Monthly Archives: August 2015

Hackers are blackmailing banks with threats of DDoS attacks

Hackers are threatening banks and other financial institutions with Distributed Denial of Service (DDoS) attacks if they don’t pay them tens of thousands of dollars, according to various reports More than 100 companies were threatened, according to MarketWatch, which cited a Federal Bureau of Investigation (FBI) agent. Among the companies being targeted were big banks and brokerages in the financial sector. A DDoS attack is when a hacker floods a website with traffic, forcing it offline. It is usually done with the help of multiple compromised systems, which are often infected with a Trojan. Richard Jacobs, assistant special agency in charge of the cyber branch at the FBI’s New York office, told MarketWatch these threats have been coming in since April. He added that in some cases, the companies have paid up. These companies end up facing further trouble as hackers know that they are willing to engage. “There are some groups who typically will go away if you don’t pay them, but there’s no guarantee that’s going to happen,” Jacobs says. He says not all targets have experienced actual attacks. Companies are willing to pay large sums of money, as DDoS attacks could see them lose even more. A DDoS attack could see a company lose more than $100,000 an hour, according to Neustar, a Sterling, Va.-based information services and analytics company. Jacobs says the FBI does not advise or direct firms as to whether or not to pay the attackers or let their websites go down. “How important is that access to that website to your business? They have to make their own calls,” Jacobs says. “If you’re a discount broker and that’s the only way your customers can trade, that would be a concern. If it’s just a website that’s used for general news and information, maybe it’s not so difficult to have it down for an hour or two.” Yaroslav Rosomakho, Principal Consulting Engineer EMEA at Arbor Networks commented: “The fact hackers are planning on taking down websites with DDoS attacks unless organisations pay large sums of money is testament that hackers are becoming increasingly ruthless. Hackers’ activities against internet services of financial institutions are on the rise, since these services are an absolutely critical part of daily business. “Hackers realise that DDoS can be as disruptive as other more traditional attack methods and, unfortunately, still many organisations do not pay enough care to availability protection of their services and infrastructure. “Our research shows that DDoS attacks are continuing to grow in size, complexity and frequency with nearly half of businesses experiencing DDoS attacks last year. As attack size increases, so does the complexity of the hacker’s toolkit. “To ensure protection from these threats, organisations must have multi-layered DDoS protection in place, using both cloud and network-perimeter components to protect from stealthy application layer, state exhaustion and large volumetric attacks.” Source: http://www.itproportal.com/2015/07/31/hackers-threaten-banks-with-ddos-ask-for-ransom/

Read the original:
Hackers are blackmailing banks with threats of DDoS attacks

DDoS attacks rage on, primarily impacting U.S. and Chinese entities

Organizations in the U.S. and China should be especially aware of distributed denial-of-service (DDoS) attacks, as more than half of them in Q2 of this year were aimed at the two countries. Kaspersky Lab’s “DDoS Intelligence Report Q2 2015” found that from April until the end of June this year, DDoS attacks impacted 79 countries, with most, 77 percent, affecting only 10 countries. In addition to China and the U.S., South Korea, Canada, Russia and France accounted for a large portion of attacks. The cybersecurity company defined a single attack as an incident during which there was “no break in botnet activity lasting longer than 24 hours.” If the same entity was attacked by the same botnet but with a 24 hour gap in activity, the two incidents would be considered separat e. The longest attack recorded during this past quarter lasted 205 hours, or eight and a half days. The peak number of attacks clocked in at 1,960 on May 7, and the low, at 73 attacks, occurred on June 25. The popularity of these attacks stems from the ease with which they can be arranged, said Andrey Pozhogin, senior product marketing manager at Kaspersky Lab North America, in emailed comments to SCMagazine.com. “Today, it is much easier to launch a DDoS attack,” he wrote. “Suddenly, you don’t have to be an expert in the field – all the power and potential damage is available to you with a few clicks. It’s also relatively cheap to commission a DDoS attack.” He noted that some online services charge as little as $50 for an attack that can cause serious damage to a company’s reputation, as well as financial losses. An average DDoS attack can range in cost to a company, depending on its size, anywhere from $52,000 to $444,000, Pozhogin said. As far as days of the week to be attacked, Sunday was the most popular day, accounting for 16.6 percent of them, and Tuesday was the least popular with 12.1 percent. Even as companies attempt to beef up their protection, it’s nearly impossible to stay ahead of the attackers and their tools. “As long as a company continues to focus on its core business it will not be able to match the resources poured into bypassing outdated protection and staying ahead of the attackers,” Pozhogin said. That said, cybersecurity firms’ technology can assist in keeping attackers at bay and enterprises’ sites running, he reminded. Source: http://www.scmagazine.com/kaspersky-lab-releases-q2-ddos-report/article/431034/

View article:
DDoS attacks rage on, primarily impacting U.S. and Chinese entities

DDoS Attack Temporarily Shuts Down International ‘DOTA 2? Tournament

The International DOTA 2 tournament is underway, but a reported DDoS attack forced Valve to suspend the matches for several hours. The tournament has had several Internet-related problems since it began, but commentators confirmed that a DDoS attack was indeed to blame for today’s outage. It’s a funny thing that even an official Valve tournament, with all the top players in the world on the same stage, still needs to deal with all the same outage problems that average gamers have to deal with all the time. There is no LAN mode for DOTA 2. We’ve contacted Valve for comment and will respond with any update. The matches are up and running again. A DDoS is a rudimentary form of hack where people overwhelm a given server with a gigantic number of false requests, rendering it unable to respond. DDoS attacks and other Internet tomfoolery are a an unfortunate side effect of video games in general: virtual vandals have a habit of knocking down everything from smaller PC games to PSN and Xbox Live. Video games have an outsize presence amongst the young and internet-savvy, making them an ideal, if monumentally annoying, target for coordinated groups and lone actors alike. The international DOTA 2 tournament carries with it a record $18 million prize purse, raised through crowd-funding and in game purchases. It’s a landmark purse for eSports, carrying with it the sort of legitimacy that only outsize rewards for obsessive skill can provide. You can watch the proceedings below on the live Youtube stream, though Valve also provides a newcomers stream with explanation and commentary for people who don’t know the ins and outs of the game. It’s complicated, no doubt, but then again, so is football. Source: http://www.forbes.com/sites/davidthier/2015/08/04/ddos-attack-temporarily-shuts-down-international-dota-2-tournament/

Curriculum Protests: DDoS attacks launched on official, pan-blue Web sites

In what it said was support for the ongoing curriculum protests, hacker group Anonymous Asia yesterday launched a third wave of distributed denial of service (DDoS) attacks against the Web sites of two political parties and a government ministry. The Web sites of the New Party, Chinese Nationalist Party (KMT), the KMT Taipei branch office and the Ministry of Economic Affairs were attacked for more than an hour. According to reports by Storm Media Group, Anonymous launched its first wave of DDoS attacks under the name “Anonymous #Op Taiwan” on Friday last week by locking down the Presidential Office and Ministry of Education Web sites for five hours. A notice released by the group said: “We are everywhere and nowhere. Taiwan’s police are not exempt [from our attacks], and all police must take responsibility for this incident. We cannot permit the use of violence or pepper spray on peacefully demonstrating people. When you hurt the Taiwanese people, revenge will be sought. We cannot forget, support us and the corrupt officials will be afraid of us. Taiwan’s government, expect us.” On Sunday, the group launched a second wave of DDoS attacks against the Ministry of Education, the Ministry of National Defense, the National Academy of Educational Research and CtiTV, a television station generally sympathetic toward the KMT, the report said. In a Facebook post on Sunday, New Party Chairperson Yok Mu-ming (???) said the DDoS attacks were serious national security concerns. “Do we not see China as our enemy and try to prevent Beijing hacking our Web sites? What I’m seeing now is like the opening salvoes of a Taiwanese civil war,” Yok said. Yok called on the public to put pressure on the Presidential Office and National Security Bureau to look into the attacks and find out who was behind them. “We must know if the motives are against curriculum changes or if there are other ulterior motives,” he said. Shortly after Yok’s Facebook post the New Party Web site was hacked. Anonymous Asia said on Facebook: “Yok Mu-ming, are you looking for us? Here we come.” Anonymous Asia is a loose coalition of hackers and Internet activists. The group describes itself as “an internet gathering” with “a very loose and decentralized command structure that operates on ideas rather than directives” and has been known for high-profile public DDoS attacks on government, religious, and corporate Web sites. Source: http://www.taipeitimes.com/News/taiwan/archives/2015/08/04/2003624588

More here:
Curriculum Protests: DDoS attacks launched on official, pan-blue Web sites

FBI to Banks: DDoS Extortions Continue

Don’t Pay Attackers or Scammers, Security Experts Warn Numerous firms across the financial services sector – and beyond – continue to face a variety of distributed-denial-of-attack and data breach extortion attempts. Attackers’ tactics are simple: Sometimes they threaten to disrupt a firm’s website, preventing customers from accessing it. And other times they warn that they will release data – which they obtained by hacking into the firm – that contains sensitive information about the organization’s employees and customers. Or, the attackers say, the organization can pay them off – typically via bitcoins – to call off the attack or delete the data. Richard Jacobs, assistant special agenct in charge of the cyber branch at the FBI’s New York office, reports that the bureau continues to see a large number of related shakedown attempts, with attackers in April making DDoS extortion threats against more than 100 financial firms, including some big banks and brokerages, MarketWatch reports. Some firms have reportedly been hit with demands for tens of thousands of dollars, and the FBI says that some victims do pay, even though attackers might never have followed through on their threats. Likewise, the payoff sometimes leads attackers to blackmail victims for even more money. “There are some groups who typically will go away if you don’t pay them, but there’s no guarantee that’s going to happen,” Jacobs tells Marketwatch. Attacks on the Rise This is far from a new tactic for criminals operating online, and law enforcement experts have long warned organizations to not accede to attackers’ demands. “Extortion types of attacks have always been around,” says information security expert Brian Honan, who heads Dublin-based BH Consulting and also serves as a cybersecurity advisor to Europol. “They were quite popular during the 1990s and early 2000s, waned for a while, but are now gaining popularity again with criminals. We are seeing a rise in such types of attacks both in the U.S. and in Europe.” Large financial institutions in particular appear to be getting singled out by blackmailers, says financial fraud expert Avivah Litan, an analyst at the consultancy Gartner. “The large banks are under an onslaught of [such] attacks; the smaller banks, I hear mixed things from,” she says. But banks don’t talk about such attacks much, she adds, “because no one wants the public to know that they’re being extorted.” The growth of such shakedown attempts has been driven in part by the increasing availability and ease of use of DDoS-on-demand services, Litan says. “It’s always been easy to get DDoS attacks, but now it’s just more organized, more readily available, and you can say, ‘I want to do it against these particular U.S. banks or U.K. banks,’ for example,” she says. Sometimes, attackers do follow through on their threats by executing DDoS disruptions or leaking data. Earlier this year, for example, a hacking team calling itself “Rex Mundi” demanded a payment of 20,000 euros ($21,000) from French clinical laboratory Labio, or else it would release people’s blood test results. When Labio refused to pay, the hackers dumped the data. The “Pedro Batista” Scam But at least some of these shakedown attempts appear to be little more than bluster. For example, one threat researcher – speaking on condition of anonymity – reports that in recent months, an apparently Portugal-based attacker or middleman named “Pedro Batista” has attempted to extort both the Federal Savings Bank, plus the Industrial Bank in China. Batista claimed in an email – sent to the researcher – to have obtained root access to an FSB MySQL database, which supposedly contained extensive information about the firm’s clients. For the Industrial Bank of China, Batista also claimed to have stolen a database containing employees’ salaries, plus usernames and passwords. Neither of those firms responded to Information Security Media Group’s queries about whether they could confirm having received blackmail notices from Batista, or if they had given in to the extortion demands. But Mikko Hypponen, chief research officer at F-Secure, says the Pedro Batista shakedown is a scam. “Since 2013, an individual using this name has been contacting security experts, offering vulnerabilities or leaked databases for sale,” he tells Information Security Media Group. “Those that have kept up the communication with him have found out that he had no goods or very little goods to actually deliver. He might be able to do some SQL injections to gain partial access to some information, but for the most part, this seems to be some kind of a scam operation.” How To Respond: 5 Essentials Organizations can simply ignore those types of scams, security experts say. But dealing with DDoS threats requires a more structured response, says Honan, who offers the following recommendations: React: Take the threat seriously, and “spin up” an incident response team to deal with any such attacks or threats. Defend: Review DDoS defenses to ensure they can handle attackers’ threatened load, and if necessary contract with, subscribe to or buy an anti-DDoS service or tool that can help. Alert: Warn the organization’s data centers and ISPs about the threatened attack, which they may also be able to help mitigate. Report: Tell law enforcement agencies about the threat – even if attackers do not follow through – so they can amass better intelligence to pursue the culprits. Plan: Continually review business continuity plans to prepare for any disruption, if it does occur, to avoid excessive disruptions to the business. Litan likewise advocates technical planning as the primary way to defend against threatened or in-progress DDoS attacks. Furthermore, if an organization’s DDoS defenses do fail to mitigate the attack, she says an excellent fallback strategy is to redirect customers to a backup site that attackers don’t yet know about. “If you are under attack, you have a miniature website set up that you can immediately redirect your customers to, with most of the functions on the site, so you don’t have to deal with extortion attempts – go ahead and DDoS me, it doesn’t matter,” Litan says. “Some of the large banks have done that, and it has worked effectively.” Above all, Honan says that on behalf of all would-be victims, no targeted organization should ever give in to extortion attempts. “Needless to say, you should not pay the ransom, as you have no guarantee the criminals will not attack you anyway, or that other criminals may target you in the future,” Honan says. “And by paying the demands you simply motivate the criminals to carry out similar attacks against you and others.” Source: http://www.bankinfosecurity.com/fbi-to-banks-ddos-extortions-continue-a-8446

More here:
FBI to Banks: DDoS Extortions Continue

DDoS Attacks Take Down RBS, Ulster Bank, and Natwest Online Systems

The Royal Bank of Scotland group of banks suffered nearly a fifty minute outage to their on-line banking systems today as a result of a Distributed Denial of Service Attack. The banks affected included, Royal Bank of Scotland (RBS), NatWest, and Ulster Bank. A spokesperson from NatWest said in a statement “The issues that some customers experienced accessing on-line banking this morning was due to a surge in internet traffic deliberately directed at the website. At no time was there any risk to customers. Customers experienced issues for around 50 minutes and this has now been resolved.” It is interesting to see this attack impact banks in the UK just days after an FBI agent in an interview with MarketWatch said that more than a 100 financial companies in the US received threats relating to DDoS attacks since April of this year. These threats were usually accompanied by an extortion demand looking for money to be paid, usually in the form of BitCoins, to prevent the attack from happening. There were no additional details given as to how many of those financial companies actually suffered the threatened DDoS attacks, paid the ransom and had no attacks, paid the ransom but still become victims of the DDoS attack, or indeed simply ignored the demand and had no further interaction with those behind the threats. In May of this year, the Swiss Governmental Computer Emergency Response Team (GovCERT.ch) issued a warning relating to an increase in DDoS extortion attacks attributed to a group called DDB4C. GovCERT.ch highlight that the gang had previously operated against targets in other regions but were now targeting organisations in Europe. GovCERT.ch explained that the attacks by these groups are typically amplification attacks abusing the NTP, SSDP or DNS protocols. The Akamai blog also has more details on this gang and how they conduct their attacks. The threat from DDoS extortion attacks have been around since companies started doing business on-line. But as can be seen from the attacks against RBS, NatWest, and Ulster Bank, and the warnings from GovCERT.ch and the FBI, these attacks are coming back into vogue again. So if your organisation is faced with a DDoS extortion threat what should you do? Here are some steps to consider; Do not ignore the threat. It is possible it may be a bluff but it may also be a genuine threat. So inform your Incident Response Team so they can prepare in the event the attack materialises. Make sure your anti-DDoS protection mechanisms are able to cope threatened load. If you do not have any anti-DDoS systems in place contact your ISP, hosting provider, or security services reseller to discuss your options with them. Contact your Data Centres and ISPs to make them aware of the threats and allow them to prepare for any possible attacks. It would also be wise to ensure your Incident Response Team has direct contact with those of your providers. Do report the threat to the appropriate law enforcement agency. While they may not be able to directly assist with the threat or any eventual attacks, the information you provide could help law enforcement build and share intelligence with other law enforcement groups with the goal to eventually arrest those behind the threats. It may be wise to examine your business continuity plan to determine if you can invoke this plan in the event an attack materialises so that you can continue to provide services to your clients. It is also incumbent on anyone of us responsible for hosting internet facing services that these services are configured securely so they don’t facilitate criminals to use them in amplification, or indeed any other, attacks against other companies. It is interesting to note that this is not the first time that RBS has been targeted by DDoS attacks. In December 2013 its on-line systems were unavailable for up to 12 hours as a result of a DDoS attack. This came after the RBS group of banks suffered a major outage to their payment systems in 2012 resulting in the banks being unable to process customer payments for a number of days and led to the group being fined STG£56 million by UK regulatory authorities for the “unacceptable” computer failure. Speaking in December 2013 about the 2012 outage the RBS CEO, Mr Ross McEwan, admitted there had been a significant under investment in IT in the bank. Mr McEwan, said “For decades, RBS failed to invest properly in its systems. We need to put our customers’ needs at the centre of all we do. It will take time, but we are investing heavily in building IT systems our customers can rely on.” After today it looks like RBS will need to ensure it continues to invest in the technology and people required to keep its systems and data secure. Source: http://www.itnews.com/security/95340/ddos-attacks-take-down-rbs-ulster-bank-and-natwest-online-systems?page=0,1

Read this article:
DDoS Attacks Take Down RBS, Ulster Bank, and Natwest Online Systems