What Are the Most Common Reasons Hackers Will DDoS Sites?

Brian Krebs. OVH. Dyn. And the open-sourcing of the code of the botnet that attacked them. Are you DDoS-defending your business? If not, now is the time.

 

  • A supercharged botnet
  • 7 reasons DDoS is popular among hackers
  • Action to DDoS-defend your business

 

A supercharged botnet

 

The Mirai botnet has been busy lately. In September, it was used for a couple of massive attacks, one against US-based security journalist Brian Krebs, the other against French web host OVH. In October, the network of IoT devices that make up its bot army (some 380,000, according to its purported author) were used to DDoS Dyn and temporarily cripple a large chunk of the internet in the United States.

 

But, unfortunately, it gets worse… much worse. Security thought-leaders are sounding the alarm bell after a hacker publicly released the source code for Mirai. After all, the scope of the DDoS attacks from Mirai are highly disturbing. The one that hit Krebs measured 620 gigabits per second. The one that hit OVH measured 1.1 terabits per second. If you are having trouble grasping that sheer attack volume, it’s understandable: Mirai delivers almost unimaginable information-overload by our current standards.

 

Mirai is getting the press, but Bashlight is the original, explained Dan Goodin of Ars Technica. “Until now, the botnets created with the newer and technically more sophisticated Mirai have been greatly outnumbered by those based on its rival Bashlight,” he said, “with about 233,000 infected devices versus 963,000 respectively.”

 

The release of Mirai’s code – via the user Anna-senpai on Hack Forums (a site that has since been accused of running a DDoS-for-hire service) – is troubling to security pros because easy access means proliferation of gigantic DDoS assaults.

 

The post on Hack Forums, which included links to the Mirai source code and noted that it was time to “GTFO” (direct quote) of IoT DDoS due to increased attention. (Source: Security Affairs)

 

Goodin noted that there has been an increased focus among those who use botnets to target CCTV cameras, routers, thermostats, webcams, and other vulnerable IoT devices. Once formed, the army of slaves is used to extract ransom from victims (in exchange for halting a DDoS).

 

“Both Mirai and Bashlight exploit the same IoT vulnerabilities,” said Goodin, “mostly… weakness involving the telnet remote connection protocol in devices running a form of embedded Linux known as BusyBox.”

 

One reason Mirai has become more prominent, though, is that it encrypts communications it sends to central command (i.e., the master). Also, some believe that the conversion of some 80,000 of the 963K Bashlight devices to Mirai suggests that the newer malware may be overtaking and then patching devices so that other botnets can’t reclaim them.

 

Although the open sourcing of the code is especially troubling, the attack on Dyn should also not be overlooked when we consider the power that is currently in the hands of botnet operators. Mirai successfully sabotaged the DNS provider Dyn and brought its response time to a crawl (or at least a large portion of the attack came from Mirai slaves). According to Michael Kan of Computerworld, many in the security community think that the Dyn DDoS (2 attacks of 130 minutes and 70 minutes, divided by a 2 ½ hour break) was more of a warning shot than an actual siege: it just leveraged 100,000 devices of the half-million or so devices then available.

 

7 reasons DDoS is popular among hackers

 

Why are these attacks becoming such a common form of malicious intrusion?

 

Reason #1 – Easy as 1, 2, 100 thousand

 

One reason DDoS is a go-to for hackers is that it’s simple, and it works. The Dyn attack sidelined household-name web giants such as Spotify, Netflix, Airbnb, and Twitter, all of which use Dyn to connect their site to users.

 

“It doesn’t take particularly advanced hacking skills to block access to those sites,” said Emma Hinchliffe. “It just takes a huge network.”

 

Well, how do you access a huge network? Even before the open sourcing of Mirai, the simplicity of carrying out a DDoS has been troubling to those who protect networks. Through paid services, anyone is able to rent a botnet. In fact, the criminally oriented can even have a stressor or booter service do the dirty work for them.

 

It is often challenging for the security team or law enforcement to track down the booters because they use proxies to assault you from different locations.

 

Reason # 2 – Cash for peace

 

DDoS-for-ransom, a form of extortion, has been on the rise over the last few years. Essentially you get barraged by traffic, see your site go down, and then get a note letting you know that you can regain your smoothly functional site for a certain amount of Bitcoin.

 

Security experts recommend never paying the attackers because there is no guarantee they won’t do it again and because it feeds the growth of the problem; however, some site owners feel they have no choice to get their own revenue coming in again.

 

Reason #3 – Slash-and-burn competition

 

What’s one way to outperform the rivals in your industry? Well, you could make it impossible for them to operate.

 

“Just small amounts of downtime can end up costing a company thousands [or millions] of dollars,” noted Christian Sager. “It can also promote negative associations with a brand, so that customers no longer trust their services.”

 

Reason #4 – Hacktivism

 

DDoS isn’t always just about pummeling someone for money. It’s also a way that some actors use to voice dissent. South Korea, the U.S., Russia, and Georgia have historically been DDoS targets. Keep in mind that many of these attacks are thought to be perpetrated by other nations – which makes them more cyberwarfare than citizen protest. However, individuals do sometimes DDoS governments or companies because they disagree with them ethically.

 

Reason #5 – Rise of the “script kiddy”

 

Some of those behind DDoS events have been given the derisive name “script kiddies,” highlighting the fact that they lack technical skills (instead grabbing a script in a forum) and have what are viewed as immature intentions.

 

For instance, game publishers are sometimes DDoSed immediately following an update, because an irritated player believes they “nerfed” the best part.

 

“Also, let’s be honest, being able to take out a company from your bedroom is probably amusingly empowering in a David and Goliath sort of way,” said Sager. “Today’s DDoS is yesterday’s vandalism.” (Note that he made these comments in 2014, when DDoS was much less destructive and economically devastating than it is today.)

 

Reason #6 – The overpowering decoy

 

A DDoS is certainly more uncontrollable than a fake duck that you can throw in your hunting bag, but it is sometimes a decoy in the sense of a distraction. In these cases, the directness and crudeness of a DDoS is used as a cover for a more technical, surgical hack. A landmark incident of this Ocean’s-11-style assault occurred in 2013, when a botnet operator slammed the Bank of the West with fraudulent requests while they entered an account and withdrew $900K.

 

Reason #7 – This is only a test…

 

A company will occasionally force itself offline – whether by accident or when intentionally resilience-testing their systems.

 

Action to DDoS-defend your business

 

In the post-open-sourcing of Mirai, heavyweight DDoS has become more widely available than ever before. And people continue to have various reasons to want to crash websites.

 

In this increasingly volatile climate, are you DDoS-defended? At KnownHost, we offer complimentary DDOS protection on all VPS and SSD VPS product lines. See how you’re protected.

Read More

Why Managed Hosting is the Way to Go for Business

Business owners know the value of options. Options foster competition and allow consumers to choose the best service for the best price. But, as we all know, that cheapest option often isn’t the best one. “You get what you pay for” is a saying for a reason. If you’re a small business owner looking to get a website up and running, it’s obvious that you want to keep your overhead low. But before you pull the trigger on that $1.99/month hosting deal, there’s quite a bit you should know. Not all hosting solutions are created equal. Not only do you need to decide on the type of server (or portion of a server, as it were) that you’ll need, but also how much work you’re willing to put in to manage it. Decisions like opting for a VPS or dedicated server are important, but you also need to decide how much of the work you want to do maintaining them.

 

Hosting companies offer two main kinds of hosting plans regardless of the hardware you choose: managed and unmanaged. There is a big difference between the two and business owners in particular should take note. It’s important to make an educated decision. Let’s take a look at them.

 

Unmanaged

 

Unmanaged hosting is what you think it would be. You get the keys to the place and you’re on your own. What this can look like is simply server space with an operating system. That’s it. You’ll need to install your software yourself. Now, you might be thinking “That’s no problem. I’ve installed WordPress before.” But, when one says server space and operating system, that is literally it. There’s a good chance you’ll need to actually install things like Apache or PHP yourself. It’s safe to say “freedom” comes with some trade-offs.

 

Now, you might be asking yourself who would want to use unmanaged hosting if you receive little to no help from your hosting company to perform even rudimentary tasks. There are a few scenarios where you would want to go the unmanaged route. The first is pretty cut and dry: to save money. If you’re pinching pennies and need the absolute cheapest plan, yes unmanaged hosting is the most cost-effective option. Again, you’re getting what you pay for. But if you can hack it, this is an option. Another reason why you’d want to opt for unmanaged hosting is you enjoy having near absolute freedom and would prefer to set up a server environment to your own specifications. If you’re a Linux user in your day to day life and feel at home working via the command line, it’s doable. The last reason you may want (or need, in this particular case) an unmanaged server is you’re trying to run specialized software that requires very specific server parameters your hosting company is unable or unwilling to execute.

 

The bottom line is, unmanaged servers make sense for web developers or those with a computer science degree. If you’re a tinkerer, go for it. However, for the majority of users, the next section will be of particular interest.

 

Managed

 

A managed server basically takes everything listed above and takes it off your plate. Your server environment is ready to go as soon as you gain access to it. Operating system, scripting languages, cPanel, and maybe even your CMS are already there. But, it’s not just about set-up, either. While those things are nice, you want assurance that ongoing performance will be taken care of as well. There are a few services that your hosting company will perform for you that will certainly save you time and headaches.

 

One such service is automatic backups. This is a big one because much like with our personal computers, sometimes we forget to perform our due diligence. Accidents happen and you can lose everything in the blink of an eye. If you’re running a business through your website, losing everything can be devastating. And that’s an understatement. Your hosting company will perform automatic backups for you so you don’t have to worry about it.

 

Software updates are another routine thing we should all do, but we can fall behind on that as well. You also may not feel comfortable performing them. What if something goes wrong and the site goes offline? Managed hosting plans often include automatic software updates so that your site is always up to par, including crucial security updates.

 

Performance monitoring and some security measures will also fall under the umbrella of managed services that you’re paying for. In an unmanaged environment, if your site goes down, good luck. If the physical server is functioning, then the fix is your responsibility. If you don’t know what to look for, you’re going to lose precious time trying to find a developer who does to remedy the situation. With managed hosting, your hosting company monitors activity and addresses issues as they present themselves. Certain complementary security measures are built into this as well. Things like DDOS protection are very important to have. While there are still some actions you should take yourself to protect your site, your hosting company will go a long way helping you.

 

Managed Hosting for Business Owners

 

Business owners should opt for managed hosting. Even if you’re running a web development shop, you want to spend minimal time in the backend making sure the site itself is running. Time is better spent on your clients and producing the content and services that bring in revenue. In the long run, managed hosting should save money due to being able to spend more time performing revenue generating activities and avoiding technical issues that can take your site offline for extended periods of time.

 

With a managed VPS, you’ll get the performance you need to run most moderately demanding sites while also having your hosting company supporting you to make sure your site remains up and performing at an optimal level. Most businesses would be fine operating their sites on a VPS, but there are higher performing dedicated servers available to if you’re looking to operate a large, rapidly growing ecommerce site. Whichever hardware you choose, managed hosting makes running a web operation easier.

 

If this is your first time launching a business website, you want to partner with a hosting company that has the experience, reputation, and managed hosting services you need to get things right the first time. After all, you don’t want to find yourself in a situation where you need to migrate your site years down the line. That’s where the experts here at KnownHost come in to help you with your hosting needs.

 

Conclusion

 

Whether you want to sign up for a managed VPS or a dedicated server, KnownHost has you covered with unparalleled customer support and 24/7 managed services. At KnownHost, we understand what our customers want in a hosting service. No hassles, industry leading uptime, reliable customer service, and peace of mind are all paramount. Our managed hosting solutions will provide all of this and more. If you’re interested in launching a site or migrating from your current service, contact us today. We’d love to discuss your options with you.

Read More

Why Going Open Source Can Benefit Your Business

Let’s talk software. It makes the world go ‘round. With so many businesses relying on their web operations as main drivers, if not outright being completely digitally based, we’re often forced to think about software and how we’re going to use it. In the grand scheme of things, the software you choose may not feel like a critical decision. Your warehouse vendor or payment gateway system might feel like much more pressing matters, and they are important, but everything from the interface you use to operate your business down to your hosting solution runs on software that needs to be chosen. There are many things to consider when selecting the tools you’ll need to get the job done. Are you a Windows user? Maybe you prefer Macs. Are you in a specialized industry that uses specific software that only works on certain operating systems? You may also make decisions based on your personal philosophy as well. Perhaps you like the idea of using open source software vs proprietary software. Philosophy aside, there are real benefits to going open source when it comes to your business.

 

What is Open Source Software?

 

A brief definition is in order here. When one says open source software, they probably immediately think Linux. While Linux is the most well known open source operating system (powering everything from computers to phones to servers), open source merely means any source code that is not owned by a company and is maintained by its community. This is achieved by giving the public access to the source code and allowing them to modify and distribute it as they wish. For over twenty years, advocates of open source software have been debating the merits of using it over proprietary software (think Microsoft Office and Windows) and why more people should be using open source products. While that debate will continue to rage, there are advantages to going open source you should be aware of as a business owner. There are many businesses that will have no choice but to work in a Windows environment, but you can still go open source with services like your hosting. Here are some reasons why going open source might be attractive to you.

 

Security

 

Probably the one thing that is of utmost importance to you as a business owner is security. You have a responsibility to protect your customers and a vested interest in protecting your own information. Open source software certainly has security advantages. It’s a cliché within Linux circles to mock the phrase “security through obscurity” when discussing the perceived superiority of using a Linux-based operating system in comparison to Windows. The gist of that phrase is that because proprietary software is closed and the source code isn’t available, it must therefore be more secure. Unfortunately, the real world evidence isn’t there. While Linux environments aren’t the equivalent of Fort Knox, the way they are set up closes off some of the most common paths that can be exploited in a closed source environment. Concepts like account privileges are handled differently. Typically, users have low level access that leaves the root of the system protected because the user doesn’t have the proper clearance. In a Windows environment, users have administrator access by default which means any security exploits the user wanders into can open up every part of the system to an outside party.

 

Circling back to the concept of “obscurity,” there are fewer exploits devised for open source software compared to proprietary because of the adoption rate. More people use closed environments, so more viruses etc. are written for them and they will affect everyone in the same way. Open sourced environments can be forked into so many different “flavors” that it’s impossible to craft a blanket attack.

 

For example, KnownHost uses OpenVZ for its managed VPS hosting. This is a Linux-based container technology that basically makes up the section of a physical server your VPS lives on. This allows for industry-leading performance, yes, but it’s also secure thanks to its open source nature. Without going too far out into the weeds, this is accomplished through the monitoring and careful implementation of OpenVZ’s own enterprise kernel instead of the vanilla Linux version. Essentially, a conservative and careful approach to the build of the software wards off many of the possible exploits that pop up in the wild.

 

Quality and Performance

 

Open source software offers you more options and, depending on the environment, offers better performance. There are many reasons for this. For one thing, Linux based software is typically less “bloated” and runs in a more streamlined fashion because of its minimalist design. How is this accomplished? Because thousands of developers are working on the most widely used open source software at any given time, which ensures quality and features that users want rather than the select features a group of developers might choose for their proprietary project. Reports from the Linux Foundation in partnership with Yeoman Technology Group have consistently shown year over year that more businesses are choosing to add or migrate to Linux servers by large margins in comparison to Windows servers due to their superior performance. It’s no wonder why businesses prefer to opt for managed VPS hosting in a Linux environment. The quality is there.

 

Freedom and Flexibility

 

Everyone wants to use a product that exactly fits their needs. However, it’s rare to actually achieve that. With open source software, we can get close. That’s because everything can be customized. Thanks to the source code being public, anyone with the right knowledge can change a product to operate more to their liking. This is a huge advantage for businesses with in-house developers. You can take a piece of software your firm already uses and likes, and tweak it to make it close to perfect. That’s simply not possible with closed source software.

 

There are also potential money savings to be had thanks to this freedom. You’re no longer locked into expensive vendor contracts and everything that comes with having to work on someone else’s development cycle. You also have the flexibility to use wider varieties of hardware. Closed sourced software has a tendency to become more resource intensive with each iteration, quickly making your hardware outdated. It can be very expensive to do an IT overhaul every few years. With open sourced options, you can hold onto hardware longer by taking advantage of the higher customizability and lower system requirements.

 

Conclusion

 

At KnownHost, we aim to give our customers a secure and reliable hosting solution. In order to achieve that, we use Linux-based software. Our servers run on the CentOS operating system and are installed with OpenVZ at the host level for maximum performance. But, the bottom line is KnownHost offers managed VPS hosting because we know you don’t want to think too much about the behind the scenes goings on of your website when you have a business to run. We concern ourselves with your site’s uptime, DDOS protection, and backups so you don’t have to worry about it. If you’re ready to partner with a hosting company that understands your business needs and offers top of the line service, contact us today.

 

Read More

Is Your Business Too Big for Shared Hosting?

There is a palpable excitement to taking your business from a small operation, maybe even just brick and mortar, and expanding it to the web. If this is your first web based business, you probably rolled it out in degrees. Maybe it started out as Facebook page attached to your personal account where friends and family could place orders via email. Many “mom and pop” businesses start this way because it costs nothing and most of the customers they currently serve were acquired through in-person interactions and word-of-mouth. While that’s a solid start, it’s not sustainable long term. In order to really start creating a business to live off of, there needs to be outreach to untapped markets. This is where setting up a website comes in.

For many business owners, setting up a website may not necessarily be a passion project, but rather, a necessity that they want to set up while maintaining minimal costs and minimal headaches. The creative part of setting up a site is up to you. The platform you want to use, the content on the site, and who is going to develop it are all critical choices you’ll be facing as you establish your virtual storefront. These are choices you’re probably anticipating already. Is there enough room in the budget for a web designer? However, one decision that may not be in the forefront of your mind is where your site is going “to live,” so to speak.

Deciding where and how to host your site is going to be an important decision made relatively early in the process. After all, what good is a site if it only exists on your local machine? Because cost is undoubtedly a concern, you may want to go for the cheapest option. That’s understandable, but maybe not the best decision. Though there are some sites that can get away being hosted on slower shared services, your business probably shouldn’t be one of them. If you’ve been looking at shared hosting, here’s why you may want to reconsider.

Shared Hosting Limits You

There are a few major choices when it comes to web hosting. The ones you’ll come across most include shared hosting, dedicated servers, and VPS. When starting out, many people go with shared hosting.

The cheapest option is shared hosting like the kind you find at WordPress.com. WordPress is a tremendously popular platform powering nearly 27% of all the websites on the internet. Pretty crazy when you consider just how vast the web is. A quarter of the web is no small feat. However, what that statistic doesn’t tell you is that all of those sites aren’t running on the shared hosting powered WordPress.com. In fact, the vast majority of the professional level sites using WordPress for their CMS have hosting solutions independent of WordPress the company. Why would someone opt for more operational expenses? Because the hosting provided by WordPress is very limiting. Not being able to fully control your theme choices or your site crashing because too many people are visiting it doesn’t justify that “free” price tag. Shared hosting is one of the primary reasons why your site can feel sluggish. If you’re sharing server resources with many other businesses and just one of those businesses sees a massive uptick in traffic, it can crash everyone else. That’s a bit of an extreme case, but it demonstrates how a shared hosting environment works. Your share of the resources doesn’t exclusively belong to you. Many sites all operate from the same pool. Once the strain becomes too much, sites can suffer.

To be fair, there are instances where shared hosting makes sense and many people do use it. If your website is a simple informational site designed to be a professional looking method of contact or if it acts as a relatively static online portfolio, shared hosting can meet your needs for little cost. Anything more advanced than that, though, and shared hosting quickly reaches its ceiling. If we consider that a business site can lose around 25% of its visitors if load time takes more than 4 seconds, it quickly becomes apparent how limiting (in many ways) shared hosting can be. The bottom line is: if you use your site to sell goods or services, you’ve probably outgrown shared hosting from the get go. And if your site is running slow, then you definitely have your answer. It’s time to move on to greener pastures.

So What’s the Alternative?

You don’t want to break the bank, but you also want a site that functions smoothly on a consistent basis. For many business owners, managed VPS hosting makes the most sense. There are some exceptions, but for the vast majority of sites a VPS is enough. You could even opt for SSD VPSes for further boosts in speed. While migrating from one host to another is done all the time, it’s probably best to just start out on a virtual private server and avoid the inevitable step of having to move everything from your shared hosting service. Using a VPS is relatively inexpensive when you consider how much more capable they are when compared to shared hosting. When it comes to running a business, the value is apparent. The immediate difference is how system resources are allocated for you. Whereas shared hosting requires you to deal with having the same resource pool as a bunch of other sites, now you have a guaranteed allotment. You’re still sharing a physical machine with other sites, but the effects of the activities of one user’s site will be absolutely minimal on yours. As long as your site code is optimized, you shouldn’t hit your monthly cap. Even if you do, it’s very easy to upgrade your monthly data allotment. Significant traffic boosts may require you to upgrade eventually.

Make It Managed

If there is one downside to using a VPS, it’s that you’re responsible for your server space. That means if something goes wrong with your installation, you’re out of luck if you don’t have the know-how to navigate those kinds of issues. Of course you could install cPanel or some kind of alternative to control things, but as a business owner do you really have that kind of time? Do you even have a desire to learn? With a managed VPS, your hosting company takes care of server-side concerns for you. This can include upgrades, security provisions, and around the clock technical support for unexpected outages. With DDoS attacks being a concern, you want peace of mind knowing your hosting company is protecting you.

Conclusion

Running a business website can be a challenge, but with the right hosting solution the technical aspects of it can be minimized. By setting up your site on a VPS from the beginning, you can avoid the growing pains of moving from shared hosting slowdowns to a new, snappier environment. With a managed VPS, you’ll have the speed you need and the security required of a professional site; especially one that may be accepting customers’ private information. VPSes come in many options so choose the storage and data plan that works best for you. Remember, you can always upgrade.

 

 

 

Read More