Latest news with #DDoS
Time of India
11 hours ago
- Time of India
NIA files chargesheet against man for DDoS attacks on govt websites in Gujarat
Ahmedabad: The National Investigation Agency (NIA) filed a chargesheet in a special court here against Jasim Shahnawaz Ansari in connection with a case relating to alleged acts of cyberterrorism through distributed denial of service (DDoS) attacks on websites of critical govt infrastructure. NIA stated that the case was initially registered by Gujarat ATS after uncovering a conspiracy between a juvenile in conflict with law (JCL) and Ansari to launch multiple DDoS attacks on various govt websites between March and May 2025. The accused also posted anti-national content on a Telegram channel. NIA took over the probe from ATS. NIA's probe revealed that Ansari and the juvenile delinquent allegedly used advanced hacking tools, anonymising technologies (including virtual private networks or VPNs), and encrypted platforms to execute the attacks. They publicised these attacks online, sharing screenshots and inflammatory messages in retaliation to India's 'Operation Sindoor' against Pakistan-sponsored terrorism, with the intent to threaten the country's unity, integrity, and sovereignty, NIA stated. You Can Also Check: Ahmedabad AQI | Weather in Ahmedabad | Bank Holidays in Ahmedabad | Public Holidays in Ahmedabad | Gold Rates Today in Ahmedabad | Silver Rates Today in Ahmedabad It further said, "Digital forensic analysis confirmed Ansari's role in orchestrating a planned, ideologically motivated cyberoffensive, coupled with his efforts to train others in unlawful cyber techniques while concealing identities to evade law enforcement." While proceedings against the juvenile delinquent have been initiated in a court in Nadiad town, NIA charged Ansari under Section 66F of the Information Technology Act, Section 61(2)(a) of the BNS. Stay updated with the latest local news from your city on Times of India (TOI). Check upcoming bank holidays , public holidays , and current gold rates and silver prices in your area.
Time Business News
2 days ago
- Business
- Time Business News
The Stress Test Revolution: Why Overload.su is Becoming Every Company's Digital Lifeline
The internet has never been busier. From streaming services to e-commerce platforms and online banking, billions of transactions take place every day. Customers expect websites to work instantly and flawlessly, no matter how many people are logged in at once. Yet reality shows us that countless businesses stumble when demand peaks. Outages, slow load times, and broken systems cost more than money—they cost trust. Amid this new digital pressure, stress testing has emerged as a powerful solution. By simulating both malicious activity and unexpected surges of genuine traffic, it gives organizations the ability to prepare for the unpredictable and safeguard their digital operations. When a website goes offline, the damage is often chalked up to 'technical glitches.' In truth, those failures usually stem from poor preparation. While cyberattacks like DDoS floods remain a threat, most downtime results from overwhelming spikes in legitimate user traffic. Think about a retailer during Black Friday, or a startup that suddenly gains viral attention. These events should mark milestones of success, yet without proper preparation they become disasters. Payment portals jam, customer service chatbots stop working, or the database simply collapses. The end result is downtime, angry customers, and missed revenue opportunities. This is exactly the type of risk modern stress testing is designed to eliminate. Founded in August 2024 by Jordan McRae, has grown at lightning speed. In its first year, it attracted more than 20,000 clients and ran over 50,000 daily tests, proving how urgently businesses needed a service like this. What sets apart is its realism. Instead of running generic simulations, it recreates the real-world conditions businesses actually face. Global traffic distribution, bot interference, API overload, and integration failures are all part of the scenarios. Companies are no longer left wondering what 'might' happen—they see what will happen under pressure. Traditional load testing has always been about measuring capacity: How much traffic can this system handle before it slows down? While useful, that question no longer captures the complexity of modern websites. Today's platforms are built on interconnected services—payment systems, content delivery networks, live chats, booking tools—all of which can become bottlenecks. takes stress testing a step further. By pushing systems beyond expected limits, it shows not just how they perform at their peak but how they behave once pushed into crisis mode. The difference is crucial. Businesses discover whether their systems fail gracefully or catastrophically, and that knowledge is often the key to preventing chaos. Cybersecurity and performance are often treated as separate disciplines, but in practice they overlap. Attackers exploit weak systems, but so do legitimate users when platforms can't scale fast enough. With around 600 million cyber incidents happening daily and over 133 new vulnerabilities uncovered every day, the challenge grows more complex. In the UK alone, nearly half of all companies were attacked in 2024, while phishing scams and ransomware incidents continued to rise. Against this backdrop, stress testing provides a dual benefit. It reveals how websites cope with hostile traffic while also highlighting whether they can survive genuine surges in usage. This dual lens is what makes such a powerful tool. Many businesses still view stress testing as a one-time checklist item: run a test, patch a flaw, and move on. The truth is that websites evolve constantly. New integrations, feature updates, and system upgrades each introduce fresh risks. That's why promotes continuous testing. By scheduling regular simulations, companies avoid being blindsided by changes in their own systems or by the evolving tactics of attackers. Industries like healthcare and finance have already recognized this, treating resilience not as a luxury but as a compliance requirement. There are countless cautionary tales of companies overwhelmed by their own popularity. A streaming platform signs a major celebrity partnership, only to crash during the launch event. A gaming company releases a new update, but the servers can't handle the load. A ticketing website announces a high-demand concert sale and goes offline before most customers can check out. Each of these scenarios could have been prevented with realistic stress testing. allows organizations to play out these events safely in a controlled environment, revealing weaknesses before the public experiences them. Remarkably, has achieved global reach with a small team of just five specialists. Despite its compact size, it has expanded infrastructure dramatically, increasing its server capacity fivefold in early 2025 to handle growing demand. The company is also preparing premium plans for larger enterprises, signaling its intent to support even the biggest digital players. Yet perhaps its strongest advantage is loyalty: once clients adopt they rarely consider alternatives. The confidence gained from surviving rigorous simulations creates a bond that is hard to break. For organizations wondering what they stand to achieve, the list of benefits is extensive: Revenue protection by avoiding outages during critical sales or campaigns. Infrastructure efficiency by identifying exact capacity limits and preventing overspending. Customer retention through consistent reliability and uptime. Risk reduction by finding flaws in third-party services like CDNs and payment tools. Future readiness for expansion into new markets without fear of collapse. Stress testing is no longer just about defense—it is about building a stable platform for growth. The rise of reflects a bigger industry shift. Businesses are beginning to see resilience not as an IT responsibility but as a strategic priority. Performance and continuity are now discussed in boardrooms alongside profit and market expansion. This shift is also driven by regulation. Governments and industry bodies are increasingly demanding proof of operational stability, particularly in finance and healthcare. Stress testing is becoming a standard part of compliance, not just a competitive advantage. The future of this field lies in predictive and automated solutions. is already moving in that direction, blending realistic scenarios with advanced monitoring and analytics. The goal is not just to identify weaknesses but to predict them before they surface. As digital ecosystems grow more interconnected, businesses will demand even more sophisticated testing. Those who embrace this evolution will be positioned to lead their industries, while those who treat resilience as optional will continue to face costly disruptions. The message for modern organizations is clear: stability is no longer optional. Customers expect smooth, secure, and uninterrupted digital experiences, and they abandon platforms that fail to deliver. With stress testing, companies gain more than protection against downtime. They gain the confidence to scale, the assurance to run bold campaigns, and the trust of customers who know they can rely on them. In 2025 and beyond, resilience will be the difference between businesses that thrive and those that collapse under pressure. The companies that prepare now will be the ones telling success stories tomorrow. TIME BUSINESS NEWS
Techday NZ
4 days ago
- Business
- Techday NZ
LevelBlue & Akamai launch managed service for web app security
LevelBlue and Akamai have announced a partnership to deliver new managed web application and API protection services designed to aid organisations in consolidating, simplifying, and scaling their security operations. Service overview The partnership introduces LevelBlue Managed Web Application and API Protection (WAAP), a security service built to provide adaptive, continuous protection to help mitigate risks and reduce the operational demands linked with securing web applications and APIs. The service incorporates Akamai's App & API Protector technology, featuring web application firewall (WAF), distributed-denial-of-service (DDoS) mitigation, bot protection, and foundational API security. This technology is integrated with expertise from LevelBlue's dedicated WAAP Operations team. Against a backdrop of expanding application deployment and usage of APIs, organisations worldwide are facing increased challenges. Research from Enterprise Strategy Group highlights that the average number of web applications per organisation is expected to rise from 145 to more than 200 over two years. The proportion of organisations with over half of their applications using APIs is forecasted to climb from 32% to 80% over the same period. Challenges for security teams Security teams are contending with several critical challenges, including the need to discover application and API deployments, scale protections appropriately, swiftly identify and mitigate attacks, and ensure that security measures do not detract from performance. Added to these obstacles are staff shortages and a proficiency gap, with half of midmarket organisations reporting it is harder to secure web apps and APIs than it was two years ago. Many seek external support and more straightforward, consolidated solutions as environments grow more complex. LevelBlue Managed WAAP aims to tackle these requirements by delivering measurable outcomes in security and simplifying operational processes. Industry perspectives "Today, a surprising number of organisations rely on multiple tools that are not purpose-built for web application and API security - leading to complexity, silos, and rising costs," said Sundhar Annamalai, President of LevelBlue. "LevelBlue offers an alternative: proven services that consolidate and simplify protections with predictable investment. By combining LevelBlue's operational expertise with Akamai's proven technology, organisations can stay ahead of evolving threats and create cyber resilience for critical digital capabilities." The service is available in two tiers, Essential and Advanced, giving organisations flexibility to select the level of support most suited to their requirements. Key features include: Round-the-clock support and advisory from a fully operational team of WAAP specialists Automatic identification and classification of web applications and APIs, with scalable protection prioritised for exposed or sensitive data-handling assets AI-powered threat detection combined with global threat intelligence to identify anomalies and adapt to emerging attack vectors Expert-led, automated policy management to improve efficiency, reduce false positives, and align with contemporary DevOps workflows The prevalence and complexity of online threats continues to increase. In 2024, Akamai reported witnessing over 311 billion web application attacks, highlighting the need for robust protection as organisations accelerate digital adoption and AI-powered attacks become more sophisticated. "In 2024 alone, Akamai saw over 311 billion web app attacks. As AI accelerates, threats are harder to spot, and security is tougher to control," said Rupesh Chokshi, Senior Vice President and General Manager of Akamai's Application Security Portfolio. "Akamai and LevelBlue's partnership gives customers access to a trusted, reliable team that combines industry-leading technology with the deep operational expertise of one of the world's largest MSSPs. It's a powerful combination with a flexible solution that can fast-track organisations to resilient protection and compliance." Follow us on: Share on:
Forbes
5 days ago
- Business
- Forbes
How To Build Scalable And Affordable DDoS Protection
Alexander Krizhanovsky is CEO of Tempesta Technologies and the architect of Tempesta FW. DDoS attacks are growing significantly. Nowadays, DDoS protection is a commodity service, and you can protect your web application from DDoS attacks almost entirely, or even fully, for free. However, as your business and traffic grow, scaling DDoS protection becomes increasingly difficult. Infrastructure: Cloud Or On-Premises With modern cloud and CDN providers, you can get solid and affordable DDoS protection, at least in most cases. Recently, the Forbes Technology Council Expert Panel discussed "Why On-Prem Data Centers Still Matter In The Cloud Era." Rather than repeat that conversation, let's consider several additional cases. Big and respected vendors protect thousands and thousands of clients, and some of those clients are quite large. This makes these vendors attractive targets for attackers looking to fine-tune their tools. Once attackers succeed, they can potentially compromise many companies at once. Just look at the LWN case, which involved scraping bots, or review the technical details from a company offering bot services that can bypass Cloudflare. One of our clients, a digital bank, operates under strict security requirements and cannot share its TLS certificates with any third-party organization. They contracted with a DDoS scrubbing center and routed their network traffic through it. However, because the scrubber didn't have access to the bank's TLS certificates, the bank had to provide access logs for the scrubber to analyze and block application-level (L7) DDoS attacks. Like many others, the scrubbing center relied on a set of Python-based machine learning scripts to classify the log records, processing that took at least three minutes. For the bank, even a few minutes of downtime was unacceptable, and they ultimately adopted an on-premises solution. DDoS protection services can be always-on or on-demand. In an always-on setup, traffic is permanently routed through the mitigation infrastructure, ensuring minimal reaction time. But if you have plenty of traffic, e.g., if you distribute video content, it can cost a fortune. On-demand protection is more affordable and is typically triggered by traffic anomalies or alerts, but its response time can be unacceptably slow, often worse than the three-minute reaction time in the always-on scenario mentioned earlier. To build your own DDoS protection, you need two key components: a robust infrastructure capable of handling massive incoming traffic and filtration nodes. The cornerstone of a DDoS-resilient infrastructure is Anycast technology, which allows multiple nodes across the internet to share the same IP address. This effectively splits a large DDoS botnet into many smaller parts, with each protection node receiving only a portion of the malicious traffic. You can either build your own Anycast-enabled network or purchase Anycast services at relatively affordable prices. Filtering Nodes: Proprietary Or Open Source In theory, if you need to defend against a 1 Tbps DDoS attack, 10 nodes with 100 Gbps uplinks and anycast IPs should suffice. In real-world scenarios, however, traffic is often concentrated in specific regions or networks. As a result, you'll need more nodes and higher-capacity connections. The cost of such a setup—using DDoS protection appliances from vendors like F5, Fortinet or Imperva—can be substantial, especially since you'll need to upgrade the appliances regularly to keep up with the growing scale of DDoS attacks. The alternative is to use a free, open-source software (FOSS) solution. This not only lowers costs but also allows you to repurpose your existing hardware for the protection setup, and later, when it's time to scale up, you can reuse the DDoS filtering servers for other tasks. The first layer to build is volumetric DDoS protection. This layer defends against SYN floods, UDP floods, amplification attacks and similar threats. These types of attacks don't require completed TCP or TLS handshakes, allowing attackers to send large volumes of packets while spoofing source IP addresses. This is why these attacks usually come with high traffic volumes and are not so easy to block. However, protection against these types of attacks can be accelerated using commodity hardware. For example, an XDP (eXpress Data Path) filter on a mid-level x86-64 server with a capable NIC can operate at 100 to 400 Gbps. A typical XDP filtering module, offering functionality comparable to a proprietary appliance, consists of just a few thousand lines of C/eBPF code. Basic statistical methods are also effective at detecting huge traffic spikes, eliminating the need for advanced machine learning, at least initially. Moreover, since you understand your own traffic patterns, seasonal variations and baseline metrics, you're in a much better position to build an effective analytics engine than a vendor who isn't focused on your specific use case. While volumetric attacks target link capacity and basic operating system functionality, application-level (L7) DDoS attacks focus on application servers, such as web servers, web applications and database servers. These attacks involve more sophisticated logic and typically operate at a much lower rate in terms of bits per second. There are plenty of online guides on how to tune Nginx, HAProxy and other common web proxies for L7 DDoS protection. However, modern L7 DDoS attacks can be extremely powerful. For example, Google observed the HTTP/2 Rapid Reset technique, which delivered 398 million requests per second. Mitigating such an attack would require thousands of servers running Nginx or HAProxy. To defend against this scale of threat, you need a web proxy with a more advanced network stack, such as one built on DPDK (kernel bypass) or an OS-level kernel solution. Conclusion Building your own infrastructure and filtration nodes using FOSS is a sophisticated process that may involve some programming. But it offers stronger security, freedom from vendor lock-in, greater control over service quality for your clients and more predictable scaling in terms of cost. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Yahoo
5 days ago
- Business
- Yahoo
Akamai and LevelBlue Launch Managed Web App, API Protection Services
Akamai Technologies, Inc. AKAM has teamed up with LevelBlue to enhance web application and API (application programming interface) security with the launch of LevelBlue's Managed Web Application and API Protection (WAAP) service. The new service delivers adaptive, always-on protection aimed at reducing risk and operational overhead, powered by Akamai's App & API Protector technology. It integrates next-generation web application firewall (WAF), distributed denial-of-service (DDoS) mitigation, bot protection and core API security, backed by LevelBlue's dedicated WAAP Operations team. The launch comes as organizations worldwide accelerate their use of applications and APIs to support digital-first strategies. According to Enterprise Strategy Group, the average number of web apps per company is set to rise from 145 to more than 200 in two years, while API usage will grow dramatically, with 80% of organizations expected to have more than half their applications connected via APIs, up from 32%. This surge brings new challenges, including discovering app and API deployments, scaling protections, swiftly mitigating attacks and ensuring performance remains unaffected. Many companies also face staffing shortages and a growing skills gap, with half of midmarket organizations finding web app and API security harder now than two years ago. Akamai Technologies, Inc. Price and Consensus Akamai Technologies, Inc. price-consensus-chart | Akamai Technologies, Inc. Quote LevelBlue highlighted that by combining LevelBlue's operational expertise with Akamai's proven technology, it is offering a simplified, consolidated and predictable approach to protection, helping organizations stay ahead of threats and build cyber resilience. LevelBlue Managed WAAP is available in two tiers—Essential and Advanced. The service offers 24/7 access to WAAP specialists, automated discovery and classification of critical web apps and APIs, AI-powered threat detection and streamlined security management aligned with DevOps workflows. The solution aims to help organizations automatically secure sensitive assets, adapt quickly to emerging attack vectors and reduce false positives through expert-led policy tuning. Akamai is actively pursuing the opportunity. With the acquisitions of Neosec and Noname Security, Akamai has accelerated the advancement of its AI-powered API security solution. By leveraging AI capabilities, the solution effectively analyzes APIs, detects vulnerabilities and minimizes risks. With the growing use of APIs, the demand for such solutions is poised to rise among enterprises. These strategic initiatives are expected to drive commercial expansion and generate long-term benefits. On July 29, 2025, Akamai announced that it formed a collaboration with Aqua Security. With this partnership, the companies aim to work on developing an integrated solution to ensure comprehensive protection for AI applications. Recently, Akamai reported strong second-quarter 2025 results, with both the top and bottom lines surpassing the Zacks Consensus Estimate. The company reported a top-line expansion year over year, driven by healthy demand trends in multiple end markets. Strong demand for the Guardicore platform, API security solutions and cloud infrastructure services is a key growth driver. For 2025, Akamai expects revenues in the range of $4.135 billion to $4.2 billion. It expects a non-GAAP operating margin of 29%. Non-GAAP earnings are projected to be in the range of $6.60-$6.80 per share. Zacks Rank & Share Price Performance Akamai currently has a Zacks Rank #3 (Hold). Shares of AKAM have plunged 26.6% in the past year against the Internet – Services industry's growth of 27.3%. You can see the complete list of today's Zacks #1 Rank (Strong Buy) stocks here. Image Source: Zacks Investment Research Stocks to Consider From the Internet Services Space Some better-ranked stocks from the broader technology space are Crexendo, Inc. CXDO, Sprout Social, Inc. SPT and HealthStream, Inc. HSTM. CXDO, SPT and HSTM carry a Zacks Rank #2 (Buy). Crexendo's earnings beat the Zacks Consensus Estimate in each of the trailing four quarters, with the average surprise being 30.83%. In the last reported quarter, CXDO delivered an earnings surprise of 50%. Its shares have increased 17% in the past year. Sprout Social's earnings beat the Zacks Consensus Estimate in each of the trailing four quarters, with the average surprise being 25.42%. In the last reported quarter, SPT delivered an earnings surprise of 20%. Its shares have plunged 56.6% in the past year. HealthStream, Inc. (HSTM) earnings beat the Zacks Consensus Estimate in three of the trailing four quarters, with the average surprise being 20.35%. In the last reported quarter, HSTM delivered an earnings surprise of 12.5%. Its shares have decreased 4.1% in the past year. Want the latest recommendations from Zacks Investment Research? Today, you can download 7 Best Stocks for the Next 30 Days. Click to get this free report Akamai Technologies, Inc. (AKAM) : Free Stock Analysis Report HealthStream, Inc. (HSTM) : Free Stock Analysis Report Crexendo Inc. (CXDO) : Free Stock Analysis Report Sprout Social, Inc. (SPT) : Free Stock Analysis Report This article originally published on Zacks Investment Research ( Zacks Investment Research
