Monthly Archives: August 2015

Ziggo suffers new DDoS attack

Dutch cable operator Ziggo has experienced network problems for a second time in a week, following a DDoS attack. Service disruptions were experienced throughout the country, and Ziggo said around 60 percent of its customers were affected, NU.nl reports. A Ziggo spokesman said the latest attack was worse than the first. The attack targeted Ziggo’s DNS servers, leaving many customers without internet access. At around 04.00 hours 20 August the company brought the attack under control. The company said it’s started an investigation into the attack and measures it can take to prevent future incidents. In a notice to customers, the company said it was doing everything it could to put an end to the problems and it would be implementing changes to its network as a result of the attack. This will result in a restart of customer modems, which may be without service for several minutes while the changes are implemented. The company said in a statement that it was also working with the National Cybersecurity Centre and Ministry of Justice after several videos with threats against Ziggo’s office were placed on social media. Ziggo said it was taking the threats very seriously and had filed a complaint with the police. Meanwhile the Dutch mobile operators KPN, Vodafone and T-Mobile reported a sharp increase in data traffic during both Ziggo attacks. A spokesman for Vodafone said data traffic doubled both times on its network. Source: http://www.telecompaper.com/news/ziggo-suffers-new-ddos-attack–1098223

Originally posted here:
Ziggo suffers new DDoS attack

UDP-based Portmap latest target for DDoS attackers looking to amplify attacks

US-based carrier and global backbone operator Level 3 has spotted a new vector being used for DDoS reflection attacks: Portmapper (or simply Portmap). The Portmap service redirects the client to t…

Read the original post:
UDP-based Portmap latest target for DDoS attackers looking to amplify attacks

Hackers exploiting wide-open Portmap to amp up DDoS attacks

Careless net adminds leave systems with cleartext trousers down Security watchers have warned about a new class of DDoS amplification attack threat which only exists because too many users are failing to follow basic safeguards.…

See original article:
Hackers exploiting wide-open Portmap to amp up DDoS attacks

RPC Portmapper Abused for DDoS Attack Reflection, Amplification

Malicious actors have started abusing the Portmapper service to amplify their distributed denial-of-service (DDoS) attacks and hide their origin, Colorado-based telecommunications company Level 3 Communications has warned. RPC Portmapper, also referred to as rpcbind and portmap, is an Open Network Computing Remote Procedure Call (ONC RPC) service designed to map RPC service numbers to network port numbers. When RPC clients want to make a call to the Internet, Portmapper tells them which TCP or UDP port to use. When Portmapper is queried, the size of the response varies depending on the RPC services present on the host. In their experiments, Level 3 researchers obtained responses of between 486 bytes (amplification factor of 7.1) and 1,930 bytes (amplification factor of 28.4) for a 68 byte query. The average amplification size obtained by Level 3 in tests conducted across its network was 1,241 bytes (18.3 amplification factor), while in the actual DDoS attacks seen by the company the value was 1,348 (19.8x amplification). Malicious actors can use Portmapper requests for DDoS attacks because the service runs on TCP or UDP port 111. Since UDP allows IP spoofing, attackers can send small requests to Portmapper using the target’s IP address and the server sends a larger response to the victim. Level 3 has observed an increasing number of DDoS attacks leveraging this vector over the summer, with the largest attacks taking place in August 10-12. The attacks were mainly aimed at the gaming, hosting, and Internet infrastructure sectors. Organizations are advised to keep an eye out for potentially malicious Portmapper requests, but Level 3 has pointed out that for the time being the global volume of Portmapper-based traffic is still small compared to other UDP services abused in DDoS attacks, such as DNS, NTP and SSDP. “Portmapper is so small it barely registers as the red line at the bottom of the graph. This shows, despite its recent growth, it is a great time to begin filtering requests and removing reflection hosts from the Internet before the attack popularity grows larger and causes more damage,” Level 3 said in a blog post. “We recommend disabling Portmapper along with NFS, NIS and all other RPC services across the open Internet as a primary option. In situations where the services must remain live, firewalling which IP addresses can reach said services and, subsequently, switching to TCP-only are mitigations to avoid becoming an unknowing participant in DDoS attacks in the future,” experts advised. There are several services that malicious actors can abuse for DDoS attack reflection and amplification. Researchers revealed at the USENIX conference last week that vulnerable BitTorrent protocols can also be leveraged for DDoS attacks. Source: http://www.securityweek.com/rpc-portmapper-abused-ddos-attack-reflection-amplification

Originally posted here:
RPC Portmapper Abused for DDoS Attack Reflection, Amplification

Mumsnet founder ‘swatted by misogynist griefers’

@DadSecurity creep responsible for DDoS… and swatting? Mumsnet founder Justine Roberts and another user were both targeted in swatting attacks at the apex of a series of hack attacks that may have led to the compromise of user logins at the high-profile, UK-based parenting site.…

Visit link:
Mumsnet founder ‘swatted by misogynist griefers’

The unstoppable rise of DDoS attacks

For the past three quarters, there has been a doubling in the number of DDoS attacks year over year, according to Akamai. And while attackers favored less powerful but longer duration attacks this qua…

Mumsnet founder targeted in ‘Swatting attack’

A group callings itself @Dadsecurity claims it was responsible for the cyber and swatting attacks on the Mumsnet site Internet trolls have targeted the founder of the Mumsnet website launching a so-called ‘Swatting attack’, which resulted in armed police being called to her home. Justine Roberts, who set up the hugely influential parenting forum in 2000, claimed the site had to be temporarily shut down last week after a group calling itself @DadSecurity unleashed a cyberattack which overloaded its server. But then in a more sinister twist she said those responsible had made a malicious report to the Metropolitan Police, claiming an armed man had been seen prowling outside her home. As a result she claimed an armed police unit was scrambled to her address in the early hours of August 12. She alleged that the same thing had also happened to another Mumsnet user in which police were told gunshots had been fired at her home. Swatting attacks have become common in the United States, and take their name from the militarised Special Weapons and Tactics (SWAT) units called to deal with armed incidents. The Metropolitan Police said it was unable to provide details of the resources deployed in the incidents, but Ms Roberts, who is married to the Newsnight editor, Ian Katz, said it had left those on the receiving end “shaken up”. The group that claimed responsibility for the cyberattack used the Twitter account @DadSecurity, to brag about its actions, but the user has since been suspended. Describing what happened Ms Roberts wrote on the Mumsnet site: “On the night of Tuesday 11 August, Mumsnet came under attack from what’s known as a denial of service (DDoS) attack. “Our servers were bombarded with requests, which required our Internet service provider to massively increase server capacity to cope. “We were able to restore the site at 10am on Wednesday 12 August. Meanwhile a Twitter account, @DadSecurity, claimed responsibility, saying in various tweets, ‘Now is the start of something wonderful’, ‘RIP Mumsnet’, ‘Nothing will be normal anymore’ and ‘Our DDoS attacks are keeping you offline’.” But she said later that night they appeared to have taken one step further by making a malicious call to the police. She wrote: “An armed response team turned up at my house last week in the middle of the night, after reports of a gunman prowling around.” She explained that another Mumsnet user who challenged @DadSecurity on Twitter was warned to ‘prepare to be swatted by the best’ in a tweet that included a picture of a SWAT team. Ms Roberts wrote: “Police arrived at her house late at night following a report of gunshots. Needless to say, she and her young family were pretty shaken up. “It’s worth saying that we don’t believe these addresses were gained directly from any Mumsnet hack, as we don’t collect addresses. The police are investigating both instances.” Mumsnet is currently reviewing its online security and is asking all users to change their passwords in order to reduce the risk of any other hacks. Mumsnet has come in from criticism in the past from father’s groups, including Fathers4Justice, which claim it has an “anti-male agenda”. In 2012 Fathers4Justice launched a campaign which included a naked protest at companies that advertised with the website. Source: http://www.telegraph.co.uk/news/uknews/crime/11810790/Mumsnet-founder-targeted-in-Swatting-attack.html

Original post:
Mumsnet founder targeted in ‘Swatting attack’

The Pentagon Wants To Wage War on DDoS Cyber Attacks

By next spring, researchers are expected to unveil new tools enabling organizations like the Defense Department a rapid response to distributed denial-of-service attacks. The Pentagon has in mind a three-pronged counterattack against a decades-old form of cyber assault that continues to paralyze government and industry networks, despite its low cost of sometimes $10 a hit. Beginning next spring, military-funded researchers are scheduled to produce new tools that would quickly enable organizations to bounce back from so-called distributed denial-of-service attacks. A recovery rate of at most 10 seconds is the goal, according to the Defense Department. Today, attackers have a relatively easy time aiming bogus traffic at computer servers to knock them offline. One reason is that computer systems often are consolidated, making for a wide target area. Another weakness is the predictable behavior of systems that support Web services. And finally, certain types of DDoS attacks that evince little malicious traffic go undetected. Researchers chosen by the Defense Advanced Research Projects Agency will attempt to deny attackers such openings through a three-year program called Extreme DDoS Defense, according to Pentagon officials. The tentative start date is April 1, 2016. The stability of agency operations, banking, online gaming and many other daily activities are at stake here. A DDoS attack against Estonia in 2007 allegedly orchestrated by Russian-backed hackers downed government and industry Internet access nationwide for two weeks. More recently, crooks have begun offering Luddites DDoS-for-hire services at subscription rates of $10-$300 a month, according to journalist Brian Krebs. Lizard Squad, a major provider, allegedly was behind several persistent attacks on online gaming services Xbox and PlayStation. A string of 2011 cyber assaults against Wall Street banks, including Capital One and SunTrust Banks, was attributed to Iranian hackers. Just this month, at the annual Black Hat security conference in Las Vegas, Trend Micro researchers said they observed attackers trying to overpower systems in Washington that monitor the physical security ofgas pumps. Luckily, the devices were fake “honeypot” traps. “Responses to DDoS attacks are too slow and manually driven, with diagnosis and formulation of filtering rules often taking hours to formulate and instantiate. In contrast, military communication often demands that disruptions be limited to minutes or less,” DARPA officials said in an Aug. 14 announcement about the new program. The funding level for the project was not disclosed but multiple grants are expected to be awarded. Interested researchers must submit proposals by noon Oct. 13. XD3 will endeavor to thwart DDoS attacks by “dispersing cyber assets” in facilities and on networks, officials said. Currently, the problem is that cloud computing arrangements and other critical infrastructure systems “rely heavily on highly shared, centralized servers and data centers,” they added. The new tools also will try “disguising the characteristics and behaviors of those assets” to complicate the planning of DDoS launches, officials said. The trick with so-called “low-volume” DDoS attacks is they do not look like traffic overloads. The external computer messages seem benign but are actually exhausting a system’s memory or processors. One workaround here might be sharing information among systems that then can “decide collectively whether attacks have occurred, and/or to determine what mitigations might be most effective,” officials said. One group of XD3 researchers will be assigned to inspect the designs for unintended security holes. Anyone wanting to be a reviewer must hold a top-secret clearance, according to the contract rules. “The objective of design reviews is the proactive identification of weaknesses and vulnerabilities that would reduce the effectiveness of DDoS attack detection or mitigation,” officials said. The idea also is to “apprise performers of potential DDoS attack methods or features that they might not have considered.” Source: http://www.defenseone.com/ideas/2015/08/pentagon-wants-wage-war-denial-service-cyber-attacks/119196/

How to sabotage DDoS-for-hire services?

We all know the damage that DDoS-for-hire services can inflict on websites and organizations behind them. What is less known is that a simple move like making PayPal seize the accounts through whic…

View the original here:
How to sabotage DDoS-for-hire services?

Anti-botnet initiatives USELESS in sea of patch-hating pirates

A million low end, pirate boxes still spewing malware relic. Three Dutch researchers have crunched data gleaned from efforts to battle the Conficker bot and declared anti-botnet initiatives all but useless for clean up efforts.…

More here:
Anti-botnet initiatives USELESS in sea of patch-hating pirates