Latest news with #DDoS
Techday NZ
a day ago
- Techday NZ
Cloudflare thwarts record 7.3 Tbps DDoS attack with automation
Cloudflare has confirmed it recently mitigated what it describes as the largest distributed denial-of-service (DDoS) attack ever publicly disclosed, clocking in at 7.3 terabits per second (Tbps), surpassing previous known records. The attack, which occurred in mid-May 2025, targeted a hosting provider customer utilising Cloudflare's Magic Transit service for network defence. According to Cloudflare data, this incident follows closely on the heels of attacks recorded at 6.5 Tbps and 4.8 billion packets per second, illustrating that DDoS attacks are continuing to increase in both scale and complexity. Cloudflare stated that the 7.3 Tbps attack was 12% larger than its previous record and 1 Tbps greater than another recent attack reported by security journalist Brian Krebs. Attack analysis The 7.3 Tbps DDoS attack delivered a total of 37.4 terabytes of data within a 45-second window. During the attack, the targeted IP address was bombarded across an average of 21,925 destination ports, reaching a peak of 34,517 destination ports per second. The distribution of source ports mirrored this targeting method. The attack employed several vectors but was dominated by UDP floods, constituting 99.996% of total traffic. The residual traffic, amounting to 1.3 GB, involved QOTD reflection, Echo reflection, NTP reflection, Mirai UDP floods, Portmap flood, and RIPv1 amplification techniques. Each vector was identified and catalogued, with Cloudflare detailing how organisations could protect both themselves and the broader Internet from such forms of abuse. Cloudflare explained that the UDP DDoS component worked by sending large volumes of UDP packets to random or specific destination ports, either to saturate the Internet link or overwhelm network appliances. Other vectors, such as the QOTD (Quote of the Day), Echo, NTP, Portmap, and RIPv1, exploited vulnerabilities in legacy protocols and services to reflect and amplify attack traffic onto target systems. Global scale The attack was notable for its global reach. Traffic originated from more than 122,145 source IP addresses across 5,433 autonomous systems in 161 countries. Nearly half of the attack traffic came from Brazil and Vietnam, accounting for around twenty-five percent each. The remainder was largely attributable to sources in Taiwan, China, Indonesia, Ukraine, Ecuador, Thailand, the United States, and Saudi Arabia. At an autonomous system level, Telefonica Brazil (AS27699) contributed 10.5% of attack traffic, with Viettel Group (AS7552), China Unicom (AS4837), Chunghwa Telecom (AS3462), and China Telecom (AS4134) among the other major sources. The attack saw an average of 26,855 unique source IP addresses per second, peaking at 45,097. Technical response Cloudflare utilised the global anycast architecture to divert and dissipate the massive influx of traffic. As packets arrived at Cloudflare's network edge, they were routed to the closest data centre. This incident was managed across 477 data centres in 293 locations worldwide, with some regions operating multiple facilities due to traffic volume. Detection and mitigation were handled by Cloudflare's automated systems, which operate independently in each data centre. The Cloudflare global network runs every service in every data centre. This includes our DDoS detection and mitigation systems. This means that attacks can be detected and mitigated fully autonomously, regardless of where they originate from. Upon arrival, data packets were intelligently distributed to available servers where they were sampled for analysis. Cloudflare employed the denial of service daemon (dosd), a heuristic engine that reviews packet headers and anomalies for malicious patterns. The system then generated multiple permutations of digital fingerprints specific to the attack, seeking patterns that maximised blocking efficacy while minimising impact on legitimate traffic. Within data centres, real-time intelligence was shared by servers multicasting fingerprint information, refining mitigation on both a local and global scale. When a fingerprint surpassed predefined thresholds, mitigation rules were compiled and deployed as extended Berkeley Packet Filter (eBPF) programs to block the offending traffic. Once the attack ceased, associated rules were removed automatically. Botnet feed and future mitigation Cloudflare also maintains a free DDoS Botnet Threat Feed to help Internet service providers and hosting companies identify malicious traffic originating within their own infrastructure. The company said that over 600 organisations have subscribed to this service, allowing them to receive up-to-date lists of offending IP addresses engaged in DDoS attacks. Recommendations from Cloudflare emphasise tailored defences to address the unique characteristics of each network or application, with care taken to ensure that mitigation steps do not inadvertently disrupt legitimate traffic, particularly for services that depend on UDP or legacy protocols. Cloudflare's team highlighted that these successful defences occurred entirely without human intervention, alerting, or incident escalation, underscoring the shift towards fully autonomous, distributed mitigation strategies in response to modern DDoS threats.
Mint
3 days ago
- Politics
- Mint
Iran-Israel Conflict Spills to Digital World, Inflaming Rivalry
The conflict between Israel and Iran is spilling over into the digital world, inflaming a decades-long campaign of hacks and espionage between two nations renowned for their cyber prowess. On Tuesday, a pro-Israel hacking group claimed responsibility for a disruptive cyberattack against a major Iranian bank, and Iran's state-run IRIB News reported that Israel had launched a full-scale cyberattack on the country's critical infrastructure. Iran's Fars News Agency, affiliated with the Islamic Revolutionary Guard Corps, reported that the country has endured more than 6,700 distributed denial-of-service attacks over the past three days. It said temporary internet restrictions were implemented as a measure to blunt the impact of large-scale cyberattacks. DDoS attacks overwhelm servers with artificial traffic, disrupting access to websites and online services. Iranians were reporting widespread issues accessing the internet on Tuesday night, with many virtual private networks, or VPNs, rendered unusable. Customers also reported problems with banking services, including banking machines and online systems. It's not clear if the problems were the result of cyberattacks or efforts by the government to minimize their impact. The attacks tied to Israel herald a new front in the escalating Middle East conflict — but the countries' cyber rivalry spans two decades. Iran and its regional proxies, such as Hamas, have attempted a wide variety of cyberattacks against Israel in recent years — including information operations, data destruction attacks and phishing campaigns — with mixed results, according to Google. Israel is widely considered one of the world's most advanced and capable countries in launching cyberattacks. An operation called Stuxnet, uncovered in 2010 and tied to the US and Israel, sabotaged hardware believed to be responsible for Iran's nuclear weapons development. One of the most advanced and impactful hacking operations in history, Stuxnet demonstrates the longstanding centrality of cyber to the Israel-Iran conflict. The claims of Predatory Sparrow, which took credit for hacking Iran's Bank Sepah, are the latest manifestation of that digital tit-for-tat. The group is known for launching significant cyberattacks against Iran over the last five years while maintaining the image of a 'hacktivist' organization. Many cybersecurity experts within private industry have suggested Private Sparrow is linked to the Israeli government. Israel's Ministry for Foreign Affairs didn't respond to a request for comment. Predatory Sparrow couldn't be reached for comment. 'Most disruptive and destructive cyberattacks are about influence and psychological impact rather than practical impact,' said John Hultquist, chief analyst at Google's Threat Intelligence Group. 'That's why a lot of them involve an effort to publicize the incidents which oftentimes includes a fictitious hacktivist front.' Predatory Sparrow posted on both Telegram and X at 4 a.m. Tuesday New York time that it had successfully 'destroyed the data' of Bank Sepah, claiming that the institution was used to circumvent international sanctions. Bank Sepah couldn't be reached for comment. Predatory Sparrow has been active since 2021. The group appeared in public when they took credit for destroying data in Iran's national railway system resulting in delays around the country. Iran's Ministry of Roads and Urban Development were hit by hackers around the same time with the same tool designed to destroy computer files. In other attacks, Predatory Sparrow was blamed for targeting point-of-sale systems at Iranian gas stations, causing a malfunction at Iran's Khouzestan steel mill that caused molten steel to spill onto the steel plant's floor and publicizing the alleged phone number of Iranian Supreme Leader Ali Khamenei. The attackers are unique in that there is relatively little technical information about the hacks compared to similar campaigns, according to security experts. The kind of destructive efforts for which Predatory Sparrow is known tend to destroy the technical forensic evidence that analysts need to understand it. Often, the group has used social media to promote its activity, a tactic that experts say is proof that Predatory Sparrow aims to have a psychological impact. The hack against Bank Sepah came with its own publicity push, with Predatory Sparrow warning that 'this is what happens to institutions dedicated to maintaining the dictator's terrorist fantasies.' This article was generated from an automated news agency feed without modifications to text.
Business Wire
5 days ago
- Business
- Business Wire
New CSC Survey Finds Overwhelming Majority of CISOs Anticipate Surge in Cyber Attacks Over the Next Three Years
WILMINGTON, Del.--(BUSINESS WIRE)--An overwhelming 98% of chief information security officers (CISOs) expect a surge in cyber attacks over the next three years as organizations face an increasingly complex and artificial intelligence (AI)-driven digital threat landscape. This is according to new research conducted among 300 CISOs, chief information officers (CIOs), and senior IT professionals by CSC 1, the leading provider of enterprise-class domain and domain name system (DNS) security. The report, 'CISO Outlook 2025: Navigating Evolving Domain-Based Threats in an Era of AI and Tightening Regulation,' names cybersquatting, domain and DNS hijacking, and distributed denial-of-service (DDoS) attacks as the top three global cyber threats in 2024. These risks are only projected to escalate, as cybercriminals leverage new techniques and capabilities from AI and other modern technologies to launch more sophisticated attacks. Looking ahead, cybersquatting, domain-based attacks, and ransomware top the list of cybersecurity concerns for CISOs over the next three years. 'DNS and domain-related infrastructure are prime targets for cybercriminals,' says Ihab Shraim, chief technology officer for CSC's Digital Brand Services division. 'These attackers conduct extensive reconnaissance to identify vulnerabilities, hijack subdomains, and impersonate brands at a massive scale. With the growing availability of AI-driven tools and off-the-shelf attack kits, these threats are only going to accelerate. A single DNS compromise can take down email, websites, customer portals, and even phone networks. Companies that don't act quickly may find themselves navigating not just technical fallout, but reputation and regulatory consequences as well.' AI-powered domain generation algorithms (DGAs) are increasingly worrisome, with 87% of CISOs identifying them as a direct threat. Additionally, 97% of respondents voiced concerns about the potential risks associated with granting third-party AI systems access to company data, underscoring the critical need for robust AI governance frameworks. Despite these escalating concerns, only 7% of CISOs expressed being 'very confident' in their ability to mitigate domain-based attacks, and just 22% believe they have the right tools in place. This lack of confidence may reflect deeper gaps in preparedness, and it's possible that many organizations still underestimate the complexity of domain security and the speed at which threats are evolving. 'The human element continues to be the biggest security vulnerability,' adds Nina Hrichak, vice president of CSC's Digital Brand Services. 'As cybercriminals grow more sophisticated, internal education and awareness are falling behind. DNS hijacking and subdomain takeovers have become mainstream concerns, but not every organization possesses the internal expertise to monitor domain activity in real time. That's where experienced partners can offer vital insights and agility to help organizations stay ahead of the curve.' To receive a copy of CSC's 'CISO Outlook 2025: Navigating Evolving Domain-Based Threats in an Era of AI and Tightening Regulation,' contact us at CSC@ or visit the website. 1 CSC, in partnership with Pure Profile, surveyed 300 CISOs, CIOs, and senior IT professionals operating in Europe, the U.K., North America, and Asia Pacific to understand their current concerns and how they are navigating the evolving cybersecurity landscape, regulatory demands, and the rise of AI in cybercrime. About CSC CSC is the trusted security and threat intelligence provider of choice for the Forbes Global 2000 and the 100 Best Global Brands (Interbrand®) with focus areas in domain security and management, along with digital brand and fraud protection. As global companies make significant investments in their security posture, our DomainSec℠ platform can help them understand cybersecurity oversights that exist and help them secure their online digital assets and brands. By leveraging CSC's proprietary technology, companies can solidify their security posture to protect against cyber threat vectors targeting their online assets and brand reputation, helping them avoid devastating revenue loss. CSC also provides online brand protection—the combination of online brand monitoring and enforcement activities—with a multidimensional view of various threats outside the firewall targeting specific domains. Fraud protection services that combat phishing in the early stages of attack round out our solutions. Headquartered in Wilmington, Delaware, USA, since 1899, CSC has offices throughout the United States, Canada, Europe, and the Asia-Pacific region. CSC is a global company capable of doing business wherever our clients are—and we accomplish that by employing experts in every business we serve. Visit
Yahoo
12-06-2025
- Business
- Yahoo
Cloudflare vs. Akamai Technologies: Which CDN Stock Has an Edge?
Cloudflare NET and Akamai Technologies AKAM are both established players in the content delivery network (CDN) market. Both Cloudflare and Akamai are expected to gain from the rapidly expanding CDN space, which is expected to witness a CAGR of 18.04% from 2025 to 2034, per a report by Precedence Research. With this strong industry growth forecast, and given Cloudflare and Akamai Technologies' superior position in the CDN market, the question remains: Which stock has more upside potential? Let's break down their fundamentals, growth prospects, market challenges and valuation to determine which offers a more compelling investment case. Cloudflare's CDN provides a globally distributed, high-performance platform that speeds up content delivery, all the while keeping secure web connectivity. Cloudflare reduces latency and improves the load time of web pages by using a large network of edge locations to cache content close to users. Cloudflare uses methods like tiered caching, Argo smart routing, and cache reserve to minimize traffic and optimize delivery efficiency. The company goes further to secure its clients with security tools, including Distributed Denial of Services (DDoS), Web Application Firewall (WAF), bot management, and automatic Secure Sockets Layer and Transport Layer Security. Furthermore, NET's CDN supports advanced protocols, including HTTP/3, and offers developer flexibility through Cloudflare Workers. Cloudflare Workers lets developers build, deploy, and scale applications across Cloudflare's global network with a single command. The Workers platform has been adopted by more than three million developers since its launch date. Since the CDN contributes to a large portion of NET's revenues and is also gaining explosive growth, Cloudflare expects its 2025 revenues to be between $2.09 billion and $2.094 billion. The Zacks Consensus Estimate for NET's 2025 revenues is pegged at 2.09 billion, indicating year-over-year growth of 25.4%. Cloudflare's non-GAAP earnings per share are anticipated to be between 79 cents and 80 cents. The Zacks Consensus Estimate for the same is pegged at 79 cents per share, indicating year-over-year growth of 5.3%. Image Source: Zacks Investment Research Akamai Technologies is one of the oldest players in the enterprise CDN space, with a wide reach across 135 countries supported by 365,000 servers across the globe. Like any other established CDN player, Akamai also offers an ecosystem combining cloud computing and security in its CDN. Akamai Technologies integrates security offerings like DDoS and WAF protection with edge computing solutions like EdgeWorkers and EdgeKV. In addition to these, Akamai offers advanced features like API Acceleration, Adaptive Media Delivery, Download Delivery, and Global Traffic Management. AKAM's CDN platform handles approximately two trillion web interactions on a daily basis. Akamai Technologies has always priced its services higher than its competitors, prompting some of its key clients to develop their own DIY CDN initiatives. Hence, Akamai Technologies moved toward a more aggressive pricing strategy in the hope of attracting more customers and traffic to its network, especially in the video content segment, potentially hurting its profitability. Akamai Technologies' delivery segment revenues have been on a constant decline for the past 17 quarters, raising investors' concerns about the sustainability of its CDN business. Akamai Technologies' profitability is also under pressure. The company expects its non-GAAP earnings to be in the range of $6.10-$6.40 per share. The Zacks Consensus Estimate for the same is pegged at $6.27 per share, indicating a year-over-year decline of 3.2%. Image Source: Zacks Investment Research In the year-to-date period, Cloudflare shares have climbed 66.9% while Akamai Technologies has plunged 18.3%. Image Source: Zacks Investment Research Cloudflare is trading at a forward sales multiple of 26.65X, while AKAM is trading at a forward sales multiple of 2.71X. Although Cloudflare seems to be overvalued, its strong position in the CDN space and robust financials justify its current valuation. Image Source: Zacks Investment Research Both companies are major players in the CDN space, but Akamai Technologies is slowly losing its grip, given its declining delivery segment's revenues, while Cloudflare continues to capture market share and flourish in this space. Currently, Cloudflare carries a Zacks Rank #3 (Hold), giving it an edge over Akamai Technologies, which has a Zacks Rank #4 (Sell). You can see the complete list of today's Zacks #1 Rank (Strong Buy) stocks here. Want the latest recommendations from Zacks Investment Research? Today, you can download 7 Best Stocks for the Next 30 Days. Click to get this free report Akamai Technologies, Inc. (AKAM) : Free Stock Analysis Report Cloudflare, Inc. (NET) : Free Stock Analysis Report This article originally published on Zacks Investment Research ( Zacks Investment Research Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Independent Singapore
12-06-2025
- Business
- Independent Singapore
APAC financial sector top target for volumetric DDoS attacks in 2024, report finds
SINGAPORE: Asia Pacific's financial sector has been the top target for volumetric Distributed Denial-of-Service (DDoS) attacks, which overwhelm servers or networks with sheer traffic to slow or make them fail, accounting for 38% of all volumetric DDoS attacks in 2024, up from just 11% the year before, according to a joint report by FS-ISAC and Akamai Technologies. The report, From Nuisance to Strategic Threat: DDoS Attacks Against the Financial Sector , also found that more than 20 financial institutions in six countries in the region were hit in 2024, likely by the same threat actor or hacker group. Notably, the financial sector is being hit harder than other sectors. DDoS attacks on financial firms spiked in October 2024, and the sector has remained the leading target for volumetric DDoS attacks year-over-year. The report also noted the increasing frequency of attacks, as cybercriminals exploit higher bandwidths and stronger computing power to launch adaptable, more powerful, and cheaper DDoS attacks. In addition, the rise of 'DDoS-for-Hire services' targeting the financial sector has made it difficult to identify cybercriminals. Attacks on financial firms' application layer, including Application Programming Interfaces (APIs) and customer-facing websites, rose 23% between 2023 and 2024. Meanwhile, ongoing geopolitical tensions have fueled a surge in 'hacktivism'. Teresa Walsh, chief intelligence officer and managing director for EMEA at FS-ISAC, said, 'DDoS attacks are becoming increasingly sophisticated, evolving from simple network flooding to targeted, multi-dimensional assaults that exploit intricate vulnerabilities across the entire supply chain.' Steve Winterfeld, Advisory CISO of Akamai, said, 'Threat actors will continue to leverage DDoS attacks to exploit the security of our institutions,' explaining that the attacks are meant to exhaust an institution's network infrastructure and, in turn, drain its resources used to defend against attackers. Mr Winterfeld added, 'Implementation of mitigation strategies, robust cyber hygiene fundamentals, and industry best practices can help the sector defend against the evolving risk.' /TISG Read also: Fraud and scams driven by generative AI are now among the biggest cyber threats in the financial sector Featured image by Depositphotos (for illustration purposes only)
