Author Archives: Enurrendy

Rise in multifunctional botnets

There is a growing demand around the world for multifunctional malware that is not designed for specific purposes but is flexible enough to perform almost any task. This was revealed by Kaspersky Lab researchers in a report on botnet activity in the first half of 2018. The research analysed more than 150 malware families and their modifications circulating through 600 000 botnets around the world. Botnets are large ‘nets’ of compromised machines that are used by cybercriminals to carry out nefarious activities, including DDoS attacks, spreading malware or sending spam. Kaspersky monitors botnet activity on an ongoing basis to prevent forthcoming attacks or to stop a new type of banking Trojan before it spreads. It does this by employing technology that emulates a compromised device , trapping the commands received from threat actors that are using the botnets to distribute malware. Researchers gain valuable malware samples and statistics in the process. Drop in single-purpose malware The first half of 2018 also saw the number of single-purpose pieces of malware distributed through botnets dropping significantly in comparison to the second half of 2017. In H2 2017, 22.46% of all unique malware strands were banking Trojans. This number dropped to 13.25% in the first half of this year. Moreover, the number of spamming bots, another type of single-purpose malware distributed through botnets, decreased dramatically, from 18.93% in the second half of 2017 to 12.23% in the first half 2018. DDoS bots, yet another typical single-purpose malware, also dropped, from 2.66% to 1.99%, in the same period. The only type of single-purpose malicious programs to demonstrate notable growth within botnet networks were miners. Even though their percentage of registered files is not comparable to highly popular multifunctional malware, their share increased two-fold and this fits in the general trend of a malicious mining boom, as noted in previous reports. There’s a RAT in my PC Alongside these findings, the company noted distinctive growth in malware that is more versatile, in particular Remote Access Tools (RATs) that give cyber crooks almost unlimited opportunities for exploiting infected machines. Since H1 2017, the share of RAT files found among the malware distributed by botnets almost doubled, rising from 6.55% to 12.22%, with the Njrat, DarkComet and Nanocore varieties topping the list of the most widespread RATs. “Due to their relatively simple structure, the three backdoors can be modified even by an amateur threat actor. This allows the malware to be adapted for distribution in a specific region,” the researchers said. Trojans, which can also be employed for a range of purposes, did not grow as much as RATs, but unlike a lot of single-purpose malware, still increased 32.89% in H2 2017 to 34.25% in H1 2018. In a similar manner to RATs, Trojans can be modified and controlled by multiple command and control servers, for a range of nefarious activities, including cyberespionage or the theft of personal information. Bot economy Alexander Eremin, a security expert at Kaspersky Lab, says the reason multipurpose malware is taking the lead when it comes to botnets is clear. “Botnet ownership costs a significant amount of money and, in order to make a profit, criminals must be able to use each and every opportunity to get money out of malware. A botnet built out of multipurpose malware can change its functions relatively quickly and shift from sending spam to DDoS or to the distribution of banking Trojans.” In addition to switching between different ‘active’ malicious activities, it also opens an opportunity for a passive income, as the owner can simply rent out their botnet to other criminals, he added. Source: https://www.itweb.co.za/content/LPwQ57lyaoPMNgkj

Link:
Rise in multifunctional botnets

Congress wants CVE stability, China wants your LinkedIn details, and Adobe wants you to patch Creative Cloud

Also: Belarus barely brushes botnet builder’s bankroll Another week has come and gone. This one included some Fortnite flaws , a nasty Intel bug , and a voting machine maker whining about hacking contests.…

More:
Congress wants CVE stability, China wants your LinkedIn details, and Adobe wants you to patch Creative Cloud

DraftKings rides to court, asks to unmask 10 DDoS suspects

Fantasy sports outfit looks to hunt down group that bombarded its site A US sports gaming company is asking permission to unmask 10 people it believes were behind a massive DDoS attack on its website earlier this month.…

Read More:
DraftKings rides to court, asks to unmask 10 DDoS suspects

How to Protect Businesses Against DDoS Attacks

Security, for any business today, is important; we, at HackerCombat, have already reported on the rising costs of IT security on the global level. More and more business today invest heavily in security; they have started realizing that without security, it’s almost impossible for any business to flourish in today’s circumstances. We have arrived at a stage when businesses cannot handle security by simply relying on their ISPs. Proactive measures that businesses adopt for ensuring proper and better security really counts. Businesses today are often targeted by DDoS (Distributed Denial of Service) attacks, planned and executed by cybercriminals all the world over. Hence it becomes important that every business today is armed, in all ways possible, to combat DDoS attacks, in the most effective of manners. Let’s discuss how businesses can secure themselves against such attacks. Let’s begin by discussing how DDoS attacks happen and what they are, in the first place… DDoS Attacks: An Introduction The basic principle of a DDoS attack is this- a very large number of requests are sent from several points targeting a network or server, and that too in a very short span of time. This kind of bombardment causes an overload on the server, which consequently leads to the exhaustion of its resources. The obvious result is that the server would fail and sometime would even become inaccessible, thereby causing a total denial of service, hence the name Distributed Denial of Service attack. The main issue, however, is not that the server or network becomes inaccessible; on the other hand, it pertains to the security of the data stored in the network. A DDoS attack makes a server vulnerable and hackers can penetrate the information system and cause huge losses to the business that’s targeted. The cybercriminals behind a DDoS attack can thus make big money at the expense of the company that’s targeted. The motives behind DDoS attacks vary; such attacks could be carried out for political or financial gains, while some such attacks would have retaliation as the sole purpose. Those who look for political gains would target those who hold contradicting political, social or religious beliefs. Crippling them through a well-planned and well-executed DDoS attack would be the motive here. Retaliatory attacks happen when a botnet or a large cybercriminal network is dismantled and those who stood by the authorities need to be targeted. DDoS attacks that are carried out for financial gains follow a simple pattern. Those who want a business targeted would hire the services of cybercriminals who would carry out the DDoS attack. The hackers are paid for the work they do. Well, irrespective of the motive, the end result for the business that’s targeted is always the same. The network and online services become unavailable, sometimes for a short period and sometimes for a really long period of time, and data security also is at risk. How to protect a business from DDoS attacks ISPs may offer layer 3 and layer 4 DDoS protection, which would help businesses save themselves from many volumetric attacks. But most such ISPs fail when it comes to detecting small, layer 7 attacks. That’s why it’s said that businesses should not depend on their ISPs alone for protecting themselves against DDoS attacks. They should be set to implement measures that ensure comprehensive protection against DDoS attacks. Here’s a look at the different things that need to be done to combat DDoS attacks in the most effective of manners: Go for a good solution provider- There are many service providers who provide Layer 3, 4 and 7 protection against DDoS attacks. There are providers of all kinds, ranging from those that offer low-cost solutions for small websites to those that provide multiple coverages for large enterprises. Most of them would offer custom pricing option, based on your requirements. If yours is a large organization, they would offer advanced layer 7 discovery services with sensors to be installed in your data center. Well, always go for a good provider of security solutions, as per your needs. Always have firewall or IPS installed- Modern firewall software and IPS (Intrusion Prevention Systems) claim to provide a certain level of protection against DDoS attacks. The New Generation Firewalls offers both DDoS protection as well as IPS services and thus would suffice to protect you against most DDoS attacks. There, of course, are some other aspects that need to be kept in mind. Your New Generation Firewall might get overwhelmed by volumetric attacks and might not even suffice for layer 7 detections. Similarly, enabling DDoS protection on your firewall or IPS could even impact the overall performance of your system/network in an adverse manner. Use dedicated appliances that fight DDoS attacks- Today, there are many hardware devices that protect you from DDoS attacks. Some of these provide protection against layer 3 and 4 attacks while some advanced ones give protection against layer 7 DDoS attacks. Such appliances are deployed at the main point of entry for all web traffic and they monitor all incoming and outgoing network traffic. They can detect and block layer 7 threats. There are two versions of these hardware solutions- one for enterprises and the other for telecom operators. The ones for enterprises are cost-effective ones while the ones for providers are too expensive. Investing in getting such hardware appliances would always be advisable. It’s always good to go for devices that use behavior-based adaptation methods to identify threats. These appliances would help protect from unknown zero-day attacks since there is no need to wait for the signature files to be updated. Remember, for any organization, big or small, it’s really important today to be prepared to combat DDoS attacks. For any organization that has a web property, the probability of being attacked is higher today than ever before. Hence, it’s always good to stay prepared. Prevention, as they say, is always better than cure! Source: https://hackercombat.com/how-to-protect-businesses-against-ddos-attacks/

Visit link:
How to Protect Businesses Against DDoS Attacks

Your data center’s IT is lock-tight, are the facility’s operations?

Data centers are the lifeblood of the enterprise, allowing for scale never before imagined and access to critical information and applications. Businesses are increasingly migrating to the cloud, making the role of the data center more and more valuable. In 2017 alone, companies and funds invested more than $18 billion in data centers, both a record and nearly double that of 2016. But as much growth as this unparalleled level of computing has given SMBs to the enterprise, a level of risk remains — and data center operators often aren’t looking in the right places when identifying security threats. As these data centers evolve, so too do the tools and techniques used by hackers – both novice and pro. Securing the physical spaces that house these critical facilities is becoming more important by the day, and operators are doing themselves a disservice by solely focusing on IT as the only line of defense against attacks. Often, the physical operation of the building is the wide-open door for a hacker to exploit, and if done correctly, can cause as much devastation as an attack on software. Even if data center operators think their security operation is lock-tight, there still are several important considerations to ensure a holistic plan is in place. The bottom line? If these important measures haven’t been incorporated as part of a data center’s security plan and ongoing upgrades, there is risk to the entire operation. Your physical operation is more connected Smoke detection, CCTV, power management systems and your cooling control are all becoming increasingly more connected. The Internet of Things (IoT) has allowed building management systems to become far more advanced than ever imagined when managing the more industrial side of your operation. But as these once-mechanical and manual systems start talking, there also are far more opportunities for malicious damage. If they aren’t already, IT and building operations must be in constant contact, updating one another about the most recent changes to either one’s systems. Without this important dialogue, processes and standards change in a vacuum and can leave back doors open for hackers. Threats are evolving Your security plan should too. Many times, operators are solely worried about the data inside the servers, and don’t consider external threats. Gaining access to secure and encrypted servers takes an extremely experienced and skilled hacker. However, infrastructure like HVAC or fire control sprinkler systems are far less complicated to access for a less seasoned cyber-criminal. While a DDoS attack or breach can be dangerous, a cooling operation taken offline or activated fire sprinklers can be downright devastating. Hackers consider this low-hanging fruit, and are almost always looking to do the most damage. Consider updating your security plan with a roadmap of every physical system in place, and sit down with building operations to address potential new areas of weakness. Consider outside advice to ensure security No single person can be expected to be an expert on the security of all physical assets. Consulting with a third-party that understands how facilities and IT should be working together within a data center can an extremely valuable investment. Consider this: Gartner has estimated that a single minute of network downtime costs $5,600 on average. That’s certainly not a huge sum if the interruption is only 10 minutes due to a DDoS attack, but consider the damage if servers catch fire because of a cooling system shutdown. If a data center spends weeks cleaning up physical damage to a poorly secured physical operation, the results could be devastating. To provide true security, data center operators have to stop assuming hackers can only do damage in the zeros and ones. In reality, as systems become more advanced, true security at data centers is reliant on a close relationship between IT and facilities, making sure they frequently and accurately communicate about changes, upgrades and observations at their operations. Not doing so risks a lot more than a little downtime. Source:https://www.helpnetsecurity.com/2018/08/29/securing-data-centers/

Read More:
Your data center’s IT is lock-tight, are the facility’s operations?

A DDoS Knocked Spain’s Central Bank Offline

In a distributed-denial-of-service (DDoS) attack that began on Sunday, 26 August, and extended into today, Spain’s central bank was knocked offline. While Banco de Espana struggled to fight off the attack, business operations were not disrupted, according to Reuters . “We suffered a denial-of-service attack that intermittently affected access to our website, but it had no effect on the normal functioning of the entity,” a spokeswoman for Banco de Espana wrote in an email. DDoS attacks interrupt services by overwhelming network resources. Spain’s central bank is a noncommercial bank, which means that it does not offer banking services online or on site, and communications with the European Central Bank were not impacted. “Worryingly, as of Tuesday afternoon their website remained offline despite the attack having started on Sunday. Whether this was as a result of an ongoing attack, recovering from any resulting damage or as a precaution pending a forensic investigation is not clear,” said Andrew Lloyd, president, Corero Network Security. “The recent guidance from the Bank of England (BoE) requires banks to have the cyber-resilience to ‘resist and recover’ with a heavy emphasis on ‘resist.’ The BoE guidance is a modern take on the old adage that ‘prevention is better than cure.’  Whatever protection the Bank of Spain had in place to resist a DDoS attack has clearly proven to be insufficient to prevent this outage.” To help mitigate the risk of a DDoS attack, banks and other financial institutions can invest in real-time protection that can detect attacks before they compromise systems and impact customer service. As of the time of writing this, the bank’s website appears to be back online. Source: https://www.infosecurity-magazine.com/news/ddos-knocked-spains-central-bank/

Read More:
A DDoS Knocked Spain’s Central Bank Offline

Online Poker Sites Suffer DDoS Attacks

The online poker industry has recently been plagued by a spate of Distributed Denial of Service (DDoS) attacks, with three highly popular gaming websites being impacted by the onslaught. Initial reports of the attacks emerged on US-facing America’s Card Room on Sunday, August 5, which coincided with the beginning of the brand’s Mini Online Super Series (MOSS) tournament. The MOSS series offered guaranteed wins of $10 million, but the operator had no choice but to cancel several of its tournaments throughout the event as a result of the DDoS attacks. Popular Canadian-operated site PokerStars and its fellow platform partypoker would shortly become the next targets. Denial of Service attacks are cyber-attacks in which criminals aim to make a machine or network unavailable to its users by indefinitely disrupting service provision of a host connected to the web. Next In the Hit-Line The attacks are carried out by overwhelming the target network with superfluous requests, which overload its system and make it unable to fulfill legitimate requests from customers. The ‘distributed’ part comes in when the flood of superfluous requests stem from multiple sources. This essentially makes it impossible to halt the attack by blocking a single request source. On August 9, partypoker tournaments were stopped and cancelled after players began to complain of connectivity issues. The brand later confirmed that it was indeed DDoS attacks that had disrupted the tourneys, with Managing Director Tom Waters issuing an apology and an explanation on the site’s blog. In the post, Waters confirmed that the third-party attacks lasted for several hours, and caused problems like in-play pauses and an inability for players to log into the site’s software. He also assured customers that the operator’s team is working with a DDoS mitigation service provider to remove the risks of similar future events. Players Blinded Down Then, on Sunday, August 12, PokerStars became the latest victim to undergo DDoS attacks, with reports of technical difficulties beginning to flood in. It was on this day that several tournaments, including the brand’s popular Sunday Million, were set to be hosted – but they were interrupted and stopped across its European network and its Indian and Italian domains. With the bulk of tournament players sitting out and unable to connect, players in other connected countries were able to steal the blinds of the absent players until The Stars Group cancelled all of the tournaments. Players were automatically paid out according to their chip counts at the time of cancellation, which elicited many complaints from those players who were blinded down to a smaller stack. PokerStars has since assured its customers that they will be refunded based on their stacks at the time when the first disconnection began. Currently, the industry has not undergone any further attacks, but only time will tell if DDoS attacks will continue to wound the market – and how sites will work to prevent further disruptions and address players’ concerns about this worrisome issue. Source: https://www.gamingpost.ca/canadian-poker-news/online-poker-sites-suffer-ddos-attacks/

More:
Online Poker Sites Suffer DDoS Attacks

Sweden’s Social Democrats’ website hacked in attack linked to Russia and North Korea

The website of Sweden’s centre-left Social Democrats has been hacked for a second time, and the IP address responsible was linked to Russia and North Korea, according to the party’s IT provider. The hack was a distributed denial-of-service (DDoS) attack, meaning those responsible disrupted the site to make it unavailable to users. “This is serious. Citizens don’t have access to our site, the heart of our election campaign, where the information about our policies is,” the party’s head of communications, Helena Salomonson, told TT. The site was attacked at around 9pm on Monday, and was down for around six minutes in total, Salomonson said. The party has reported the incident to police. It’s the second time in around a week that the Social Democrats, currently part of the ruling coalition with the Green Party, have experienced an online attack, after a similar hack when they first launched their election campaign. On that occasion, the site remained down for several hours. “Denial-of-service attacks are quite hard to prevent,” Salomonson said. “Now we need to look over our preventative measures again.” The IP addresses behind the attack were linked to Russia and North Korea, according to information from the party’s IP provider, but Salomonson said: “It feels difficult to speculate about possible participants and motives.” Source: https://www.thelocal.se/20180822/swedens-social-democrats-website-hacked

Taken from:
Sweden’s Social Democrats’ website hacked in attack linked to Russia and North Korea