Author Archives: Enurrendy

Biggest British Hosting Company 123-Reg Suffers Major DDoS Attack

123-Reg, the biggest hosting company in the UK, is targeted a second time in as many years with a chain of major DDoS attacks. The biggest provider of domain registrations in the UK, 123-reg, has once again been the target of a DDoS attack. The result was that users weren’t able to get into their websites or email accounts. Considering this is just the start of 2017, the company has had to deal with another major blow. The company informed of the attacks formally using Twitter, explaining that they believed the attack had just begun and they were working on options to redress the situation and were attempting to work out the impact of the attack. They promised updates would follow. They continued to explain that the company’s network teams kept scrubbing and rerouting bad traffic. Of course, apologies were made for any problems their customers were experiencing. Once again, they reiterated that their team was still rerouting traffic and that they would provide further information soon. The DDoS attack took place on Friday, with the company stating that their IT team had mitigated the DDoS attacks, as evidenced by the resumption of services at around 1 PM. However, some users are still complaining today that they can’t get into their websites. 123-Reg sent out another two tweets in which they attempted to explain that the DDoS attack had just begun and they were attempting to resolve the issue. Later that day, they issued another tweet, stating that the problem had been fixed by 1 PM and that they apologized for any issues. In 2016, 123-Reg was the target of 2 big DDoS or Distributed Denial of Service, attacks. One took place in April, while one occurred in August. The firm stated that it was possible they lost a small amount of user information after the attack that occurred in April. Customers were very displeased at the time because, even after doing their best, the firm only succeeded in bringing back online only 39 percent of their Virtual Private Servers after a week. In August, the company was once again hit by a huge 30Gbps DDoS attack, which completely brought their site down. OVH, a French hosting company, was also the target of large DDoS attacks going up to 1Tbps last year. The firm stated that the Mirai botnet malicious code had been used in the attacks against them but 123-Reg did not make any similar statements. Source: https://www.socpedia.com/biggest-british-hosting-company-123-reg-suffers-major-ddos-attack

View original post here:
Biggest British Hosting Company 123-Reg Suffers Major DDoS Attack

Google caps punch-yourself-in-the-face malicious charger hack

Another reason to avoid those DEF CON charging stations. Google has capped a dangerous but somewhat obscure boot mode vulnerability that allowed infected PCs and chargers to put top end Nexus phones into denial of service states.…

See the article here:
Google caps punch-yourself-in-the-face malicious charger hack

Many businesses are relying on others to fight DDoS attacks

With large scale cyber attacks constantly hitting the headlines, businesses ought to be aware of the need to protect themselves. But a new study by Kaspersky Lab shows that 40 percent of businesses are unclear on how to protect themselves against targeted attacks and DDoS. Many believe that someone else will protect them and therefore don’t take their own security measures. 40 percent think their ISP will provide protection and 30 percent think data center or infrastructure partners will protect them. Moreover, the survey finds that 30 percent fail to take action because they think they are unlikely to be targeted by DDoS attacks. Surprisingly, 12 percent even admit to thinking that a small amount of downtime due to DDoS would not cause a major issue for the company. The reality of course is that any company can be targeted because such attacks are easy for cybercriminals to launch and the potential cost of a single attack can be millions. “As we’ve seen with the recent attacks, DDoS is extremely disruptive, and on the rise,” says Kirill Ilganaev, head of Kaspersky DDoS protection at Kaspersky Lab. “When hackers launch a DDoS attack, the damage can be devastating for the business that’s being targeted because it disables a company’s online presence. As a result business workflow comes to a halt, mission-critical processes cannot be completed and reputations can be ruined. Online services and IT infrastructure are just too important to leave unguarded. That’s why specialized DDoS protection solution should be considered an essential part of any effective protection strategy in business today”. The findings are based on Kaspersky Lab’s annual Corporate IT Security Risks survey conducted in cooperation with B2B International. In 2016, it surveyd more than 4,000 representatives of small, medium (50 to 999 employees) and large businesses (1000+) from 25 countries to find their views on IT security and the real incidents they had to deal with. Source: http://betanews.com/2017/01/05/business-ddos-rely-others/

Read the article:
Many businesses are relying on others to fight DDoS attacks

3… 2…1… and 123-Reg hit by DDoSers. Again

Happy New Year! Updated Just days into the new year, and poor old 123-Reg is already experiencing problems, this time in the form of a DDoS attack – something it is no stranger to.…

More:
3… 2…1… and 123-Reg hit by DDoSers. Again

DDoS Attacks on the Rise—Here’s What Companies Need to Do

Distributed denial-of-service (DDoS) attacks have been going on for years. But in recent months they seem to have gained much more attention, in part because of high-profile incidents that affected millions of users. For instance, in late October 2016 a massive DDoS assault on Domain Name System (DNS) service provider Dyn temporarily shut down some of the biggest sites on the Internet. The incident affected users in much of the East Coast of the United States as well as data centers in Texas, Washington, and California. Dyn said in statements that tens of millions of IP addresses hit its infrastructure during the attack. Just how much attention DDoS is getting these days is indicated by a recent blog post by the Software Engineering Institute (SEI) at Carnegie Mellon University. The post, entitled, “Distributed Denial of Service Attacks: Four Best Practices for Prevention and Response,” became SEI’s most visited of the year after just two days, said a spokesman for the institute. To help defend against such attacks, organizations need to understand that this is not just an IT concern. “While DDoS attack prevention is partly a technical issue, it is also largely a business issue,” said Rachel Kartch, analysis team lead at the CERT Division of SEI, a federally funded research and development center sponsored by the U.S. Department of Defense and operated by CMU, and author of the DDoS post. Fortunately there are steps organizations can take to better protect themselves against DDoS attacks, and Kartch describes these in the post. In general, organizations should begin planning for attacks in advance, because it’s much more difficult to respond after an attack is already under way. “While DDoS attacks can’t be prevented, steps can be taken to make it harder for an attacker to render a network unresponsive,” Kartch noted. To fortify IT resources against a DDoS attack, it’s vital to make the architecture as resilient as possible. Fortifying network architecture is an important step not just in DDoS network defense, Kartch said, but in ensuring business continuity and protecting the organization from any kind of outage. To help disperse organizational assets and avoid presenting a single rich target to an attacker. organizations should locate servers in different data centers; ensure that data centers are located on different networks; ensure that data centers have diverse paths, and ensure that the data centers, or the networks that the data centers are connected to, have no notable bottlenecks or single points of failure. For those organizations that depend on servers and Internet presence, it’s important to make sure resources are geographically dispersed and not located in a single data center, Kartch said. “If resources are already geographically dispersed, it is important to view each data center as having more than one pipe to [the] Internet, and ensure that not all data centers are connected to the same Internet provider,” she said. While these are best practices for general business continuity and disaster recovery, they will also help ensure organizational resiliency in response to a DDoS attack. The post also describes other practices for defending against DDoS. One is to deploy appropriate hardware that can handle known attack types and use the options in the hardware that can protect network resources. While bolstering resources will not prevent a DDoS attack from happening, Kartch said, doing so will lessen the impact of an attack. Certain types of DDoS attacks have existed for a long time, and a lot of network and security hardware is capable of mitigating them. For example, many commercially available network firewalls, web application firewalls, and load balancers can defend against protocol attacks and application-layer attacks, Kartch said. Specialty DDoS mitigation appliances also can protect against these attacks. Another good practice is to scale up network bandwidth. “For volumetric attacks, the solution some organizations have adopted is simply to scale bandwidth up to be able to absorb a large volume of traffic if necessary,” Kartch said. “That said, volumetric attacks are something of an arms race, and many organizations won’t be able or willing to pay for the network bandwidth needed to handle some of the very large attacks we have recently seen. This is primarily an option for very large organizations and service providers.” It’s likely that DDoS attacks will continue to be a major issue for organizations. A 2016 study by content delivery network provider Akamai said these types of incidents are rising in number as well as in severity and duration. The company reported a 125% increase in DDoS attacks year over year and a 35% rise in the average attack duration. Cyber security executives need to make it a top priority to protect their organizations against DDoS. Source: http://www.itbestofbreed.com/sponsors/bitdefender/best-tech/ddos-attacks-rise-here-s-what-companies-need-do

Originally posted here:
DDoS Attacks on the Rise—Here’s What Companies Need to Do

Tools for DDoS attacks available for free online

Distributed Denial of service or popularly known as DDoS attacks once again came to the limelight in 2016. From the attacks on Dyn servers whose architecture translates domain names into numeric addresses, hacker group Anonymous launching a DDoS campaign against Donald Trump under the banner of #OpTrump, to DDoS-for-hire service called LizardStresser using IoT botnets launching attacks on websites related to the Rio Olympics’ to hackers using 24,000 computers from around 30 countries to launch attacks on five Russian banks in early November. A DDoS attack is perpetrated by people who try and make an organizations website or services temporarily unavailable by suddenly increasing the amount of traffic from various sources to the end server.(read computers or even IoT devices from across the world). Moreover, there are many freely available tools available online for free and many hackers even sell DDoS services on Darkweb marketplaces like Alphabay, Valhalla etc. “You do not have to be a specialized hacker. Anyone nowadays can buy these services and tools by paying a small amount of money to bring down certain websites or completely put a company’s infrastructure in disarray. You can even run the attacks for weeks,” says Rahul Tyagi,Vice President – Training at Lucideus. Some of the common methods used to launch a DDoS attack are TCP connection attacks, volume attacks, fragmented attacks and application based attacks. TCP connection attacks are used against most of the end users available connections which include servers, firewalls and even load balancers. While Fragmented attacks destroy the victims system by sending TCP fragments, app attacks take down a server by using botnets. All of these can enable by tools freely available online. Let’s look at some of them. LOIC (Low Orbit Ion Canon) LOIC or popularly known as Low orbit Ion Canon is one of the more popular tools available on internet. It is primarily used to initiate a DOS attack on servers across the world by sending TCP, UDP requests to the compromised server. Even a beginner can use this tool and all he has to do enter the IP address of the victim server. This tool was earlier used by the infamous hacker group Anonymous for some of their attacks. But before you can get any ideas, just remember, this tool does not protect the hosts IP address so agencies looking out for you can trace the attack’s origin. XOIC This is another easy to use DOS attacking tool for the beginners. You can just input the IP address of or th selected ports and can be used against websites which do not generate a huge amount of traffic. HOIC HOIC or known as High Orbit Ion Cannon is an effective tool which uses booster scripts which allow users to make lists of victim IP addresses and helps the attackers remain anonymous and difficult to tracked down. It is still used by Anonymous for DDoS attacks worldwide. The tool claims it can flood up to 256 websites at once. Slowloris Slowmoris was developed by a gray hat hacker called “RSnake” which creates a slow HTTP request by sending the requests in HTTP requests in small packets in the slowest manner possible so that the victim server is forcefully made to wait for the requests. This way if multiple requests are send to the server, it will not be able to handle genuine requests. Pyloris This uses the same Slowmoris method. This tool directly attacks the service and not the hardware. Apart from these, there are many other tools available online like OWASP Switchblade, DAVOSET, GoldenEye HTTP DoS Tool, THC-SSL-DOS, DDOSIM – Layer 7 DDoS Simulator among others. All these tools are freely available online for downloads for anyone out there. Considering how mundane most cyber secuirty agencies are in dealing with attacks of such nature, there is lots which is needed to be done to defend against such DDoS attacks. Source: http://tech.economictimes.indiatimes.com/news/technology/tools-for-ddos-attacks-available-for-free-online/56297496

More:
Tools for DDoS attacks available for free online

ICIT Finds Healthcare Sector at Great Risk for DDoS Attacks

Healthcare, financial, and energy are the top three sectors facing the highest risk of a DDoS attack, a recent ICIT report found. With its high dependency on digital records, network connectivity, accessible information, and real-time communication, healthcare is one of the sectors at greatest risk for a DDoS attack, the Institute for Critical Infrastructure Technology (ICIT) explained in a recent publication. The financial industry and energy sector are also at high risk for such attacks, ICIT said in “Rise of the Machines: The Dyn Attack Was Just a Practice Run. “Obstructions to even an email server could cause delays in treatment, while widespread attacks that holistically render a critical service unavailable, such as an IoT DDoS attack, would pose a serious risk to patient and staff safety,” wrote ICIT Senior Fellow James Scott and ICIT Researcher Drew Spaniel. Citing research from a previous ICIT brief, the duo explained that healthcare is incorporating, and interacting with connected devices that are often designed without necessary security measures. Previously, this has led to instances such as MRI machines or pacemakers being infected with ransomware. “While there is no indication that healthcare devices have been incorporated into DDoS botnets, it may be only a matter of time before an adversary adapt an IoT malware such as Mirai, to harness the computational resources of medical devices because many lack basic access controls such as multi-factor authentication (or any authentication whatsoever),” the authors maintained. There is also the potential danger of an IoT malware or a worm that would “brick” or kill “infected medical devices in order to cause panic, extort a ransom, or as part of a multi-tiered attack.” Overall, Scott and Spaniel stated that a “perfect storm” is brewing across the nation with regard to private critical infrastructures facing cybersecurity threats. More organizations are utilizing the internet and IoT devices, but device manufacturers will sometimes “negligently avoid incorporating security-by-design into their systems.” This happens because the manufacturers have not been properly incentivized, and instead pass the potential risk onto the end-user. “As the adversarial landscape of nation state and mercenary APTs, hacktivists, cyber-criminal gangs, script kiddies, cyber caliphate actors, and hail-mary threat actors continues to hyperevolve, America’s treasure troves of public and private data, IP, and critical infrastructure continues to be pilfered, annihilated, and disrupted, while an organizational culture of ‘Participation Trophy Winners” managed by tech neophyte executives continue to lose one battle after the next.” A key area of concern is the Mirai malware, which “offers malicious cyber actors an asymmetric quantum leap in capability.” Specifically, Mirai has a strong development platform “that can be optimized and customized according to the desired outcome of a layered attack by an unsophisticated adversary.” While Mirai has forced different industries to review devices that lack security by design and other IoT device vulnerabilities, the authors noted that it “will not forever remain the favorite tool of unsophisticated malicious threat actors.” DDoS attacks on the healthcare industry were addressed earlier this month in the Office for Civil Rights (OCR) latest newsletter. OCR reiterated that healthcare often uses IoT in several ways, such as allowing healthcare facilities to monitor medical devices, patients, and personnel. This can open organizations up to certain cybersecurity threats. “An attacker may be able to deter patients or healthcare personnel from accessing critical healthcare assets such as payroll systems, electronic health record databases, and software-based medical equipment (MRI, EKGs, infusion pumps, etc.),” OCR stated, citing data from US-CERT. For preventing such attacks, OCR advised that organizations continuously monitor and scan for vulnerable and comprised IoT devices on their networks. Entities should also adhere to the necessary remediation actions. “Password management policies and procedures for devices and their users should also be implemented and adhered to. All default passwords need to be switched to strong passwords,” OCR said, adding that default usernames and passwords for most devices can be found online. Source: http://healthitsecurity.com/news/icit-finds-healthcare-sector-at-great-risk-for-ddos-attacks

Read the article:
ICIT Finds Healthcare Sector at Great Risk for DDoS Attacks

US Government Attacks Drudge Report? Conservative Website Down Because Of DDoS Attack, Matt Drudge Tweets

A tweet from conservative media icon Matt Drudge’s verified Twitter account Thursday night appeared to accuse the government of interfering with his website, DrudgeReport.com , just hours after the Barack Obama administration announced new sanctions against Russia over election hacking. “Is the US government attacking DRUDGE REPORT? Biggest DDoS since site’s inception. VERY suspicious routing [and timing],” the tweet to Drudge’s 457,000 followers read. There were no other tweets from the account at the time. A large-scale distributed denial of service attack, or DDoS, can cause major Internet disruptions. In the past, such attacks have shut down major websites such as Twitter, Spotify, Netflix, Amazon, Tumblr, and Reddit. The attack sends a server many illegitimate requests to make it hard for real requests to get through, effectively shutting down the site. Drudge Report was down briefly around 7 p.m. EST, but working hours later. The top headline read: “MOSCOW MOCKS OBAMA ‘LAME DUCK’” Meanwhile, the conservative Washington Times wrote: “Matt Drudge suggests U.S. government cyberattack on Drudge Report website. DDoS attack comes same day Obama announced countermeasures against Russia for hacking of Democrats.” Conservatives on Twitter also accused the government of shutting down the Russian news website, RT. “Numerous reports of Russian state-run Network RT being unavailable. Drudge Report also under ‘Biggest DDoS attack since site’s inception,’” wrote one user. President Barack Obama announced Thursday sanctions against several Russian agencies and individuals after cyberattacks during the 2016 presidential election against Democratic Party institutions that appeared to help Donald Trump win over Hillary Clinton. “All Americans should be alarmed by Russia’s actions. In October, my administration publicized our assessment that Russia took actions intended to interfere with the U.S. election process,” Obama said. “These data theft and disclosure activities could only have been directed by the highest levels of the Russian government. Moreover, our diplomats have experienced an unacceptable level of harassment in Moscow by Russian security services and police over the last year. Such activities have consequences.” Government officials have wrangled with Drudge before over his alleged false claims. With 2 million daily unique visitors and around 700 million monthly page views, DrudgeReport.com was the top site for referral traffic in 2014 to the Daily Mail, CNN, Fox News, Roll Call, Breitbart, The New York Times, USA Today, Associated Press and other news sites. Its readers were loyal, staying on the site for an average of 30 minutes, Politico reported. “People are religious in how they come to Drudge,” Vipul Mistry, Intermarket’s Business Development manager, told Politico’s On Media blog. “When we analyzed all our audience that’s what it is, people are on there not only in morning, they tend to leave it open as it refreshes.” Source: http://www.ibtimes.com/us-government-attacks-drudge-report-conservative-website-down-because-distributed-2467391

Continued here:
US Government Attacks Drudge Report? Conservative Website Down Because Of DDoS Attack, Matt Drudge Tweets

2017 predictions: US isolationism, DDoS, data sharing

Without a doubt, 2016 was the year of the DDoS. The year came to a close with a major DDoS attack on DNS provider Dyn, which took down several major internet sites on the Eastern US seaboard. This attack was different – not so much in terms of its volume or its technique, but in the fact that instead of being directed at its intended target, it was targeted at network infrastructure used by the target. I think we are likely to see more DDoS attacks in 2017, both leveraging amplification attacks and direct traffic generated by the Internet of Things. However, we will also see a growing number of incidents in which not just the target experiences outages, but also the networks hosting the sources of the DDoS, as they also need to support significant outbound traffic volumes. This is likely to lead to increasing instability – until such a time as network operators start seeing DDoS as an issue they need to respond to. In this sense, the issue of DDoS is likely to increasingly self-correct over time. The other main trends and developments that I foresee for the year ahead are as follows: ? I think we are likely to see the first few cases where attribution of nation states accountable for attacks starts to backfire. Over the past few years, corporations and nation states have published a lot of theories on espionage campaigns. One issue with these incidents is the fact that often, contrary to human intelligence, the malware and tools that are used in these attacks leave the intent of the attack open to interpretation. Was the goal to spy on the development of a country and its international relations? Was it to steal information for economic gain? Or was the attack intended to result in sabotage? Those are the all-important questions that are not always easy to answer. The risk of one country inadvertently misunderstanding an attack, and taking negative action in response, is increasing. When a nation’s critical infrastructure suddenly fails, after the country has been publicly implicated in an attack, was it a counterattack or a simple failure? ? In the new policy environment being introduced by President-elect Donald Trump, there is some risk that the United States may start to withdraw from the international policy engagement that has become the norm in cyber security. This would be unfortunate. Cyber security is not purely a domestic issue for any country, and that includes the United States. Examples of great cyber security ideas hail from across the world. For instance, recent capture-the-flag competitions show that some of the best offensive cyber security talent hails from Taiwan, China and Korea. In addition, some tools such as Cyber Green, which tracks overall cyber health and makes international security measurable, originate in Japan rather than the United States. Withdrawing from international cooperation on cyber security will have a number of negative implications. At a strategic level it is likely to lead to less trust between countries, and reduce our ability to maintain a good channel of communications when major breaches are uncovered and attributed. At a tactical level it is likely to result in less effective technical solutions and less sharing around attacks. ? Meanwhile, across the pond, Presidential elections in France, a Federal election in Germany, and perhaps a new president taking power in Iran will all lead to more changes in the geopolitical arena. In the past, events of major importance such as these have typically brought an increase in targeted attack campaigns gathering intelligence (as widespread phishing) and exploiting these news stories to steal user credentials and distribute malware. ? Companies will become more selective about what data they decide to store on their users. Historically, the more data that was stored, the more opportunities there were for future monetisation. However, major data breaches such as we have seen at Yahoo! and OPM have highlighted that storing data can lead to costs that are quite unpredictable. Having significant data can result in your government requesting access through warrants and the equivalent of national security letters. It can also mean that you become the target of determined adversaries and nation states. We have started seeing smaller companies and services, such as Whisper Systems, move towards a model where little data is retained. Over time, my expectation is that larger online services will at least become a little bit more selective in the data they store, and their customers will increasingly expect it of them. ? We will see significant progress in the deployment of TLS in 2017. Let’s Encrypt, the free Certificate Authority, now enables anyone to enable TLS for their website at little cost. In addition, Google’s support for Certificate Transparency will make TLS significantly more secure and robust. With this increased use of encryption, though, will come additional scrutiny by governments, the academic cryptography community, and security researchers. We will see more TLS-related vulnerabilities appear throughout the year, but overall, they will get fixed and the internet will become a safer place as a result. ? I expect that 2017 will also be the year when the security community comes to terms with the fact that machine learning is now a crucial part of our toolkit. Machine learning approaches have already been a critical part of how we deal with spam and malicious software, but they have always been treated with some suspicion in the industry. This year it will become widely accepted that machine learning is a core component of most security tools and implementations. However, there is a risk here as well. As the scale of its use continues to grow, we will have less and less direct insight into the decisions our security algorithms and protocols make. As these new machine learning systems need to learn, rather than be reconfigured, we will see more false positives. This will motivate protocol implementers to “get things right” early and stay close to the specifications to avoid detection by overzealous anomaly detection tools. Source: http://www.itproportal.com/features/2017-predictions-us-isolationism-ddos-data-sharing/

Taken from:
2017 predictions: US isolationism, DDoS, data sharing

Bigger than Mirai: Leet Botnet delivers 650 Gbps DDoS attack with ‘pulverized system files’

Earlier in the year, a huge DDoS attack was launched on Krebs on Security. Analysis showed that the attack pelted servers with 620 Gbps, and there were fears that the release of the Mirai source code used to launch the assault would lead to a rise in large-scale DDoS attacks. Welcome Leet Botnet. In the run-up to Christmas, security firm Imperva managed to fend off a 650 Gbps DDoS attack. But this was nothing to do with Mirai; it is a completely new form of malware, but is described as “just as powerful as the most dangerous one to date”. The concern for 2017 is that “it’s about to get a lot worse”. Clearly proud of the work put into the malware, the creator or creators saw fit to sign it. Analysis of the attack showed that the TCP Options header of the SYN packets used spelled out l33t, hence the Leet Botnet name. The attack itself took place on 21 December, but details of what happened are only just starting to come out. It targeted a number of IP addresses, and Imperva speculates that a single customer was not targeted because of an inability to resolve specific IP addresses due to the company’s proxies. One wave of the attack generated 650 Gbps of traffic — or more than 150 million packets per second. Despite attempting to analyze the attack, Imperva has been unable to determine where it originated from, but the company notes that it used a combination of both small and large payloads to “clog network pipes and bring down network switches”. While the Mirai attacks worked by firing randomly generated strings of characters to generate traffic, in the case of Leet Botnet the malware was accessing local files and using scrambled versions of the compromised content as its payload. Imperva describes the attack as “a mishmash of pulverized system files from thousands upon thousands of compromised devices”. What’s the reason for using this particular method? Besides painting a cool mental image, this attack method serves a practical purpose. Specifically, it makes for an effective obfuscation technique that can be used to produce an unlimited number of extremely randomized payloads. Using these payloads, an offender can circumvent signature-based security systems that mitigate attacks by identifying similarities in the content of network packets. While in this instance Imperva was able to mitigate the attack, the company says that Leet Botnet is “a sign of things to come”. Brace yourself for a messy 2017… Source: http://betanews.com/2016/12/28/leet-botnet-ddos/

View article:
Bigger than Mirai: Leet Botnet delivers 650 Gbps DDoS attack with ‘pulverized system files’