A fascinating but technically illegal experiment conducted by an anonymous researcher has witnessed over 420,000 Internet-connected devices being roped into a botnet that functioned as a distributed p…
Read More:
Researcher ropes poorly protected devices into botnet to map the Internet
A web firm finds a network of computers stealing millions of dollars from advertisers by generating fake ad viewings.
Follow this link:
Fake ad botnet ‘stealing millions’
Potentially risks thousands of years in jail An anonymous researcher has taken an unorthodox approach to achieve the dream of mapping out the entire remaining IPv4 internet – and in doing so broken enough laws around the world to potentially put him or her behind bars for thousands of years.…
Originally posted here:
Researcher sets up illegal 420,000 node botnet for IPv4 internet map
Web traffic analytics firm spider.io has discovered a massive botnet that emulates human visitors in order to earn its master(s) over $6 million per month from online advertisers. Dubbed Chameleo…
Continued here:
Massive Chameleon botnet steals $6M per month from advertisers
Click fraudster bot fingered after analysts crack its signature A web analytics firm has sniffed out a botnet that was raking in $6m a month from online advertisers.…
See more here:
Chameleon botnet grabbed $6m A MONTH from online ad-slingers
Six leading U.S. banking institutions were hit by distributed-denial-of-service attacks on March 12, the largest number of institutions to be targeted in a single day, says security expert Carl Herberger of Radware. The attacks are evolving, and the bot behind them, known as Brobot, is growing, he adds. This recent wave of DDoS attacks has proven to be the most disruptive among the campaigns that date back to September, says Herberger, vice president of security for the anti-DDoS solutions provider. “The Brobot has grown, the infection rate has increased, and the encrypted attacks have become more refined,” Herberger says. “As a result, it all is more effective. They’ve clearly gotten better at attacking more institutions at once.” Radware offers DDoS-mitigation tools to several high-profile clients, including U.S. banking institutions targeted in the recent attacks, Herberger says. As a result, the company has insights about numerous industrial sector attacks as well as online traffic patterns. Herberger declined to name the institutions affected, citing Radware’s non-disclosure agreements. But according to online traffic patterns collected by Internet and mobile- cloud testing and monitoring firm Keynote Systems Inc., JPMorgan Chase & Co., BB&T and PNC Financial Services Group suffered online outages on March 12. The three banks declined to comment about the attacks or confirm whether they had been targeted this week. Chase, however, acknowledged an online disruption in a March 12 post to the Chase Twitter f e ed . The post states: “*ALERT* We continue to work on getting Chase Online back to full speed. In the meantime, pls. use the Chase Mobile app or stop by a branch.” On March 13, the bank came back with this tweet: “We’re sorry it was such a rough day and we really appreciate your patience.” Phase 3 Attacks The hacktivist group Izz ad-Din al-Qassam Cyber Fighters on the morning of March 12 posted an update in the open forum Pastebin about its third phase of attacks. In it, the group mentions nine targets struck during the previous week. The group claims it is waging its attacks against U.S. banking institutions over a Youtube video deemed offensive to Muslims. The nine latest targets identified by the hacktivists – Bank of America, BB&T, Capital One, Chase, Citibank, Fifth Third Bancorp, PNC, Union Bank and U.S. Bancorp – have either declined to comment or have denied suffering any online disruptions. But Keynote Systems says Chase, BB&T and PNC suffered major online failures between 12:30 p.m. and 11 p.m. ET on March 12. Outages suffered by Chase resulted in a nearly 100 percent failure rating between the hours of 2 p.m. ET and 11 p.m. ET, says Ben Rushlo, Keynote’s director of performance management. “That means the site was unavailable most of that time. That’s pretty massive.” BB&T also had significant issues, but not quite so severe, Rushlo says. Between 12:30 p.m. and 2:30 p.m. ET, and then again briefly at 5:30 p.m. ET, BB&T’s online-banking site suffered intermittent outages, he adds. PNC’s site suffered a significant outage for a 30-minute span beginning bout 3:30 p.m. ET, Rushlo says. “On a scale relative to Chase, they were affected 10 times less.” Rushlo stresses that Keynote cannot confirm the cause of the online outages at the three banks because the company does not monitor DDoS activity; it only monitors customer-facing applications. Nevertheless, the online analysis Keynote conducts is in-depth, Rushlo contends. “We’re actually going behind the logons to emulate what the customer sees or experiences when they try to conduct online-banking,” he says. Defeating DDoS Radware’s Herberger says some institutions have successfully mitigated their DDoS exposure, while others are only succeeding at masking the duress their online infrastructures are experiencing. “There has been a lot of quick provisioning to address these attacks,” he says. “But if something changes, like it has now, then the whole game changes and the whole equilibrium changes. It’s not really solving the problem; it’s just addressing a glitch.” More banking institutions need to go beyond Internet protocol blocking to address attacks that are aimed at servers and site-load balancers, he says. But many organizations have failed to take the additional steps needed to successfully and consistently deflect these emerging DDoS tactics. “The thing that’s kind of frustrating to all of us is that we are six months into this and we still feel like this is a game of chess,” Herberger says. “How is it that an industry that has been adorned with so many resources – with more than any other industrial segment in U.S. – missed the threat of hacktivist concerns? There seems to clearly be industrial sector vulnerabilities that were missed in all of the historical risk assessments.” For DDoS protection click here . Source: http://www.bankinfosecurity.com/ddos-6-banks-hit-on-same-day-a-5607
Follow this link:
Distributed Denial of Service-DDoS: 6 Banks Hit on Same Day
President Barack Obama is shining yet another light on the rising cybersecurity threat in the US, sitting down with more than a dozen CEOs inside the White House Situation Room to discuss how government and the private sector can work together to better protect the nation’s citizens and critical infrastructure. “What is absolutely true is that we have seen a steady ramping up of cybersecurity threats,” Obama said in an interview on ABC’s Good Morning America . “Some are state-sponsored [and] some are just sponsored by criminals.” The timing could not be more apropos: Tuesday offered a bumper crop of cybersecurity red flags to add weight to the president’s statement. For one, a top US official told the Senate Intelligence Committee that cyber attacks are becoming the top global threat. It’s “grown to be right up there” with terrorism, said FBI director Robert Mueller, who said cybersecurity risks now keep him awake at night. Ironically, Mueller, along with First Lady Michelle Obama, Vice President Joe Biden and other political targets were made the victims of a doxxing campaign, which published online supposedly authentic personal information like mortgage statements and credit reports. Meanwhile, JPMorgan Chase and five other banks were hit with denial of service (DDoS) attacks in a renewed offensive on the financial industry yesterday. Attacks on banks have become an ongoing issue, spearheaded in 2012 with the launch of “Operation Ababil” by Islamist hacking collective Izz ad-Din al-Qassam. That attack wave was in protest of “The Innocence of Muslims,” an anti-Islam video that mocked the Prophet Muhammad. On New Year’s Day the group said that that the cyber-attacks will continue, noting in an online manifesto that “rulers and officials of American banks must expect our massive attacks! From now on, none of the U.S. banks will be safe from our attacks.” Indeed, attacks in February and last week have continued the trend, with Chase becoming the latest victim of a website slowdown. In January, a Ponemon Institute survey revealed that more than two-thirds of banks in the US have suffered DDoS attacks within the last 12 months. Gen. Keith Alexander, head of the Pentagon’s US Cyber Command, told Congress at Tuesday’s hearing that Wall Street firms were hit by more than 140 attacks in the last six months. Chase confirmed that CEO Jamie Dimon is among those accepting the president’s invitation to the meeting. Another participant will be Exxon Mobil CEO Rex Tillerson, the oil giant confirmed, but the rest of the group will not be revealed until after the summit, the White House said. Obama issued an executive order Feb. 12 aimed at improving the public sector’s ability to warn enterprises of imminent cyberthreats. It directs the government to share threat information with critical infrastructure owners, and for government agencies to develop a security framework that business can voluntarily adopt. The intention is that unclassified threat reports “that identify a specific targeted entity” will be shared, and that classified reports will be shared with “critical infrastructure entities authorized to receive them.” The White House is also seeking a comprehensive piece of legislation to further information-sharing initiatives in order to protect critical infrastructure such as the power grid, water supply equipment, transportation hubs, and so on. US House of Representatives Intelligence Committee Chairman Mike Rogers (R-Mich.) and Rep. Dutch Ruppersberger (D-Md.) introduced a new version of the Cyber Intelligence Sharing and Protection Act (CISPA) last month, which would make it easier for business and government to work together concerning threats, attacks and remedies in order to shore up defenses. For instance, the House bill as written would offer broad protection from lawsuits to companies that give over user data to the Department of Homeland Security, which in turn would share it with intelligence agencies on a need-to-know basis. In the GMA interview, Obama noted the ramifications of inaction: “Billions of dollars are lost to the consequences. You know, industrial secrets are stolen. Our companies are put into competitive disadvantage. There are disruptions to our systems that…involve everything from our financial systems to some of our infrastructure.” For DDoS protection click here . Source: http://www.infosecurity-magazine.com/view/31244/amid-banking-ddos-attacks-obama-convenes-cybersecurity-meeting-with-ceos/
View original post here:
Amid banking DDoS attacks, Obama convenes cybersecurity meeting with CEOs
Organizations citing cybersecurity costs as an impediment to implementing a layered defense should rethink their priorities: Denial of service (DDoS) and malware infection recovery costs range into the thousands of dollars – per day. According to a report from Solutionary, organizations are spending a staggering amount of money in the aftermath of an attack: as much as $6,500 per hour to recover from DDoS attacks and more than $3,000 per day for up to 30 days to mitigate and recover from malware attacks. All of those third-party consultants, PR crews, incident response teams, mitigation software and other immediate investments add up, apparently. But other damages need to be considered as well: the report numbers don’t include revenue that may have been lost due to related systems downtime, or lost productivity. Nor do they include the intellectual property-related costs. “Cyber criminals are targeting organizations with advanced threats and attacks designed to siphon off valuable corporate IP and regulated information, deny online services to millions of users and damage brand reputation,” said Don Gray, chief security strategist with Solutionary. Unfortunately, the likelihood of suffering such an attack is, of course, going up. They’re also becoming focused on certain arenas. For instance, in addition to traditional network-layer attacks, a full 75% of DDoS attacks target Secure Socket Layer (SSL) protected components of web applications, the report found. The downside is that detecting and blocking attacks in encrypted protocols primarily used for legitimate traffic can be more complex than responding to historical TCP/UDP-based DDoS attacks. Malware attacks, meanwhile, are becoming vertical-specific. The report found that 80% of attempts to infect organizations with malware are directed at financial (45%) and retail (35%) organizations. These forays frequently arrive as targeted spam email, which attempts to coerce the recipient to execute an attachment or click on an infected link. Unfortunately, a full 54% of malware typically evades anti-virus detection. Only 46% of samples tested via VirusTotal by Solutionary were detected by anti-virus – indicating a clear need for companies to invest in multiple malware detection mechanisms. The report also found that Java is the most targeted software in exploit kits, replacing Adobe PDF exploits. Almost 40% of total exploits in exploit kits now target Java. When it comes to where attacks are originating, domestic IP addresses are the largest source of attacks against US organizations. “While there has been considerable discussion about foreign-based attacks against US organizations, 83% of all attacks against them originate from US IP address space, and the absolute quantity of these attacks vastly outnumbers attacks seen from any other country,” the company said. “One contributing factor is foreign attackers using compromised machines near attack targets in the US to help evade security controls. This attack localization strategy has also been observed in attacks on targets in other countries.” Attackers from other countries focus on different industry targets – 90% of all attack activity from China-based IP addresses is directed against the business services, technology and financial sectors. And a full 85% of all attack activity from Japan-based IP addresses identified by Solutionary was focused against the manufacturing industry. However, attacks targeting the financial sector appear to originate fairly evenly from attackers in many countries across the world. Attack techniques also vary significantly by country of origin. Among the top four non-US source countries, the majority of attack traffic from China is indicative of communication with already-compromised targeted devices, while Japanese and Canadian attackers appear to focus more on application exploit attempts. Attacks originating from Germany involve more botnet Command and Control (C&C) activity. For DDoS protection click here . Source: http://www.infosecurity-magazine.com/view/31247/malware-attack-recovery-costs-an-average-of-3000-per-day/
Read more here:
Distributed Denial of Service (DDoS) attacks recovery costs an average of $3,000 per day for businesses
The retail banking website of J.P. Morgan Chase & Co. (JPM) on Tuesday has come under a so-called “denial of service” attack, rendering it unusable for customers, a bank spokesman confirmed. The site first slowed earlier Tuesday, and in the afternoon it became unavailable. The bank is responding with increased security measures for the website, chase.com. The spokesman said no customer data had been compromised, but didn’t say when the site would be fully restored. The bank’s mobile-banking applications are working, and branches and automated teller machines aren’t impacted. The bank, the nation’s largest by assets, told customers in a Twitter message Tuesday afternoon that it is experiencing “intermittent issues,” followed by another message stating that the bank is working “on getting Chase Online back to full speed.” On the website, the bank posted: “Our website is temporarily unavailable. We’re working to quickly restore access. Please log on later.” Banks have been increasingly hit by cyberattacks over the last two years, including DOS attacks that increase the volume of website hits, slowing access to the sites by customers. Banks have been preparing in recent days for a new wave of DOS attacks, according to a banking industry source, including strengthening their firewalls. Citigroup Inc. (C) said in its annual earnings filing with the Securities and Exchange Commission last month that it, like other banks, was the victim of several cyberattacks in 2012 and previous years, and that it managed to detect and respond to these incidents “before they became significant.” The attacks nevertheless “resulted in certain limited losses in some instances.” For DDoS protection against your eCommerce website click here . Source: http://www.foxbusiness.com/news/2013/03/12/jp-morgan-confirms-denial-service-attacks-on-chasecom/
Read the article:
J.P. Morgan Confirms Distributed Denial of Service (DDoS) Attacks on Chase.com
Even when they have other capabilities, botnets are primarily used to send out malicious messages, since that is the easiest – not to mention the least risky – way for botmasters to earn money. T…
More here:
Old and new botnets behind spam resurgence