#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

DNS amplification attack | Breaking Cybersecurity News | The Hacker News

New DNS Vulnerability Lets Attackers Launch Large-Scale DDoS Attacks

New DNS Vulnerability Lets Attackers Launch Large-Scale DDoS Attacks

May 20, 2020
Israeli cybersecurity researchers have disclosed details about a new flaw impacting DNS protocol that can be exploited to launch amplified, large-scale distributed denial-of-service (DDoS) attacks to takedown targeted websites. Called NXNSAttack , the flaw hinges on the DNS delegation mechanism to force DNS resolvers to generate more DNS queries to authoritative servers of attacker's choice, potentially causing a botnet-scale disruption to online services. "We show that the number of DNS messages exchanged in a typical resolution process might be much higher in practice than what is expected in theory, mainly due to a proactive resolution of name-servers' IP addresses," the researchers said in the paper. "We show how this inefficiency becomes a bottleneck and might be used to mount a devastating attack against either or both, recursive resolvers and authoritative servers." Following responsible disclosure of NXNSAttack, several of the companies i
Someone Just Tried to Take Down Internet's Backbone with 5 Million Queries/Sec

Someone Just Tried to Take Down Internet's Backbone with 5 Million Queries/Sec

Dec 10, 2015
Someone just DDoSed one of the most critical organs of the Internet anatomy – The Internet's DNS Root Servers . Early last week, a flood of as many as 5 Million queries per second hit many of the Internet's DNS ( Domain Name System ) Root Servers that act as the authoritative reference for mapping domain names to IP addresses and are a total of 13 in numbers. The attack, commonly known as Distributed Denial of Service (DDoS) attack, took place on two separate occasions. The first DDoS attack to the Internet's backbone root servers launched on November 30 that lasted 160 minutes ( almost 3 hours ), and the second one started on December 1 that lasted almost an hour. Massive Attacks Knocked Many of the 13 Root Servers Offline The DDoS attack was able to knock 3 out of the 13 DNS root servers of the Internet offline for a couple of hours. Also Read:  Secure Email Service Paid Hackers $6000 Ransom to Stop DDoS Attacks . The request queries fired
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
DNS Flood DDoS Attack Hit Video Gaming Industry with 90 Million Requests per Second

DNS Flood DDoS Attack Hit Video Gaming Industry with 90 Million Requests per Second

Jun 24, 2014
Hackers are leveraging large number of compromised machines (a botnet network) to carry out massive DNS Flood DDoS attack against a large Video Gaming Industry website, peaking above 110 Gbps. A US based security solutions provider Incapsula , is protecting a famous Video Gaming website from this high bandwidth DDoS attack from last 48 Hours and according to them, the attack is still continuing. Incapsula has not yet disclosed the name of the video gaming company. "The attack is still going on - that over 48 hours by now, from what I see it ain't gonna stop anytime soon ," Incapsula spokesperson wrote in an e-mail to The Hacker News. DDoS AT 90 MILLION PACKETS/SECOND The researchers at the security firm noticed a surge of massive DNS Flood DDoS attack on one of its clients, peaking at approximately 90 Mpps (Million Packets Per Second), which is really a very very big number. Majority number of attacking IP addresses belong to China and India. " Good reason to think
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Cybersecurity Resources