Monthly Archives: January 2016

Author of MegalodonHTTP DDoS Malware Arrested in Norway

Hacker was arrested one month ago in Europol operation Norway’s law enforcement authorities have identified a previously arrested suspect as the author of the MegalodonHTTP malware, used for infecting computers and adding them to a botnet used for DDoS attacks. The yet unnamed suspect, known only by his online moniker of Bin4ry, was arrested in December 2015 , during the second stage of Operation Falling sTAR, launched in October 2015 against users of RATs (Remote Access Trojans). During this second phase of the operation, Europol authorities coordinated the arrests of 12 individuals in France, Norway and Romania. Five of the suspects were arrested in Norway. Damballa helped authorities track down MegalodonHTTP’s author A big part in arrest played US cyber-security vendor Damballa, who helped Europol break down the botnet’s activities, and then worked with Norwegian authorities to track down the malware’s author. “We are not at liberty to divulge the MegalodonHTTP author’s real identity, but we can confirm that the person behind the handle Bin4ry is no longer active or doing business,” said Loucif Kharouni, Senior Threat Researcher for Damaballa. Damballa’s team analyzed the MegalodonHTTP malware in late November 2015, as the malware was starting to become more prevalent on the Dark Web, being sold in two separate packages, one that cost $35, and the second that cost $100. Damballa: MegalodonHTTP is not an advanced malware The malware was sold both from Dark Web hacking forums, but also from the now defunct bina4ry.com domain, and came equipped with an automated installer and administration panel, so even skids (script kiddies) could use it, without possessing advanced technical in advance. According to Bin4ry’s description of MegalodonHTTP, the malware was capable of launching seven types of DDoS attacks, remote shells on infected machines, included Bitcoin mining features, but also had the option to kill antivirus processes. At the time of their analysis, Damaballa researchers said that despite being quite potent in terms of features, the malware was not the work of a skilled coder, worked only on Windows machines, and needed the .NET Framework installed, which narrowed the number of machines it could work from. MegalodonHTTP DDoS botnet administration panel Source: http://news.softpedia.com/news/author-of-megalodonhttp-ddos-malware-arrested-in-norway-498981.shtml

Link:
Author of MegalodonHTTP DDoS Malware Arrested in Norway

DDoS Defense: Better Traction in Tandem?

DDoS attacks are nothing new, but they remain the nemesis of many IT departments in organizations big and small. Why? Because attacks can come from any source, use multiple protocols, leverage massive botnets and often aren’t detected until it’s too late. According to SecurityWeek, the U.S. Department of Homeland Security (DHS) is now developing a new kind of DDoS defense, one based on collaboration rather than isolation. But can companies really get better security traction in tandem rather than acting alone? Big Numbers, Big Problems As noted by Dark Reading, DDoS attacks “are growing in frequency, size, severity, sophistication and even persistence each year.” Since there’s no single vector for these attacks — coupled with the fact that many look like server or network failures at first glance — it’s no wonder both small companies and large enterprises are getting hit, and hit often. Consider Rutgers University: In 2015, the institution faced six separate DDoS events. Financial institutions and government organizations faced many more, both attempted and successful, because the mechanism for attacks remains simple: Malicious actors need only reliable botnets and solid connections to launch a full-scale effort. The speed and simplicity of DDoS attacks is also encouraging malicious actors to ramp up their efforts. According to BetaNews, for example, the BBC was hit with a massive attack on New Year’s Eve that — if the attackers themselves are telling the truth — reached a maximum of 602 Gbps. That’s almost double the size of the current DDoS record holder at 334 Gbps. The group responsible, called New World Hacking, also targeted Donald Trump’s website and said it had plans to go after ISIS-related sites, although it claimed the BBC attack was merely a test and not intended to bring the site down for hours. Some security pros said the group may be targeting high-profile sites in an effort to promote its in-house DDoS tool, BangStresser. Stopping Traffic With DDoS Defense With DDoS tools and hacking-as-a-service now available for purchase at virtually any Dark Web marketplace and effectively being advertised through public attacks, companies are understandably concerned. Even when caught midstream, it’s difficult to respond before servers start failing and other, more sophisticated attacks take aim at critical corporate data. As a result, dealing with DDoS has become a top priority for organizations like the DHS, which just awarded a $1.7 million contract to tech company Galois in hopes of strengthening DDoS defense. The biggest news from the announcement is the development of a new project called DDoS Defense for a Community of Peers (3DCoP), which uses a peer-to-peer mechanism that allows organizations to work together and collectively defeat DDoS attacks. The thinking here is that since many companies and institutions are often targeted by similar attacks, a coordinated response increases the chance of early detection and swift response, in turn lowering overall damage. Historically, businesses have been reluctant to share attack data or collaborate on defense for fear of giving away trade security secrets or seeming weak in comparison to other companies. The high-volume, high-impact nature of DDoS attacks, however, make this an untenable position; users don’t care about protecting company pride if the result is reduced compute performance or total server failure. If the DHS effort works as intended, however, organizations should be able to collectively tap the power of the combined whole and get better traction on DDoS defense. In other words, a steady security climb instead of spinning wheels. Source: https://securityintelligence.com/news/ddos-defense-better-traction-in-tandem/

Original post:
DDoS Defense: Better Traction in Tandem?

Nissan Takes Down Website on Its Own After Anonymous DDoS Attacks

Nissan has taken down two of its websites after members of the Anonymous hacker collective launched DDoS attacks against the company to protest against Japan’s whale-hunting operations. Anonymous had previously hacked many targets as part of its #OpWhales and #OpKillingBay campaigns, including the government websites in Japan and Iceland, the personal website of Japan’s PM Shinzo Abe, and many other more . While most of the times the group pointed its DDoS cannons towards Japanese officials that had direct involvement in whale and dolphin killing operations, the attack on the Nissan website is a change from the group’s modus operandi. Anonymous takes new approach in #OpWhales Recently, Anonymous hackers started targeting Japanese businesses in order to have them lobby and put pressure on Japanese officials to stop whale hunting. Until now, these have been only smaller companies. Japanese television station NHK said that, during the last few months of 2015, over 100 Japanese firms were hit by DDoS attacks. All changed yesterday, when Anonymous decided to go after Japan’s second largest car manufacturer. The attacks were brutal and scared Nissan’s security staff enough to shut down the nissan.co.jp and nissan-global.com domains to prevent more dangerous intrusions. Nissan admins took down the websites after the DDoS attacks started to amp up “Because of a potential distributed denial of service attack, we are temporarily suspending service on our websites to prevent further risks,” said Nissan representatives in a statement for Agence France-Presse. The hacker that carried out the attack later commented that he didn’t breach the company’s databases and was only interested in sending a message. This message is that, despite signing international conventions to stop whale hunting, Japan is using loopholes to justify its actions as “scientific research.” At the moment of writing this article, both of Nissan’s targeted websites are still offline. Source: http://news.softpedia.com/news/nissan-takes-down-website-on-its-own-after-anonymous-ddos-attack-498862.shtml

See original article:
Nissan Takes Down Website on Its Own After Anonymous DDoS Attacks

A DDoS Learning Curve for Universities, Government & Enterprises

Distributed Denial of Service attacks are easy, cheap and too often, effective. But they’re not unstoppable. There’s no getting around it — DDoS attacks are growing in frequency, size, severity, sophistication, and even persistence each year. These tenacious, effective attacks can last anywhere from hours to months. They can be launched from botnets, use multiple protocols, and even disguise themselves with SSL encryption. Protecting yourself against DDoS isn’t a matter of stopping one attack but a multitude, sometimes all at once. Even worse, IT departments may not realize an attack is underway, thinking a failing server or application is responsible. Rutgers University, for example, recently fell prey to its sixth known DDoS attack in a single year — and Rutgers is not an outlier. Thousands of DDoS attacks hit universities, enterprises, government organizations, and banks every day—some successful, some not. One thing is for sure: no one is safe, and attacks will continue because DDoS attacks are easy, cheap and, too often, effective. But they’re not unstoppable. Universities and other organizations can take steps to prepare for and minimize the effect of even the most sophisticated assaults: Step 1. Have a good monitoring system in place Security teams have many ways to get insight into their network, including flow sampling, in-path detection and mirrored data packets. Here’s a brief breakdown of the pluses and minuses: Flow sampling: The router samples packets and exports datagrams on them. While scalable, this method leaves out large quantities of information because it only samples one packet out of thousands. This allows some “slow and low” attacks to fly under the detection radar, or take a long time to trigger an alert. In-path detection:  A high-performance DDoS mitigation device continuously processes all incoming traffic and possibly outgoing traffic. The device can take immediate action with sub-second mitigation times. One concern is ensuring the mitigation solution can scale with the uplink capacity during multi-vector attacks. Mirrored data packets: Full detail for analysis is provided, while not necessarily in the path of traffic. This method can be a challenge to set up, but allows for fast detection of anomalies in traffic and is a centralized place for analysis and mitigation. Step 2. Keep an eye on performance metrics and scalability When it comes to DDoS, everything happens on a large scale: the number of attacking computers, the bandwidth they consume and the connections they generate. To fight back, organizations need a combination of high-performance, purpose-built hardware that can mitigate common, yet large-scale attacks effectively, and intelligent software that can inspect traffic at the highest packet rates. For instance, an effective combination might include leveraging dedicated network traffic processors (e.g. FPGAs) to handle the common network-layer attack in combination with powerful, multi-core CPUs to mitigate more complex application-layer attacks. What’s key here is to ensure there is enough processing headroom to prepare networks for future generations of DDoS attacks. Step 3. Invest in a security awareness program Mitigation of next-generation DDoS attacks starts with training — especially to recognize normal network behavior and spot anomalies. For instance, companies that have started their migration to IPv6 must have security specialists in place that know IPv6 well enough to recognize attacks when they happen, and then to know how to use available tools to properly fight them off. Proper training allows organizations to be proactive versus reactive. Security policies take time to devise, so universities and other organizations shouldn’t wait for the IT support staff to raise a red flag before they decide to take action. Source: http://www.darkreading.com/attacks-breaches/a-ddos-learning-curve-for-universities-government-and-enterprises-/a/d-id/1323879

Continue Reading:
A DDoS Learning Curve for Universities, Government & Enterprises

Cybercops cuff two in hunt for DDoS extortion masterminds

Zombie master suspects tracked to Bosnia An international police investigation against the DD4BC DDoS extortion gang has led to one suspect being arrested and one detained, Europol said on Tuesday.…

Follow this link:
Cybercops cuff two in hunt for DDoS extortion masterminds

Group using DDoS attacks to extort business gets hit by European law enforcement

On 15 and 16 December, law enforcement agencies from Austria, Bosnia and Herzegovina, Germany and the United Kingdom joined forces with Europol in the framework of an operation against the cybercrimin…

More here:
Group using DDoS attacks to extort business gets hit by European law enforcement

DDoS attack on Pakistan Government Websites on Live Radio

Dozens of government websites in Pakistan have been targeted by hackers, including one military site that was taken down during a live radio interview with one of the group’s members. The organization responsible, known as New World Hackers, performed a distributed denial of service (DDoS) attack on Pakistan’s Frontier Constabulary website during an appearance on the AnonUK Radio Show on Sunday, following a weekend of sustained attacks on government sites. Dozens of government websites in Pakistan have been targeted by hackers, including one military site that was taken down during a live radio interview with one of the group’s members. The organization responsible, known as New World Hackers, performed a distributed denial of service (DDoS) attack on Pakistan’s Frontier Constabulary website during an appearance on the AnonUK Radio Show on Sunday, following a weekend of sustained attacks on government sites. “It’s not that the Indian hackers want to attack Pakistani sites, there is a war between them and the Pakistani hackers,” the New World Hackers member says. “We upgraded the capabilities of the Indian hackers. “The Pakistani hackers always wish to fuck with India. The Indian hackers are actually the good guys.” Pakistan’s Frontier Constabulary did not respond to a request for comment. Source: http://www.newsweek.com/hackers-take-down-pakistan-government-websites-live-radio-413888

Taken from:
DDoS attack on Pakistan Government Websites on Live Radio

Minnesota Courts Website Target Of DDoS Attacks

A week after the Minnesota courts website was completely shut down for 10 days in December, we’re finally finding out why. The Minnesota Judicial Branch says its website was the target of two distributed-denial-of-service (DDoS) attacks. In a DDoS attack, a website or server is overwhelmed with network traffic until it can no longer function for legitimate users. The MJB says the attacks in December left their site unusable to members of the public for several hours, and was eventually completely shut down from Dec. 21 to 31 in order to install additional safeguards. Officials say no personal data was breached as a result of the attack — DDoS attacks are typically used to sabotage a website or server , rather than steal information. Authorities say initial forensics show the attacks were primarily launched from servers in Asia and Canada, and international authorities are investigating. Source: http://minnesota.cbslocal.com/2016/01/08/minnesota-courts-website-target-of-ddos-attacks/

Visit link:
Minnesota Courts Website Target Of DDoS Attacks

DDoS attack on BBC may have been biggest in history

Last week’s distributed denial of service attack against the BBC website may have been the largest in history. A group calling itself New World Hacking said that the attack reached 602Gbps. If accurate, that would put it at almost twice the size of the previous record of 334Gbps, recorded by Arbor Networks last year. “Some of this information still needs to be confirmed,” said Paul Nicholson, director of product marketing at A10 Networks, a security vendor that helps protect companies against DDoS attacks. “If it’s proven, it would be the largest attack on record. But it depends on whether it’s actually confirmed, because it’s still a relatively recent attack.” According to Nicholson, it sometimes happens that people who step forward and take credit for attacks turn out to be exaggerating. New World Hacking also said that the attack, which came on New Year’s Eve, was “only a test.” “We didn’t exactly plan to take it down for multiple hours,” the group told the BBC. New World Hacking also hit Donald Trump’s campaign website the same day, and said its main focus was to take down ISIS-affiliated websites. It’s common for hackers to go after high-profile media websites, but attacks against political websites are increasingly likely to be in the spotlight this year because of the U.S. election cycle, according to Raytheon|Websense CEO John McCormack. “The U.S. elections cycle will drive significant themed attacks,” he said. “This is just the beginning and it will get worse — and more personal — as candidates see their campaign apps hacked, Twitter feeds hijacked, and voters are targeted with very specific phishing attacks based on public data such as voter registration, Facebook and LinkedIn.” One possible reason to conduct a DDoS attack against a high-profile target such as the BBC or Donald Trump is marketing, said A10 Networks’ Nicholson. It seems that New World Hacking may be affiliated with an online DDoS tool called BangStresser, which delivers attacks as a service. Last year, a similar group, the Lizard Squad, conducted a marketing campaign for their DDoS service, the Lizard Stressor. “There are a lot of parallels here,” said A10 Networks’ product marketing manager Rene Paap. These services typically leverage botnets or use stolen payment cards to rent cloud-based servers, he said. Typically, the rented servers are used to run command and control servers. What’s unusual about New World Hacking is that they’re claiming to be using Amazon servers to generate actual attack bandwidth. “That is something new,” said Paap. “But it hasn’t been confirmed or denied yet.” Not all DDoS attack services are illegal, said Nicholson. “Some are offered as useful services to websites, to see if they can handle the load,” he said. Others fall squarely into the gray area, allowing cyber-terrorists, extortionists and digital vandals to launch attacks for a few hundred dollars each. “Some of them are quite inexpensive and configurable,” Nicholson said. “for example, you can have different attacks at different times, so that it’s harder to defend against them.” To protect themselves, Nicholson recommends that companies deploy a combination of on-premises and cloud-based solutions to handle attacks of varying types and sizes. “You need to be able to detect what’s going on, that there’s actually an attack,” he said. “And once you detect an attack, you need to be able to mitigate it as long as possible.” According to security vendor Netcraft, service to the BBC network was restored by using the Akamai content delivery network. Akamai declined to comment about this particular case. “As policy, the company isn’t commenting on specific situations,” said a spokesperson. Source: http://www.csoonline.com/article/3020292/cyber-attacks-espionage/ddos-attack-on-bbc-may-have-been-biggest-in-history.html

View article:
DDoS attack on BBC may have been biggest in history