Category Archives: DDoS Criminals

6 steps to reduce your risk of a DDoS attack

You’ve seen the splashy headlines about web services getting taken down by DDoS, or Distributed-Denial-of-Service Attacks, but have you ever worried about these attacks taking down your firm’s site? As recently as October 2016, internet traffic company Dyn was the victim of several DDoS attacks, which shut down websites and services across the East Coast. With the increasingly popularity of Internet of Things devices, which includes any everyday device that’s now connected to the web, these DDoS attacks are increasing in frequency. Hackers create armies of these devices, which are infected with malware, that will attack any given service. The attack works by having multiple devices flood the bandwidth of a service or website with so much traffic that the service is no longer available to normal users. Neustar, a global DDoS protection and cybersecurity firm, releases a yearly study about the impacts of DDoS attacks on businesses. Neustar’s first quarter 2017 report, found that the number of attacks doubled between 2017 and 2016. DDoS attacks are only getting larger, the report states, and the 1,010 respondents collectively experienced a minimum revenue risk from the attacks in excess of $2.2 billion during the previous 12 months. On Thursday, during the Arizona Technology Council 2017 Cybersecurity Summit, Mark Goldenberg, security solutions architect at CenturyLink, presented six steps regarding the possibility of a DDoS attack. In 2012, during the Occupy Wall Street movement, many financial institutions were victims of DDoS attacks, Goldenberg said. The attacks prompted the Federal Financial Institutions Examination Council to release these six steps. Goldenberg said these steps can apply to any firm in regards to a DDoS attack. Step 1: Assess information security risk Goldenberg said that a company should understand its online assets by maintaining an ongoing program to assess information security risk. Take time to review which publicly-based Internet assets are critical to your business that could be affected by a DDoS attack, he said. Some firms have services on a website that can be down for a period of time, but there are other parts of the website that are absolutely vital to your firm’s day-to-day operations, Goldenberg said. Understanding what’s vital and what isn’t will help your business make the right decisions in the event of an attack, he said. Step 2: Monitor Internet traffic to your site(s) in order to detect attacks Talk to your team about what sort of visibility your firm has, whether it’s sources of internet traffic or what types of internet traffic parts of your site is getting, Goldenberg said. Knowing your site’s analytics will let you and your team know where to look in the event of a cyberattack, which in turn will let your team know what kind of resources to bring to the table, Goldenberg said. Step 3: Be ready and notify Make sure your team has an incident response plan, which includes alerting service providers, especially internet providers, Goldenberg said. If your firm has multiple internet providers, Goldneberg said it’s important to know how to coordinate between the providers in the event of a DDoS attack. Your internet provider(s) won’t do anything independent of you, Goldenberg said. And be ready to know when and how to notify your customers when you’re under attack. “A communication plan is key,” Goldenberg said. Step 4: Ensure sufficient staffing for the duration of the DDoS attack When your firm is undergoing a DDoS attack, it’s important to have both your security and network team at the table working together. Make sure, though, that your security team is on the alert for potential breaches. “The perpetrators of the attack understand that when they launch an attack, it’s a priority issue for you to get your network back available,” Goldenberg said. If your security team isn’t on the lookout for breaches at the same time, your data could be compromised during the attack. Step 5: Share that information After your attack, you may want to share the information about it to fellow businesses within your industry. Goldenberg said the Arizona Technology Council is the perfect example of a group to share this information with. “If one peer is hit with a DDoS attack today, it could mean that you’re going to be next,” Goldenberg said. Step 6: Evaluate gaps in your response and adjust After the attack, it’s time to come together to find out what kind of gaps your firm may still have and to learn from it, Goldenberg said. “What you do today has to be reviewed with the team on a regular basis and kept up to date. If you’re able to withstand a low level attack today, regroup with the team, understand where your strengths are, where your weaknesses are, so you can plan for the larger attack down the road.” Source: http://azbigmedia.com/ab/6-steps-preparing-ddos-attack

FCC blames DDoS for weekend commentary lockout

Not down to people trying to file comments on issues rhyming with wetsuit balloty, it insists Problems faced by consumers hoping to submit comments to the Federal Communications Commission over the weekend were caused by a denial of service attack, the US government agency admits.…

Continue Reading:
FCC blames DDoS for weekend commentary lockout

FCC: Commission Hit By DDoS Attacks

Amidst reports that John Oliver’s segment on Title II on Sunday night’s Last Week Tonight on HBO had created a flood of comments that brought down the FCC’s comment site, the FCC released a statement saying it had been hit by a denial-of-service attack. The statement came from chief information officer Dr. David Bray about delays experienced by “consumers” trying to file comments. He did not specify the net neutrality docket. “Beginning on Sunday night at midnight [Last Week Tonight aired at 11 p.m.], our analysis reveals that the FCC was subject to multiple distributed denial-of-service attacks (DDoS). These were deliberate attempts by external actors to bombard the FCC’s comment system with a high amount of traffic to our commercial cloud host.” He said the attacks were not attempts to file comments themselves but “rather they made it difficult for legitimate commenters to access and file with the FCC. While the comment system remained up and running the entire time, these DDoS events tied up the servers and prevented them from responding to people attempting to submit comments. We have worked with our commercial partners to address this situation and will continue to monitor developments going forward.” Source: http://www.broadcastingcable.com/news/washington/fcc-commission-hit-ddos-attacks/165609

Read this article:
FCC: Commission Hit By DDoS Attacks

Bondnet botnet goes after vulnerable Windows servers

A botnet consisting of some 2,000 compromised servers has been mining cryptocurrency for its master for several months now, “earning” him around $1,000 per day. GuardiCore researchers first spotted it in December 2016, and have been mapping it out and following its evolution since then. The’ve dubbed it Bondnet, after the handle its herder uses online (“Bond007.01”). Compromised Windows servers serve different functions Bondnet’s main reason of being is the mining of cryptocurrencies: primarily Monero, … More ?

See more here:
Bondnet botnet goes after vulnerable Windows servers

Netflix Incident A Sign Of Increase In Cyber Extortion Campaigns

Attackers using threats of data exposure and DDoS disruptions to try and extort ransoms from organizations The recent leak of 10 unaired episodes from Season 5 of Netflix’ hit series “Orange Is The New Black” shows that ransomware is not the only form of online extortion for which organizations need to be prepared. Increasingly, cyber criminals have begun attempting to extort money from organizations by threatening to leak corporate and customer data, trade secrets, and intellectual property. Instead of encrypting data and seeking a ransom for decrypting it, criminals have begun using doxing as a leverage to try and quietly extort bigger sums from enterprises. “Targeted attacks are the new cybersecurity threat and are on the rise,” says Nir Gaist, CEO and co-founder of security vendor Nyotron. “Organizations, regardless of industry or size, can be targeted with cyber extortion or espionage as the hackers’ goal.” The reason why there isn’t more noise over such incidents is that victims often like to keep quiet about them, he says. “Unless the company is regulated to report the attack, they will keep it quiet to keep brand and reputation intact,” Gaist says. Even in the case of the Netflix leak, for instance, it was the hackers themselves who announced the attack. “There was no monetary loss due to the early release of the ‘Orange is the New Black’ episodes, but there was reputation loss and brand damage,” he says. A malicious hacker or hacking group calling itself TheDarkOverload earlier this week claimed responsibility for publicly posting several episodes of the Netflix series after apparently stealing them from Larson Studio, a small post-production company, back in December. The hackers first tried to extort money from Larson Studio before going after Netflix directly. When Netflix refused to acquiesce to the extortion demand, the hackers released the unaired episodes. The hackers claimed to have stolen several more unaired episodes of TV programs from Netflix, Fox, and National Geographic and have threatened to release them as well. It is not clear if the hackers have made any extortion demands from the various studios. The Netflix incident is an example of the growing threat to organizations from extortion scams, says Moty Cristal the CEO of NEST Negotiation Strategies, a firm that specializes in helping organizations negotiate with online extortionists. Cyber extortion can include the threat of DDoS attacks and data exposure. The goal of attackers is to find a way to threaten targets with the most damage, either financial or from a brand reputation standpoint, Cristal explains. Any decision on whether to pay or not to pay should be based on an assessment of the potential damage, both real and perceived, that the attacker could wreak, and the company’s ability to withstand such damage, Cristal says. In the Netflix incident, the fact that the attackers demanded just around 50 bitcoin for the stolen episodes suggests they were likely motivated more by the need to be recognized and professionally acknowledged than by financial gain, Cristal adds. Surprisingly, targeted extortion attacks do not always have to be sophisticated to be successful, although sometimes they can very sophisticated Gaist says. “In a targeted attack, the hacker will attempt to find a simple vulnerability to get in,” he says. “Unfortunately for most companies, basic security hygiene is simply not attended to properly – leaving them completely vulnerable to a targeted attack.” While attacks that result in potential exposure of customer and corporate data can be scary, there are a couple of good reasons not to pay, security analysts say. One of course is that paying off a ransom or extortion is only likely to inspire more attempts. An organization that shows its willingness to pay to get data back or to prevent something bad from happening will almost certainly be attacked again. The other reason is that not all extortion scams are real. In fact, a lot of times attackers will attempt to scare money out of an organization with false threats. Last year for instance, a malicious hacking group calling itself the Armada Collective sent extortion letters to some 100 companies threatening them with massive distributed denial of service attacks if they did not pay a specific ransom amount. Security vendor CloudFlare, which analyzed the Armada Collective’s activities, estimated that the group netted hundreds of thousands of dollars in ransom payments from victims, without carrying out a single attack. Meg Grady-Troia, web security product marketing manager at Akamai, says paying a ransom doesn’t necessarily guarantee a chosen outcome. “So doing separate analysis of the request for payment and the real threat is critical for any organization.” Akamai’s customers have seen a lot of extortion letters, threatening a DDoS attack if a specified amount of bitcoin is not deposited to an identified wallet by a certain time, she says. These letters have come from a number of groups, including DD4BC, Armada Collective, Lizard Squad, XMR Squad, and others. Often though, there is very little follow-through. “Some of these DDoS extortion letters are merely profit-making schemes, while some are serious operations with the resources to damage a business,” says Grady-Troia. Paying a ransom is no guarantee that your data still won’t be leaked, she says. “Once data has been exfiltrated from your system, the blackmail may or may not continue after the requested payment, or it may still be leaked.” What organizations need to be focusing on is DDoS attack resilience and the operational agility of their systems, particularly access controls, backup procedures, and digital supply chain. “The importance of online extortion depends immensely on the nature of the threat and the enterprise’s risk tolerance,” Grady-Troia says. “Businesses should have a security event or incident response process that can be invoked in the case of any attack, and that process should include subject matter experts for systems and tools, procedures for all kinds of hazards.” Source: http://www.darkreading.com/attacks-breaches/netflix-incident-a-sign-of-increase-in-cyber-extortion-campaigns/d/d-id/1328794

Read the article:
Netflix Incident A Sign Of Increase In Cyber Extortion Campaigns

Malware Hunter: Find C&C servers for botnets

Recorded Future and Shodan released Malware Hunter, a specialized crawler for security researchers that explores the Internet to find computers acting as remote access trojan (RAT) command and control centers. What Malware Hunter does Malware Hunter unearths computers hosting RAT controller software that remotely controls malware-infected computers and instructs them to execute malicious activities such as recording audio, video, and keystrokes on a victim’s machine. Using command and control servers, attackers can launch widescale attacks … More ?

How Shall DDoS Attacks Progress In The Future?

In recent months we have witnessed a rise in new and significantly high-volume distributed denial of service (DDoS) attacks. The venomous nature Mirai botnet Mirai botnet is a prime example in this case. Involved in a string of DDoS attacks in recent months, including the one on DNS provider Dyn in October, the botnet is said to have a population of around 300,000 compromised IoT devices. Its population could increase significantly if hackers somehow amend the source code to include the root credentials of many other devices not currently employed by the botnet. Cybersecurity experts predict that Mirai botnet, and others like it, will become more complex as 2017 progresses. Hackers are always to evolve, and once they do, they’d adapt the botnet to new DDoS attacking methods. It is believed that Mirai currently contains around 10 different DDoS attack techniques which are being utilized by hackers to initiate an attack. These will obviously increase as 2017 progresses. Corporate giants need to fear the possibility of more DDoS attacks Mirai botnet is only the first of many examples. The motivation for DDoS attacks are endless, and the range of these attacks is expanding into political and economic domains. Though, previously these attacks were restricted to small websites. Now, they have the potential to disrupt websites of internet giants including BBC, Dyn and Twitter. Our entire digital economy depends upon access to the Internet, so organizations should think carefully about business continuity in the wake of such events. Individual DDoS attacks, on average, cost large enterprises $444,000 per incident in lost business and IT spending, so the combined economic impact from an entire region being affected would be extremely damaging. Some argue that companies must place back-up telephone systems in place to communicate with customers in case of a DDoS attack. Though, beneficial for small companies, this will certainly not help internet giants like Amazon, Alibaba and other such services. DDoS attacks on gamers According to multiple surveys, gamers are a big target of DDoS attacks. Over recent years, gaming has gradually shifted towards an online model, and things will continue moving in this direction. However, sometimes to get undue advantage, hackers often hit rival gamers with DDoS attacks in order to win the game in a cheap manner. ISPs Need to Play a Role in Reducing DDoS Attacks In the wake of recent IoT-related DDoS attacks, experts encourage manufacturers to install multiple security protocols on internet connected devices before they are sold to customers. Though, this may help in reducing the strength of future DDoS attacks, ISPs still need to play a major role in eliminating the threat of future DDoS attacks. At least on a local level, ISPs could reduce the overall volume of DDoS attacks significantly under their domain by employing systems and features which could help detect and remediate infected bots that are used to launch DDoS attacks. A nexus of ISPs, device manufacturers, the government and internet giants can greatly help in reducing the threat of future DDoS attacks. The internet community is paying attention to problems related to DDoS attacks, and network operators and internet giants are looking for ways to address this issue. If this nexus operates together and works hard enough to protect the integrity of the internet, we may make tremendous progress in defeating the threat of DDoS attacks once and for all! Source: http://www.informationsecuritybuzz.com/articles/shall-ddos-attacks-progress-future/

See more here:
How Shall DDoS Attacks Progress In The Future?

Cybercriminals Breached Over a Billion Accounts Last Year

Cybercriminals had a very good year in 2016 — and we all paid the price. These digital bandits became more ambitious and more creative and that resulted in a year marked by “extraordinary attacks,” according to the 2017 Internet Security Threat Report from Symantec. “Cyber crime hit the big time in 2016, with higher-profile victims and bigger-than-ever financial rewards,” the report concluded. The bad guys made a lot of money last year,” said Kevin Haley, director of Symantec Security Response. “They keep getting better and more efficient at what they do; they managed to fool us in new and different ways.” Some of the damage done last year: Data breaches that exposed 1.1 billion identities, up from 564 million in 2015 More ransomware attacks with higher extortion demands Some of the biggest distributed denial of service (DDoS) attacks on record, causing “unprecedented levels of disruption” to internet traffic. Cyber thieves have traditionally made their money by stealing a little bit from a lot of people. They’ve focused on raiding individual bank accounts or snagging credit card numbers. But that’s starting to change, as criminal gangs are going after the banks themselves, the reported noted. “It takes a lot of sophistication and a lot of patience — you really need to understand what you’re doing — but if you can break into the bank, you can steal millions of dollars at once,” Haley told NBC News. “It’s like those big heist movies we see. Cybercriminals are now pulling off these big heists with specialists, sophisticated tools and some great imagination in what they do.” Email Is Back as the Favorite Way to Attack Malicious email is now “the weapon of choice” for a wide range of cyber attacks by both criminals and state-sponsored cyber espionage groups. Symantec found that one in 131 emails was malicious last year, up dramatically from 2015, and the highest rate in five years. Email attacks are back because they work, the report noted: “It’s a proven attack channel. It doesn’t rely on vulnerabilities, but instead uses simple deception to lure victims into opening attachments, following links, or disclosing their credentials.” Remember: It was a simple spear-phishing attack — a spoofed email with instructions to reset an email password — that was used to attack the Democrats in the run-up to the 2016 presidential election. “People are comfortable with email. They read it,” Haley said. “Even when people are suspicious, the bad guys know how to fool us.” Most malicious email is disguised as a notification — most commonly an invoice or delivery notice from a well-known company. In many cases, the malicious attachment is a simple Word document. Most people don’t think of a Word file as dangerous or malicious. And for the most part, they’re not. But these clever crooks have a “social engineering” trick to get you to do what they want. The information on the malicious document is deliberately unreadable, which is unsettling. A note tells the intended target to click a button that will make it possible to read the message. Do that, and you’ve turned on the macros that allow the malware to download onto your computer. Just like that, they’ve got you. Ransomware: Everyone Is at Risk Ransomware attacks have grown more prevalent and destructive, which is why Symantec called them “the most dangerous cyber crime threat facing consumers and businesses in 2016.” The number of ransomware infections detected by Symantec grew by 36 percent last year, skyrocketing from 340,000 in 2015 to 463,000 in 2016. And it’s expected to remain a major global threat this year. This devious malware locks up computers, encrypts the data and demands payment for the unique decryption key. In the blink of an eye, entire computer systems can become useless. Ransomware is most often hidden in innocuous-looking email, such as a bogus delivery notice or invoice. For-hire spam botnets make it easy for the crooks to send hundreds of thousands of malicious emails a day for very little cost. It’s a lucrative crime. The average ransomware demand shot up from $294 in 2015 to $1,077 last year. Research by Symantec’s Norton Cyber Security Insight team found that 34 percent of the victims worldwide pay the ransom. In the U.S. that jumps to 64 percent. This willingness to pay could explain why America remains their prime target, with more than one-third of all ransomware attacks. New Targets: The Cloud, Internet of Things and Mobile Devices From security cameras and baby monitors to thermostats and door locks, our households are now filled with devices connected to the internet. Weak security makes the Internet of Things (IoT) an easy target for all sorts of malicious activity. Most of these devices have simple and common default passwords, such as “admin” or “123456,” that can’t be changed or are rarely changed. Last year, cybercriminals harnessed the power of these connected devices to do some serious damage. Tens of thousands of infected IoT devices, such as security cameras and routers, became a powerful botnet that launched high-profile (DDoS) attacks that successfully shut down websites. The DDoS attack in October against Dyn, a cloud-based hosting service, disrupted many of the world’s leading websites, including Netflix, Twitter and PayPal. Cloud attacks have become a reality and Symantec predicts they will increase this year. “A growing reliance on cloud services should be an area of concern for enterprises, as they present a security blind spot,” the report cautioned. Symantec said it saw a two-fold increase in attempted attacks on IoT devices over the course of last year. Cyber criminals are also targeting mobile devices. Most of the attacks are focused on the Android operating system, which has the largest share of the mobile market. Attacks on iOS devices remain relatively rare. Improvements in Android’s security architecture have made it increasingly difficult to infect mobile phones or to capitalize on successful infections, the report noted. But the volume of malicious Android apps continues to increase, growing by 105 percent last year. The 2017 Internet Security Threat report can be downloaded from Symantec’s website. Want to fight back? Norton has a list of tips on how to protect yourself and your devices on its website. Source: http://www.nbcnews.com/tech/tech-news/cybercriminals-breached-over-billion-accounts-last-year-n753131

Visit site:
Cybercriminals Breached Over a Billion Accounts Last Year

How to securely deploy medical devices within a healthcare facility

The risks insecure medical devices pose to patient safety are no longer just theoretical, and compromised electronic health records may haunt patients forever. A surgical robot, pacemaker, or other life critical device being rendered non-functional would give a whole new, and wholly undesirable, meaning to denial of service. Malware like MEDJACK has been used to infect medical devices and use them as staging grounds to attack medical records systems. IoT ransomware is on the rise … More ?

Continue reading here:
How to securely deploy medical devices within a healthcare facility

More than 400 DDos attacks identified using new attack vector – LDAP

Hackers use misconfigured LDAP servers – Connectionless Lightweight Directory Access Protocol (CLDAP) – to provide a means to launch DDoS attacks. More than 400 DDoS attacks taking advantage of misconfigured LDAP servers have been spotted by security researchers. CLDAP DDoS attacks use an amplification technique, which takes advantage of the Connectionless Lightweight Directory Access Protocol (CLDAP): LDAP is one of the most widely used protocols for accessing username and password information in databases like Active Directory, which is integrated in many online servers. When an Active Directory server is incorrectly configured and exposes the CLDAP service to the Internet it is vulnerable to be leveraged to perform DDoS attacks. Since its discovery in October 2016, researchers at Corero Network Security have observed a total of 416 CLDAP DDoS attacks, most of which are hosting and internet service providers. The largest attack volume recorded was 33 Gbps, with an average volume of 10 Gbps. The attacks averaged 14 minutes long in duration. “These powerful short duration attacks are capable of impacting service availability, resulting in outages, or acting as a smoke screen for other types of cyber-attacks, including those intended for breach of personally identifiable data,” said Stephanie Weagle, vice president of marketing at Corero Network Security, in a blog post. Stephen Gates, chief research intelligence analyst from NSFOCUS, told SC Media UK that in the quest to find new means of launching DDoS attacks, hackers have once again found open devices on the Internet running weak protocols that can be exploited for their personal gain. “However, like any other reflective DDoS attack campaign, the number of available reflectors is of critical importance. In addition, the amplification factor those reflectors afford is the second stipulation,” he said. “In this case, the number of open devices on the Internet running CLDAP is relatively small, in comparison to open DNS and NTP reflectors; yet the amplification factor is respectable (~70x). Surely, this attack technique is new, but it is not the worse seen so far. This vector will likely be used in combination with other reflective attack techniques, and rarely used on its own. Until the world’s service providers fully implement BCP-38, similar discoveries and resulting campaigns will continue to plague us all.” Bogdan Botezatu, senior E-Threat analyst at Bitdefender, told SC that a CLDAP attack is designed around third parties: an entity running a misconfigured instance of CLDAP, a victim and an attacker. “The attacker would ask the CLDAP infrastructure to retrieve all the users registered in the Active Directory. Because the attacker makes this query look like it was initiated by the victim by replacing the originating IP address with the victim’s, the CLADP service will actually send the answer to the victim,” he said. “Subsequently, the victim finds itself being bombarded with the information they did not request. If the attacker can harness enough power, the victim’s infrastructure will crash under a load of unsolicited information.” He said that organisations could deploy strong, restrictive firewall policies for inbound traffic. “Load balancing and specialised hardware can also help organisations absorb the impact,” said Botezatu. Source: https://www.scmagazineuk.com/more-than-400-ddos-attacks-identified-using-new-attack-vector–ldap/article/652939/

View original post here:
More than 400 DDos attacks identified using new attack vector – LDAP