Bunch of online resellers hit by serious issues this week British e-tailers are trying to manage website disruption after they were systematically targeted this week by DDoS extortionists.…
See more here:
Cyber-miscreants use Brit e-tailers as personal cash machines
Scan Computers, Novatech and Aria Technology all encountered website disruption yesterday, with the latter confirming a Bitcoin-based DDoS attack was to blame. Aria Taheri, Aria’s eponymous boss, told CRN the firm’s website went down yesterday afternoon for a couple of hours as hackers sent an email demanding the payment of 16.66 Bitcoins (£2,871.43), otherwise they would try to bring the site down for the whole of Wednesday. Fellow e-tailers Novatech and Scan also took to Twitter to inform their customers that there had been problems with their sites, while CCL is another thought to have encountered issues. Scan Computers, Novatech and Aria Technology all encountered website disruption yesterday, with the latter confirming a Bitcoin-based DDoS attack was to blame. Aria Taheri, Aria’s eponymous boss, told CRN the firm’s website went down yesterday afternoon for a couple of hours as hackers sent an email demanding the payment of 16.66 Bitcoins (£2,871.43), otherwise they would try to bring the site down for the whole of Wednesday. Fellow e-tailers Novatech and Scan also took to Twitter to inform their customers that there had been problems with their sites, while CCL is another thought to have encountered issues. Novatech and CCL were unavailable for comment at the time of publication. Elan Raja III, Scan’s director, said: “Scan are aware there has been some disruption in traffic and is investigating the cause.” Taheri said he understood that the website disruption suffered by his competitors was caused by the same DDoS attack and believes other companies in his industry have also received ransoms for Bitcoins this week. Aria’s website was hit in a hack in February 2013 but caught the perpetrators last year after putting up a reward. Taheri is adopting the same tactic on this occasion, posting a £15,000 bounty ( pictured above ) for anyone who provides information to help police catch the hackers. He said the reward is much higher than the Bitcoin ransom because he wants to send a message to the hackers and due to the “principle” of the attack. He said he is not going to pay the ransom demanded as it would send out the wrong message. “These kinds of attacks are only designed to affect our website and make it inaccessible. However, [our customers’] information is 100 per cent secure as we are PCI DSS compliant which is quite a strict web-security protocol. Also, the website unavailability will last for only a short period – a matter of hours – so the customers can always come back at a later time. “We are not going to encourage more of these hackers by giving them Bitcoins, because that would only encourage others to come to us and blackmail us more. The message to the hackers is that I will spend a significant amount of money to bring them to justice. Our track record shows that we have done that before, and based on that track record I am fairly confident we can do that [again].” The attack the cybercriminals have threatened to carry out on Aria’s website tomorrow coincides with a “prime day” on which low prices are offered to customers, Taheri added. On the rise There has been a rise in the number of DDOS attacks demanding Bitcoin ransoms in recent months, with Bloomberg reporting that a cybercriminal group called DDoS for Bitcoin (Distributed Denial of Service for Bitcoin) – or DD4BC – blackmailed financial institutions by threatening to disrupt websites last month unless they paid Bitcoin ransoms. Taheri said the internet datacentre informed him that these kinds of attacks are “on the increase, and the frequency of it is going up at an alarming rate”. One source, who wished to remain anonymous, said the attack is similar to those launched by DD4BC, and could be from a group which is trying to emulate DD4BC. Source: http://www.channelweb.co.uk/crn-uk/news/2431257/uk-e-tailers-hit-by-ddos-barrage
Follow this link:
UK e-tailers hit by suspected DDoS barrage
Zombie botnet found in sample despite server takedown The Dridex banking botnet is continuing to show some signs of life even after a high-profile FBI-led disruption operation earlier this month.…
More:
Infosec workers swipe Q-tip across ‘net: Ew, there’s Dridex on it
There was a major distributed-denial-of-service (DDoS) attack on Rossiya Segodnya International Information Agency resources, including the Sputnik website and newswire, the company’s IT department said Saturday. The attack restricted access to desktop and mobile versions of the Sputnik website. IT specialists managed to ensure the timely release of news pieces to the newswire clients. The agency’s press service said that IT specialists were working to establish the details of the attack that restricted access to desktop and mobile versions of the Sputnik website. “Rossiya Segodnya websites and mailing services were unavailable to users for two hours starting at 7:00 p.m. Moscow time [16:00 GMT],” the press service said. DDoS attacks are caused by a large number of Internet users or software simultaneously sending requests to a website until it exceeds its capacity to handle Internet traffic. The Sputnik site was unavailable for almost two hours. Source: http://sputniknews.com/art_living/20151017/1028682238/sputnik-ddos-attack.html
More:
Rossiya Segodnya Information Agency Suffers Major DDoS Attack
Android users running AT&T and Verizon networks may be susceptible to distributed denial of service (DDoS) attacks. The alert comes from a new advisory posted by Carnegie Mellon University CERT database, which shows that the vulnerability allows hackers to target LTE networks and users. The reason for this vulnerability is primarily due to the way LTE works. Unlike conventional data transfer methods of circuit switching, LTE uses packet switching. The research says that this new method allows hackers to use the SIP protocol to enable a new set of attack vectors via wireless networks. If this loophole is exploited, denial of service attacks can be carried out on these networks and data exploitation along with ‘silent calls’ can be executed, allowing for unlimited phone calls and use of large amounts of data without any records of them in bills. According to the researchers, every Android OS version released to date could be affected by this vulnerability. Google has already been notified about this massive flaw, and has been advised to escalate its permissions on Android. Apple on the other hand has said that its phones aren’t affected by this LTE security flaw. Google itself is likely to release a security update very quickly for its supported Nexus devices to take counter-measurements against the issue. If you have a carrier-provided phone from LG, Samsung, or other brands however, chances are you’ll have to wait a while. Carriers are notorious for releasing updates on snail-like pace. Source: http://techfrag.com/2015/10/17/android-devices-affected-by-lte-security-flaw-could-result-in-ddos-attacks/
Read More:
Android Devices Affected By LTE Security Flaw, Could Result in DDoS Attacks
A tweet purporting to be from Anonymous, a diffuse international collective of online hacker activists, warned of cyberattacks on the websites of two major airports earlier this month, police sources said Saturday. A day later, the web pages of Narita and Chubu airports were struck down. On Oct. 10, the website of Narita International Airport went down for about eight hours from around 2:30 a.m. after being overwhelmed by multiple-source traffic. The website of Chubu Centrair International Airport also became difficult to access for 8½ hours. Flights at the airports were unaffected. According to investigative sources from the Chiba and Aichi prefectural police, the Twitter post on Oct. 9 said attacks would be made on two major Japanese airports. It gave the addresses of Narita and Chubu airports. The sources said the websites of the two facilities apparently suffered “distributed denial of service” or DDoS attacks, which are intended to paralyze a targeted website by overwhelming it with high levels of traffic sent from multiple network sources. The website of the town of Taiji in Wakayama Prefecture experienced a similar cyberattack in September, which police suspect was made by Anonymous in protest of the town’s longtime practice of hunting of dolphins whereby the mammals are killed or captured after being herded into a cove. The slaughter has become a cause celebre for animal rights activists and others. Source: http://www.japantimes.co.jp/news/2015/10/17/national/crime-legal/anonymous-cited-in-web-outages-at-two-japan-airports/#.ViKA7St4AmQ
Visit site:
Anonymous cited in Web DDoS attacks at two Japan airports
Continuing our exclusive coverage of the events unfolding at forex solutions provider oneZero, LeapRate has learned that the outages hitting oneZero and thereby some of its hosted clients over the past week are the result of distributed denial-of-service (DDoS) attacks being made against the company. After engaging multiple security contractors, the company has isolated the attacks and has determined that they originate out of China. A distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users. It is the result of multiple compromised systems (for example a botnet) flooding the targeted system – usually one or more web servers – with traffic. The most serious attacks are distributed, meaning that the attack source is more than one (and often thousands) of unique IP addresses. Many of the cases involve forging of IP sender addresses (IP address spoofing) so that the location of the attacking machines cannot easily be identified, nor can filtering be done based on the source address. For these and other reasons, DDoS attacks are typically very effective and difficult to mitigate. oneZero management indicated to LeapRate that the attack against them has been made with a very high level of sophistication, but that the company is working very closely with security contractors and with its clients and expects the situation to be resolved. The attack against oneZero appears to be solely targeting connectivity, and has not at all affected the company’s own systems, so that no company or client data has been compromised. And so far, there has been no attempt to exploit the attack – DDoS hackers often try to blackmail their targets, requiring some sort of ransom to be paid in order to remove the attacks. Source: http://leaprate.com/2015/10/onezero-outages-the-result-of-chinese-ddos-attacks-leaprate-exclusive/
Read this article:
oneZero outages the result of Chinese DDoS attacks
Over the weekend video gamers who enjoy exploring the galaxy in Star Trek Online and fighting orcs with swords in Neverwinter Online found themselves briefly unable to do so. Some players described lag spiking so high that characters began “rubber banding”–or repeatedly teleporting back every time a player tries to move somewhere else. Cryptic Studios, Inc., the developer of Star Trek Online and Neverwinter quickly tweeted about the problem. The attack, a distributed denial of service (DDoS) attack hit the servers affecting both games and caused the network supporting them to crumble. The first hit the servers at approximately noon PST on Sunday and the second at 8pm PST on the same day. These sorts of attacks are commonly used by Internet trolls and rabble rousers to attract attention such as the likes of Lizard Squad, DerpTrolling, and LulzSec. Gaming networks are particularly susceptible to DDoS attacks with potentially thousands (or hundreds of thousands) of players expecting a flawless experience that requires the quick response of networks and servers. The attacker who claimed responsibility in the case of the Cryptic Studio’s properties is named NeverGodz (@NeverWinterGod) and may have only targeted Neverwinter Online –the effect on Star Trek Online ’s servers mere collateral damage in the attack. Due to the nature of DDoS, the damage rarely affects just one service, and can disrupt the entire data center or network node adjacent to the target. There were two separate attacks committed by @NeverwinterGod. Both attacks lasted long enough to bring both games down and make it difficult for players to log in or play. Players of both games went to Reddit ( Neverwinter Online , Star Trek Online ) and Twitter to voice their confusion as to the server issues and cited the tweets from Cryptic when they did. Some, such as STO commentator Lootcritter expressed curiosity over the reason for the attacks. So far, most attackers who hit online games have appeared to claim they do it “for the lulz,” or because the attacker is having fun. Although some, like Lizard Squad, claimed to do it to show how security at these sites is lax and unable to withstand attacks. Surviving DDoS attacks has nothing to do with traditional cybersecurity, however, and everything to do with the power and reaction time of network engineers. Most of the Internet mayhem crews and DDoS attackers to hit online games have been young, male and out to make names for themselves by causing disruption. The claims and trumpets of @NeverWinterGod looks no different. DDoS attacks easier, on the rise and a constant threat to online games In 2013, CloudFlare, Inc. CEO Matthew Prince predicted that DDoS attacks would only expand in scope and ease in 2014 and this has remained true for 2015. In April of this year, Arbor Networks, Inc. reported one of the largest DDoS attacks ever detected at 334Gbps. Akamai Technologies Limited backed up these figures stating that attacks had increased in volume and quality, the report stated that the total number of DDoS attacks increased 132.43 percent compared to Q2 2014. As for ease, one of the takeaways from Lizard Squad’s arrival was the launch of the Lizard Stresser DDoS-for-hire service, it is still online today. Although few would be foolish enough to use it after it’s previous hacks. According to Nexusguard Inc. there is a thriving market in DDoS-for-hire services even before Lizard Squad came on the scene, but if an ad hoc Internet mayhem crew could build one it shows how easily such a setup can be built. DDoS attacks are not easy to stop. Due to their distributed nature it’s impossible to squash them at the source, since the attack uses thousands to millions of computers across the globe to produce garbage connections and data directed at the target. Halting the attack at the target is difficult because all that garbage traffic can saturate the network across multiple tiers. Network engineers from anti-DDoS outfits such as Nexusguard need to work with upstream providers to filter out the garbage traffic before it reaches the smaller networks. Stopping a DDoS attack takes a lot of coordinated effort across region-spanning networks and affects more properties than just the intended target. Much in the same way a traffic jam in a city can make multiple exits from a freeway inaccessible. Efforts continue to attempt to thwart DDoS attacks, but it looks as if 2015 will continue to be a year when the volume and capabilities of attacks will rise. Update 09/14/2015 2:25pm PST: Star Trek Online and Neverwinter Online are under DDoS attack again today starting at approximately 1:45pm PST. Tweets suggest that the attacker is targeting Cryptic Studio’s Boston datacenters but did not last long, a mere 20 minutes. The attacker has shown an interest in knocking the servers offline repeatedly so there may be further attempts today. Source: http://siliconangle.com/blog/2015/09/14/star-trek-online-neverwinter-online-struck-by-ddos-attacks-twice-in-one-day/
Visit site:
Star Trek Online, Neverwinter Online struck by DDoS attacks twice in one day
C&C malware factory The FBI has teamed up with security vendors to disrupt the operations of Dridex banking Trojan.…
Read More:
FBI takes down Dridex botnet, seizes servers, arrests suspect
The UK's National Crime Agency is spearheading an onslaught against the Dridex (aka Bugat, aka Cridex) banking malware and the criminals that wield it. “Dridex malware, also known as Bugat and Crid…