Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Largest Attack on Record Slowing Internet: Security Experts

‘Bazooka’ Attacks Slowing Internet: Security Experts

WASHINGTON, March 27, 2013 (AFP) – The Internet may have been slowed by one of the largest cyber attacks ever seen, which targeted a European group that patrols the Web for spam, security experts said Wednesday.

‘Bazooka’ Attacks Slowing Internet: Security Experts

WASHINGTON, March 27, 2013 (AFP) – The Internet may have been slowed by one of the largest cyber attacks ever seen, which targeted a European group that patrols the Web for spam, security experts said Wednesday.

The attacks targeted Spamhaus, a Geneva-based volunteer group that publishes spam blacklists which are used by networks to filter out unwanted email, and led to cyberspace congestion which may have affected the overall Internet, according to Matthew Prince of the US security firm CloudFlare.

The attacks began last week, according to Spamhaus, after it placed on its blacklist the Dutch-based Web hosting site Cyberbunker, which claimed it was unfairly labeled as a haven for cybercrime and spam.

While the origin of the attacks has not been identified, some experts pointed the finger at Cyberbunker, possibly in coordination with Eastern European cyber-criminals.

CloudFlare, which was called for assistance by Spamhaus, said the attackers changed tactics after the first layer of protection was implemented last week.

“Rather than attacking our customers directly, they started going after the network providers CloudFlare uses for bandwidth,” Prince said.

“Once the attackers realized they couldn’t knock CloudFlare itself offline… they went after our direct peers.”

Advertisement. Scroll to continue reading.

Prince said the so-called denial of service attack, which essentially bombards sites with traffic in an effort to disrupt, was “one of the largest ever reported.”

Over the last few days, he added, “we’ve seen congestion across several major Tier 1 (networks), primarily in Europe where most of the attacks were concentrated, that would have affected hundreds of millions of people even as they surfed sites unrelated to Spamhaus or CloudFlare.”

“If the Internet felt a bit more sluggish for you over the last few days in Europe, this may be part of the reason why,” he said in a blog post.

Prince noted that these attacks used tactics different than the “botnets” — these came from so-called “open resolvers” which “are typically running on big servers with fat pipes.”

Related ReadingCyberattack Capable of Downing Entire Internet Is Unlikely

“They are like bazookas and the events of the last week have shown the damage they can cause,” he said. “What’s troubling is that, compared with what is possible, this attack may prove to be relatively modest.”

A spokesman for the network security firm Akamai meanwhile told AFP that based on the published data, “the attack was likely the largest publicly acknowledged attack on record.”

“The cyber attack is certainly very large,” added Johannes Ullrich of US-based SANS Technology Institute, saying it was “a factor of 10 larger than similar attacks in the recent past.”

“But so far, I can’t verify that this affects Internet performance overall,” he told AFP.

Spamhaus, which also has offices in London, essentially patrols the Internet to root out spammers and provides updated lists of likely spammers to network operators around the world.

CloudFlare estimates that Spamhaus “is directly or indirectly responsible for filtering as much as 80 percent of daily spam messages.”

The attacks began after Spamhaus blacklisted Cyberbunker, a Web hosting firm which “offers anonymous hosting of anything except child porn and anything related to terrorism.”

Cyberbunker denounced the move on its blog.

“According to Spamhaus, CyberBunker is designated as a ‘rogue’ host and has long been a haven for cybercrime and spam,” the Cyberbunker statement said.

“Of course Spamhaus has not been able to prove any of these allegations.”

Prince said of the latest incident: “While we don’t know who was behind this attack, Spamhaus has made plenty of enemies over the years… We’re proud of how our network held up under such a massive attack and are working with our peers and partners to ensure that the Internet overall can stand up to the threats it faces.”

Related Reading: Cyberattack Capable of Downing Entire Internet Is Unlikely, Experts Say

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

A zero-day vulnerability named HTTP/2 Rapid Reset has been exploited to launch some of the largest DDoS attacks in history.