proposals by noon Oct. 13. 

XD3 will endeavor to thwart DDoS attacks by “dispersing cyber assets” in facilities and on networks, officials said. Currently, the problem is that cloud computing arrangements and other critical infrastructure systems “rely heavily on highly shared, centralized servers and data centers,” they added.
The new tools also will try “disguising the characteristics and behaviors of those assets” to complicate the planning of DDoS launches, officials said.

The trick with so-called “low-volume” DDoS attacks is they do not look like traffic overloads. The external computer messages seem benign but are actually exhausting a system’s memory or processors. One workaround here might be sharing information among systems that then can “decide collectively whether attacks have occurred, and/or to determine what mitigations might be most effective,” officials said.
One group of XD3 researchers will be assigned to inspect the designs for unintended security holes.
Anyone wanting to be a reviewer must hold a top-secret clearance, according to the contract rules.
“The objective of design reviews is the proactive identification of weaknesses and vulnerabilities that would reduce the effectiveness of DDoS attack detection or mitigation,” officials said. The idea also is to “apprise performers of potential DDoS attack methods or features that they might not have considered.”

DefenseOne: http://http://bit.ly/1ISZeHI

« Pentagon Increasing Drone Flights By 50%
Hackers Target Saudi Government Websites »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

NuHarbor Security

NuHarbor Security

NuHarbor is a leading information security consulting and advisory firm specializing in Information Security, Compliance, and Risk Management.

iStorage

iStorage

iStorage is the leading global provider of PIN Activated, hardware encrypted, portable data storage solutions.

2Secure

2Secure

2Secure is one of Sweden's largest private security companies. Service inlcude personal security, corporate security, information and cyber security.

PerimeterX

PerimeterX

PerimeterX is the leading provider of solutions that secure digital businesses against automated fraud and client-side attacks.

Information Technology & Cyber ​​Security Service (STISC) - Moldova

Information Technology & Cyber ​​Security Service (STISC) - Moldova

STISC is a public institution whose purpose is to ensure the administration, maintenance and development of the information technology infrastructure in Moldova.

Expanse

Expanse

Expanse SaaS-delivered products plus service expertise reduce your internet edge risk to prevent breaches and successful attacks.

RUSCADASEC

RUSCADASEC

RUSCADASEC is an independent non-profit initiative on developing the open Russian-speaking international community of industrial cyber security/ICS/SCADA cyber security professionals.

Panorays

Panorays

Panorays automates third-party security lifecycle management. It is a SaaS-based platform, with no installation needed.

Cyber Wales

Cyber Wales

Cyber Wales provides a focus and forum for everyone in the industry, helping businesses come together and collaborate both within Wales and internationally.

Dynics

Dynics

The Dynics ICS-Defender is an Industrial Control System Security Appliance for OT or OT/IT convergent environments.

Stairwell

Stairwell

Stairwell is building a new approach to cybersecurity around a vision that all security teams should be able to determine what’s good, what’s bad, and why.

ZINAD IT

ZINAD IT

ZINAD is an information security company offering state-of-the-art cybersecurity awareness products, solutions and services.

TempoCap

TempoCap

TempoCap is a European growth-stage technology fund with offices in London and Berlin. We invest across a variety of high- growth sectors including cybersecurity.

QuantumCTek

QuantumCTek

PT Kubus Hitam Indonesia

PT Kubus Hitam Indonesia

Kubus Hitam are a research-based company focused on cyber security. we strongly believe that innovation and safety are the two keywords for the future business market.

Indevtech

Indevtech

Indevtech has been serving Hawaii since 2001, providing end-to-end managed IT services to small- and medium-businesses.