Author Archives: Enurrendy

WannaCry FAQ

What is it ? WannaCry also know as WanaCrypt 2.0 is a form of malware commonly known as “Ransom Ware”. Where did it come from ? It was originally developed by the NSA in the US called “Eternal Blue” and was a way for them to secretly access computers. It was based on a flaw in windows machines, Unfortunately the NSA did not store this weaponized malware securely enough and someone hacked in and stole it. At this point it was loose and easily findable on the Internet. If you see a screen like this, you’re machine is definitely infected. Here is a link below from Microsoft to check/scan if your PC has a virus. https://www.microsoft.com/security/scanner/en-us/default.aspx Who is responsible for this ? At this point no one knows but there are a lot of smart people working on it and they will be caught eventually…This is my opinion. Is someone making money from this ? Yes, as with all ransom ware there is a money component.These are 3 discovered bitcoin Identifiers that victims are paying the ransom to Which is hardcoded into the Malware. As of 09:15 EST May 14, 2017 The total ransom paid is a total of $15,150.00 USD. This is surprisingly low, it’s definitely going to rise. Check for yourself on its progress by clicking the 3 links below. https://blockchain.info/address/13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94 https://blockchain.info/address/12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw https://blockchain.info/address/115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn How did my computer get infected ? If you’re on a corporate network, you most likely got it from another computer on your network. If you’re at home on a cable modem you got it through email phishing or visiting a hacked or a sketchy website. How did it spread so quickly ? As you most likely know by now, millions of computers were infected in a few short days and those most affected by this are on corporate, Government and University networks. It spreads on these networks by using a windows flaw that goes from machine to machine using Microsoft’s SMB feature . Here’s a short list of victims from GITHUB NHS (uk) turning away patients, unable to perform x-rays. (list of affected hospitals) Nissan (uk) http://www.chroniclelive.co.uk/news/north-east-news/cyber-attack-nhs-latest-news-13029913 Telefonica (spain) ( https://twitter.com/SkyNews/status/863044193727389696 ) power firm Iberdrola and Gas Natural ( spain ) FedEx (us) ( https://twitter.com/jeancreed1/status/863089728253505539 ) University of Waterloo ( us ) Russia interior ministry & Megafon (russia) https://twitter.com/dabazdyrev/status/863034199460261890/photo/1 VTB (russian bank) https://twitter.com/vassgatov/status/863175506790952962 Russian Railroads (RZD) https://twitter.com/vassgatov/status/863175723846176768 Portugal Telecom ???????? – Sberbank Russia ( russia ) Shaheen Airlines (india, claimed on twitter) Train station in frankfurt ( germany ) Neustadt station ( germany ) the entire network of German Rail seems to be affected ( @farbenstau ) in China secondary schools and universities had been affected ( source ) A Library in Oman ( @99arwan1 ) China Yanshui County Public Security Bureau ( https://twitter.com/95cnsec/status/863292545278685184 ) Schools/Education (France) https://twitter.com/Damien_Bancal/status/863305670568837120 A mall in singapore https://twitter.com/nkl0x55/status/863340271391580 ATMs in china https://twitter.com/95cnsec/status/863382193615159 Renault STC telecom Norwegian soccer team ticket sales Is my website spreading this malware ? I can only say that any DOSarrest customers using our advanced WAF are not spreading this Malware as we won’t allow this type of malicious traffic to get to your server. Is it still spreading ? No, good news ! This thing had a kill switch built into its code, so if any machine can access this site www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com it won’t spread from that machine. I’m infected, What should I do ? We recommend that you wipe your machine clean  and restore from back-ups….of course everyone has backups, Right ? Need more info… Try Github.com Microsoft to get the free patch if you need it. Source: https://www.dosarrest.com/ddos-blog/wannacry-faq/

Read More:
WannaCry FAQ

News in brief: laptop ban could be extended; DDoS hits news sites; Taiwan might block Google DNS

Laptop ban could be extended Planning on flying from European countries to the US? Prepare to check in your laptop, tablet and any other devices larger than a cellphone, as US authorities are reported to be close to announcing an extension of the restriction on devices in the cabin from some Middle Eastern and Gulf countries to some countries in Europe, too. After the initial ban was announced, observers pointed out that the lithium batteries that power laptops and other devices have been banned from the holds of aircraft, adding that they’d prefer a battery fire in the cabin, where it can quickly be dealt with by crew, than in the hold. Lithium batteries have been implicated in many incidents – the US authorities were reported on Thursday to be in discussions about the risks of carrying a large number of batteries in the hold. If you’re affected by the ban, which also applies from some airports and to some carriers flying into the UK, we’ve got some tips on how to minimise the risk to your devices and the data on them in this piece. News sites hit by DDoS attack Just days after France shrugged off a dump of emails stolen from the campaign of the new president, Emmanuel Macron, leading French news websites including those of Le Monde and Le Figaro were knocked offline following a cyberattack on Cedexis, a cloud infrastructure provider. Cedexis had been hit by a “significant DDoS attack”, said Julien Coulon, the company’s co-founder. Cedexis was founded in France in 2009 and has its US headquarters in Portland, Oregon. Meanwhile, the victorious Macron shrugged off the cyberattack that was thought to be aimed at generating support for his far-right opponent, Marine Le Pen, as it emerged that his campaign had turned the table on the hackers, deliberately signing into phishing sites with a view to planting fake information. Mounir Mahjoubi, the digital lead for the campaign, told the Daily Beast: “You can flood these [phishing] addresses with multiple passwords and log-ins, true ones, false ones, so the people behind them use up a lot of time trying to figure them out.” Taiwan could block Google DNS Taiwan is planning to block access to Google’s public DNS service, claiming the move will improve cybersecurity, the Register reported on Thursday. It’s not clear if the block to Google’s DNS, which many people use to bypass government filters on banned websites, would apply to the whole population or just to government officials. The presentation seen by The Register seems to suggest the aim is to reduce the risk of DNS spoofing. Taiwan doesn’t usually crop up on the list of countries where there’s concern about censorship of the internet, but he Register notes that customers of one Taiwanese ISP, HiNet broadband, had earlier this year reported issues with connecting to sites and platforms that users in mainland China are blocked from, including Facebook, YouTube, Google and Gmail. Source: https://nakedsecurity.sophos.com/2017/05/11/news-in-brief-laptop-ban-could-be-extended-ddos-hits-news-sites-taiwan-might-block-google-dns/

More:
News in brief: laptop ban could be extended; DDoS hits news sites; Taiwan might block Google DNS

Democrats Want FCC’s Pai to Drill Down on DDoS Attacks

A pair of Democratic senators has asked FCC chairman Ajit Pai for more information on what the FCC has said were multiple DDoS attacks on its website that affected comments being posted there. FCC chief information officer Dr. David Bray said the attacks “made it difficult for legitimate commenters to access and file with the FCC.” The key docket in terms of activity that could have been interrupted is net neutrality, where the FCC still managed to post more than half a million comments since last week, attack or no. Among the senators’ questions was whether any comments were prevented from being submitted and if so how many. Sens. Ron Wyden of Oregon and Brian Schatz of Hawaii, the latter the ranking member of the Senate Communications Subcommittee, sent a letter to Pai about the May 8 attack (which came in the wee hours of the morning following the May 7 airing of John Oliver’s call for a flood of comments in support of net neutrality). They asked about the FCC’s defenses against such an attack should it be repeated and that the chairman insure there were other ways to comment as a workaround, a dedicated email account for example. “Any potentially hostile cyber activities that prevent Americans from being able to participate in a fair and transparent process must be treated as a serious issue.” Specifically, they wanted information on the following by June 8: “Please provide details as to the nature of the DDoS attacks, including when the attacks began, when they ended, the amount of malicious traffic your network received, and an estimate of the number of devices that were sending malicious traffic to the FCC. To the extent that the FCC already has evidence suggesting which “actor(s) may have been responsible for the attacks, please provide that in your response. “Has the FCC sought assistance from other federal agencies in investigating and responding to these attacks? Which agencies have you sought assistance from? Have you received all of the help you have requested? “Several federal agencies utilize commercial services to protect their websites from DDoS attacks. Does the FCC use a commercial DDoS protection service? If not, why not? To the extent that the FCC utilizes commercial DDoS protection products, did these work as expected? If not, why not? “How many concurrent visitors is the FCC’s website designed to be able to handle? Has the FCC performed stress testing of its own website to ensure that it can cope as intended? Has the FCC identified which elements of its website are performance bottlenecks that limit the number of maximum concurrent visitors? Has the FCC sought to mitigate these bottlenecks? If not, why not? “Did the DDoS attacks prevent the public from being able to submit comments through the FCC’s website? If so, do you have an estimate of how many individuals were unable to access the FCC website or submit comments during the attacks? Were any comments lost or otherwise affected? “Will commenters who successfully submitted a comment — but did not receive a response, as your press release indicates — receive a response once your staff have addressed the DDoS and related technical issues?” While the letter did not question whether such an attack had happened, others have. “We think it’s more than just coincidence that the FCC would cite a DDoS attack at the same time that John Oliver’s call to make public comment on the FCC website in favor of net neutrality went viral,” said Rashad Robinson, executive director of Color Of Change, a big Title II fan. “That said, we certainly hope to see a full investigation into what happened in order to ensure the integrity and full transparency of a key federal agency. But the unfortunate reality is that, after everything this administration has done to steal our rights as Americans, we wouldn’t be surprised if this was merely an attempt to label the democratic exercise of free speech as a cyberattack.” Source: http://www.radioworld.com/news-and-business/0002/democrats-want-fccs-pai-to-drill-down-on-ddos-attacks/339655

See the original article here:
Democrats Want FCC’s Pai to Drill Down on DDoS Attacks

APAC organisations report average revenue loss of US$250,000 to DDoS attacks

Distributed Denial of Service (DDoS) attacks are causing revenue loss to organisations in Asia Pacific (APAC), according to Neustar’s Worldwide DDoS Attacks and Cyber Insights Research Report. A third (33 percent) of APAC organisations reported average revenue loss of at least US$250,000. Nearly half (49 percent) of organisations in the region take at least three hours to detect, and 42 percent take at least three hours to respond. The instances of ransomware and malware reported in concert with DDoS attacks were reported by 49 percent of organisations in APAC too. “With organisations across Asia Pacific being attacked more often and DDoS attacks predicted to become even larger and more complex, IT and business leaders need to evaluate the effectiveness of existing security strategies,” said Robin Schmitt, general manager, APAC at Neustar. Global findings The report also found that 99 percent of organisations globally have some sort of DDoS protection in place. However, 849 out of 1,010 organisations surveyed globally were attacked with no particular industry spared. Forty percent of the ‘victims’ said they received attack alerts from customers. More than half (51 percent) of attacks involved some sort of loss or theft, with a 38 percent increase year-over-year in customer data, financial and intellectual property thefts. Forty-five percent of DDoS attacks across the globe were reported to be more than 10 gigabits per second (Gbps), while 15 percent of attacks were at least 50 Gbps.. “The research shows that simply identifying an attack and depending on basic defences is not enough. Organisations in the region need to adopt stronger defences and innovative solutions to more quickly and effectively mitigate the growing risk and likely impact of a major DDoS attack,” said Schmitt. Source: https://www.mis-asia.com/tech/security/apac-organisations-report-average-revenue-loss-of-us250000-to-ddos-attacks/

See original article:
APAC organisations report average revenue loss of US$250,000 to DDoS attacks

Major French news sites victim of DDoS attack

Major news sites in France including Le Monde and Le Figaro went down yesterday in the fallout of a DDoS attack. Many of the biggest French news sites were hit by a DDoS attack on a Portland, Oregon cloud computing company – Cedexis. The attack caused the sites to go dark. Dr Malcolm Murphy, technology director at Infoblox said “This is the latest in a run of cyber attacks in France – only a week ago newly elected French President Macron’s emails were leaked by hackers. This latest attack highlights the importance of organisations prioritising cyber defences at a time when commonly deployed cyberattacks are being used to disrupt both political processes and organisations.” Bloomberg reported that Le Monde and Le Figaro were two of the websites that crashed. “At approximately 2 p.m. GMT (7 a.m. Pacific time), the Cedexis infrastructure came under a unique and sophisticated distributed denial of service (DDOS) attack,” Cedexis said in a written statement. “This attack caused a partial but widespread outage that affected many of our customers. Our customers are our number one priority and at this time, the attack is being mitigated, and services are being restored.” DDoS attacks have grown in prevalence as more and more unsecure Internet of Things (IoT) devices have entered the market. Murphy suggested that “DDoS attacks in particular are growing in both frequency and sophistication. Whilst there is no easy solution to securing DNS, there are a few steps that an organisation’s IT team can take to help mitigate and respond to DNS-based DDoS attacks.” “Organisations who don’t know their query load will never know when they’re under attack. By using statistical support, administrators can help analyse their data for attack indicators. Whilst it may not always be clear what an attack looks like, anomalies will be more easily identifiable. IT teams should also continually scrutinise internet-facing infrastructure for single points of failure by going beyond external authoritative name servers, and checking on the switch and router interactions, firewalls, and connections to the internet.” Source: http://www.information-age.com/major-french-news-sites-victim-ddos-attack-123466206/

More:
Major French news sites victim of DDoS attack

FCC says DDOS attacks, not net neutrality comments, tied up comments system

The federal agency did not provide any evidence of the alleged attacks, which occurred as HBO comedian John Oliver urged viewers to flood the FCC with comments. The Federal Communications Commission (FCC) on Monday said that consumers trying to use its Electronic Comment Filing System ran into delays Sunday night because of multiple distributed denial-of-service (DDoS) attacks — not due to a deluge of comments from net neutrality proponents, as early reports suggested. “Beginning on Sunday night at midnight, our analysis reveals that the FCC was subject to multiple distributed denial-of-service attacks (DDos),” FCC chief information officer David Bray said in a statement. “These were deliberate attempts by external actors to bombard the FCC’s comment system with a high amount of traffic to our commercial cloud host. These actors were not attempting to file comments themselves; rather they made it difficult for legitimate commenters to access and file with the FCC.” The statement followed news reportssuggesting the FCC site was once again overwhelmed by commenters trying to voice their support for net neutrality at the behest of comedian John Oliver. On his HBO show Sunday night, Oliver urged viewers to leave comments at goFCCyourself.com, a URL that redirects visitors to the FCC’s proposal to reverse net neutrality rules. In 2014, net neutrality supporters managed to bring down the FCC comments system after Oliver made a similar plea for commenters to flood the site. The FCC didn’t offer any evidence of the DDoS attacks, nor did the agency immediately answer questions about how the incident was handled. ZDNet will update this article if the FCC responds. At least one pro-net neutrality group, Fight for the Future, expressed skepticism about the agency’s claim that the problems were caused by DDoS attacks. “The FCC’s statement today raises a lot of questions, and the agency should act immediately to ensure that voices of the public are not being silenced as it considers a move that would affect every single person that uses the Internet,” Fight for the Future Campaign Director Evan Greer said in a statement. By Monday afternoon, the FCC’s comments system appeared to be functioning, and there were more than 179,000 comments on the site. FCC Chairman Ajit Pai acknowledged to CNET’s Maggie Reardon on Monday that he favors “a free and open internet” — meaning he favors rolling back the Obama-era net neutrality rules. However, he said the committee has an “open mind” and will consider the public comments that are collected. “It’s not a decree,” he said of the proposal. “The entire purpose of this process is to get public input. Then, after the record is closed, we apply what the DC Circuit calls a ‘substantial evidence test.’ We look through the record, figure out what the right course is based on facts in the record. Then we make the appropriate judgment. I don’t have any predetermined views as to where we’re going to go.” Source: http://www.zdnet.com/article/fcc-says-ddos-attacks-not-net-neutrality-comments-tied-up-comments-system/

Read more here:
FCC says DDOS attacks, not net neutrality comments, tied up comments system

6 steps to reduce your risk of a DDoS attack

You’ve seen the splashy headlines about web services getting taken down by DDoS, or Distributed-Denial-of-Service Attacks, but have you ever worried about these attacks taking down your firm’s site? As recently as October 2016, internet traffic company Dyn was the victim of several DDoS attacks, which shut down websites and services across the East Coast. With the increasingly popularity of Internet of Things devices, which includes any everyday device that’s now connected to the web, these DDoS attacks are increasing in frequency. Hackers create armies of these devices, which are infected with malware, that will attack any given service. The attack works by having multiple devices flood the bandwidth of a service or website with so much traffic that the service is no longer available to normal users. Neustar, a global DDoS protection and cybersecurity firm, releases a yearly study about the impacts of DDoS attacks on businesses. Neustar’s first quarter 2017 report, found that the number of attacks doubled between 2017 and 2016. DDoS attacks are only getting larger, the report states, and the 1,010 respondents collectively experienced a minimum revenue risk from the attacks in excess of $2.2 billion during the previous 12 months. On Thursday, during the Arizona Technology Council 2017 Cybersecurity Summit, Mark Goldenberg, security solutions architect at CenturyLink, presented six steps regarding the possibility of a DDoS attack. In 2012, during the Occupy Wall Street movement, many financial institutions were victims of DDoS attacks, Goldenberg said. The attacks prompted the Federal Financial Institutions Examination Council to release these six steps. Goldenberg said these steps can apply to any firm in regards to a DDoS attack. Step 1: Assess information security risk Goldenberg said that a company should understand its online assets by maintaining an ongoing program to assess information security risk. Take time to review which publicly-based Internet assets are critical to your business that could be affected by a DDoS attack, he said. Some firms have services on a website that can be down for a period of time, but there are other parts of the website that are absolutely vital to your firm’s day-to-day operations, Goldenberg said. Understanding what’s vital and what isn’t will help your business make the right decisions in the event of an attack, he said. Step 2: Monitor Internet traffic to your site(s) in order to detect attacks Talk to your team about what sort of visibility your firm has, whether it’s sources of internet traffic or what types of internet traffic parts of your site is getting, Goldenberg said. Knowing your site’s analytics will let you and your team know where to look in the event of a cyberattack, which in turn will let your team know what kind of resources to bring to the table, Goldenberg said. Step 3: Be ready and notify Make sure your team has an incident response plan, which includes alerting service providers, especially internet providers, Goldenberg said. If your firm has multiple internet providers, Goldneberg said it’s important to know how to coordinate between the providers in the event of a DDoS attack. Your internet provider(s) won’t do anything independent of you, Goldenberg said. And be ready to know when and how to notify your customers when you’re under attack. “A communication plan is key,” Goldenberg said. Step 4: Ensure sufficient staffing for the duration of the DDoS attack When your firm is undergoing a DDoS attack, it’s important to have both your security and network team at the table working together. Make sure, though, that your security team is on the alert for potential breaches. “The perpetrators of the attack understand that when they launch an attack, it’s a priority issue for you to get your network back available,” Goldenberg said. If your security team isn’t on the lookout for breaches at the same time, your data could be compromised during the attack. Step 5: Share that information After your attack, you may want to share the information about it to fellow businesses within your industry. Goldenberg said the Arizona Technology Council is the perfect example of a group to share this information with. “If one peer is hit with a DDoS attack today, it could mean that you’re going to be next,” Goldenberg said. Step 6: Evaluate gaps in your response and adjust After the attack, it’s time to come together to find out what kind of gaps your firm may still have and to learn from it, Goldenberg said. “What you do today has to be reviewed with the team on a regular basis and kept up to date. If you’re able to withstand a low level attack today, regroup with the team, understand where your strengths are, where your weaknesses are, so you can plan for the larger attack down the road.” Source: http://azbigmedia.com/ab/6-steps-preparing-ddos-attack

Read More:
6 steps to reduce your risk of a DDoS attack

FCC blames DDoS for weekend commentary lockout

Not down to people trying to file comments on issues rhyming with wetsuit balloty, it insists Problems faced by consumers hoping to submit comments to the Federal Communications Commission over the weekend were caused by a denial of service attack, the US government agency admits.…

Continue Reading:
FCC blames DDoS for weekend commentary lockout