Category Archives: DDoS Criminals

CLDAP reflection attacks generate up to 24 Gbps of traffic

Akamai researchers Jose Arteaga and Wilber Majia have identified a new Connection-less Lightweight Directory Access Protocol (CLDAP) reflection and amplification method. CLDAP query packet Akamai’s Security Intelligence Response Team (SIRT) has observed this attack vector producing DDoS attacks consistently exceeding 1 Gbps, comparable to DNS reflection attacks. CLDAP Unlike other reflection-based vectors, where compromised hosts may number in the millions, the observed CLDAP amplification factor has been able to produce significant attack bandwidth with significantly … More ?

More:
CLDAP reflection attacks generate up to 24 Gbps of traffic

Did hackers fix the Brexit vote with DDoS?

The concerns around nation-state hackers echoes recent concerns regarding the US and French presidential elections. A new report has raised concerns about the possible interference by nation-state hackers in the run-up to the Brexit vote. The Commons Public Administration and Constitutional Affairs Committee (PACAC) said that MPs were concerned about foreign interference in last year’s Brexit vote. Although the report does not specifically identify the hackers or malicious actors responsible, it was noted that Russia and China were known to launch cyber attacks based on an understanding of mass psychology. Many will note that the report echoes the recent claims and concerns surrounding Russia and its influence in the US and French presidential elections. The report was launched to investigate the outage of the voter registration government website, with the outage hitting on one of the last days in the run-up to the vote, June 7. The government was forced to extend the deadline to register to vote in the EU referendum, allowing two further days for people to register. The outage left tens of thousands of potential voters unable to complete registration, sparking a major voter registration row amongst the UK government and the Electoral Commission. Debate was further fuelled by arguments that the outage may disenfranchise voters and swing important votes. John Rakowski, Director of Technology Strategy at AppDynamics, said at the time: “”Digital technology has revolutionised the way we interact with organisations – from shopping to banking, and now voting. The impact of young voters on the outcome of the EU referendum is unquestionable and technology plays a vital role. It’s unacceptable that thousands of Brits were left unable to vote due to an IT glitch that should have been anticipated and planned for months ago.” Although an IT glitch was blamed at the time of the outage, the new report by MP’s points to a possible DDoS attack, but downplays its role in the referendum outcome. “The crash had indications of being a DDOS ‘attack’. We understand that this is very common and easy to do with botnets… The key indicants are timing and relative volume rate,” the committee’s report said. While the committee did not point the Brexit finger of blame at the website outage, it did note that lessons must be learned. While pointing to other nation states, the MP’s report said that it was crucial that the lessons learnt from this incident must extend past the purely technical. “The US and UK understanding of ‘cyber’ is predominantly technical and computer network-based,” the report said. “For example, Russia and China use a cognitive approach based on understanding of mass psychology and of how to exploit individuals. “The implications of this different understanding of cyber-attack, as purely technical or as reaching beyond the digital to influence public opinion, for the interference in elections and referendums are clear. “PACAC is deeply concerned about these allegations about foreign interference,” the report concluded. However, due to the simplistic nature of the supposed DDoS attack on the voter registration site, many experts are saying that it is not the work of state hackers. “This is a very serious allegation, and it should be thoroughly investigated by all appropriate means. However, I doubt that a serious actor, such as a nation state for example, can be behind this particular DDoS attack,” said Ilia Kolochenko, CEO of web security firm, High-Tech Bridge. “Governments have enough technical and financial resources to create smart botnets, simulating human behavior that would be hardly distinguishable from legitimate website visitors. Running a classic DDoS attack is too coarse, and would rather attract unnecessary attention to the external interference, trigger investigations and all other outcomes that smart attackers would avoid at any price.” Source: http://www.cbronline.com/news/cybersecurity/breaches/hackers-fix-brexit-vote-ddos/

See original article:
Did hackers fix the Brexit vote with DDoS?

IoT devices under attack: Amnesia hijacks, BrickerBot destroys

Every hour of every day, computer systems and IoT devices are under attack by bots trying to recruit them into growing botnets. Security researchers have recently highlighted two of these threats coming after Linux- and BusyBox-based systems and devices. Amnesia A year after security researcher Rotem Kerner discovered a remote code execution vulnerability that affected digital video recorders (DVRs) manufactured by Chinese company TVT Digital and sold by more than 70 different vendors around the … More ?

See more here:
IoT devices under attack: Amnesia hijacks, BrickerBot destroys

Video: TinyNuke botnet explained

In the videos below, McAfee Labs show the setup requirements for installing and deploying TinyNuke. They review the available features of TinyNuke through the control panel, deploy a bot a client machine, and perform attacks against a client.

See the original article here:
Video: TinyNuke botnet explained

Why hardware configurations could be the downfall of IoT

According to Trend Micro, The Internet of Things is opening up new opportunities for businesses as well as introducing a new era of convenience for consumers. However, in a blogpost, they warn of issues that can lead to the downfall of IoT and called for countries stiving to be a smart nation to be wary. More than 24 billion IoT devices will connect to each other and the internet by 2020, according to Business Insider, and that’s a conservative estimate. The Motley Fool noted that other tech giants are predicting anywhere from 50 billion to 200 billion IoT devices within the next three years. One thing is clear: The IoT is going to be big, and require a lot of management. After all, handling devices the wrong way could leave security gaps in your network. Hardware configurations could be the downfall of IoT, and it’s important for you to enable your systems appropriately. Systems at risk Most devices, including routers and printers, come with preset, easy passwords and inactivated security capabilities. A number of organizations may simply install this hardware without changing the standard authorizations, leaving significant holes that attackers can exploit. This type of situation is only magnified by the number of active IoT devices. After all, who wants to configure every sensor or create a firewall for their coffee maker? However, you must do exactly that to enable IoT without compromising security. IoT technology is still developing, and you must ask critical questions to understand how these devices handle your sensitive information. The Global Privacy Enforcement Network Privacy Sweep found that it wasn’t clear how IoT devices collected, used and disclosed information. Many companies also neglect to explain how user data would be secured or how to delete personal information. With so many entry points to your network, your system could be at risk if you don’t have definitive answers concerning their requirements and capabilities. “If you think your IoT devices aren’t at risk, you’re wrong.” Sitting targets for malicious attacks Unsecured IoT devices are gateways for hackers to stroll into your critical business systems and execute attacks on a larger scale. In fact, major internet services including Twitter, Spotify and Netflix were disrupted when an attacker leveraged IoT devices to deliver a series of massive DDoS attacks to Dyn. According to Fast Company, the hacker leveraged the digital traffic from internet-enabled hardware and sent the noise to the domain name service provider, disrupting its ability to translate addresses into IP networks. Hundreds of thousands of cameras, routers, DVRs and other household appliances were used to carry out this attack. Security experts had warned that such a situation could occur, serving as a reminder why hardware configurations are critical for business and user security. If you think your IoT devices aren’t at risk, you’re wrong. Attackers can use tools like Shodan to easily search for exposed cyber assets. Trend Micro noted this system can show a hacker any connected device’s IP address, application and firmware versions as well as other critical information to make it easier to compromise. This research also found web servers, webcams, wireless access points and routers were the most unsecured cyber assets in the top 10 most populous U.S. cities. Protecting your IoT devices Security capabilities across IoT devices will only continue to improve, but in the meantime, organizations must take steps to protect this hardware. The first step is to configure your equipment correctly to your business and set passwords that will be difficult for a hacker to guess. You should also leverage data breach systems to detect unusual behavior within your network as it occurs. This solution will help catch malicious access to your IoT devices, enabling you to act quickly to reinstate and improve security. Source: http://www.networksasia.net/article/why-hardware-configurations-could-be-downfall-iot.1491403560

Read this article:
Why hardware configurations could be the downfall of IoT

Recognizing the New Face of Cyber-Security

Threats, risks and dangers related to cyber-security are changing. CIOs must respond with a well-defined strategy and the right mix of processes and tools. Over the past few years, digital technologies have rippled through the business world and unleashed unprecedented innovation and disruption. Yet today’s technology framework also has put businesses in the crosshairs and created new levels of risk. No longer are cyber-threats thwarted by clearly defined perimeters such as firewalls. No longer are malware and cyber-attacks blocked by traditional security tools designed to identify specific viruses and code. “It’s an entirely different landscape,” observes Oswin Deally, vice president of cyber-security at consulting firm Capgemini. To be sure, mobility, clouds, the internet of things (IoT) and the increasingly interconnected nature of business and IT systems have radically changed the stakes. There’s a growing need for security transformation. Yet, at the same time, attacks are becoming more insidious and sophisticated. Phishing, spear-phishing, whaling, ransomware, hacking, hacktivism and corporate espionage are now mainstream problems. Data breaches and DDoS attacks are a daily concern. “Cyber-security has moved from a compliance and regulatory topic to front-page headline news,” says Dan Logan, director of enterprise and security architecture for Tata Consultancy Services (TCS). No Space Is Safe The scope of today’s cyber-security challenge is mind-boggling. Gartner predicts that more than 8.4 billion IoT devices will be used in 2017, and the number will swell to more than 20 billion by 2020. Meanwhile, 74 percent of organizations now store some, if not all, sensitive data in the public cloud, according to a February 2017 Intel Security study. Not surprisingly, the stakes are growing, and achieving digital transformation while ensuring security is not a simple task. An October 2016 Ponemon Institute study found that the average cost of cyber-crime to a large organization in the United States rose to more than $17 million in 2016. An interconnected world with intertwined data means that threats can come from anywhere at any time. Business disruption, information loss, a diminished brand image and revenue, and damage to equipment are constant risks. Nevertheless, organizations are struggling to keep up. Ponemon points out that only 39 percent of companies deploy advanced backup and recovery operations, though it reduces the average cost of cyber-crime by nearly $2 million. Similarly, only 28 percent of companies have a formal information governance program, though this typically reduces the cost of cyber-crime by nearly $1 million. Capgemini’s Deally says that a starting point for dealing with today’s threat landscape is to recognize that there are two primary areas to focus on: business-driven events and threat-driven events. The former revolves around things like digital commerce, innovation, intellectual property, products and supply chains that present targets and create risks for the enterprise. The latter encompasses attack methods and vectors, including email, mobile devices, the IoT, and other systems and software. “It is becoming more and more of a borderless world where the devices that drive productivity also represent risk,” he points out. CIOs and other enterprise leaders must understand business and technology intersection points and how they introduce risks at various levels—from application security to APIs and network design to clouds. It’s also important to clearly understand business and data assets and identify priorities in terms of value, sensitivity and risk. Not all data is created equal and not all systems require equal protection. This approach, when layered over specific industry risks, begins to deliver some clarity about how and where to focus a cyber-security strategy and select the right protections and processes. o be sure, cyber-security must take a multilayered approach, and it must focus on defense-in-depth. One of today’s challenges is that intruders may gain entry to a network through a vulnerability or breach and worm their way through systems and files over a period of weeks, months or years. These advanced persistent threats (APTs) use multiple tools, technologies and methods to take intrusions to a deeper and more dangerous level. In some cases, the intruders may never make their presence known. They simply pull information—everything from employee or customer data to intellectual property—to perpetuate attacks that monetize their efforts. Secure Horizons CIOs and other enterprise leaders must ultimately focus on strategies that rely on multiple tools, technologies and methods to address the problem on several fronts. This may include everything from reviewing privileges and reexamining authentication methods to analyzing coding practices and reviewing the way encryption is used for data at rest and in transit. It could also address everything from vendor relationships to coding practices. For example, as organizations migrate to DevOps, it’s possible to use automated code scanning to detect vulnerabilities before software goes live. In addition, emerging cyber-security tools use artificial intelligence (AI), machine learning or deep learning, along with analytics, to detect unusual behavior and patterns. If an employee logs in at an unusual time from an unknown device or IP address, the system may require re-authentication. However, TCS’ Logan also stresses the urgency of employee education and training. Many of today’s breaches are caused by inattentive employees, sometimes even those in the C-suite, who click a link and infect a system with malware, including ransomware. In other cases, employees circumvent policies because they interfere with their work, or they turn to shadow IT and rogue applications to complete work easier or faster. “Ongoing employee education about phishing—and the use of anti-phishing campaigns that send test emails to users and then respond to clicks with just-in-time education—is an effective addition to employee security awareness efforts,” Logan says. Likewise, intelligence sharing services can help organizations identify new risks quickly. In the end, Logan says that a simple mnemonic is useful for security transformation: ARM. This translates to assess, remediate and monitor. Best-practice organizations embed cyber-security into the foundation of day-to-day IT operations. They have robust backup and recovery systems in place to guard against ransomware and other problems. They handle basic blocking and tackling but also examine how more advanced tools, technologies and practices can boost protection. To be sure, the road to security transformation is long and winding. “A world-class organization must excel at the basics of identity management, vulnerability management, configuration management, incident management, incident response, backup and recovery,” Logan explains. Capgemini’s Deally adds: “From a CIO’s perspective, it’s essential to look at what are you doing from a business perspective and build security protections from there. The most important question—and the one to work backward from in every case—is, ‘How can I best mitigate risk?’ Source: http://www.cioinsight.com/security/recognizing-the-new-face-of-cyber-security.html

Read More:
Recognizing the New Face of Cyber-Security

UK nuclear stations on terror alert for cyber attacks

The cyber security industry has been urged to co-operate with government to protect UK critical national infrastructure from cyber attacks. UK security services have reportedly told nuclear power stations to bolster their cyber defences in the face of increased threats. Government officials have warned that terrorists, foreign spies and “hacktivists” are looking to exploit “vulnerabilities” in the nuclear industry’s internet defences, according to the Telegraph. UK energy minister Jesse Norman is quoted as saying that nuclear plants must make sure that they “remain resilient to evolving cyber threats”. However, he said the government is fully committed to defending the UK against cyber threats, and that the Civil Nuclear Cyber Securty Strategypublished in February 2017 sets out ways to ensure that the civil nuclear sector can defend against, recover from and remain resilient to evolving cyber threats. According to the strategy, the volume and complexity of cyber attacks against the UK are growing and the range of actors is widening. “The threat is becoming increasingly global and asymmetric. Both states and non-state actors can use easily-available cyber tools for destructive purposes,” the strategy states. The strategy sets out a voluntary roadmap to enable organisations in the civil nuclear sector to meet the increasing threat from cyber, and will support the development of cyber security capability of the sector, ensuring organisations will be able to comply with current and new regulation as well as being able to recover from compromises. However, for this to be achieved, the strategy said civil nuclear sector needs to work as a partnership between the government, regulator and industry, with clear roles and responsibilities which are understood and agreed. The strategy warns that the nuclear industry has to do more to protect itself, saying current mechanisms for sharing information in relation to vulnerabilities and how compromises have been addressed will need to be strengthened and enhanced to ensure good practice is shared, and continuous improvement can be made. In November 2016, veteran US investigative reporter Ted Koppel said a cyber attack on the US power grid is likely, but preparations for such an event are not up to scratch. “We are our own worst enemies,” he told Intel Security’s annual Focus conference in Las Vegas, saying that despite the risk of a cyber attack blackout, the US is unprepared for the consequences. Peter Carlisle, vice-president for Europe, Middle East and Africa at Thales e-Security believes cyber attacks against critical national infrastructure are set to increase dramatically as criminals develop “increasingly heinous methods” to jeopardise the UK’s national security. “From power stations to the transport network, the risk to the public remains severe, especially if hackers are able to gain access to electronic systems. “To tackle this, the security industry must stand shoulder to shoulder with the government to protect data and critical infrastructure from attack, and ensure hostile forces never have the opportunity to do us harm,” he said. Malcolm Murphy, technology director at network management firm Infoblox said attacks against IT networks are becoming increasingly common, and, if carried out against critical national infrastructure, can represent a significant threat to national security. “In addition to the damage caused to the networks themselves, a DDoS [distributed denial of service] attack on an organisation’s domain name system [DNS] can be used to prevent communication of and around the attacks, causing confusion and panic as seen in the attack on the Ukraine power grid in 2015,” he said. “The DNS is a mission-critical piece of network infrastructure used by all organisations without which networks cannot function. Often inadequately protected by traditional security solutions, it remains a vulnerable network component frequently used as an attack vector by cyber-criminals. “With botnets available for hire for relatively small sums of money online, DNS-based DDoS attacks are becoming increasingly easy for cyber criminals to carry out, and in their efforts to defend the country against the growing cyber threat, organisations responsible for the security of critical infrastructure should be making DNS protection a top priority,” he said. Most UK businesses have little visibility or control over their DNS servers and services, even though they are a key component of businesses’ infrastructure and security profile, a report published in March 2017 revealed. Only 8% of companies polled claim to have full visibility across all areas of DNS, including frequency of dropped requests, cache poisoning, latency and overall load on DNS infrastructure, rendering it impossible to ensure a consistent service to internal and external internet users. Source: http://www.computerweekly.com/news/450416097/UK-nuclear-stations-on-terror-alert-for-cyber-attacks

See the article here:
UK nuclear stations on terror alert for cyber attacks

Korean foreign ministry gets several DDoS attacks from China

The website of South Korea’s Ministry of Foreign Affairs has come under several cyberattacks originating from China but little damage has been reported so far, the ministry said Tuesday. “Several on-and-off DDoS attack attempts originating from China have taken place on websites including that of the Ministry of Foreign Affairs,” ministry spokesman Cho June-hyuck said in a press briefing. Defensive measures were immediately taken against the cyberattacks and no damage has been sustained, he said. The latest hacking attempts came as bilateral tensions remain high over the deployment of a US missile defense system in South Korea. Since the attempts, the foreign ministry has launched a special response team and distributed a response manual among the South Korean diplomatic missions in China, the spokesman noted. The spokesman did not elaborate on exactly who is behind the DDoS, or distributed denial of service, attacks, but they are the latest in a recent series of Chinese retaliations on South Korean industries and entities. A month earlier, the Chinese-language website of South Korean retail giant Lotte as well as its duty-free branch’s Chinese and Japanese-language websites sustained similar DDoS assaults, incurring heavy revenue losses. The attacks came as China stepped up its retaliatory actions over Seoul’s on-going deployment of the US missile interception system, Terminal High Altitude Area Defense. China vehemently protests the deployment which it said would compromise its security interests. “Our government pays attention to the Chinese government’s (past) expression of its consistent stance that it opposes any kind of cyberattack,” the ministry spokesman noted. “The government is expecting that (China) will continuously take responsible steps in accordance with the stance.” South Korea has also recently lodged a protest with the Chinese government after South Korean national flags were found destroyed in China, Cho said. “A national flag is a symbol of a nation’s dignity and the government takes very seriously the cases of destroyed Taegeukgi that took place in certain Chinese areas,” he said. “The government has officially lodged complaints with China on many occasions and demanded China take steps to address them immediately.” “In any case, the people-to-people exchange which is the foundation of the bilateral relationship should come under a man-made obstacle,” the spokesman said, adding that the South Korean government is trying to proactively react to China’s unjust measures in order to minimize any impact on South Korean companies. Referring to a media report alleging North Korean involvement in hacking attempts at a Poland bank and other international financial institutions, Cho also said that North Korea is likely to be using illegal cyber activities for a source of foreign currency earnings. “Given the international community’s concerns over the possibility that illegal income could be used for the development of weapons of mass destruction, North Korean cyber threats are emerging as new international threats along with its nuclear, missile and WMD threats.” (Yonhap) Source: http://www.koreaherald.com/view.php?ud=20170328000862

Follow this link:
Korean foreign ministry gets several DDoS attacks from China

Criminal benefits: profit margin of a DDoS attack can reach 95%

Kaspersky Lab’s researchers have discovered the full extent of the profit margins benefiting criminals from DDoS services that are available on the black market. Kaspersky Lab’s experts have studied the DDoS services available on the black market and determined just how far this illegal business has advanced, as well as the extent of its popularity and profitability. The worrying news is that arranging an attack costs as little as $7 an hour, while the targeted company can end up losing thousands, if not millions, of dollars. The level of service involved when arranging a DDoS attack on the black market is not very different from that of a legal business. The only difference is that there’s no direct contact between the provider and the customer. The ‘service providers’ offer a convenient site where customers, after registering, can select the service they need, pay for it, and receive a report about the attacks. In some cases, there is even a customer loyalty program, with clients receiving rewards or bonus points for each attack. There are a number of factors that affect the cost for the customer. One is the type of attack and its source: for example, a botnet made up of popular IoT devices is cheaper than a botnet of servers. However, not all those providing attack services are ready to specify such details. Another factor is the duration of the attack (measured in seconds, hours and days), and the client’s location. DDoS attacks on English-language websites, for example, are usually more expensive than similar attacks on Russian-language sites. Another big factor affecting the cost is the type of victim. Attacks on government websites and resources protected by dedicated anti-DDoS solutions are much more expensive, as the former are high risk, while the latter are more difficult to attack. For instance, on one DDoS-as-a-service website, the cost of an attack on an unprotected website ranges from $50 to $100, while an attack on a protected site costs $400 or more. It means a DDoS attack can cost anything from $5 for a 300-second attack, to $400 for 24 hours. The average price for an attack is around $25 per hour. Kaspersky Lab’s experts were also able to calculate that an attack using a cloud-based botnet of 1000 desktops is likely to cost the providers about $7 per hour. That means the cybercriminals organising DDoS attacks are making a profit of around $18 per hour. There is, however, yet another scenario that offers greater profitability for cybercriminals – it involves the attackers demanding a ransom from a target in return for not launching a DDoS attack, or to call off an ongoing attack. The ransom can be the bitcoin equivalent of thousands of dollars, meaning the profitability of a single attack can exceed 95 per cent. In fact, those carrying out the blackmail don’t even need to have the resources to launch an attack – sometimes the mere threat is enough. “We expect the profitability of DDoS attacks to continue to grow. As a result, will see them increasingly used to extort, disrupt and mask other more intrusive attacks on businesses. Worryingly, small and medium sized businesses are not confident in their knowledge of how to combat these threats effectively. The longest DDoS attack in 2016 lasted 292 hours according to Kaspersky Lab’s research, or about 12 days,” said says Russ Madley, head of B2B at Kaspersky Lab UK. “Most online businesses can ill-afford to have their ‘doors closed’ for even an hour, let alone for 292 hours, as criminals take advantage of their poor defences. Companies that host these online sites are also under attack on a daily basis. The channel has a significant opportunity with our help to identify risks, provide strategic advice and deliver the right solutions to customers to prevent damaging DDoS attacks.” Interestingly, some cybercriminals have no scruples about selling DDoS attacks alongside protection from them. Kaspersky Lab’s experts, however, do not recommend using criminal services. Source: http://www.information-age.com/connected-cities-suffer-catastrophic-blackouts-123465253/

Taken from:
Criminal benefits: profit margin of a DDoS attack can reach 95%