Support

Archive | ATLAS

View all postings from the ATLAS category in “Security to the Core,” the Arbor Networks Security Engineering and Response Team Blog.

Neverquest: A global threat targeting Financials

By: ASERT Research Team On March 31st, Arbor’s Security Engineering & Response Team (ASERT) published a detailed threat brief on the Neverquest malware for Arbor customers. Along with thousands of IOC’s (indicators of compromise), the brief details Neverquest’s current inner workings and describes some reversing techniques ASERT uses to unravel and monitor this stealthy and […]

Continue Reading

DDoS Attacks in the Wake of French Anti-terror Demonstrations

On January 15th, France’s chief information systems defense official, Adm. Arnaud Coustilliere, announced a sharp rise in online attacks against French web sites: “Calling it an unprecedented surge, Adm. Arnaud Coustilliere, head of cyberdefense for the French military, said about 19,000 French websites had faced cyberattacks in recent days, …” [1]. As we’ve done in […]

Continue Reading

DDoS Activity in the Context of Hong Kong’s Pro-democracy Movement

In early August, we examined data demonstrating a striking correlation between real-world and online conflict [1], which ASERT tracks on a continual basis [2-7]. Recent political unrest provides another situation in which strong correlative indicators emerge when conducting time-series analysis of DDoS attack data. The latest round of pro-democracy protests in Hong Kong began on […]

Continue Reading

NTP attacks continue – a quick look at traffic over the past few months

In February, Kirk Soluk’s post on NTP Attacks: Welcome to The Hockey Stick Era reported that we have seen a increase in NTP-based application attacks.   We thought we would take a few minutes to post an update on the state of traffic metrics. The graphs below are depicting aggregate traffic based on the NTP network port […]

Continue Reading

Syria taken offline

ATLAS is Arbor Networks innovative, one-of-a-kind Internet monitoring system. ATLAS is a collaborative effort with 250+ ISPs globally who have agreed to share anonymous traffic data on an hourly basis (leveraging Arbor’s technology that sits on ISP networks), together with data from Arbor dark address monitoring probes, as well as third-party and other data feeds. […]

Continue Reading

Digging Through an “Administrative Network Stressor” Provider’s Database

On March 15, 2013, Brian Krebs of Krebs on Security wrote “The World Has No Room For Cowards.” In it, he writes a fascinating story about a DDoS attack against his site and also a physical attack against his person. The part where Krebs’ notes that “… there are strong indications that a site named […]

Continue Reading

Lessons learned from the U.S. financial services DDoS attacks

By Dan Holden and Curt Wilson of Arbor’s Security Engineering & Response Team (ASERT) During the months of September and October we witnessed targeted and very serious DDoS attacks against U.S. based financial institutions. They were very much premeditated, focused, advertised before the fact, and executed to the letter. In the case of the September […]

Continue Reading

Snapshot: Syria’s Internet drops, returns

The Arbor ATLAS system leverages Arbor Networks’ world-wide service provider customer base to gather data about Internet traffic patterns and threats.  Currently 246 of Arbor’s customers are actively participating in the Arbor ATLAS system, and are sharing data on an hourly basis. The data shared includes information on the traffic crossing the boundaries of participating […]

Continue Reading