Black Lotus delivers award winning DDoS protection ranging from full network defense to website and server protection, 24/7/365. Learn more by visiting or call (866) 477-5554.

Recent Posts

DNS servers are the traffic cops of the internet: They get everybody where they need to go. If DNS servers go down, users can’t reach the sites they need. If you’re a business, a DNS failure can stop you in your tracks and send your customers fleeing to your competitors.
DNS servers are critical – the internet wouldn’t function without them – but they can be used against you, too. Those same DNS servers that keep your business running can be exploited by hackers to launch massive DDoS attacks. These hackers can use open DNS servers to generate a flood of queries, which can quickly take the victim’s server offline.
Think of it like a fraudulent pyramid scheme. Let’s say you have a con artist who targets 10 potential victims every day. But then, let’s say you get each of those 10 victims to target 10 more potential victims…and so on. The number of potential victims increases exponentially. That’s amplification, and it’s exactly what happens when hackers launch a DNS-based DDoS attack.
Sometimes, hackers will use an array of vulnerable DNS servers to overwhelm a victim’s server with traffic. Instead of being limited to the number of queries they can send out on their own, they enlist a bunch of unwitting DNS servers to do it for them: amplification. And, if they intentionally design the queries to elicit a large number of responses, the impact is even greater.
Another way hackers use DNS servers to launch DDoS attacks is by flooding the servers with requests for non-existent web sites. The servers keep sending requests that are never answered. All of those open requests gobble up resources. And, if the server is caching bogus results, resources are depleted even faster.
Hackers can also bring down a DNS server by flooding it with fake responses. It keeps the server engaged with what is essentially “junk mail,” tying up resources that would otherwise be used for legitimate business purposes.
If that sounds like a lot of trouble for hackers to go to, it isn’t. These attacks are surprisingly easy and inexpensive to carry out, which is why they’re so common. According to an article in SC Magazine, 66 percent of U.S. organizations have experienced a DNS attack in the last 12 months. The survey, which included 300 IT decision-makers from companies with at least 1,000 employees, also revealed that 74 percent of the respondents who reported a DNS attack had experienced a DDoS attack aimed at slowing down their network or taking it completely offline.
Those statistics reveal the startling truth that, if you haven’t yet been the victim of a DDoS attack, you’re in the minority. Shawn Marck, CSO of cybersecurity company Black Lotus, agrees. “You will, eventually, be the target of a DDoS attack,” he explains. “It’s inevitable. Nobody is too big, nobody is too small, and nobody is too obscure. Sometimes it’s an unsatisfied customer; sometimes it’s a disgruntled employee. And, a lot of times, it’s just somebody who’s bored and wants to prove that they can do it. And when you’re dealing people who commit cybercrime as entertainment, there doesn’t have to be a reason. If you’re online, you’ll eventually be targeted.”
How secure is your company from DDoS attacks? Do you have protocols in place? What about contingency plans in case you are attacked? If you aren’t 100 percent sure of the answer to those questions, you need to become sure – today. Whether you do it in-house or partner with a cybersecurity firm, protecting your network from DDoS attacks just may be the most important thing you do this year.

Hackers Exploit DNS Servers to Launch Massive DDoS Attacks

By Frank Ip → Wednesday, February 25, 2015
Distributed Denial of Service (DDoS) attacks are becoming increasingly common, and they’re deceptively simple – hackers just overwhelm your site with false traffic – and disproportionately damaging. And while it’s the attacks on major companies that make the headlines, according to a report in The Telegraph, nearly one third of DDoS attacks reported in 2014 targeted businesses with 250 or fewer employees. Even more disconcerting, 60 percent of those small businesses shut down within six months of the attack. It’s clear that cybercrime isn’t just an annoyance; it can be an existential threat.
Even the U.S. government is sitting up and taking notice. In February of 2015, the government announced the creation of a new Cyber Threat Integration Center that will report to the Director of National Intelligence. Lisa Monaco, Assistant to the President for Homeland Security and Counterterrorism, explained that the center will do for cybercrime what the National Counterterrorism Center does for terrorism. Few actions could do more to underscore the serious nature of this growing threat.
Government support promises to be a valuable resource, but the primary responsibility falls to individual organizations. It’s kind of like CPR; the best medical team in the world can’t help if you can’t keep a heart attack victim alive until they get there. Fortunately, there are some things you can do to mitigate the risk. The Telegraph recommends companies take these steps:
Be vigilant.
To spot what’s abnormal, you have to know what’s normal, first. It’s crucial to have either an inside expert or an outside provider who knows the normal traffic patterns of your business and has the ability to spot and diagnose a sudden spike, which is typically the first sign of a DDoS attack.
Invest in extra capacity.
What makes DDoS attacks so devastating is that the tidal wave of traffic overwhelms the system’s ability to process it. If you normally operate at maximum capacity, you have no chance of staying online during a DDoS attack. Invest in as much bandwidth as you can afford. It probably won’t be enough to completely stop a DDoS attack, but it could buy you some time to activate your contingency plans.
Conduct drills.
You rehearse plans for other disasters; you should treat your emergency response plan for a DDoS attack no less seriously. Practice your plans frequently enough that everybody knows what needs to happen and who is supposed to do it, and practice the plans until the responses become automatic. These drills should include implementing any stop-gap measures, like rate-limiting your router or adding filters to drop packets that are obviously part of an attack.
Call in the pros.
No matter how talented and trained your in-house staff is, once you’re under attack, you’re probably going to need the help of professionals. For moderate attacks, your ISP provider should be able to offer some help, such as “null-routing” your traffic, which means dropping packets before they even arrive at your server. For larger attacks, you may need the services of a DDoS mitigation specialist, experts who specialize in stopping and recovering from DDoS attacks.
If you’re not 100 percent sure that your contingency plans for DDoS attacks are as good as your plans for any other emergency, contact a specialist today to discuss how you can make those plans rock-solid.

DDoS Attacks Not Just an Inconvenience; They’re an Existential Threat

By Frank Ip → Thursday, February 19, 2015
One of the most profound societal effects of technology has been democratization. In other words, technological advances have blown away many traditional barriers to entry for all kinds of endeavors. Thanks to Google, for instance, anybody with internet access can find the answer to almost any question within seconds. You can explore the Sistine Chapel without leaving your living room. You can plan your own vacation from your kitchen table rather than relying on a travel agent. Most of the time, that’s a good thing. Unfortunately, one of the things that’s been democratized by easy access to technology is cybercrime.
We used to think of hackers as antisocial geniuses, pulling off technical feats that were totally incomprehensible to the average user. But that’s not true anymore. Today, even a college kid can take down a huge company from his dorm room. And, thanks to tools that are out there for anyone who knows they exist, he can do it without missing a single minute of The Walking Dead.
Case in point: The Christmas Day DDoS attacks on the Sony PlayStation Network and Microsoft XBOX Live. XBOX Live was down for three days, and PlayStation Network was down for five. As it turned out, the whole thing was a publicity stunt, designed to draw attention to Lizard Stresser, a new DDoS-for-Hire product developed by Lizard Squad. As reported in Venturebeat, the tool came complete with marketing text: “This booter is famous for taking down some of the world’s largest gaming networks such as Xbox Live, Playstation Network, Jagex, BattleNet, League of Legends, and many more! With this stresser, you wield the power to launch some of the world’s largest denial of service attacks.” And the prices were rock-bottom, with the mid-range package costing $130 to take down a site for over eight hours.
Since then, the site has been taken offline, and several of the hackers have been arrested. But that doesn’t mean the threat is over, because there are plenty of others eager to step in and fill gap. Thanks to cybercrime as a product, the field of people capable of launching a devastating DDoS attack has just grown exponentially, as has the challenge facing IT staff everywhere.
The task of fending off DDoS tasks is too big, too varied, and too subject to lightning-fast change for businesses to treat it as just another IT project. The irony would be almost funny if the threat wasn’t so big: As DDoS attacks become something available to anybody with a few dollars to spend, DDoS protection is becoming a specialty service, provided by companies that focus on DDoS and nothing else. DDoS attacks are for the masses, and DDoS protection is for the experts.
Don’t waste another day. If you’re not absolutely certain you can handle DDoS protection in-house, find a provider you trust. Look for a company that offers multi-layer protection, constant updates to protect against the latest strategies, and 24/7 emergency service in case your company does become the victim of a DDoS attack. It’s not enough to just protect you from attacks; you need somebody who can get you back online as quickly as possible if something slips through. If your web site is mission-critical, your DDoS protection has to be mission-critical, too.


The Democratization of Cybercrime

By Frank Ip → Wednesday, February 18, 2015
On Super Bowl Sunday, one of the most socially active days of the year, the Playstation Network (PSN) experienced yet another extended outage — the second since Christmas. While it’s not yet clear whether the outage was caused by another DDoS attack (like the Christmas Day outage), that’s the most likely cause. And, even if this outage wasn’t a result of a DDoS attack, you can bet there will be another one soon.

Media and the entertainment industry were the most common victims of DDoS attacks during the third quarter of 2014, and those attacks were 40 percent larger than similar attacks in Q2. Entertainment and gaming providers are just too tempting a target to resist, with dedicated users who are experts at using social media to air their complaints. This type of DDoS attack garners a lot of attention — and that’s the whole point.
The most important takeaway is that even big companies with extensive resources are vulnerable, especially when the attackers implement the attack via Domain Name Servers (DNS). In a DNS attack, hackers do what’s called IP address spoofing — they masquerade as their victim’s IP address and, using that address, start pinging servers for all kinds of information. The servers answer and send everything they have to the spoofed IP. The targeted system then crashes, being too overwhelmed to process that much traffic. It’s called amplification, and it’s a DDoS attack on steroids. To make matters worse, Internet Service Providers (ISPs) frequently think the tidal wave of traffic is an attack on them, so they start blocking websites, adding insult to injury.
Unfortunately, these attacks are hard to detect and even harder to stop. The most reliable method of DDoS security, eliminating unsecured recursive resolvers, is time-consuming and expensive – even more so when you consider that, out of approximately 27 million DNS servers on the internet, about 25 million of them are vulnerable to being used in an attack.
With the average cost of downtime estimated to be a whopping $79,000 per minute, companies simply can’t afford to give DDoS protection short shrift. The threat merits dedicated resources, which is why more and more companies are outsourcing their DDoS protection to experts. Hackers’ methods are constantly evolving, so people who spend their days (and nights) doing nothing but keeping up with and stopping the newest DDoS attacks stand the best chance of developing and implementing a good defense.

The best providers of DDoS protection also offer 24/7 emergency services, with a crew standing by to help out if you do become the victim of an attack. The two-pronged approach – implementing safeguards to prevent DDoS attacks and being ready to come to the rescue if one slips through – is essential to data security and will become even more so over the coming weeks and months.

It’s time to give your DDoS protection a checkup, and if you’re not absolutely sure you’re protected and prepared, take the time to make some changes before it’s too late.


DNS Attacks: DDoS Attacks on Steroids

By Frank Ip → Thursday, February 12, 2015
China’s Great Firewall had a massive and unexpected effect on sites all over the Internet upon the completion of its most recent upgrade. Apparently random sites experienced huge traffic spikes, sending them scrambling to figure out why as much as 52 Mbps of search traffic was pouring into their system.

To make that figure more meaningful consider that it represents about 13,000 requests per second, which is roughly a third of Google’s search traffic. All of that traffic came from China, and the vast majority of the traffic seems to be trying to find Bittorrents or Facebook.

How did this come about? And how can small sites and blogs deal with such a deluge of requests?

The Collateral Damage of Censorship

How did this apparent DDoS attack inflict such massive damage on so many unique sites and blogs? Reports from system administrators across the web have revealed that sites’ IP addresses suddenly found themselves targeted. Such targeting forces sysadmins to introduce blocking measures just to ensure that they can get back online.

Theories abound as to what was going on: foreign hackers, focussed DDoS attacks, something else? But one theory that has generated increasing interest in the technical community is that China’s Great Firewall has a bug. The bug causing the problem seems to be in how the firewall uses DNS cache poisoning to redirect users away from websites that the Chinese government censors.

China’s Great Firewall utilizes a weakness of the DNS system: it intercepts requests going both in and out of the country. If it finds something the Chinese government wishes to censor ( “,” “,” or “”) it redirects the request to a different IP address. In the past, those requests were sent to IP addresses that didn’t exist which simply caused the request to time out. However, China has begun sending those request to IP addresses used by real servers.

In effect, all these sites found themselves unluckily in the crosshairs of the machinery of the Chinese government’s censorship.

And this is how a server on the other side of the world can get hit with a full stream of millions upon millions of users requesting information the server simply doesn’t have. When million of users suddenly and without warning starting making requests, the server fails.

The Bigger Problem in the Making

While this particular problem may be attributed to human error, an even bigger and more frightening question must be asked: what happens if someone gains a foothold in the DNS system? Such a tactical advantage would allow a hacker to use DNS poisoning to cause unprecedented attacks. And if a single hacker could cause such damage, imagine what a hostile country or intelligence agency could do.

Whether accidental or intentional, any individual, agency, or government can knock out vast amounts of websites. If those sites were for critical services such as utilities infrastructure, emergency services, government agencies, and the like, the fallout could be immensely devastating.

Issues such as DNS poisoning or DDoS attacks are serious and, as we have seen, can happen on an extremely large scale, devastating your site and server. Luckily, you can prepare for and manage the risks of such an attack, and there are steps you can take to protect yourself today.


China’s Great Firewall and Its Great Problem

By Frank Ip → Monday, February 2, 2015
Last Christmas, as gamers around the world were excitedly trying out their new systems, a different type of gamer was preparing an attack that would take both Sony’s PlayStation Network and Microsoft’s Xbox Live services out of commission for days. As disappointed as millions of gamers were over not being able to play, the tech world had to face up to a much more serious problem: just how easy it is to launch a distributed denial-of-service (DDoS) attack.
A DDoS attack amounts to flooding a server with so much useless information that it can’t process it all, and it doesn’t take expert hacking skills to pull it off. There are even free tools that will do it for you; all you have to do is type in a URL, sit back, put your feet up, and watch the site go down. While giants like Microsoft and Sony are usually a little too sophisticated to be humbled by the free tools, they’re far from impervious – as we all learned Christmas Day.
Why Sony and Microsoft? Most experts believe that the attack was a form of social protest. It’s an effective way to get attention, and it’s a lot more comfortable than parading around outside waving a placard. And, while protesting outside of company headquarters may annoy employees and garner media attention, those protests typically have little effect on the end users of a company’s products. A DDoS attack goes straight to the people who are inconvenienced the most – and the ones who will speak the loudest when it comes to demanding change.
But you don’t have to be Sony or Microsoft to become a target of “protest via DDoS.” An unhappy customer, a disgruntled employee, a negative story in the local news, even a false rumor on social media can bring a DDoS attack right to your doorstep. Whereas attending a physical protest can be time-consuming and inconvenient, setting up a DDoS attack is an easy way for hackers to make a statement while boosting their street bonafides.
The end result is a very low barrier to entry and a huge perceived payout. From the hacker’s perspective, there’s little reason not to do it. That means companies large and small have to spend time and resources defending themselves, and many of them can’t afford to hire the in-house talent it takes to stay on top of this constantly-changing threat. Many turn to outside service providers, who have the advantage of being able to focus solely on preventing DDoS attacks. Security providers can offer round-the-clock emergency services, so that if your servers do come under attack, you can be up and running again as quickly as possible.
Whether you decide to keep things in-house or to hire outside experts, one thing is clear: No company is too big, and no company is too small. Cyber security must therefore be a top priority for all businesses.


Size Doesn’t Matter: All Businesses Are Vulnerable to DDoS Attacks

By Frank Ip → Thursday, January 29, 2015
One of the most formidable weapons in the twenty-first century arsenal doesn’t require the backing of any government. Nor does it require the acquisition of equipment that is especially difficult to acquire. It only requires skill, money, and the will to use it. What is it? Cyber warfare.
Cyber attacks are increasingly being used as a form of political action and social protest. After France’s huge anti-terrorism rally in January, cyber attacks in that country went through the proverbial roof. Many hacked sites were peppered with pro-Islamic posts, and the Middle East Cyber Army (MECA) claimed to have stolen 320,000 French emails and posted them online. And then there were the DDoS attacks, with as many as 19,000 companies being knocked offline. While the DDoS attacks affected primarily small businesses (outages at some larger organizations were later determined to be the result of a technical error rather than a DDoS attack), size doesn’t automatically provide invulnerability.
And the attacks aren’t always motivated by politics or social issues. Some are motivated by greed. There are numerous cases of “extortion by DDoS,” where hackers will launch an attack and then contact the company, demanding money to make it stop. These hackers tend to be pretty smart about it, too, demanding sums that aren’t so large that the company will balk at paying, and typically just small enough that’s it worth their while to make the attack stop.
Other DDoS attacks are motivated by retaliation. Whether it’s a disgruntled employee or an unhappy customer, a DDoS attack is one of the few ways an individual can hit a big company where it hurts. Moreover, there doesn’t even have to be a reason. Some DDoS attacks are carried out by hackers who just want to see if they can pull it off.
When you consider the various reasons behind DDoS attacks and combine that with the ease of implementation, it’s easy to see why they’re such a cause for concern among companies of all sizes. Unfortunately, some of the methods companies use to protect themselves miss the mark. Smaller companies may not have the funds to hire the dedicated talent. Larger companies, while they may not lack funds, often lack focus. The person, or department, entrusted to maintain DDoS security picks up one project here and another one there, and the next thing you know, they’re a month behind on the latest methods hackers are using.
As companies develop defenses against DDoS attacks, the perpetrators come up with new ways of attacking. That’s why it’s critical that the people responsible for protecting your systems be focused on cyber security every day, and that they be constantly plugged in to the latest news and developments.

If you have any doubt that you can accomplish that internally, it would be a good idea to consider outsourcing the job. There are dedicated service providers that can do that for you. Protecting you from DDoS attacks is their main business, rather than just another “housekeeping” task. And, if you do get attacked, they’ll work side-by-side with you to get your business back up and running. In the end, whether you do it yourself or hire outside experts, make cyber security one of your foremost priorities. An investment in cyber security now could turn out to be the best kind of money you ever spend.   


Social (In)justice via DDoS

By Frank Ip → Monday, January 26, 2015