Sophos: Anatomy of the massive cyberattack (update)

  • Technology
  • Thursday, 28 Mar 2013

Security solutions provider Sophos has issued a press statement on a story that has been developing over the last few days.

According to the company, about a week ago, a questionable Internet hosting provider in The Netherlands called Cyberbunker “took umbrage” with SpamHaus, a non-profit organisation that was founded to take on spammers and the Internet hosts who profit from such activities.

Cyberbunker caters to customers “who are unwanted by or afraid to use traditional web hosts because of the activities they are involved in.”

According to Sophos, Cyberbunker’s target markets are copyright abusers, spammers and malware malcontents, with the exception of child porn and terrorism sites.

Because Cyberbunker was added to Spamhaus’ blacklist of questionable hosts, an attempt was made to take Spamhaus offline in retribution by performing a so-called distributed denial of service attack (DDoS).

Here’s a list of questions and answers provided by Sophos on the nature and extent of this attack and how it allegedly affects Internet users in general.

How big is the attack? At times it has been reported to be as large as 300 gigabits-per-second. Traditionally even large botnets are only able to deliver hundreds of megabits or a few gigabits per second.

What is so special about this attack? It is a large scale DNS reflection attack that takes advantage of misconfigured DNS servers to amplify the power of a much smaller botnet.

Cloudflare, an anti-DDoS provider, was hired by Spamhaus to protect their systems (which remain online). They have reported that in a much smaller attack in late 2012 more than 68,000 DNS servers were utilised in a single attack.

How big is this problem? The Open Resolver Project reports more than 21.7 million insecure/misconfigured DNS servers on the IPv4 internet today.

Why does this make my internet slow? Many of the primary internet backbones (tier 1 service providers) are being overwhelmed by the volume of traffic from this attack. This can make access to some sites slow or even temporarily impossible during peak attack volumes. These sites and providers could be considered collateral damage.

What can you do? If you are a regular user of the Internet, not much. Don’t panic, your data is safe you are simply being denied service or experiencing delays.

Sophos asserts that currently the Internet slowdown will only be affecting users in Europe and North America, which means that Malaysians will likely not notice any difference in this regard.

Star Bytz will post more information as it becomes available.

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 7
Cxense type: free
User access status: 3

Technology , Sophos , cyberattacks , Spamhaus


What do you think of this article?

It is insightful
Not in my interest

Across The Star Online