Monthly Archives: October 2016

Justice Charges Hackers From Lizard Squad, PoodleCorp

Two teenagers face charges from the U.S. Justice Department for allegedly being members of well-known hacking groups Lizard Squad and PoodleCorp. On Thursday (Oct. 6), Krebs on Security reported that the pair have been charged with credit card theft and operating services that enabled paying customers to launch cyberattacks with the intention of knocking websites offline. The two 19-year-olds, Zachary Buchta and Bradley Jan Willem van Rooy, are believed to have conspired to cause damage to protected computers. “The charges are the result of an international investigation into the computer hacking groups ‘Lizard Squad’ and ‘PoodleCorp,’ according to a criminal complaint and affidavit filed in U.S. District Court in Chicago,” a statement from the U.S. Attorney’s Office for the Northern District of Illinois said. “Buchta and van Rooy allegedly conspired with others to launch destructive cyberattacks around the world and trafficked payment accounts that had been stolen from unsuspecting victims in Illinois and elsewhere,” it continued. Last year, the U.K.’s National Crime Agency (NCA) arrested six teenagers for allegedly attempting to access a tool used by the Lizard Squad hacker group. Just days after those arrests were made, the NCA itself was taken down by a targeted cyberattack. The NCA’s website was down for more than an hour and was the target of a distributed denial-of-service (DDoS) attack. In DDoS attacks, hackers bombard a targeted website with an overflow of data, eventually causing the entire network to crash. Lizard Squad took to Twitter shortly after the attack to take credit for the site shutdown. The group also gained press last year for supposedly launching a new business venture that allows anyone to join its security-breaching ways for a low cost of $6 a month. The subscription service known as LizardStresser allows subscribers to obtain a distributed denial-of-service attack tool. “This booter is famous for taking down some of the world’s largest gaming networks, such as Xbox Live, Playstation Network, Jagex, BattleNet, League of Legends and many more!” the LizardStresser homepage boasted at the time. “With this stresser, you wield the power to launch some of the world’s largest denial-of-service attacks.” Source: http://www.pymnts.com/news/security-and-risk/2016/hackers-from-lizard-squad-poodlecorp-arrested/

Visit link:
Justice Charges Hackers From Lizard Squad, PoodleCorp

73% of organisations across the globe have suffered a DDoS attack

A new report from analytics firm Neustar has brought to light the amount of companies around the world who have suffered a DDoS attack, and how they are working to mitigate them. Nearly three-quarters (73 percent) of organisations worldwide have suffered a DDoS attack and 76 percent are investing more in response to the threat of such attacks. For its new global report, Neustar studied 1,002 directors, managers, CISOs, CSOs, CTOs and other C-suite executives to discover how DDoS attacks are affecting them and what they’re doing to mitigate the threat. Respondents represent diverse industries such as technology (18 percent), finance (14 percent), retail (12 percent) and government (seven percent) in North America, EMEA, and Asia Pacific. In EMEA, 75 percent of organisations were attacked. Nearly half (48 percent) were attacked six or more time and 32 percent encountered malware after a DDoS attack. Almost a quarter (21 percent) of attacked organisations reported customer data theft and 70 percent of those specific respondents said they learned of the attack from outside sources, such as social media. Globally, 30 percent of organisations took less than an hour to detect a DDoS attacks. In EMEA, 37 percent of organisations took three or more hours to detect attacks. Despite only two percent of reported attacks exceeding 100+ GBPS, recent DDoS attacks have reached over 620 Gbps and up to almost 1 Tbps in attack size. Organisations are seeking to stay one step ahead of the game and protect against DDoS attacks. To prevent and protect against future attacks, organisations are using: Traditional firewall ISP based prevention (53 percent) Cloud service provider (47 percent) On-premise DDoS appliance and a DDoS mitigation service (36 percent) DDoS mitigation service (29 percent) DDoS mitigation appliance (27 percent) CDN (14 percent) WAF (13 percent) No DDoS protection is used in four percent of organisations. Nearly two-thirds (61 percent) have adopted and actively use IoT devices. In all, 82 percent of IoT adopters experienced an attack compared to just 58 percent of those who have not yet done so. Moreover, 43 percent of IoT adopters that were attacked are investing more than they did a year ago. In emailed commentary to SCMagazineUK .com, Paul McEvatt, senior cyber-threat intelligence manager, UK & Ireland at Fujitsu said, “This latest report revealing the different levels of DDoS attacks has really highlighted the issues with the security of Internet of Things devices, with 82 percent of IoT adopters having experienced an attack compared with just 58 percent of those who have not yet done so. When internet-connected devices are hacked, it again brings to the surface the security risks we face as technology touches every aspect of daily life. McEvatt added, “The issue is that businesses are failing to understand what is needed for a robust application of security from the outset, whether that’s for routers, smart devices or connected cars. Various attackers use online services to look for vulnerable IoT devices, making organisations an easy target for low-level cyber-criminals. The worrying reality is that security is often an afterthought and security fundamentals are still not being followed such as changing default passwords. Many of the cameras used in the recent DDoS attacks were shipped and left connected to the internet with weak credentials such as root/pass, root/admin or root/1111111, so it is little wonder these devices continue to be compromised.” Source: http://www.scmagazineuk.com/73-of-organisations-across-the-globe-have-suffered-a-ddos-attack/article/527211/

More:
73% of organisations across the globe have suffered a DDoS attack

Worry more about small app layer DDoS attacks than huge network blasts, says Canadian vendor

Massive distributed denial of service (DDoS) attacks have been grabbing headlines recently, with cyber security reporter Brian Krebbs being forced to temporarily take his site down after his service provider couldn’t handle a 620 Gbps attack, followed a few days later by a 1 Tbps attack on French hosting provider OVH. The incidents have some worried that DDoS attacks can now scale so high that current mitigation technology renders targeted organizations defenceless. Not so, says a Toronto security firm. In a report issued Tuesday DDoS Strike concludes CISOs worry too much about high volume network layer attacks and not enough about application layer attacks, which can take down a site with as little as 4.3 Gpbs of traffic. “Most organizations are only part way to understanding DDoS attacks and therefore having the capacity to defend against them with full effectiveness,” the report concludes. The report is based on an analysis of data gathered by DDoS Strike, which offers a service for testing enterprise infrastructures on their layer 3-7 denial of service mitigation techniques. DDoS Strike is a division of Security Compass, which makes application development security tools. What the company found after looking at its data from test attacks on 21 systems of Canadian and U.S.-based customers (some companies had more than one system) was that 95 per cent of targets tested suffered service degradation close to knocking a site offline — suggesting their DDoS mitigation efforts were useless. Of attacks at the application layer 75 per cent would have been successful. But, Sahba Kazerooni, vice-president DDoS Strike, said in an interview, network scrubbing techniques are largely effective. with service generally being denied only for a few hours until mitigation can either be tuned or turned on. More importantly, he added, is that application layer attacks are harder to defend, needing multiple tiers of defence, more expertise among IT staff trying to block them and fine controls. The result is more downtime for a successful app layer attack. “Our customers have a skewed way of looking at DdoS as a threat,” he said, “because they were being warned by the industry to worry about major ( network) attacks “and they’re forgetting about high level attacks on the app layer.” “We have this tendency to over-focus on technology when it comes to DDoS. We’re very quick to deploy on-site mitigation devices or to buy a scrubbing service. The piece that’s missing is to focus on the process and the training of staff to handle DDoS attacks.” Some of the customers tested brought their systems back from the brink in an average of 25 minutes, he said. (DDoS Strikes thinks that’s too long.) But of the successful test attacks his company carried out, over 70 per cent had some kind of process or people gap that resulted in longer than necessary downtime, he said. “A lot of companies can benefit not only from buying services and product but also training their employees,” Kazerooni concludes focusing more on their own processes with the goal of ultimately reducing downtime.” The report concludes that • businesses should stop thinking of DDoS attacks as crude acts of brute force, and start thinking of them as sophisticated, incisive attacks as complex as any other major hacking threat; • DDoS mitigation is incomplete out of the box, and can only be effective with proper DDoS simulation testing at all levels; • and DDoS mitigation should be viewed as a multifaceted strategy, involving people, process, and technology, rather than solely a technical fix. Source: http://www.itworldcanada.com/article/worry-more-about-small-app-layer-ddos-attacks-than-huge-network-blasts-says-canadian-vendor/386956

Link:
Worry more about small app layer DDoS attacks than huge network blasts, says Canadian vendor

53% of DDoS attacks result in additional compromise

DDoS attack volume has remained consistently high and these attacks cause real damage to organizations, according to Neustar. The global response also affirms the prevalent use of DDoS attacks to distract as “smokescreens” in concert with other malicious activities that result in additional compromise, such as viruses and ransomware. “Distributed denial-of-service attacks are no longer isolated events limited to large, highly visible, targets. Sophisticated attacks hit companies of all sizes, in all industries,” said Rob … More ?

View article:
53% of DDoS attacks result in additional compromise

Expect ‘Flood’ of DDoS Attacks After Source Code Release

The source code behind the massive distributed denial of service attack against security researcher Brian Krebs’s website has been released online. In a blog post over the weekend, Krebs wrote that the so-called Mirai source code’s release pretty much guarantees that “the Internet will soon be flooded with attacks from many new botnets powered by insecure routers, IP cameras, digital video recorders, and other easily hackable devices.” Krebs knows all too well what Mirai is capable of. Last month, the “Internet of Things” botnet launched a “historically large” 620Gbps DDoS attack against his well-known and respected site KrebsOnSecurity, inundating it with so much spam traffic that DDoS protection provider Akamai dropped the site to protect other subscribers. The Mirai source code leak came to light on Friday via the Hackforums community, Krebs said. A user with the alias “anna-senpai” posted the code there for anyone to use, likely to avoid getting caught. “It’s an open question why anna-senpai released the source code for Mirai, but it’s unlikely to have been an altruistic gesture: Miscreants who develop malicious software often dump their source code publicly when law enforcement investigators and security firms start sniffing around a little too close to home,” Krebs wrote. “Publishing the code online for all to see and download ensures that the code’s original authors aren’t the only ones found possessing it if and when the authorities come knocking with search warrants.” The malware spreads by “continuously scanning the Internet for [vulnerable] IoT systems” that are using default or hard-coded usernames and passwords. Vulnerable devices are then turned into bots, which together can be used to launch DDoS attacks designed to send so much traffic to a website that it’s knocked offline. “My guess is that (if it’s not already happening) there will soon be many Internet users complaining to their ISPs about slow Internet speeds as a result of hacked IoT devices on their network hogging all the bandwidth,” Krebs wrote. “On the bright side, if that happens it may help to lessen the number of vulnerable systems.” Source: http://www.pcmag.com/news/348404/expect-flood-of-ddos-attacks-after-source-code-release

See the article here:
Expect ‘Flood’ of DDoS Attacks After Source Code Release

SANS issues call to arms to battle IoT botnets

Do try this at home – but carefully The SANS Institute is hoping sysadmins can help it to do what vendors won’t: improve Internet of Things security.…

See the original post:
SANS issues call to arms to battle IoT botnets

Newsweek Website Suffers DDoS Attack After Publishing Controversial Trump Report

Newsweek reported suffering a massive DDoS attack right after they published an exposé on how some of Donald Trump’s companies had violated the United States embargo on trading with Cuba. The attack was sufficient to prevent access to the article on Friday, September 30, but the attack subsided, and the report was available the following day. Kurt Eichenwald, the journalist that penned the piece, and Jim Impoco, Newsweek Editor-in-Chief, both categorized the incident as a cyber-attack. “The reason ppl couldnt read #TrumpInCuba piece late yesterday is that hackers launched a major attack on Newsweek after it was posted,” Eichenwald wrote on Twitter. “Last night we were on the receiving end of what our IT chief called a ‘massive’ DoS (denial of service) attack,” Impoco told fellow media outlet TalkingPointMemo (TPM) via email. Some websites that generate enough hype can suffer from huge traffic loads that overcome servers. Nevertheless, Newsweek is a reputable news portal that has the resources to deal with such traffic spikes. Impoco was very adamant that the incident was because of a coordinated DDoS attack, which he claims might have originated from Russia, but did not elaborate beyond explaining that the DDoS attack’s “main” IP address was from Russia. This explanation doesn’t make any technical sense since DDoS attacks don’t have “main” IP addresses. Source: http://news.softpedia.com/news/newsweek-website-suffers-ddos-attack-after-publishing-controversial-trump-report-508874.shtml

More:
Newsweek Website Suffers DDoS Attack After Publishing Controversial Trump Report

Leaked: Source code for Mirai IoT DDoS botnet

IoT-powered DDoS attacks are on the rise, and the situation is poised to become even worse now that the source code for the Mirai malware has been made public. Reporter Brian Krebs, whose website has recently been bombarded with a huge DDoS attack by botnets created with the Mirai and Bashlite malware, spotted a post on hacking community Hackforums by a user named “Anna-senpai” offering the code. “When I first go in DDoS industry, I … More ?

Follow this link:
Leaked: Source code for Mirai IoT DDoS botnet

Source code unleashed for junk-blasting Internet of Things botnet

Hackforums leak Malicious code used to press-gang IoT connected devices into a botnet was leaked online over the weekend.…

Taken from:
Source code unleashed for junk-blasting Internet of Things botnet