Monthly Archives: September 2014

PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai

First time the cache network has seen drop in use of 32-bit-wide IP addresses Broadband and IPv6 are hot – and distributed denial-of-service attacks and IPv4 are not. Well, that’s according to Akamai.…

Link:
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai

Shellshock: ‘LARGER SCALE ATTACK’ on its way, warn securo-bods

Not just web servers under threat – though TENS of THOUSANDS have been hit The Shellshock vulnerability has already become the focus for malicious scanning and at least one botnet but crooks are still testing the waters with the vulnerability and much worse could follow, security watchers warn.…

Follow this link:
Shellshock: ‘LARGER SCALE ATTACK’ on its way, warn securo-bods

Telegram under 150Gbps DDoS attack

Cross platform messaging app Telegram has been a target of massive distributed denial of service (DDoS) attacks for two days in a row over the weekend with the largest in tune of 150Gbps. The DDoS attacks started on Saturday – September 27 – and according to Telegram the scale of the attack was in tune of tens of Gbps. “A DDoS attack on Telegram in progress, tens of Gigabitsec. Users in some countries may have connection issues. We’re working on it, folks!” tweeted Telegram. Prior to the official confirmation, users started complaining of connectivity issues as well as not being able to send messages successfully. These complaints were picked up by Telegram administrators and upon investigation they zeroed it down to DDoS attack. Telegram soon managed to recover from the attack, but DDoS perpetrators launched another massive attack and this time in tune of of 150Gbps. “Detecting a 150+ Gbit/s DDoS now, an attack three times as large as yesterday’s.” tweeted Telegram. Users are still complaining about connectivity issues and there has been no confirmation from Telegram on whether they have been able to resolve the issue or not. Source: http://www.techienews.co.uk/9718714/telegram-150gbps-ddos-attack/

Continued here:
Telegram under 150Gbps DDoS attack

Spammer uses innocent hacked blogs to punt NAKED PICS of JLaw, McKayla Maroney

Gran’s knitting site etc sucked up into pr0n spam botnet A long established smut spammer is using hacked websites to sell stolen photographs of naked celebrities including Jennifer Lawrence, Kate Upton and McKayla Maroney.…

Read More:
Spammer uses innocent hacked blogs to punt NAKED PICS of JLaw, McKayla Maroney

Ello social network hit by suspected BLOODY DDoS attack

Anti-Facebook site forced to temporarily wave Buh-Bye Ello, the social network site intended to serve as something of an antidote to ad-stuffed Facebook, was hit by a suspected Distributed-Denial-of-Service attack today.…

Read More:
Ello social network hit by suspected BLOODY DDoS attack

Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT

Gets back up again after half an hour though Ello, the social network site intended to serve as something of an antidote to ad-stuffed Facebook, was hit by a suspected Distributed-Denial-of-Service attack today.…

More:
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT

DDoS Attacks Target Online Gaming Sites, Enterprises

DDoS traffic volume was up overall with a third peaking at over 500Mbps and more than five percent reaching up to 4Gbps, according to NSFOCUS. A continuing trend of distributed denial-of-service (DDoS) attacks that are short in duration and repeated frequently has been revealed by the NSFOCUS 2014 Mid-Year Threat report. In parallel, high-volume and high-rate distributed denial of service (DDoS) attacks were on the upswing in the first half of 2014. DDoS traffic volume was up overall with a third peaking at over 500Mbps and more than five percent reaching up to 4Gbps. In addition, findings showed that over 50 percent DDoS attacks were above 0.2Mpps in the first half of 2014, increasing from around 16 percent. More than 2 percent of DDoS attacks were launched at a rate of over 3.2Mpps, according to the report. “The DDoS attack is a relatively easy attack method to be employed with noticeable effects among other network attacks. When online service is stopped, the impact and damage it causes is very apparent and straightforward,” Xuhua Bao, senior researcher at NSFOCUS, told eWeek. “Attacks with high frequency make it hard for attack’ targets to respond to instantly, increasing the difficulty of the defense level.” The longest single attack lasted nine days and 11 hours, or 228 hours, while the single largest attack in terms of packet-per-second (pps) hit at a volume of 23 million pps. More than 42 percent of attack victims were targeted multiple times while one in every 40 victims was repeatedly hit more than 10 times. The highest frequency of attacks experienced by a single victim was 68 separate DDoS attacks. “Today, DDoS attack methods have become highly instrumental and resourceable. When an attacker plans to launch a DDoS attack on a specific target, there are plenty of DDoS attack tools and resources available online to be purchased and used,” Bao said. “With the rise of hacktavism in recent years, DDoS attacks have become a means of protesting or expressing your own opinion, which is widely used by some hacker groups.” The report revealed HTTP Flood, TCP Flood and DNS Flood were the top three attack types, together making up 84.6 percent of all attacks. DNS Flood attacks held their place as the most popular attack method, accounting for 42 percent of all attacks. While the number of DNS and HTTP Flood attacks decreased, TCP Flood attacks grew substantially. More than 90 percent of attacks detected lasted less than 30 minutes, an ongoing trend the report said indicates that latency-sensitive websites, such as online gaming, e-commerce and hosting service should be prepared to implement security solutions that support rapid response. The survey also indicated an increase in Internet service providers (ISPs), enterprises and online gaming sites as targets. Attacks targeting ISPs increased by 87.2 percent, while attacks on enterprises jumped by 100.5 percent and online gaming by 60 percent. “The online gaming industry has been a target of DDoS attacks and are mainly profit-driven. The nature of online gaming relies greatly on the Internet service and often there is a huge amount of money involved making them extremely sensitive to attacks,” Bao said. “When they are being attacked, there are obvious and direct economic losses, as well as the loss of the resources from players, which leads to malicious competition and extortion.” Source: http://www.eweek.com/small-business/ddos-attacks-target-online-gaming-sites-enterprises.html

See the article here:
DDoS Attacks Target Online Gaming Sites, Enterprises

Bad boy builds beastly Bash bug botnet – boxen battered

DDoS zombie army found in the wild hours after flaw surfaces Mere hours after its discovery, the Shell Shock Bash vulnerability was exploited by an attacker to build a botnet.…

See the original post:
Bad boy builds beastly Bash bug botnet – boxen battered

Hackers Are Already Using the Shellshock Bug to Launch Botnet Attacks

With a bug as dangerous as the “shellshock” security vulnerability discovered yesterday, it takes less than 24 hours to go from proof-of-concept to pandemic. As of Thursday, multiple attacks were already taking advantage of that vulnerability, a long-standing but undiscovered bug in the Linux and Mac tool Bash that makes it possible for hackers to trick Web servers into running any commands that follow a carefully crafted series of characters in an HTTP request. The shellshock attacks are being used to infect thousands of machines with malware designed to make them part of a botnet of computers that obey hackers’ commands. And in at least one case the hijacked machines are already launching distributed denial of service attacks that flood victims with junk traffic, according to security researchers. The attack is simple enough that it allows even unskilled hackers to easily piece together existing code to take control of target machines, says Chris Wysopal, chief technology officer for the web security firm Veracode. “People are pulling out their old bot kit command and control software, and they can plug it right in with this new vulnerability,” he says. “There’s not a lot of development time here. People were compromising machines within an hour of yesterday’s announcement.” Wysopal points to attackers who are using a shellshock exploit to install a simple Perl program found on the open source code site GitHub. With that program in place, a command and control server can send orders to the infected target using the instant messaging protocol IRC, telling it to scan other networked computers or flood them with attack traffic. “You install it on the server that you’re able to get remote command execution on and now you can control that machine,” says Wysopal. The hackers behind another widespread exploit using the Bash bug didn’t even bother to write their own attack program. Instead, they rewrote a proof-of-concept script created by security researcher Robert David Graham Wednesday that was designed to measure the extent of the problem. Instead of merely causing infected machines to send back a “ping” as in Graham’s script, however, the hackers’ rewrite instead installed malware that gave them a backdoor into victim machines. The exploit code politely includes a comment that reads “Thanks-Rob.” The “Thanks-Rob” attack is more than a demonstration. The compromised machines are lobbing distributed denial of service attacks at three targets so far, according to researchers at Kaspersky Labs, though they haven’t yet identified those targets. The researchers at the Russian antivirus firm say they used a “honeypot” machine to examine the malware, locate its command and control server and intercept the DDoS commands it’s sending, but haven’t determined how many computers have already been infected. Based on his own scanning before his tool’s code was repurposed by hackers, Graham estimates that thousands of machines have been caught up in the botnet. But millions may be vulnerable, he says. And the malware being installed on the target machines allows itself to be updated from a command and control server, so that it could be changed to scan for and infect other vulnerable machines, spreading far faster. Many in the security community fear that sort of “worm” is the inevitable result of the shellshock bug. “This is not simply a DDoS trojan,” says Kaspersky researcher Roel Schouwenberg. “It’s a backdoor, and you can definitely turn it into a worm.” The only thing preventing hackers from creating that worm, says Schouwenberg, may be their desire to keep their attacks below the radar—too large of a botnet might attract unwanted attention from the security community and law enforcement. “Attackers don’t always want to make these things into worms, because the spread becomes uncontrollable,” says Schouwenberg. “It generally makes more sense to ration this thing out rather than use it to melt the internet.” The Bash bug, first discovered by security researcher Stéphane Chazelas and revealed Wednesday in an alert from the US Computer Emergency Readiness Team (CERT), still doesn’t have a fully working patch. On Thursday Linux software maker Red Hat warned that a patch initially released along with CERT’s alert can be circumvented. But Kaspersky’s Schouwenberg recommended that server administrators still implement the existing patch; While it’s not a complete cure for the shellshock problem, he says it does block the exploits he’s seen so far. In the meantime, the security community is still bracing for the shellshock exploit to evolve into a fully self-replicating worm that would increase the volume of its infections exponentially. Veracode’s Chris Wysopal says it’s only a matter of time. “There’s no reason someone couldn’t modify this to scan for more bash bug servers and install itself,” Wysopal says. “That’s definitely going to happen.” Source: http://www.wired.com/2014/09/hackers-already-using-shellshock-bug-create-botnets-ddos-attacks/

Read More:
Hackers Are Already Using the Shellshock Bug to Launch Botnet Attacks