Monthly Archives: July 2016

Ransomware: Can we finally start learning from past mistakes?

There is a phrase I am finding quite relevant lately. It is attributed to the philosopher George Santayana and it goes like this: “Those who cannot remember the past are condemned to repeat it.” The reason it comes to my mind a lot these days is the headlines we are seeing relating to the latest ransomware attacks against companies’, hospitals’ and government departments’ systems. Previous headlines highlighted how criminals used DDoS attacks to extort money … More ?

See the article here:
Ransomware: Can we finally start learning from past mistakes?

DDoS extortion campaigns increasingly target businesses

80 percent of European IT security professionals expect their business to be threatened with a DDoS ransom attack during the next 12 months, according to Corero Network Security. The research, which polled over 100 security professionals at the Infosecurity Europe conference in London, highlights the growing threat of cyber extortion attempts targeting businesses in the United Kingdom and continental Europe. The rise of DDoS extortion campaigns Last month, (May 2016), the City of London Police … More ?

Visit link:
DDoS extortion campaigns increasingly target businesses

WikiLeaks’ website was taken offline with a DDoS attack amid an ongoing hacker feud.

As a long-time feud between rival hacking groups boiled over, the WikiLeaks website was caught in the crossfire and brought offline by a distributed-denial-of-service (DDoS) attack on 5 June. However, rather than react with anger, leaked chat logs show how WikiLeaks’ Twitter account engaged the group responsible, called OurMine, and even offered hacking tips for the future. Direct messages leaked to Buzzfeed show how WikiLeaks’ account, rumoured to be helmed by the website’s founder Julian Assange, told the group – which has become known for hacking the online profiles of high-profile figures – their talents could be put to better use. OurMine has recently hacked a slew of celebrities and technology executives including Facebook’s Mark Zuckerberg, Google’s Sundar Pichai and Spotify founder Daniel Ek. Every time, they leave a message telling the victim how weak their security is and leave a link to their website. Indeed the group claims to be a security firm rather than a hacking outfit. In any case, as far as ‘hacks’ go, OurMine’s activity is fairly tame. Until WikiLeaks’ website was taken down – thanks to an ongoing head-to-head with the Anonymous collective – there was little real damage caused to victims other than embarrassment. The DDoS attack took down the famous whistleblowing website by sending waves of traffic towards its servers, a common tactic used in hacktivist circles as a means of protest. After the incident, WikiLeaks got in touch and said the group was wasting its time by not making the most of the chances received by infiltrating profiles of the rich and famous. “If you support us and want to show you’re skills, then don’t waste your time with DDoS etc,” the account wrote. “Find us interesting mail spools or docs and send them to [WikiLeaks]. That’ll have a much greater impact.” After OurMine replied with “We never change their passwords we are just testing their accounts’ security” WikiLeaks said it was a “huge waste.” The message continued: “There’s a lot more than (sic) could have been done with those accounts. Sending DM’s as Zuckerberg to further access elsewhere. Same with Google CEO. You could have used these accounts to gain access to much more significant information, revealing corrupt behaviour elsewhere.” Based on the chats, OurMine appeared to agree with the new direction. “Great idea,” it said. One the hackers, speaking with Wired, previously said: “We don’t need money, but we are selling security services because there is a lot [of] people [who] want to check their security. We are not blackhat hackers, we are just a security group…we are just trying to tell people that nobody is safe.” Source: http://www.ibtimes.co.uk/wikileaks-tells-ourmine-hackers-impersonate-high-profile-victims-reveal-corrupt-behaviour-1569499

Read More:
WikiLeaks’ website was taken offline with a DDoS attack amid an ongoing hacker feud.

EasyDoc malware adds Tor backdoor to Macs for botnet control

Smugness levels cut among Apple fanbois Security firm Bitdefender has issued an alert about a malicious app that hands over control of Macs to criminals via Tor.…

Originally posted here:
EasyDoc malware adds Tor backdoor to Macs for botnet control

IoT Devices Are Being Hacked By Lizard Squad To Execute DDoS Attacks

People who have been following the tech news may recall the name Lizard Squad. This hacker collective has been a major pain in the neck for computer users all over the world. But it looks like they are changing tactics. Instead of relying on computer botnets, they are now enslaving other internet-connected devices to wreak more havoc. Lizard Squad Is Still On The Scene While most people agree the Internet of Things is a magnificent concept, it also poses a significant security risk. The majority of Internet-connected devices is not equipped with proper security precautions. In theory, any device connected to the internet can be hacked and taken over by malicious individuals. That seems to what Lizard Squad is showcasing already. The collective has been making a name for itself by using compromised computers to execute DDoS attacks around the world. But it looks like the Internet of Things is their new favorite target as of late. With millions of connected devices to choose from, creating a botnet has never been easier. Over the past few months, Lizard Squad hacked CCTV cameras and webcams all over the world to execute its DDoS attacks. Targets ranged from banks to governments, and gaming sites to ISPs. Albeit internet-connected devices are not always as powerful as a computer, they are much easier to control remotely. Plus, a lot of less-powerful devices combined can still pack quite the punch. Top put this into perspective, some of the recent Lizard Squad attacks managed to drive 400 Gbps of data to specific websites and servers. That is quite a lot of computer requests to bring down any network, or at least cripple it severely. Interestingly enough, it remains unknown whether or not Lizard Squad is trying to force targets to pay up to get rid of the attacks altogether. These attacks paint a worrisome picture for the future of Internet of Things security, though. The vast majority of devices will need to be made a lot more secure before they are actively used on the Internet. Computers are not safe from harm, either, though, as hacker collectives will try to exploit any weakness in any device. Source: http://themerkle.com/iot-devices-are-being-hacked-by-lizard-squad-to-execute-ddos-attacks/

More:
IoT Devices Are Being Hacked By Lizard Squad To Execute DDoS Attacks

Chinese gambling site served near record-breaking complex DDoS

Nine vectors used as bad guys try to beat defenders. A chinese gambling company has been pulverised with multiple nine-vector, 470 Gbps, 110 million packet-per-second distributed denial of service (DDoS) attacks, some of the biggest and most complex ever recorded.…

Follow this link:
Chinese gambling site served near record-breaking complex DDoS

Hydra hacker bot spawns internet of things DDoS clones

LizardStresser makes a messer of Brazil banks, gamer outfits Lizard Squad may be mostly behind bars, but their LizardStresser botnet has spawned more than 100 clones.…

Read More:
Hydra hacker bot spawns internet of things DDoS clones