Category Archives: DDoS Criminals

DDoS Attack Takes Down Austrian Parliament Website

The DDoS attack, one of the most common cyber threats, is being investigated by authorities The Austrian parliament’s website was hit by a suspected cyber attack over the weekend which took the site down for 20 minutes. Hackers are believed to have used a Distributed Denial of Service (DDoS) attack to flood the website with digital service requests and, although no data was lost, authorities are now investigating the attack. “The hacker attack was most likely a so-called DDoS-attack; a similar attack took place last November targeting the websites of the Foreign Affairs and Defence Ministries,” the parliament said in a statement. Cyber attack One of the most common cyber threats around, DDoS attacks have been growing in size and prevalence in recent times, with Corero Network Security predicting that such threats will become the top security priority for businesses and the new norm in 2017. “While the Mirai botnet is certainly fearsome in terms of its size, its capacity to wreak havoc is also dictated by the various attack vectors it employs, said Dave Larson, CTO/COO at Corero Network Security. “If a variety of new and complex techniques were added to its arsenal next year, we may see a substantial escalation in the already dangerous DDoS landscape, with the potential for frequent, Terabit-scale DDoS events which significantly disrupt our Internet availability.” In January, a DDoS attack was responsible for an outage at Lloyds Banking Group that left customers unable to access online banking services for three days, after web security firm Imperva had earlier that month issued a warning to businesses after fending off the largest DDoS attack ever recorded on its network. But the most high-profile attack in recent months affected domain name service provider Dyn and resulted in a slew major sites – including Twitter, Spotify and Reddit – being taken offline. Source: http://www.silicon.co.uk/security/ddos-attack-austrian-parliament-website-204381

View the original here:
DDoS Attack Takes Down Austrian Parliament Website

DDoS attack on Dyn costly for company: claim

A distributed denial of service attack on Dynamic Network Services, otherwise known as Dyn, in October 2016, led to the company losing a considerable amount of business, according to data from the security services company BitSight. A report at the Security Ledger website said while Internet users endured short-term pain because they were cut off from popular websites during the attack, the company, Dyn, lost the business of about 8% of the domains — about 14,500 — it was hosting shortly thereafter. This figure was based on statistics in a talk given on 24 January by Dan Dahlberg, a research scientist at BitSight Technologies in Cambridge, Massachusetts. Dyn is based in Manchester, New Hampshire. It was recently bought by Oracle Corporation. During the outage, Dyn was targeted by hackers who are said to have used digital video recorders and security cameras which were compromised by malware known as Mirai and used to form a massive botnet. The first attack, on 21 October 2016 US time, began at 7.10am EDT (10.10pm AEDT) and, once this was resolved by Dyn, further waves caused disruptions throughout the day. While major US websites like Twitter, Spotify, Netflix and Paypal were disrupted, the application performance management software company Dynatrace said that Australian websites were affected as well. Among the Australian sites that took a hit, Dynatrace listed AAMI, ANZ, BankWest, Coles, The Daily Telegraph, Dan Murphy’s, ebay, HSBC, The Herald Sun, NAB, 9News, The Age, Ticketmaster, The Australian, Woolworths, The Sydney Morning Herald, and Westpac. BitSight provides security rating services for companies. It analysed 178,000 domains that were hosted on Dyn’s managed DNS infrastructure before and after the attacks; of these 145,000 used Dyn exclusively, while the remaining 33,000 used Dyn and others too. After the attack, according to Dahlberg, 139,000 of the 145,000 domains managed exclusively by Dyn continued to use its services, a loss of 4% or 6000 domains. Among domains that used Dyn and other providers as well, there was a loss of 8000 domains, or 24%. Security Ledger said it had tried to get a comment from Dyn but was refused one. It is not clear whether any of the 14,500 domains that were found not to be using Dyn’s services in the aftermath of the attack returned to the provider. Source: http://www.itwire.com/security/76717-ddos-attack-on-dyn-costly-for-company-claim.html

View the original here:
DDoS attack on Dyn costly for company: claim

SQL Sequel: Sequel Slammer worm resurfaces after more than a decade

SQL Slammer, a fast-moving worm that generated a wave of distributed denial of service (DDoS) attacks in 2013, mysteriously resumed high levels of activity in late 2016 after more than a decade of dormancy. According to a company blog post Thursday, Check Point Software Technologies detected a “massive” surge in SQL Slammer attacks between Nov. 28 and Dec. 4, 2016. “What we’ve been seeing is not the actual worm, but its attempts to reach more servers,” said Maya Horowitz, group manager, threat Intelligence at Check Point, in an email interview with SC Media. “Therefore we cannot know for sure if any changes have been [made to] the worm or the vulnerabilities it exploits.” When it first surfaced in 2003, the worm managed to infect tens of thousands of servers and routers in a matter of minutes by exploiting a buffer overflow vulnerability (CVE-2002-0649) in Microsoft SQL Server 2000 or Microsoft SQL Server Data Engine 2000 – both of which are no longer supported. These infected, exploited machines would then bombard ransom IP addresses with an enormous stream of malicious packets that would infect other vulnerable systems, while simultaneously overloading Internet-based network devices with traffic. Microsoft patched this vulnerability in Jan. 2003 and over the years has issued multiple new versions of the affected products. This makes these latest attacks ever stranger, because unless the worm has evolved in some way, it is hard to imagine that users remain susceptible to this threat. “One theory to why it’s attempting to make a comeback is that cybercriminals are seeking easy ways to cause DoS and slow down the entire Internet, just like with the recent Mirai botnet,” said Horowitz. “And reusing old malware is the easiest way.” Source:https://www.scmagazine.com/sql-sequel-sequel-slammer-worm-resurfaces-after-more-than-a-decade/article/636156/

Read More:
SQL Sequel: Sequel Slammer worm resurfaces after more than a decade

39% of businesses not ready to protect themselves against DDoS

Companies are not ready to protect themselves against DDoS, with four in ten (39%) businesses unclear about the most effective protection strategy to combat this type of attack, according to research from Kaspersky Lab. A lack of knowledge and protection is putting businesses at risk of grinding to a halt. DDoS attacks can quickly incapacitate a targeted business’s workflow, bringing business-critical processes to a stop. However, the research found that nearly a fifth (16%) of businesses are not protected from DDoS attacks at all, and half (49%) rely on built-in hardware for protection. This is not effective against the increasing number of large-scale attacks and ‘smart’ DDoS attacks which are hard to filter with standard methods. Large-scale cyberattacks are now commonplace, such as the recent attack on telecommunications provider StarHub, which faced a high-profile DDoS attack in October last year. Hackers are also showing a preference for DDoS attacks, with the proliferation of IoT devices today. As IoT devices have weak security protocols, they are easy targets for hackers to launch DDoS attacks from. As IoT devices are forecasted to hit 21 billion in 2020, each potential entry point into an organisation increases vulnerability to DDoS attacks. Many businesses are in fact aware that DDoS is a threat to them – of those that have anti-DDoS protection in place, a third (33%) said this was because risk assessments had identified DDoS as a potential problem, and one in five (18%) said they have been attacked in the past. For some, compliance, rather than awareness of the security threat, is the main driver, with almost half (43%) saying regulation is the reason they protect themselves. The problem for businesses is that, in many cases, they may assume they’re already protected. Almost half (40%) of the organizations surveyed fail to put measures in place because they think their Internet service provider will provide protection, and one in three (30%) think data center or infrastructure partners will protect them. This is also not always effective, because these organizations mostly protect businesses from large-scale or standard attacks, while ‘smart’ attacks, such as those using encryption or imitating user behavior, require an expert approach. Moreover, the survey found that a third (30%) fail to take action because they think they are unlikely to be targeted by DDoS attacks. Surprisingly, one in ten (12%) even admit to thinking that a small amount of downtime due to DDoS would not cause a major issue for the company. The reality is that any company can be targeted because such attacks are easy for cybercriminals to launch. What’s more, the potential cost to a victim can reach millions. “As we’ve seen with the recent attacks, DDoS is extremely disruptive, and on the rise,” says Kirill Ilganaev, Head of Kaspersky DDoS Protection at Kaspersky Lab. “When hackers launch a DDoS attack, the damage can be devastating for the business that’s being targeted because it disables a company’s online presence. As a result business workflow comes to a halt, mission-critical processes cannot be completed and reputations can be ruined. Online services and IT infrastructure are just too important to leave unguarded. That’s why specialized DDoS protection solution should be considered an essential part of any effective protection strategy in business today.” Source: http://www.networksasia.net/article/39-businesses-not-ready-protect-themselves-against-ddos.1486046674

See original article:
39% of businesses not ready to protect themselves against DDoS

The emergence of new global cybercriminal attack patterns

The findings of a new Malwarebytes report illustrate a significant shift in cybercriminal attack and malware methodology from previous years. Ransomware, ad fraud and botnets, the subject of so much unjustified hype over previous years, surged to measurable prominence in 2016 and evolved immensely. Cybercriminals migrated to these methodologies en masse, impacting nearly anyone and everyone. To better understand just how drastically the threat landscape evolved in 2016, researchers examined data taken from Windows and … More ?

Read more here:
The emergence of new global cybercriminal attack patterns

Assessing The Massive Security Vulnerability Of The Internet Of Things

The increase in connected devices could make 2017 a banner year for cyber attacks. A report by global professional services company Deloitte said that Distributed Denial of Service (DDoS) attacks will grow in size and scale in 2017, thanks in part to the growing multiverse of connected things. According to Deloitte’s annual Technology, Media and Telecommunications Predictionsreport, DDoS attacks will be more frequent, with an estimated 10 million attacks in total over the next 12 months. DDoS attacks are no new phenomena. The potential impact on an organization from this category of cyber threat should never be underestimated, Deloitte said. The report said that the size of DDoS attacks has increased year-on-year. Between 2013 and 2015, the largest attacks did not exceed 500 gigabits per second. In 2016, there were two attacks that exceeded one terabit per second. Over the next 12 months, the average attack size is forecast to be between 1.25- and 1.5 GBs per second, with at least one per month exceeding 1 TB per second. On a basic level, the success of DDoS attack is focused on making a website or network resource—a server, for example—unusable. This scenario is achieved by creating a flood of Internet traffic from multiple sources that are launched simultaneously. The website or resource is then overwhelmed, resulting in a suspension of service or access. For example, an ecommerce website that is hit by a DDoS attack would be unable to sell its products until the attack was contained. At the same time, any exposed vulnerabilities could produce a knock-on effect and take other organizations or websites down with it. “DDoS attacks are the equivalent of hundreds of thousands of fake customers converging on a traditional shop at the same time,” the report said. “The shop quickly becomes overwhelmed. The genuine customers cannot get in and the shop is unable to trade as it cannot serve them.” Connected Devices Are An Easy Target There are several methods for creating this type of chaos but the most common are botnets and amplification attacks. A DDoS attack generated through a botnet accesses hundreds of thousands of connected devices that have been told to act in disruptive manner via malicious code. An amplification attack also uses malicious code by instructing a server to generate multiple fake IP addresses that are then sent to a website—known as “spoofing”—which then overwhelm that service. Both of these approaches are widely known, although it is the botnet that has become more prevalent. Irrespective of how widespread the impact is on an organization or network, Deloitte said that three concurrent trends will escalate the potential for DDoS attacks in 2017—the Internet of Things, widely available malware and high bandwidth speeds. The prime culprit will be the Internet of Things. Connected devices are notoriously insecure and ripe for being taken over by a third party. The standard way to gain remote access to a device is through a user ID or password, but some people may not be aware that a device’s firmware offers hackers a way in, Deloitte said. Deloitte said: The majority of users are familiar with the need to change user ID and passwords before using a device for the first time, and at regular intervals thereafter. But approximately half a million of the billions of IoT devices worldwide—a small proportion of the total, but a relatively large absolute number—reportedly have hard-coded, unchangeable user IDs and passwords. In other words, they cannot be changed, even if the user wants to. Hard-coded user IDs and passwords are not an issue provided that a third party doesn’t know what they are. The problem is that they can be easy to find. The Internet Of Things Is Always Exploitable Anyone with a degree of programming knowledge can sift through a device’s firmware to discover what these IDs and passwords are, the report said. In addition, a compromised Internet of Things device may not show any signs of being compromised to its owner, especially if there is no obvious deterioration in performance. Theoretically, millions of devices could be affected without their owners having any idea that the device was part of a botnet, Deloitte said. Consumer confidence in the Internet of Things is aligned with how secure a connected device is, confidence that can be shattered if that device can be exploited with little effort. For example, the cyber attack on October 21, 2016, that affected the Dyn network was attributed to a botnet that used Internet-connected devices to take down numerous high-profile services that included Twitter, Amazon.com, Spotify, Comcast, Fox News and PayPal. Thousands of connected devices were used in this attack, which is now accepted as one of the largest of its kind to date. Any company or organization that has a presence on the Internet should be aware that DDoS attacks are not going to stop anytime soon. The report cited several sectors that should be alert to the impact that a successful DDoS attack could have including (but not limited to) retailers with a high proportion of online revenue, video streaming services, financial or professional service companies and online video games providers. “Some organizations may have become a little blasé about DDoS attacks, however these attacks are likely to increase in intensity in 2017 and beyond, and the attackers are likely to become more inventive,” said Deloitte. “Unfortunately, it may never be possible to relax about DDoS attacks. The DDoS genie is out of the bottle, and is unlikely to pop back in.” Source: https://arc.applause.com/2017/01/27/ddos-iot-vulnerability-asssessment/

Taken from:
Assessing The Massive Security Vulnerability Of The Internet Of Things

Global concern over distributed denial-of-service attacks

Arbor Networks has released its 12th Annual Worldwide Infrastructure Security Report (WISR). The report covers a range of issues from threat detection and incident response to managed services, staffing and budgets. But the main focus is on the operational challenges internet operators face daily from network-based threats and the strategies adopted to address and mitigate them. The largest distributed denial-of-service (DDoS) attack reported this year was 800 Gbps, a 60% increase over 2015’s largest attack of 500 Gbps. According to Arbor, DDoS attacks are not only getting larger, but they are also becoming more frequent and complex. Darren Anstee, chief security technologist with Arbor Networks, says survey respondents have grown accustomed to a constantly evolving threat environment with steady increases in attack size and complexity over the past decade. “However, IoT botnets are a game changer because of the numbers involved – there are billions of these devices deployed and they are being easily weaponised to launch massive attacks,” he says. “Increasing concern over the threat environment is reflected in the survey results, which show significant improvements in the deployment of best practice technologies and response processes. The report also found that the emergence of botnets that exploit inherent security weaknesses in IoT devices and the release of the Mirai botnet source code have increased attacker ability to launch extremely large attacks. According to the company, the massive growth in attack size has been driven by increased attack activity on all reflection/amplification protocols, and by the weaponisation of IoT devices and the emergence of IoT botnets. Because of this, Arbor say the consequences of DDoD attacks are becoming clear – DDoS attacks they have successfully made many leading web properties unreachable – costing thousands, sometimes millions, of dollars in revenue. However, the company does point out that this year’s survey results indicate a better understanding of the brand damage and operational expense of successful DDoS attacks. Source: https://securitybrief.asia/story/global-concern-over-distributed-denial-service-attacks/

Original post:
Global concern over distributed denial-of-service attacks

Unbreakable Locky ransomware is on the march again

Necrus botnet wakes up and starts fresh malware-cano Cisco is warning of possible return of a massive ransomware spam campaign after researchers noticed traces of traffic from the hitherto dormant Necrus botnet.…

View article:
Unbreakable Locky ransomware is on the march again