Monthly Archives: October 2014

Cyber security expert warns of massive Ddos attacks against Armenian websites

Armenian cyber security expert Samvel Martirosyan warned today of Ddos attacks against Armenian websites. According to his personal site, a massive Ddos attack in 7 Gbps began yesterday in Japan. “Given that the attack is carried out from one country, we can assume that it may be a sensing, and it is possible that massive attacks from different countries may follow in the coming days,» says Martirosyan. He says that ahead of the meeting of the presidents of Armenia and Azerbaijan, Serzh Sargsyan and Ilham Aliyev, in Paris on October 27, a similar but more powerful attack had been registered against the Armenian president’s official website. Source: http://telecom.arka.am/en/news/internet/cyber_security_expert_warns_of_massive_ddos_attacks_against_armenian_websites/

See more here:
Cyber security expert warns of massive Ddos attacks against Armenian websites

White House Says Unclassified Network Hit In Cyberattack

Mitigation efforts have caused temporary outages and loss of connectivity for some staff, but no computers have been damaged, official says. An unclassified portion of the White House network has been hit with what appears to be an ongoing cyberattack. Efforts to mitigate the threat have resulted in temporary system outages and loss of network connectivity for some users, a National Security Council spokeswoman confirmed Wednesday. The attacks have not caused any damage to White House computers or systems, though some elements of the unclassified network have been impacted, the official said. “The temporary outages and loss of connectivity for our users is solely the result of measures we have taken to defend our networks,” the spokeswoman stressed in an emailed statement to Dark Reading. The Executive Office of the President (EOP) routinely receives alerts about potential cyberthreats against White House systems and discovered the current attack while following through on one such alert. White House cyber security staff is still assessing the severity of the attack and ways to mitigate it, the statement added. “Certainly a variety of actors find our networks attractive targets and seek access to sensitive government information.” An internal White House memo to staff members obtained by The Huffington Post noted that EOP component heads and senior directors at the NSC have put in place several interim measures to help employees on high priority tasks to continue work as usual. Some of the system outages and connectivity issues resulting from the attack have been resolved while others are in the process of being remediated, the memo said. The White House has not released any details on the nature of the attack or the person or group that might be responsible for it. But some media reports citing unnamed White House sources have claimed that the attacks have been going on for at least two weeks. This isn’t the first time that the White House has been the target of a cyberattack. In 2012, malicious attackers used a spear phishing attack to gain access to a non-classified system used by the White House Military Office. In 2009, the main White House website was one of the targets of a distributed denial of service (DDoS) attack campaign that also targeted the Pentagon, the Department of Homeland Security, and several other government networks. A similar DDoS attack temporarily took down the whitehouse.gov website back in 2001. Cyberattacks against White House networks have invariably tended to be portrayed as significantly hostile actions against the US by unfriendly nations. Many have tended to blame China in particular for such attacks though the actual proof for such claims has been somewhat tenuous. News of the latest attack is sure to fuel similar speculation especially because it comes just one day after security vendor FireEye’s new report on APT28, a Russian hacker collective that is believed responsible for numerous attacks against government and other websites. The group is believed engaged in widespread espionage activities and appears to be sponsored by the Russian government, according to FireEye. Security analysts themselves have in the past cautioned against reading too much into reports of cyberattacks against the White House in the absence of any real information on the nature or scope of the attacks. “Government networks the world over are on the front lines of a digital conflict, so it’s no surprise the White House has been targeted, as it presents a very rich target,” said Chris Boyd, malware intelligence analyst at Malwarebytes Lab in emailed comments. Though no White House systems appear to have been compromised, the attack serves as a reminder of how geopolitical tensions are expressed these days, he said. John Pescatore, director of emerging security threats at the SANS Institute said reports of the attacks needs to be viewed in a slightly broader context given all that has been happening recently with White House security. “Given what seems to be a decrease in rigor around physical protection of the White House, I think we do have to be concerned about cyber security protection around White Houses computer systems,” Pescatore said. “I have no insight into what attacks actually occurred, but the reports make it sound like suspicious activity was detected and dealt with quickly. Those are good things. But that is what the first reports of the fence jumper said as well.” Source: http://www.darkreading.com/attacks-breaches/white-house-says-unclassified-network-hit-in-cyberattack/d/d-id/1317060?_mc=RSS_DR_EDT

Link:
White House Says Unclassified Network Hit In Cyberattack

City of Phoenix Computers Under DDoS Attack

Police computer communication went down for almost an hour An attack targeting the computer systems of the public services in Phoenix, Arizona, affected the city’s activity for a period of almost an hour. Police work was also impacted, as officers were not able to search for information about suspects from the computers in their cars. According to information from inside sources, the attack had been carried out for days in a row, culminating with a disruption of the system on Saturday. No sensitive information was stolen There is no information about the identity of the attackers or their purpose, but Randell Smith, City CISO (Chief Information Security Officer), said in an interview for Fox 10 that he believed the goal to be gaining access to the network and obtaining as much personally identifiable information (PII) as possible; this is generally used for financial gains. No other possible reason was given by the CISO, who told the TV station that the defense tactics had held and no data could be exfiltrated. Over the weekend, the city’s servers received a heavy DDoS blow resulting in a 45-minute outage, and the public safety systems could not send information to police officers requesting details about names, license plates, and checking criminal records. Radio is the main communication system, which means that officers can still deliver details from the field to their colleagues. Important to note is that the entire computer system of the public service is affected, and the cybercriminals do not focus on a particular department. The city of Phoenix contacted the FBI along with technology partners to help put an end to the attacks. DDoS attack services can be rented At the moment, the City of Phoenix website is available intermittently until midnight Tuesday, for maintenance reasons and probably for analyzing any clues the crooks may have left behind. The current situation was uncovered by Fox 10, who managed to obtain internal letters containing references to the attack. In one of them, a deputy city manager wrote that the city could be under a coordinated denial of service (DoS) attack, given its intensity and persistence. Although it may appear a difficult task to pull, DSoS attacks can be easily carried out, even by those with little technical knowledge. The criminal market provides such services that can be sustained for a week, for as little as $100 / €79. Depending on the level of protection of the target system and the size of the attack, the price goes up. Still, for strong servers or websites with better protection in place, the cost is about $500 / €394 for a week-long incident. Source: http://news.softpedia.com/news/City-of-Phoenix-Computers-Under-DDoS-Attack-463286.shtml  

Continue Reading:
City of Phoenix Computers Under DDoS Attack

Shellshock over SMTP attacks mean you can now ignore your email

‘But boss, the Internet Storm Centre says it’s dangerous for me to reply to you’ Yet another round of Shellshock attacks is emerging, according to the SANS Internet Storm Center – this time, botnets are tapping hosts over SMTP.…

View original post here:
Shellshock over SMTP attacks mean you can now ignore your email

Register for DDoS Protection and Response Strategies Webinar!

  As cyber-criminals innovate and develop new techniques to tackle defensive methods, it has never been more important for information security professionals to have strong, proactive defense and remediation strategies in place. During this webinar, the speakers will share insight on how to address the risks and respond to attacks. Hear about the evolution of and motivations behind DDoS attacks and the attack vectors exploited Discover how to implement multi-layered DDoS defense Identify best practice detection and classification techniques Discover how to implement resilient DDoS incident response practices Date: November 12th 2014 Time: 10:00AM EST/15:00 GMT Click here to register !

See more here:
Register for DDoS Protection and Response Strategies Webinar!

#OpOrwahHammad – DDoS attack on Israeli Government Websites for Killing 14-Year-Old Orwah Hammad

Online hacktivist collective Anonymous has knocked 43 Israeli government websites offline in response to the killing of 14-year-old Palestinian-American boy Orwah Hammed by the Israeli Defense Forces (IDF). Conducted under the banner #OpOrwahHammad, the cyber-attacks knocked some of the main Israeli government websites offline using distributed denial of service (DDoS) attacks. Among the websites affected were those of the IDF, Office of the Prime Minister, Israel Ministry of Foreign Affairs, Israel Securities Authority , Ministry of Industry and Trade, State of Israel Mail and Israeli Immigration. Anonymous said in a statement published to coincide with the attacks: #?OpOrwahHammad has officially kicked-off now, and Israeli government websites are feeling it. Anonymous is targeting Israeli government websites in protest of the killing of young Orwah Hammad and many Palestinians alike. The world will not stand by such brutality. Israeli Government beware for you should have Expected Us. The hacktivist group also published a list of 43 websites it claims were knocked offline during the attack. At the time of writing, some of the websites on the list remain offline (such as the Ministry of Defence website) while others are back online (including the IDF website). Orwah Hammad The cyber-attacks were carried out in the name of Hammad, a 14-year-old boy who was shot in the head in the village of Silwad, north of Ramallah, on 24 October. The shooting of the Palestinian-American teenager led the US State Department to call for a “speedy and transparent investigation ” into the death. An Israeli army spokesman told Reuters Israeli forces “managed to prevent an attack when they encountered a Palestinian man hurling a molotov cocktail at them on the main road next to Silwad. They opened fire and they confirmed a hit”. The shooting happened during clashes in Arab areas in and around Jerusalem, in which several other people were injured. Source: http://www.ibtimes.co.uk/anonymous-shuts-down-israeli-government-websites-retaliation-killing-14-year-old-orwah-hammad-1471874

View article:
#OpOrwahHammad – DDoS attack on Israeli Government Websites for Killing 14-Year-Old Orwah Hammad

DDoS attack on Ukraine election commission website

Ukraine’s election commission website has been attacked by hackers on the eve of the country’s parliamentary polls. According to Ukrainian officials, the website came under cyber attack on Saturday, just one day before Ukraine is set to hold general elections. “There is a DDoS attack on the commission’s site,” said the Ukrainian government information security service. A distributed denial-of-service (DDoS) attack slows down or disables a website by flooding it with communications requests. The security service labeled the attack as “predictable” and went on to say that the website’s design insures that it could not be completely taken down and that it is currently completely functional. “If a site runs slowly, that doesn’t mean it has been destroyed by hackers,” the statement added. As for reports that the site was in control of hackers, Markiyan Lubkivskyy, an adviser to the Ukrainian Security Service said, “Any statements regarding the alleged successful unauthorized intrusions into the cyber space of the Central Election Commission or the elements of the elections systems do not correspond to the facts. Hackers are controlling nothing.” Ukraine’s snap elections were called in August as President Petro Poroshenko came under pressure to purge the parliament of lawmakers allegedly tied to the overthrown government of Viktor Yanukovych. As many as 36 million Ukrainians are eligible to take part in the parliamentary elections. The leaders of the breakaway eastern regions of Donetsk and Lugansk have refused to allow the polls to be held in territories under their control, with a population of almost three million. Ukraine’s mainly Russian-speaking regions in the east have been the scene of deadly clashes between pro-Russia protesters and the Ukrainian army since the government in Kiev launched military operations in mid-April in a bid to crush the protests.   Source: http://www.presstv.ir/detail/2014/10/25/383623/ukraines-election-website-hacked/

Read More:
DDoS attack on Ukraine election commission website

The DDoS Protections Services Landscape

As the Director of Sales for DOSarrest Internet Security I have the opportunity to speak with many prospects looking for DDoS protection service for their corporate website. What I have learned is that there are many competitors offering what I would call a “bare bones vanilla offering”. Some offer free service to service ranging in price from $200 – $300/month. These plans offer a very basic protection. They also advertise an Enterprise offering that has an expense starting point can really turn into being quite costly depending on your circumstances. The Enterprise service is the offering that any company that is serious about protecting their website should consider. There are a few issues with each of these offerings that I’d like to point out. These competitors claim they have a very large number of clients utilizing their services but fail to mention that 80-85% of them are using their free service. Roughly 10 -15% of their customers are using their $200-$300/month service which again is really just a basic protection with limited protection capabilities. When a company witnesses a large attack, which is completely out of their control, they are told they should upgrade to their enterprise offering.  I hear from prospects quite often that this $200 – $300/month service does not offer adequate protection nor customer support. In most cases there is no phone support included at all! Also they will charge the client based on the size of the attack? How can a client control the size of an attack they are experiencing! This uncertainty makes it virtually impossible for a company to budget costs. Let’s not be mistaken, their goal is to get you onto their Enterprise offering which will cost you in excess of a thousand dollars per month. Alternately at DOSarrest Internet Security we offer a single Enterprise level service for all of our clients. The service includes full telephone and email access to our 24/7 support team with our service. This provides you direct access to system experts. We do not operate a tiered support service given the criticality of the service. Also we protect our clients from all DDoS attacks regardless of size without the need to pay us additional depending on the size of an attack. We also include an external monitoring account with our service called DEMS which stands for our D OSarrest E xternal M onitoring S ervice . This allows our 24/7 support team to monitor your website from 8 sensors in 4 geographical regions. We proactively inform our clients if we notice any issues with their website. Most of our competitors do not offer this service and if they do it is not included free of charge to their clients. DOSarrest has been providing DDoS protection services since 2007. Globally we were one of the very first DDoS protection providers and have successfully mitigated thousands of real world attacks. This is a not an “add on product” for us. Our team has the experience and the protection of a client’s website is our #1 priority. Please visit our newly revamped website and take a look at the testimonials page to see what some of our current customers are saying about their experience with us.   Please feel free to reach out to me directly or anyone on our sales team at  sales@dosarrest.com  for further information on our service. Brian Mohammed Director of Sales for DOSarrest Internet Security LTD.  

See original article:
The DDoS Protections Services Landscape

India accounts for 26% of top DDoS traffic

Majority of DDoS traffic in 2014 originated from India, says a new research from Symantec. Of the top 50 countries that witnessed the highest volume of originating DDoS traffic, India accounted for 26 percent of all DDoS traffic, followed by the USA with 17 percent, the research said. The results prove India has a high number of bot infected machines and a low adoption rate of filtering of spoofed packets, but may not imply that people behind the attacks are located in India because DDoS attacks are often orchestrated remotely. However, the study indicates that India is emerging as a hotbed to launch these attacks, potentially because of the low cyber security awareness, lack of adequate security practices and infrastructure, said Tarun Kaura, director, Technology Sales at Symantec India. The year 2014 saw an increase in the compromise of Linux servers, including those from cloud providers. These high bandwidth servers are then used as part of a botnet to perform DDoS attacks. The so-called “Booter” services can be hired for as little as INR 300 ($5 USD) to perform DDoS attacks for a few minutes against any target. Longer attacks can be bought for larger prices. They also offer monthly subscription services, often used by gamers to take down competitors. As the most attacked sector globally, the gaming industry experiences nearly 46 percent of attacks, followed by the software and media sectors While it’s not happening on a broad scale now, it’s likely we’ll see an increase in DDoS attacks originating from mobile and IoT devices in the future, Symantec said. DDoS attacks make an online service unavailable by overwhelming it with traffic from multiple sources. A Domain Name Server (DNS) amplification attack is a popular form of DDoS, which floods a publically available target system with DNS response traffic. Symantec’s research indicates that DNS amplification attacks have increased by 183 percent from January to August 2014. Motivations behind DDoS Attacks include hacking and financial blackmail with the threat of taking the business offline personal grudge. It also acts as a diversion technique to distract IT security response teams while a targeted attack is conducted. Source: http://www.infotechlead.com/2014/10/24/india-accounts-26-top-ddos-traffic-symantec-26196  

Originally posted here:
India accounts for 26% of top DDoS traffic

More than 70 Hong Kong government websites ‘under DDoS attack from Anonymous hackers’

Over 70 government websites have been targeted this month by cyberattacks believed to have been directed by hackers operating under the banner of Anonymous, a brand adopted by activists and hackers around the world. Commerce secretary Greg So Kam-leung told lawmakers that no information had been stolen or altered from the official websites, which had been intermittently inaccessible after surges of requests to access them. By Wednesday, eight men and three women had been arrested by police in connection with the cyberattacks, on suspicion of accessing a computer with criminal or dishonest intent, So said. “Attacks launched by the hacker group partly originated from Hong Kong, and partly from other regions outside Hong Kong,” he said. “Since the group can be joined by any netizen, [the attack] could be originated from all over the world and it is hard to find out their nationalities.” Internet users identifying themselves as Anonymous hackers issued a warning to the government and police force on October 2 after tear gas was fired at pro-democracy demonstrators in the city. A number of official sites were made inaccessible on October 3 by distributed denial-of-service (DDoS) attacks. During such attacks, website infrastructure is overwhelmed by a huge number of requests to access the site, ultimately making the site inaccessible. The attacks can also slow down website functionality. But So said the cyberattacks had not impacted significantly on the government’s online services, and emphasised that security had not been compromised. The website of the pro-democracy newspaper Apple Daily has also been the target of sustained cyberattacks in recent weeks, coinciding with a blockade of its offices in Tseung Kwan O by pro-Beijing protesters. No group has claimed responsibility for those cyberattacks, which followed similar attempts to make the Apple Daily website inaccessible in June during the Occupy Central electoral reform referendum. An attempt to block access to the referendum’s online polling system was described by one internet security expert as “the most sophisticated ever”. So mentioned that some individual local websites had also come under attack, but such actions had not had a “significant impact on the city’s economic activities”. Police are still investigating those cases, he said. Source: http://www.scmp.com/news/hong-kong/article/1622171/more-70-hong-kong-government-websites-under-attack-anonymous-hackers

Taken from:
More than 70 Hong Kong government websites ‘under DDoS attack from Anonymous hackers’