Monthly Archives: May 2012

Man arrested for hacking into billing provider

The FBI has arrested hacker “Cosmo”, according to a report by Eduard Kovacs of Softpedia. Cosmo is alleged to be the leader of four-man hacktivist group UGNazi, which took control of the web site of major payment services provider WHMCS just over a week ago. Previously, UGNazi had been known primarily for distributed denial-of-service (DDoS) attacks carried out using its own botnet. Earlier this month, for example, it briefly took down the US Department of Education web site. UGNazi received even more attention when, on 21 May, it hacked into servers belonging to UK billing company WHMCS and copied private internal information, which it posted online two days later. The stolen data included a MySQL dump of the company’s customer database containing nearly 130,000 records, and data from the main server. The hackers gained access to WHMCS’ Twitter account and infiltrated the user forum. The group also carried out DDoS attacks to take down the WHMCS domain for several hours. The UGNazi hackers reportedly used basic social engineering techniques to gain access to the WHMCS domain. One of the hackers, probably Cosmo, phoned WHMCS’s hosting company claiming to be the company’s CEO and correctly answered the security question. They were then given full access to the company’s main server. WHMCS provides payment systems for small to medium-sized web sites. At the time of the intrusion, the customer database contained just under 13,000 credit card numbers, which were encrypted using a symmetrical AES algorithm. Passwords were salted, which should have made them harder to decrypt – but since the salt was recorded directly after the password, not impossible. Following the attack, the hackers spent several days taunting WHMCS. They posted tweets in the name of the company and rewrote some company blog and forum postings. In a statement on PasteBin, UGNazi stated that its motivation for the hack was simply to open the eyes of WHMCS users. The group’s US-based web site is now offline – having been, according to a tweet by Cosmo, seized by the FBI. Members of the group have told Kovacs that they are confident that the FBI will not be able to prove anything in relation to Cosmo. A fifth member left the group shortly before the attack on WHMCS. According to Softpedia, another member of the group hasn’t been online “for the past couple of days”. WHMCS has now reset all passwords for its customer area and warned its customers to be vigilant for ongoing consequences of the hack. Yesterday the company was forced to inform its customers of a further security concern, when a programmer informed WHMCS of a vulnerability in its payment processing system, for which the company released an immediate patch. Source: http://www.h-online.com/security/news/item/Man-arrested-for-hacking-into-billing-provider-1587517.html

Read the article:
Man arrested for hacking into billing provider

DoS crashes updated iPads, iPhones

A denial of service attack has been disclosed in the latest version of Apple iOS. The attack targets Safari in iOS 5.1.1 and a proof of concept was published online. Alienvault security researcher Alberto Ortega said the attack may also affect previous versions of the Apple operating system. The attack was successfully demonstrated on iPhone, iPad and iPod Touch. Ortega said the error was a “step to achieve a real exploitation”. “iOS has a lot of mitigations to avoid successful exploitation,” Ortega said. “This software has errors and holes but you will need to bypass those hard mitigations and find more weaknesses  to have something “usable’.” Ortega reported the error to Apple at the time of disclosure but had no response from the notoriously security silent company. “When JavaScript function match() gets a big buffer as parameter the browser unexpectedly crashes. By extension, the function search() is affected too,” Ortega said in the advisory. Source: http://www.crn.com.au/News/302620,dos-crashes-updated-ipads-iphones.aspx

Taken from:
DoS crashes updated iPads, iPhones

FBI Warns Companies of Anonymous DDoS Attacks

The Cyber Division of the Federal Bureau of Investigation warned several large corporations of the potential for distributed denial of service (DDoS) and data exfiltration attacks scheduled for today, May 25. The attacks are being coordinated by the rogue movement Anonymous in an an exercise termed “Operation NewSon”. In denial of service attacks, generally a large amount of information is sent to a web server at such high frequency that it overwhelms the processing capacity or causes the system to shut down. The net effect is that the server can not longer operate correctly and the targeted website is rendered inaccessible. DDoS attacks can also inflict serious damage to targeted systems, as well as collateral damage to associated nodes. Anonymous is known for having targeted the websites of businesses like PayPal, Visa, MasterCard, PostFinance Bank, Amazon, Bank of America, as well as numerous government agencies, and continues to use DDoS attacks as a method of furthering their political views in various conflicts around the world. Anonymous was also behind the HBGary Federal breach had led to the release of tens-of-thousands of company emails which revealed multiple instances of ethically questionable covert operations involving the security company. Swedish file-sharing website The Pirate Bay – typically aligned with Anonymous in their anti-copyright orientation – recently issued a statement in opposition to the popular hacktivist tactic of DDoS attacks. Source: http://threatpost.com/en_us/blogs/fbi-warns-top-firms-anonymous-protest-hacks-may-25-052412?

Read more here:
FBI Warns Companies of Anonymous DDoS Attacks

US Firms Are Over-Reliant on Firewalls to Protect Against DDoS Attacks

By John E Dunn, techworld.com More than half of US businesses still rely on conventional firewalls or intrusion prevention systems to shield themselves from the scourge of DDoS attacks, a survey by services firm Neustar has found. The survey of 1,000 US-based IT professionals across a range of industries found that only 3 percent were using DDoS mitigation systems or services, with a quarter claiming they had no protection whatsoever against the threat. Eleven percent used intrusion detection/prevention systems even though such technology is (in common with firewalls, routers and switches) widely seen as an inadequate defence against contemporary DDoS bombardment, Neustar said. “Experts point out that during DDoS attacks these ‘defences’ become part of the problem. They quickly become bottlenecks, helping achieve an attacker’s goal of slowing or shutting you down. Moreover, firewalls won’t repel attacks on the application layer, an increasingly popular DDoS vector,” the authors note. A third of those questioned said DDoS attacks lasted for a day or more with 11 percent mentioning over a week. There didn’t appear to be any clear pattern that related attack length to industry segment, except that the travel industry appeared slightly more vulnerable to attacks lasting longer than 24 hours. Two thirds said the direct cost of all this DDoS was about $10,000 (£6,200) per hour or $240,000 per day, with 13 percent reckoning it as being $100,000 per hour. The most vulnerable to high costs was retail, a sector that depends on online sales to generate cashflow, followed by finance. The main anxiety in advance of DDoS attacks was the negative impact on customers, ahead of brand reputation damage and even direct costs. Companies such as Neustar have a vested interest in talking up the difficulty of dealing with DDoS the better to market protection services. However, the company said it accepted that there was no simple answer to countering DDoS attacks; even the best protection systems available still required trained, skilled staff to deploy and manage them. “With attacks becoming more sophisticated – mixing brute-force bandwidth assaults and surgical strikes on applications – in-depth knowledge and experience make a huge difference. There is no ‘magic box’ that can out-think attackers on its own.” Source: http://www.pcworld.com/businesscenter/article/255772/us_firms_are_overreliant_on_firewalls_to_protect_against_ddos_attacks.html

View original post here:
US Firms Are Over-Reliant on Firewalls to Protect Against DDoS Attacks

Check Point Survey Reveals More Than Half of Targeted Attacks Reported Were Driven by Financial Fraud

Denial of Service Attacks and Botnets Pose Increased Risk to Organizations, With Successful Attacks Costing Businesses Over $100,000 per Incident REDWOOD CITY, CA, May 22, 2012 (MARKETWIRE via COMTEX) — Check Point(R) Software Technologies Ltd. CHKP +0.04% , the worldwide leader in securing the Internet, today announced the results of a new survey revealing 65 percent of organizations who experienced targeted attacks report the hacker’s motivation was driven by financial fraud, and resulted in business disruption and the loss of sensitive information, including intellectual property and trade secrets. The report, The Impact of Cybercrime on Businesses, also showed companies reporting an average of 66 new security attack attempts per week, with successful incidents costing businesses anywhere from $100,000 to $300,000. Among the list of top threats, Denial of Service (DoS) attacks were said to pose the greatest risk to organizations. Cybercriminals today are increasingly leveraging malware, bots and other forms of sophisticated threats to attack organizations for various reasons — from financial gain and disruption of business operations to data theft or attacks driven by political agendas. Regardless of motivation, new variants of malware are being generated on a daily basis, often targeting multiple sites and organizations to increase the likelihood of an attack’s initial success and the potential for threats to spread quietly throughout an organization. “Cybercriminals are no longer isolated amateurs. They belong to well-structured organizations, often employing highly-skilled hackers to execute targeted attacks, many of whom receive significant amounts of money depending on the region and nature of the attack,” said Tomer Teller, security evangelist and researcher at Check Point Software Technologies. “Cybercrime has become a business. With bot toolkits for hackers selling today for the mere price of $500, it gives people insight into how big the problem has become, and the importance of implementing preemptive protections to safeguard critical assets.” According to the survey, SQL injections were cited as the most serious types of attacks organizations had experienced in the last two years, and more than one third of respondents had each experienced APTs, botnet infections and DoS attacks. Following investigations of targeted threats, respondents reported the biggest consequences were a disruption to their business and the loss of sensitive data and intellectual property. “For the most part, the goal of attackers is to obtain valuable information. These days, credit card data shares space on the shelves of virtual hacking stores with items such as employee records and Facebook or email log-ins, as well as zero-day exploits that can be stolen and sold on the black market ranging anywhere from $10,000 to $500,000,” added Teller. “Unfortunately, the rate of cybercrime seems to be climbing as businesses experience a surge in Web 2.0 use and mobile computing in corporate environments — giving hackers more channels of communication and vulnerable entry points into the network.” “Companies are constantly facing new and costly security risks from both internal and external sources that can jeopardize the business,” said Dr. Larry Ponemon, chairman and founder, Ponemon Institute. “While the types of threats and level of concern companies have may vary across regions, the good news is that security awareness is rising. Across the board, C-level executives reported high levels of concern about targeted attacks and planned to implement security precautions, technology and training to mitigate the risk of targeted attacks.” Key Findings from the Report: –  Primary Motivations of Targeted Threats – Following investigations of cyber-attacks within organizations surveyed, the majority of respondents reported financial fraud (65%) as the cybercriminal’s primary motivation, followed by intent to disrupt business operations (45%) and stealing customer data (45%). Approximately 5% of security attacks were estimated to have been driven by political or ideological agendas. –  Cybercrime comes in all shapes and forms – On average, respondents reported SQL Injections as the most serious security attacks experienced in the last two years, and more than one third of respondents said they experienced APTs (35%), botnet Infections (33%) and DoS attacks (32%). –  Targeted attacks continue to be costly – Survey participants estimated a single, successful targeted attack costing an average of $214,000 USD. In Germany, respondents reported a higher average estimate of $300,000 per incident, and Brazil with a lower average of $100,000 per incident. Estimates include variables such as forensic investigation, investments in technology and brand recovery costs. –  Most Common Threat Vectors – When asked to rank employee activities that pose the greatest risk, all regions unanimously cited the use of mobile devices — including smartphones and tablet PCs — as the biggest concern, followed by social networks and removable media devices such as USB sticks. –  Current technology investments – While the majority of companies have important security building blocks in place, such as Firewall and Intrusion Prevention solutions, less than half of companies surveyed have advanced protections to fight botnets and APTs. However, the majority of organizations in Germany and the US are beginning to deploy solutions more specific to addressing cyber-risk such as anti-bot, application control and threat intelligence systems. –  Security Training and Awareness – Only 64% of companies say they have current training and awareness programs in place to prevent targeted attacks. Cybercriminals are focused on valuable data that is worth the time and risk; therefore, it has become imperative for enterprises to focus their security efforts there as well. Businesses should start by identifying critical data and assets and enforce multi-layered threat prevention. While thousands of companies have already been targets of bots and advanced threats, businesses have the responsibility to stop it from spreading. For more information about how Check Point helps customers mitigate the risk of cybercrime, visit: http://www.checkpoint.com/campaigns/r75.40/index.html . The report, The Impact of Cybercrime on Businesses, surveyed 2,618 C-level executives and IT security administrators in the US, United Kingdom, Germany, Hong Kong and Brazil. The survey sample represents organizations of all sizes and across multiple industries, including financial, industrial, defense, retail, healthcare and education. For more information and to view the full report, visit: http://www.checkpoint.com/products/downloads/whitepapers/ponemon-cybercrime-2012.pdf . About Check Point Software Technologies Ltd. Check Point Software Technologies Ltd. ( www.checkpoint.com ), the worldwide leader in securing the Internet, provides customers with uncompromised protection against all types of threats, reduces security complexity and lowers total cost of ownership. Check Point first pioneered the industry with FireWall-1 and its patented stateful inspection technology. Today, Check Point continues to develop new innovations based on the Software Blade Architecture, providing customers with flexible and simple solutions that can be fully customized to meet the exact security needs of any organization. Check Point is the only vendor to go beyond technology and define security as a business process. Check Point 3D Security uniquely combines policy, people and enforcement for greater protection of information assets and helps organizations implement a blueprint for security that aligns with business needs. Customers include tens of thousands of organizations of all sizes, including all Fortune and Global 100 companies. Check Point’s award-winning ZoneAlarm solutions protect millions of consumers from hackers, spyware and identity theft. SOURCE: Check Point Software Technologies Ltd. mailto:press@us.checkpoint.com mailto:ir@us.checkpoint.com http://www.marketwatch.com/story/check-point-survey-reveals-more-than-half-of-targeted-attacks-reported-were-driven-by-financial-fraud-2012-05-22

Read More:
Check Point Survey Reveals More Than Half of Targeted Attacks Reported Were Driven by Financial Fraud

Flashback botmasters earned less than $15K

It has already been established that the criminals behind the Flashback botnet were after money, but according to Symantec researchers, their plan was foiled by the attention that the first massive Ma…

Read the original:
Flashback botmasters earned less than $15K

Anti-Anonymous hacker takes credit for The Pirate Bay DDoS

After 72 hours of being hit with an extensive DDoS attack and having been intermittently inaccessible to its visitors, The Pirate Bay and WikiLeaks are back online. It was initially thought that An…

View article:
Anti-Anonymous hacker takes credit for The Pirate Bay DDoS

Three-Quarters of IT Professionals Fear Negative Brand Impact or Customer Experience as a Result of DDoS Attacks

New Data from Neustar Finds DDoS Attacks Can Cost Retailers More Than $100,000 Per Hour May 15, 2012, 9:30 a.m. EDT STERLING, Va., May 15, 2012 (BUSINESS WIRE) — Neustar, Inc., a trusted, neutral provider of real-time information and analysis to the Internet, telecommunications, entertainment and marketing industries, today released the results of a survey asking 1,000 IT professionals across North America about the business impact associated with distributed denial of service (DDoS) attacks. Among the findings, three-quarters of those surveyed cited impact on customer experience and brand as their greatest fears about the possible implications of DDoS attacks. By unleashing extremely high volumes of malicious Internet traffic or surgically targeting Web applications, hackers seek to shut down a company’s Web resources — typically websites, but also email servers. When hackers unleash a DDoS attack, it carries the potential to exert lasting damage to customer service, online revenue streams and brand reputation. Neustar Survey Results: Executed in Q1 2012, the survey garners responses of IT professionals in more than 25 industries such as finance and banking, retail, telecommunications, travel and IT. Notable findings include: – More than 300 respondents reported they had been attacked – The top concern was the impact attacks have on customer service — with 51 percent listing it as their greatest concern associated with the attacks – 35 percent of those attacked said the attacks lasted more than 24 hours — with 11 percent of attacks lasting more than a week – Specific to retailers, 67 percent who had experienced a DDoS attack pegged the costs of website outages at more $100,000 per hour — equating to loses of $2 million a day “The potential negative implications of DDoS attacks can be devastating for both marketers and IT professionals,” said Alex Berry, senior vice president, Enterprise Services, Neustar. “Many companies have been hit hard – with consequences lasting far longer than the attacks themselves. It’s important that companies are proactive about protecting their online presence, as well as their customers, to ensure the constant delivery of online services and necessary brand vigilance.” Overall, the survey shows that a significant number of companies face the risks of DDoS attacks, yet few have solutions designed specifically to combat attacks, with many relying solely on firewalls and intrusion detection systems. Less than 5 percent of respondents have a purpose-built DDoS mitigation solution, for example, an on-premise DDoS mitigation appliance. This explains why so many attacks last days — in fact, 35 percent respondents experienced attacks that lasted more than 24 hours. Without adequate protection, companies are unable to prevent losses from adding up. While many respondents are aware of the risks to their customer experience and public trust, they haven’t taken the next step to safeguard their reputation. Source: http://www.marketwatch.com/story/three-quarters-of-it-professionals-fear-negative-brand-impact-or-customer-experience-as-a-result-of-ddos-attacks-2012-05-15

View the original here:
Three-Quarters of IT Professionals Fear Negative Brand Impact or Customer Experience as a Result of DDoS Attacks