< ciso
brief />
Tag Banner

All news with #ddos tag

133 articles

Cloudflare joins UK cyber resilience pledge

🔐 Cloudflare announced it has joined the UK government's Cyber Resilience Pledge as a founding signatory, aligning with the pledge’s pillars of democratized security, leadership accountability, and radical transparency. The post highlights rising cyber threats — including massive DDoS volumes and AI-driven attack vectors — and describes how Cloudflare's global network, zero trust controls, and free protections support resilience across the UK economy. Cloudflare emphasizes supply-chain assurance, board-level governance, and international certifications to meet the pledge's aims.
read more →

Amazon GameLift Servers adds DDoS protection SDKs

🛡️ Amazon GameLift Servers now includes DDoS Protection client SDKs for C# and Unity, enabling developers to protect session-based multiplayer games from denial-of-service and distributed denial-of-service attacks. The service co-locates a relay network with game servers and uses access token-based authentication to allow only authorized client traffic. It enforces per-player UDP traffic limits, offers negligible latency, and is provided at no extra cost to GameLift Servers customers. The new SDKs complement existing C++ and Unreal Engine support and are available in multiple AWS regions.
read more →

Cloudflare Celebrates 12 Years of Project Galileo

🎉 Project Galileo provides free cybersecurity services to over 3,400 websites belonging to journalists, human rights defenders, and nonprofits across 120 countries. Cloudflare published its first comprehensive report on cyberattacks targeting civil society, released 16 participant case studies, and announced new partners. The findings show civil society faces more frequent and intense attacks, including prolonged DDoS, higher exploitation attempts, and elevated phishing rates. Cloudflare calls for broader, affordable protections and will produce this report annually.
read more →

Cybercrime Escalates Across Asia-Pacific Amid Digitization

🛡️Interpol warns that cybercrime now accounts for 30% of crime in over half of Asia and South Pacific nations, driven by rapid digital adoption. The 2025/2026 Asia and South Pacific Cyberthreat Assessment, covering 18 countries, highlights online scams, infostealers, ransomware, deepfakes and BEC as primary threats. The report notes sharp rises in ransomware, DDoS and deepfake activity, and calls for improved cross-border collaboration and capacity building.
read more →

Gain visibility into DDoS attacks with flow logs

🛡️ This post explains how AWS Shield Advanced attack flow logs capture metadata during DDoS events and publish records to Amazon S3, CloudWatch Logs, or Data Firehose. It outlines the fields included in each flow log entry, describes delivery configuration and required IAM permissions, and shows how to create the CloudWatch Logs delivery objects that connect a Shield protection to a destination. The article also covers output formats, file size and timing, cost considerations, and cross-account/Region aggregation options.
read more →

Pre-positioned Cyber Threats Targeting FIFA 2026

🛡️ Check Point Research and Exposure Management tracked a year-long rise in coordinated cyber threats aimed at FIFA World Cup 2026. Attackers have pre-positioned infrastructure across finance, travel and hospitality, and gambling, with active domains, fake apps, and social schemes ready to scale. The report highlights escalating fraud, domain impersonation, mobile-app impersonation, B2B spoofing risks, and potential operational impacts like ransomware and DDoS.
read more →

Inside C0XMO: Cross-Platform Gafgyt Propagation

🛡️ FortiGuard Labs details a new Gafgyt variant, C0XMO, which exploits CVE-2021-27137 in vulnerable DD-WRT firmware to gain remote control of devices. The malware separates scanning into a standalone Python scanner and distributes architecture-specific ELF payloads to multiple Linux platforms. C0XMO implements multi-stage persistence, kills competing botnets, supports extensive DDoS commands, and communicates with a C2 using a custom handshake. Organizations should update firmware, disable unnecessary remote services, and enforce strong credentials to mitigate risk.
read more →

AWS Direct Connect adds VIF Rate Limiters

🛡️ AWS Direct Connect now supports Virtual Interface (VIF) Rate Limiters on dedicated connections to prevent a single VIF from consuming all bandwidth and causing congestion. You can cap bandwidth for up to 10 VIFs per dedicated connection with increments from 50 Mbps to 1.6 Tbps when using a link aggregation group. Rate limiting applies to both ingress and egress, and excess packets are dropped. New CloudWatch metrics include utilization as a percentage of configured capacity and dropped packet counts, and the feature is available in all supported commercial and China Regions via console, API, or SDK.
read more →

AWS Shield Advanced adds DDoS attack flow logs

📡 AWS Shield Advanced now provides DDoS attack flow logs that deliver packet-level visibility into traffic targeting Shield-protected resources. The logs capture source and destination IPs, ports, protocols, packet and byte counts, and source country details, and are published every five minutes during active attacks. Log data can be delivered to Amazon S3, Amazon CloudWatch Logs, or Amazon Data Firehose for forensic analysis, threat intelligence, and compliance. To use the feature, resources must be protected by Shield Advanced and log delivery must be configured; the feature is available in all regions where Shield Advanced operates.
read more →

DDoS-as-a-Service: Evolution of a Paid Market

🔍 DDoS attacks are increasingly packaged and sold as polished online services, lowering barriers for would-be attackers and reshaping the underground market. Flare researchers compared DDoS-related underground activity from early 2023 and early 2026, finding a marked rise in service ads, actors, and professionalized offerings. Ads now emphasize panels, APIs, botnet backing, pricing tiers, and reseller programs, while public mitigations report multi-terabit attacks. The market’s shift toward productized services means defenders must assume easier access to disruptive capabilities.
read more →

Attack Surface and Cyber Risks for FIFA 2026

📘 The 2026 FIFA World Cup spans 39 days across 16 host cities in three nations, creating a vast temporary tournament network layered on existing stadium and municipal infrastructure. This assessment warns of high likelihoods for disruptive intrusions, large-scale fraud and politically motivated DDoS and hack-and-leak operations. Key drivers include Iran-nexus disruptive campaigns, pro-Russian hacktivist DDoS activity and financially motivated cybercrime targeting fans and the hospitality ecosystem.
read more →

Dutch raid seizes servers, arrests hosting co-owners

🛡️ Dutch authorities arrested two co-owners of related hosting companies and seized over 800 servers on May 18, alleging they operated infrastructure used by Russia for cyberattacks and influence operations targeting the EU. The arrests follow investigative reporting that linked MIRhosting and WorkTitans to Stark Industries, an ISP sanctioned by the EU for facilitating DDoS, proxy, and anonymity services tied to Russia-backed actors. Officials searched businesses and data centers and charged the suspects with violating sanctions law by making economic resources available to sanctioned entities. Both suspects deny wrongdoing and one company says it has paused services to the implicated client pending internal review.
read more →

Global takedown of criminal VPN service First VPN

🔎 Authorities across Europe and North America announced a coordinated operation that dismantled First VPN, a criminal virtual private network service used to obscure ransomware, data theft, scanning, and DDoS activity. Led by France and the Netherlands with support from many countries and agencies since December 2021, investigators executed concurrent actions in May 2026, seizing servers, domains, and infrastructure while interviewing the service administrator. Europol and the FBI say First VPN marketed anonymity to cybercriminals on Russian-language forums, offered multiple protocols and payment methods, and provided exit nodes across 27 countries used by at least 25 ransomware groups.
read more →

Canadian Arrest Over KimWolf DDoS Botnet Operations

🔍 Canadian and U.S. authorities arrested 23-year-old Jacob Butler (aka "Dort") in Ottawa under an extradition warrant after unsealing a criminal complaint in the District of Alaska linking him to the KimWolf DDoS botnet. Investigators tied Butler to the botnet through IP address logs, transaction records, and online messages, and he now faces a charge of aiding and abetting computer intrusions with a potential 10-year sentence. KimWolf operated as a DDoS-for-hire service that enslaved nearly two million devices and powered attacks up to nearly 30 Tbps, causing substantial global disruption and financial losses.
read more →

Canadian Arrest Tied to Kimwolf DDoS Botnet

🛡️ The U.S. Department of Justice announced the arrest of 23-year-old Canadian Jacob Butler (aka Dort) for allegedly operating the Kimwolf DDoS botnet, a variant of AISURU. The botnet enslaved devices like digital photo frames and webcams and was offered via a cybercrime-as-a-service model to launch global attacks, including against DoD network addresses. Authorities linked Butler through IP, account data, and Discord messages, and charged him with aiding and abetting computer intrusion.
read more →

CloudFront Premium Now Offers Configurable Flat-Rate Plans

🚀Amazon CloudFront's Premium flat-rate plan now offers multiple self-service monthly usage tiers ranging from 500 million to 6 billion requests and 50 TB to 600 TB. Customers can select and change their tier in the CloudFront console with instant pricing and no commitment. All Premium features — including AWS WAF, DDoS protection, bot management, Amazon Route 53 DNS, Amazon CloudWatch Logs ingestion, serverless edge compute, and Amazon S3 storage credits — are included with no overage charges.
read more →

Defending Consumer Web Properties Against Modern DDoS

🔐 Modern DDoS attacks have evolved from simple volumetric floods to multi-vector, application-layer abuse amplified by AI-enabled tooling and expansive botnets. Microsoft reports a sharp rise in attack volume since mid‑March 2024 and urges a system-level, defense-in-depth approach that combines fingerprinting (JA4), layered controls, and operational visibility. Cloud-native protections such as Azure DDoS Protection and Azure WAF help when integrated with resilient application design and pretested graceful-degradation plans.
read more →

Mirai-Derived xlabs_v1 Botnet Exploits ADB Devices

🛡️ Hunt.io has uncovered a Mirai-derived botnet that self-identifies as xlabs_v1 and targets internet-exposed devices running Android Debug Bridge (ADB) to conscript them into DDoS campaigns. The malware supports 21 flood variants across TCP, UDP, and raw protocols and is offered as a DDoS-for-hire service aimed at game servers and Minecraft hosts. It targets devices with ADB enabled by default—such as Android TV boxes, set-top boxes, smart TVs—and includes multi-architecture binaries for routers and IoT hardware. The bot probes device bandwidth to tier victims and uses a "killer" subsystem to evict competing malware.
read more →

DDoS Surge During Milano Cortina 2026 Winter Games

📈 The Milano Cortina 2026 Winter Games coincided with a dramatic rise in DDoS activity against Italian infrastructure, with attack frequency increasing 181% year-over-year from 2025. NETSCOUT ASERT recorded 12,963 attacks during the core Games window (Feb 6–23), peaking at more than 2,200 attacks on single days and shifting tactics from high-bandwidth floods to packet-rate–intensive vectors. The hacktivist group NoName057(16) dominated public claims, while ransomware groups and other actors also asserted responsibility. Adaptive defenses such as NETSCOUT ATLAS and Arbor products were highlighted as important mitigations.
read more →

What Is a Botnet? Risks, Architecture, and Defenses

🤖 A botnet is a network of compromised internet-connected devices controlled by attackers to perform coordinated criminal tasks such as DDoS, spam, crypto-mining, or malware distribution. Modern botnets use distributed architectures — from centralized command-and-control servers to peer-to-peer propagation — and often hide control traffic via IRC, HTTP, Telnet, or even public platforms. Defenders combine user training, patching, IoT hardening, antivirus, traffic filtering and CDN services with threat hunting methods like flow analysis and malware reverse-engineering.
read more →