Author Archives: Enurrendy

If two countries waged cyber war on each another, here’s what to expect

Imagine you woke up to discover a massive cyber attack on your country. All government data has been destroyed, taking out healthcare records, birth certificates, social care records and so much more. The transport system isn’t working, traffic lights are blank, immigration is in chaos and all tax records have disappeared. The internet has been reduced to an error message and daily life as you know it has halted. This might sound fanciful but don’t be so sure. When countries declare war on one another in future, this sort of disaster might be the opportunity the enemy is looking for. The internet has brought us many great things but it has made us more vulnerable. Protecting against such futuristic violence is one of the key challenges of the 21st century. Strategists know that the most fragile part of internet infrastructure is the energy supply. The starting point in serious cyber warfare may well be to trip the power stations which power the data centres involved with the core routing elements of the network. Back-up generators and uninterruptible power supplies might offer protection, but they don’t always work and can potentially be hacked. In any case, backup power is usually designed to shut off after a few hours. That is enough time to correct a normal fault, but cyber attacks might require backup for days or even weeks. William Cohen, the former US secretary of defence, recently predicted such a major outage would cause large-scale economic damage and civil unrest throughout a country. In a war situation, this could be enough to bring about defeat. Janet Napolitano, a former secretary at the US Department of Homeland Security, believes the American system is not well enough protected to avoid this. Denial of service An attack on the national grid could involve what is called a distributed denial of service (DDoS) attack. These use multiple computers to flood a system with information from many sources at the same time. This could make it easier for hackers to neutralise the backup power and tripping the system. DDoS attacks are also a major threat in their own right. They could overload the main network gateways of a country and cause major outages. Such attacks are commonplace against the private sector, particularly finance companies. Akamai Technologies, which controls 30% of internet traffic, recently said these are the most worrying kind of attack and becoming ever more sophisticated. Akamai recently monitored a sustained attack against a media outlet of 363 gigabits per second (Gbps) – a scale which few companies, let alone a nation, could cope with for long. Networks specialist Verisign reports a shocking 111% increase in DDoS attacks per year, almost half of them over 10 Gbps in scale – much more powerful than previously. The top sourcesare Vietnam, Brazil and Columbia. Number of attacks Verisign Scale of attacks Verisign Most DDoS attacks swamp an internal network with traffic via the DNS and NTP servers that provide most core services within the network. Without DNS the internet wouldn’t work, but it is weak from a security point of view. Specialists have been trying to come up with a solution, but building security into these servers to recognise DDoS attacks appears to mean re-engineering the entire internet. How to react If a country’s grid were taken down by an attack for any length of time, the ensuing chaos would potentially be enough to win a war outright. If instead its online infrastructure were substantially compromised by a DDoS attack, the response would probably go like this: Phase one: Takeover of network : the country’s security operations centre would need to take control of internet traffic to stop its citizens from crashing the internal infrastructure. We possibly saw this in the failed Turkish coup a few weeks ago, where YouTube and social media went completely offline inside the country. Phase two: Analysis of attack : security analysts would be trying to figure out how to cope with the attack without affecting the internal operation of the network. Phase three: Observation and large-scale control : the authorities would be faced with countless alerts about system crashes and problems. The challenge would be to ensure only key alerts reached the analysts trying to overcome the problems before the infrastructure collapsed. A key focus would be ensuring military, transport, energy, health and law enforcement systems were given the highest priority, along with financial systems. Phase four. Observation and fine control : by this stage there would be some stability and the attention could turn to lesser but important alerts regarding things like financial and commercial interests. Phase five. Coping and restoring : this would be about restoring normality and trying to recover damaged systems. The challenge would be to reach this phase as quickly as possible with the least sustained damage. State of play If even the security-heavy US is concerned about its grid, the same is likely to be true of most countries. I suspect many countries are not well drilled to cope with sustained DDoS, especially given the fundamental weaknesses in DNS servers. Small countries are particularly at risk because they often depend on infrastructure that reaches a central point in a larger country nearby. The UK, it should be said, is probably better placed than some countries to survive cyber warfare. It enjoys an independent grid and GCHQ and the National Crime Agency have helped to encourage some of the best private sector security operations centres in the world. Many countries could probably learn a great deal from it. Estonia, whose infrastructure was disabled for several days in 2007 following a cyber attack, is now looking at moving copies of government data to the UK for protection. Given the current level of international tension and the potential damage from a major cyber attack, this is an area that all countries need to take very seriously. Better to do it now rather than waiting until one country pays the price. For better and worse, the world has never been so connected. Source: http://theconversation.com/if-two-countries-waged-cyber-war-on-each-another-heres-what-to-expect-63544

Visit site:
If two countries waged cyber war on each another, here’s what to expect

DDoS Attacks: Cybercriminals Are More Homegrown Than You Think

Researchers from the FBI and a private security company say many of the distributed denial of service attacks emanate from the West. BLACK HAT USA – Las Vegas – The stereotype of the seedy cybercriminal from Russia or Eastern Europe may no longer be valid. FBI agent Elliott Peterson told Black Hat attendees this morning that when it comes to the most recent DDoS attacks, the vast majority come from North America, Western Europe and Israel. And many are 16 to 17-years of age or in their mid-20s. “Many use their nicknames on Skype or Twitter and they are heavy users of social media,” said Peterson. Peterson and Andre Correa, cofounder of Malware Patrol, shared much of their recent research on DDoS attacks at a briefing session here this morning. They focused much of their research on amplification and reflection attacks, booters/stressers and IoT and Linux-based botnets. Peterson said the amplification and reflection attacks get a good rate of return: a hacker can send one byte and get 200 in return. The bad threat actors now sell amplification lists that criminals can easily buy over commercial web interfaces. The booters and stressers are inexpensive, they cost roughly $5 to $20 a month and require very little technical knowledge for the criminal to deploy. And on the IoT front, botnets are creating scanning hosts for default credentials or vulnerabilities. A bot is then automatically downloaded and executed. Over the past several months, Peterson and Correa have compiled more than 8 million records. They said last month, the leading DDoS type was SSDP at Port 1900. “This was kind of interesting since most people may think that NTPs were the leading cause of DDoSs, but they scored much lower because many NTP servers have been patched of late,” said Correa. Peterson said some of the criminals are just total scam artists. “They just take your money and don’t do the attack,” he said. “On the other hand, there are also some sophisticated players offering turnkey DDoS services. They provide attack scripts, amp lists and good customer service, sometimes up to six people on hand. Other findings: most attacks are in the 1-5 Gbps range, with the highest DDoS observed at 30 Gbps. Source: http://www.darkreading.com/attacks-breaches/ddos-attacks-cybercriminals-are-more-homegrown-than-you-think-/d/d-id/1326508

See more here:
DDoS Attacks: Cybercriminals Are More Homegrown Than You Think

Cybersecurity: Financial Institutions Fret over DDoS Attacks

Financial institutions, especially the banks, are getting more worried about the increasing rate of a new cyber attack called Distributed Denial of Service (DDoS), that has caused huge financial losses running into billions of naira to banks. Financial institutions expressed worries about further loss of funds to DDoS attacks at a security forum organised by MainOne and Radware in Lagos this week and called for technology solutions that would address the threat. During a panel session, Head, Infrastructure Services at Skye Bank, Mr. Tagbo Nnoli, said banks suffered major attacks last year from DDoS attacks on banks and that since then, the banks started seeking solutions to address the issue. Aside DDoS attacks, Nnoli said banks also suffered attacks from phishing and social engineering last year, resulting to huge financial losses. Head, Industry Security Services, Nigeria Inter-Bank Settlement System (NIBBS), Mr. Olufemi Fadairo, who confirmed that banks suffered huge financial losses to cyber attacks last year, however said the rate of losses due to online attacks, were beginning to reduce in 2016, following proactive measures taken by the Central Bank of Nigeria (CBN) and the NIBSS to address financial losses to cyber attacks. According to Fadairo, “NIBSS tries to protect organisations and in the past five years, there has been improvement on financial security. We do benchmarking to find out any disruption of a normal pattern of an organisation. By January 2016, we discussed about DDoS attacks on banks where 63 per cent of banks said such attacks would increase, if not mitigated on time.” Following the threat, we decided to focus on data companies like MainOne that provides data solution for the financial sector, Fadairo said. The Chief Information Security Officer at MainOne, Mr. Chidi Iwe, however raised the hopes of financial institutions at the forum, when he revealed that MainOne had partnered RadWare, a global security company to mitigate DDoS attacks in the country’s financial sector, by redirecting organisation’s traffic to the MainOne DDoS mitigation platform, from where it keeps organisation data fully protected at all times and maintaining the normal operations of organisations on-premises infrastructure. He said the service could detect and mitigate zero-day attack within 18 seconds. According to Iwe, over 50 per cent of enterprise companies globally, suffered DDoS attacks at the end of 2015, and Nigerian businesses are growing in recent yeas and the focus of attacks is gradually shifting to the Nigerian space. Although he said most attacks were not reported publicly in the past, but that there has been over 600 per cent growth in reporting attacks in Nigeria in recent times, based on CBN regulation. Two weeks ago, there was DDoS Attacks in Nigeria. Attacks have caused organisations over $500 billion in recent years, and DDoS attacks are predicted to be on the rise, Iwe said. He however assured financial institutions that the security solution service agreement it signed with Radware in 2016, would address insecurity issues with DDoS attacks. MainOne solution therefore monitors DDoS attacks and create alert for the company using the solution, he said, while listing the benefits of the solution to include online reporting, which allows customers to log online to find out what the trends are. The MainOne solution also offers training for customers in partnership with Radware to boost customer experience. He said capital expenditure CAPEX and operational expenditure OPEX, are completely eliminated by the solution. The Security Solution Architect at Radware, Mr. Eran Danino, while explaining how DDoS operates, said it first attacks firewalls, destroys it before replicating itself into other components. He said most organisations are not ready to mitigate DDoS attack because they either have saturated internet pipes, or they lack the security skills to detect and mitigate attacks. “What we do at Radware is to mitigate the attacks, just as the attackers change their attacking plans regularly,” Danino said. He explained that there was need for organisations to choose the best protection and draw up a checklist to find out the assets that must be protected first. He said Radware uses two approaches to mitigate DDoS attacks, through hybrid solution and full cloud service solution by protecting data from the cloud. Source: http://www.thisdaylive.com/index.php/2016/08/04/cybersecurity-financial-institutions-fret-over-ddos-attacks/

Read the original:
Cybersecurity: Financial Institutions Fret over DDoS Attacks

GTA 5 Outage: Why Grand Theft Auto V Was Not Working

PSN was also attacked Poodlecorp launched a Distributed Denial of Service (DDoS) attack on Rockstar Games’ GTA 5 servers to take the game down. This resulted in players being unable to play the online elements of the game with others. The attack lasted for a few hours before service was restored. The hack of GTA 5 resulted in online elements from every version of the game not working. Those that tried to play during this time were met with error messages. Poodlecorp took to social media to claim responsibility for the hack and said more was in store for gamers on Sony Corp (ADR)’s (NYSE: SNE ) PlayStation Network, reports Daily Star . Poodlecorp claimed it was able to cause small outages in the PlayStation Network for PS3 and PS4 users on Thursday morning. However, this doesn’t seem to be all it has planned. It claims that this was only a test before it launches a larger attack. Poodlecorp hasn’t announced plans for any other attacks outside of GTA 5 and the PlayStation Network. While the Grand Theft Auto V servers are back up, there’s a possibility they could go down again throughout the day. The same is also true for the PlayStation Network. One of Poodlecorp’s members recently claimed in an interview that its ranks includes previous members of hacker group Lizard Squad. The group also took responsibility for an attack on Nintendo Co., Ltd (ADR)’s (OTCMKTS: NTDOY ) Pokemon Go servers late last month, Express notes. Source: http://investorplace.com/2016/08/gta-5-outage-grand-theft-auto-v-rockstar-games-poodlecorp/#.V6OhaWWgPzI

Excerpt from:
GTA 5 Outage: Why Grand Theft Auto V Was Not Working

Overwatch,’ ‘Warcraft’ Servers Sidelined By DDoS Attack From Hacking Group PoodleCorp

Blizzard was hit with a DDoS attack that made its servers inaccessible, disrupting gameplay for Battle.net users on Aug. 2. Someone from Blizzard’s customer support team posted on the Battle.net forums to acknowledge the attack, saying network engineers are on the case, working to address the issue. The problem has since been resolved, but according to a tweet from Blizzard’s North American customer support team, reports of World Server Down in World of Warcraft are being investigated. In a tweet, hacker group PoodleCorp claimed responsibility for the DDoS attack. It’s not clear who is PoodleCorp exactly, but some Battle.net users have surmised that some of the hacking group’s members could be players who were recently banned from Overwatch , and thus now out for revenge. Whoever they are, PoodleCorp appears to be a busy group. A day before the DDoS attack on Blizzard, the hackers apparently took on Pokémon GO , marking their second takedown of the mobile game after first attacking it on July 16. Pokémon GO servers were also down for several hours on July 17, but OurMine, another hacking group, took the credit for that attack. In an interview via Twitter DM, PoodleCorp’s leader, @xotehpoodle, told Mic that they targeted Pokémon GO because it’s popular right now. Also, they’re doing what they’re doing because nobody can stop them. “We do it because we can, nobody can stop us and we just like to cause chaos,” said the hacking group’s head, who added that their botnet is worth more than Niantic. Over the summer, PoodleCorp also claimed responsibility for hacking League of Legends and popular YouTubers. Earlier in June, Blizzard also experienced a major outage as another DDoS attack took out its servers. Twitter user AppleJ4ck, said to be tied to hacking group Lizard Squad, claimed responsibility for the attack and mocked Blizzard, saying the attack was part of some “preparations.” As PoodleCorp has claimed responsibility for the most recent outage, does that mean that there’s more to come given what AppleJ4ck’s been preparing for has not come to fruition? In the past, Lizard Squad had been connected to disruptions on Microsoft’s Xbox Live and Sony’s PlayStation Network. When angry gamers swarmed the hackers’ Twitter accounts, PoodleCorp and AppleJ4ck replied with similar messages, saying anyone who gets upset over a game should get a life and that they’re doing everyone a favor by knocking them offline. Source: http://www.techtimes.com/articles/172361/20160803/overwatch-warcraft-servers-sidelined-by-ddos-attack-from-hacking-group-poodlecorp.htm

Follow this link:
Overwatch,’ ‘Warcraft’ Servers Sidelined By DDoS Attack From Hacking Group PoodleCorp

Security testing platform for app-aware infrastructures

At Black Hat USA 2016, Spirent Communications will be presenting CyberFlood, a security and performance testing platform suitable for complex testing scenarios. With CyberFlood, users can ensure that their security and performance testing addresses their unique environments by emulating realistic traffic volume, threats, and attack scenarios including fuzzing, malware, and DDoS attacks. Designed with team testing in mind, CyberFlood’s intuitive web UI extends easy-to-use best practices for faster, repeatable, and more accurate testing. Users can … More ?

Media Organizations Beware – DDos Attacks are Coming

There’s nothing subtle about a DDoS attack. Your incident response console is lit up like a Christmas tree. Alarms are going off indicating that your network is down or severely disrupted. System users and managers are sending you panicky messages that business has ground to a halt. Meanwhile your mind is racing: Who would do this to us? Some kind of cyber extortionist? An unsavoury competitor? Hacktivists trying to send a message? And why would they do this? There are many reasons behind a DDoS attack but one thing we have continued to see is the rise of DDoS attacks on media publications – most recently demonstrated by the attacks on Swedish media sites. After a bit of investigation, Arbor found that the attack was not endorsed by the Russian government, but instead a typical distributed attack, with computers located in Russia, among many other countries, generating attack traffic – most likely a botnet for hire service. At the end of last year, we also saw the BBC hit by a DDoS attack and according to Newscycle Solutions, while Brian Krebs was hit by a DDoS back in 2013. Over 50% of media companies have been the victim of some sort of cyber-attack in the last two years – it’s clear that media organizations are currently in the firing line for hackers. We know that every business has a different IT team and because of this have different views towards security. But it is important that even soft targets such as media organizations have a good understanding of the threat landscape and implement the right security processes. There are several factors media organizations should consider. Easy to implement, easy to attack Firstly, it is now far too easy to launch a DDoS attack. For a mere $5/hr anyone without any technical knowledge can purchase a DDoS for Hire Service and launch a DDoS attack. Quite often, it is used as a smokescreen to cover fraudulent activity. Combine this with the many motives behind a DDoS attack and you see why there is such a rise in the number of DDoS attacks across all types of industries. Changing motivations Traditionally, vandalism and political/ideological disputes are the common reason for attacks on media organizations. The poster child for this is the DDoS attack on the BBC. It is just a way for hackers to flex their muscles to show everyone what they’re capable of. More recent attacks have highlighted the growth of criminal extortion, data exfiltration and DDoS for Bitcoin. As media organizations report on all types events, while they may not take a side, they could still become a target of an attack. Interestingly there is usually a correlation between political conflicts in the real world and online attacks – often called cyber-reflection. The variety of DDoS continues to grow DDoS attacks are utilized as a diversion or smokescreen in multiple stages of the cyberattack kill chain. The following cases have all been documented as part of complex attacks and should be steps every business should be aware of: Reconnaissance : In this initial stage, cybercriminals launch a small DDoS attack to size up your security posture and ability to respond. If they find that a business’ security is weak, they will stick around to do some discrete probing and port scanning, looking for vulnerabilities to exploit so they can break into the organization. The knowledge they gather in this phase will be used for the Extract Data/Complete Mission Phase Malware Delivery/Exploitation : Now they’re inside the network and spreading out, dropping malware onto your machines. To cover their tracks, hackers will launch a DDoS attack to overwhelm an organization’s threat detection and forensics tools, making the search for the breach and the planted malware much harder to detect Extract Data/Complete Mission : In the final stage, they launch a DDoS attack as a diversion while they steal confidential data such as credit card information, intellectual property or other valuable information they can get their hands on. While the IT team are distracted, cyber criminals quietly slip away undetected with their loot and the DDoS attack mysteriously ends Don’t be low-hanging fruit If a media organization is hit with a DDoS attack, it might not be an independent event. It’s important to make sure there’s nothing happening inside the network that could be related to that attack – otherwise the consequences could be far worse. In fact, businesses may be able to take some cues from the DDoS attack that will help them investigate further. For example, if the IT team knows where the attack is coming from, that could indicate who the threat actor may be. Plus the tactics, techniques and procedures (TTPs) the threat actor uses may help you hunt for other indicators of compromise (IOCs) potentially signalling that you’re falling victim to a larger threat campaign. But why take all the risk? Preventing smokescreen attacks, and the potentially devastating damage they cause, is one more reason why many companies invest in strong DDoS protection. Like a burglar checking for unlocked doors, cyber-criminals look for low-hanging fruit. If they realize that a media site has the defenses in place that can deflect their initial attack, they’re more likely to abandon their efforts and look for an easier victim. Source: http://www.infosecurity-magazine.com/opinions/media-organizations-beware-ddos/

See more here:
Media Organizations Beware – DDos Attacks are Coming

123-Reg drowns in ongoing DDoS tsunami

Data centre target of attack of 30+ Gbps Beleaguered web host 123-Reg has suffered a “huge scale” distributed denial of service (DDoS) attack to its data centre – knocking the Brit outfit’s website offline and a number of users’ services. The attack began this morning and is still ongoing but no performance-related issues have been reported since the traffic was rerouted. The Register understands that the outfit experienced a DDoS attack of 30-plus Gbps to its data centre, with its protection systems kicking in within seconds of the attack being detected. Consequently the business redirected traffic through its secondary “DDoS protection platform” in Germany, which doubled its capacity. No servers were offline, although customers experienced intermittent connection issues such as our website, control panel, email or websites. A 123-Reg spokeswoman said: “At about 10:10am we received a huge scale DDoS attack to our data centre. “Our protection systems kicked in immediately and the attack was contained by 10:40am. We apologise for any intermittent connection issues to our services that some of our customers may have experienced during this time.” Back in November, internet provider Eclipse was hit by a DDoS attack. ® Source: http://www.theregister.co.uk/2016/08/02/123reg_suffers/

Hong Kong Student Gets Probation Time for DDoS Attack During Occupy Campaign

A judge at the Fanling Court in Hong Kong has sentenced Chu Tsun-wai, 20, of Hong Kong, to 15 months of probation for launching a DDoS attack on a Chinese bank’s website during the 2014 Hong Kong Occupy protests. The judge also ruled that the suspect’s Mac computer be confiscated as punishment for carrying out the attack, SCMP reports. Chu, who is one of the top students at his university, had decided to get involved in the Occupy protests that were taking place in Hong Kong during the autumn of 2014. Teen was inspired by one of Anonymous Asia’s videos The teen saw a video posted online by the Anonymous hacker collective, which was warning Hong Kong police to stop the violence against Hong Kong Occupy protesters. The group threatened to hack government websites and release personal information belonging to Hong Kong police officers. The group also called out for others to participate in its protests. The prosecution says that Chu went online and searched on Google for ways to carry out DDoS attacks. He launched one such DDoS attack against the Shanghai Commercial Bank’s website. Police say that the student sent 6,652 HTTP requests in 16 seconds on the bank’s website, on October 12, 2014. Bank website barely noticed the attack This sounds odd since a Web server should, in theory, be capable of handling much more than 6,000 requests per second, but Chinese authorities have come down hard on people who participated in the protests, to begin with. The judge was lenient on Chu because this was his first offense and because the bank’s website didn’t go offline. Chinese news outlet Ejinsight reports that one of Chu’s professors wrote the judge a letter asking the judge to give the suspect a second chance. Public broadcaster RTHK reported that Chu also stands to face disciplinary hearings at his university. Below is the original video that started it all, with the Anonymous group calling out for attacks against Hong Kong police officials during the Occupy protests. Source: http://news.softpedia.com/news/hong-kong-student-gets-probation-time-for-ddos-attacks-during-occupy-campaign-506720.shtml

View article:
Hong Kong Student Gets Probation Time for DDoS Attack During Occupy Campaign

DDoS attacks increase by over 80 percent

In the second quarter of this year DDoS attacks increased by 83 percent to more than 182,900, according to the latest threat report from security solutions company Nexusguard. The report shows that Russia has become the number one victim country. Starlink — a Russian ISP supporting small, medium and large enterprises — received more than 40 percent of the DDoS attacks measured over a two-day period. This targeted DNS attack also pushed the mean average DDoS duration to hours instead of minutes, as measured in the previous quarter. Nexusguard’s researchers attributed this increase to nationalist hactivists organizing a targeted attack to take out Russian businesses, rather than outbreaks driven by popular DDoS-for-hire activity. As a result, they advise businesses to safeguard their infrastructures and check service provider security to ensure continuity for their web presence. The United States and China continue to hold spots in the top three target countries. Brazil remains in the top 10, as well, but saw its attacks decline by more than half. Nexusguard also recorded increases in other attack varieties, including routing information protocol (RIP) and multicast domain name system (mDNS) threats. Hackers are experimenting with new attack methodologies, and with the upcoming Olympics in Brazil and political tensions around the world, researchers predict these factors will contribute to a DDoS spike in Q3. “We were surprised to see an increase in DDoS attacks this quarter, especially as hackers experiment with ransomware, phishing schemes and other data-grabbing methods for monetary gain,” says Terrence Gareau, chief scientist at Nexusguard. “Organizations can expect cyberattacks to continue growing in frequency this year, especially with more attention on the Summer Olympics and the November election season in the US. The results from this quarter also show how important it is to not only protect your website, but also to plan for new payloads and attacks on your infrastructure”. Source: http://betanews.com/2016/07/27/ddos-attacks-increase-by-over-80-percent/