Category Archives: DDoS Criminals

DDoS script kiddies are also… actual kiddies, Europol arrests reveal

Young ‘uns hire tools to hit infrastructure, info systems Law enforcement bods at Europol have arrested 34 users of Distributed Denial of Service (DDoS) cyber-attack tools and interviewed and cautioned 101 suspects in a global crackdown.…

More:
DDoS script kiddies are also… actual kiddies, Europol arrests reveal

Russian telecom giant repels DDoS attacks on country’s 5 largest financial institutions

Russian telecom giant Rostelecom has thwarted DDoS-attacks on the five largest banks and financial institutions in the country, the company said in a statement. All the attacks were recorded on December 5, 2016, the longest of them lasting for over two hours, Rostelecom said on Friday. “The analysis of the attack sources carried out by Rostelecom specialists revealed that the traffic was generated from the home routers of users who are usually referred to IoT devices,” Muslim Medzhlumov, director of the Cybersecurity Center for Rostelecom, said in a statement , published on the company’s website. “A distinctive feature of the attacks was that they were organized with the help of devices that support the CWMP Management Protocol (TR-069). A few weeks ago, a serious vulnerability was revealed in the implementation of this protocol on a number of devices from different manufacturers, which allows attackers [to] organize DDoS-attacks. At the beginning of last week, the largest German operator Deutsche Telecom was subjected to an attack on users’ home devices, as well as the Irish provider Eircom,” he explained. The Russian Federal Security Service (FSB) reported on December 2 that it had received intelligence of foreign intelligence services preparing large-scale cyber-attacks in Russia in the period starting from December 5, 2016, aimed at destabilizing Russia’s financial system and the activities of a number of major Russian banks. A RIA Novosti source close to the Central Bank reported that the Bank of Russia recorded several attacks on December 5 on the site of VTB Bank Group. On Tuesday, Russian President Vladimir Putin signed into effect an updated doctrine on information security. It states that the limitless flow of information has a negative impact on international security, as it can be employed to pursue geopolitical and military goals, thus favoring organized crime, extremists and terrorists. The doctrine notes that Russian government agencies, scientific centers, and military industries are being targeted by foreign intelligence services by means of electronic and cyber surveillance. To counter threats and challenges in the information environment, Russia will build “strategic deterrents” and step up efforts to “prevent armed conflicts that stem from the use of IT.” The doctrine also instructs government agencies to strengthen critical information infrastructure to protect against cyber and computer network attacks. Source: https://www.rt.com/news/369738-ddos-attacks-russia-banks/

Excerpt from:
Russian telecom giant repels DDoS attacks on country’s 5 largest financial institutions

Can ISPs step up and solve the DDoS problem?

Apply best routing practices liberally. Repeat each morning Solve the DDoS problem? No problem. We’ll just get ISPs to rewrite the internet. In this interview Ian Levy, technical director of GCHQ’s National Cyber Security Centre, says it’s up to ISPs to rewrite internet standards and stamp out DDoS attacks coming from the UK. In particular, they should change the Border Gateway Protocol, which lies at the heart of the routing system, he suggests.…

Read more here:
Can ISPs step up and solve the DDoS problem?

Cloud infrastructure attacks to increase in 2017, predicts Forcepoint

The cloud offers organizations a number of benefits, from simple off-site storage to rent-a-server to complete services. But 2017 will also see cloud infrastructure increasingly the target of attacks, with criminals lured by the data stored there and the possibility of using it to launch distributed denial of service attacks. That’s one of the predictions for the new year from security vendor Forcepoint. Hacking a cloud provider’s hypervisor would give an attacker access to all of the customers using the service, Bob Hansmann, Forcepoint’s director of security technologies, told a Webinar last week. “They’re not targeting you, they may not even know you exist until they get into the infrastructure and get the data. Then they’re going to try to maximize the attack” by selling whatever data is gained. Also tempting attackers is the bandwidth cloud providers have, to possibly be leveraged for DDoS attacks. As attacks on cloud infrastructure increase it will be another reason why CISOs will be reluctant to put sensitive data in the cloud, he said, or to limit cloud use to processing but not storing sensitive data. CIOs/CISOs have to realize “the cloud is a lie,” he said. “There is no cloud. Any cloud services means data is going to someone’s server somewhere. So you need to know are they securing that equipment the same way you’re securing data in your organization … are the personnel vetted, what kind of digital defences do they have?” “You’re going to have to start pushing your cloud providers to meet compliance with the regulations you’re trying to be compliant with,” he added. That will be particularly important for organizations that do business in Europe with the coming into force next year of the European Union’s new General Data Protection Regulation (GDPR) So answering questions such as now long does a cloud service hold the organization’s data, is it backed up securely, are employees vetted, is there third party certification of its use of encryption, how is it protected from DDoS attacks are more important than ever. Other predictions for next year include: –Don’t fear millennials. At present on average they are they second largest group (behind boomers) in most organizations. They do increase security risk because as a tech-savvy group they tend to over-share information – particularly through social media. So, Hansmann says, CISOs should use that to their advantage. “Challenge them to become security-savvy. Put in contests where employees submit they think are spam or phishing attacks, put in quarterly award recognitions, or something like that. Challenge them, and they will step up to the challnge. They take pride in their digital awareness.” Don’t try to make them feel what they do is wrong, but help them to become better. “They will be come a major force for change in the organiztion, and hopefully carry the rest of the organization with them.” –the so-called Digital Battlefield is the world. That means attackers can be nation-states as well as criminals. But CISOs should be careful what they do about it. Some infosec pros – and some politicians – advocate organizations and countries should be ready to launch attacks against a foe instead of being defensive. But, Forcepoint warns, pointing the finger is still difficult, with several hops between the victim and attacker. “The potential for mis-attribution and involving innocents is going to grow,” Hansmann said. “Nations are going to struggle with how do they ensure confidence in businesses, that they are a safe and secure place to do business with or through — and yet not over-react in a way that could cause collateral damage.” –Linked to this this the threat that will be posed in 2017 by automated attacks. The widespread weaponization of autonomous hacking machines by threat actors will emerge next year, Forcepoint says, creating an arms race to build autonomous patching. “Like nuclear weapons technology proliferation, weaponized autonomous hacking machines may greatly impact global stability by either preventing national defense protocols being engaged or by triggering them unnecessarily,” says the company. –Get ready for the Euopean GDPR. It will come into effect in May, 2018 and therefore next year will drive compliance and data protection efforts. “We’ve learned compliance takes a long time to do right, and to do it without disrupting your business.” Organizations may have to not only change systems but redefine processes, including training employees. CIOs need to tell business units, ‘We’re here to support you, but if you’re going to run operations through the EU this regulation is going to have impact. We need to understand it now because will require budgeting and changes to processes that IT doesn’t control,’ said Hansmann. –There will be a rise in what Forcepoint calls “corporate-incentivized insider abuse.’ That’s shorthand for ‘employees are going to cheat to meet sales goals.’ The result is staff falsifying reports or signing up customers signed up for services they didn’t order. Think of U.S. bank Wells Fargo being fined $185 million this year because more than 2 million bank accounts or credit cards were opened or applied for without customers’ knowledge or permission between May 2011 and July 2015. Over 5,000 staff were fired over the incidents. If organizations don’t get on top of this problem governments will regulate, Hansmann warned. Source: http://www.itworldcanada.com/article/cloud-infrastructure-attacks-to-increase-in-2017-predicts-forcepoint/389001

Read More:
Cloud infrastructure attacks to increase in 2017, predicts Forcepoint

80 Sony IP camera models come with backdoors

80 different models of Sony IPELA Engine IP Cameras have multiple backdoors that can be misused by attackers to take control of the device, disrupt its functionality, add it to a botnet, and more. Researchers from SEC Consult discovered two application-level backdoor accounts (“primana” and “debug”) with hardcoded passwords, the hashes of which are included in the devices’ firmware. The hashes can be cracked, and through these accounts, attackers can access specific, undocumented CGI functionalities. … More ?

Continue Reading:
80 Sony IP camera models come with backdoors

New Botnet is Attacking the US West Coast with Huge DDoS Attacks

The developers of this new botnet are inspired by Mirai success. In a blog post by CloudFlare, it has been revealed that the US West Coast is likely to become the target of yet another huge DDoS attack but this time it will be conducted with a different botnet than Mirai that was using during Dyn DNS attack which forced sites like Twitter, Amazon, PayPal etc to go offline for hours. The content delivery network states in the blog post that the company has been observing the overflow of traffic from about two weeks. It seems to be coming from a single source. Seemingly, someone was firstly testing their abilities with a 9-to-5 attack schedule and then the attack pattern was shifted to 24 hours. This new botnet is either equal or superior to the Mirai botnet. After observing the heavy attack traffic that literally peaked at 172MBPS, which means about a million data packets per second or 400 gigabits per second, CloudFlare concluded that the botnet was being turned on and off by some person who was busy with a 9-to-5 job. In the blog post, CloudFare wrote: “The attack started at 1830 UTC and lasted non-stop for almost exactly 8.5 hours, stopping at 0300 UTC. It felt as if an attacker ‘worked’ a day and then went home.” For about a whole week, the same attacker was observed to be sending data packets in huge proportions every day. Then the schedule was abruptly changed since the attacker was working on a 24-hour basis. This hints at the fact that the attacking mechanism was taken over by another, much-organized group. It is worth noting that the attack traffic wasn’t launched via Mirai botnet; the attackers are using a different kind of software with different methods like “”very large L3/L4 floods aimed at the TCP protocol.” The company also noted that the attacks are now focused on locations that are smaller and fall within the jurisdiction of the US West Coast. The revelation arrived soon after the special cyber-security commission of the White House issued recommendations and delivered the paper to the president. In the recommendations, it was urged that effective actions are required to mitigate and/or eliminate threats involving botnets. The report issued by the White House’s Commission on Enhancing National Cyber-security basically highlights the vulnerable nature of cyber-security nowadays with the emergence of sophisticated DDoS attacks methods like Mirai botnet that has been causing havoc lately. The 100-page long report contained recommendations regarding how the US government should tackle this issue. The bottom line was that the issue was much severe than it seems on paper and there is a lot needed to be done as soon as possible or else the situation will go out of hands. The report has identified six imperatives and there are 16 recommendations along with 53 Action Items aimed at countering the threat. The crux of the report and the commission’s research is that the US government and the private sector must collaborate and work closely to devise ways for handling cyber-security related issues and vulnerabilities along with developing programs for handling such problems in future. Source: https://www.hackread.com/new-mirai-like-botnet-ddos-attack/

See more here:
New Botnet is Attacking the US West Coast with Huge DDoS Attacks

Cybercriminals use DDoS as smokescreen for other attacks on business

Distributed Denial of Service (DDoS) attacks are sometimes used by cybercriminals to distract businesses while hackers sneak in through the back door, a survey from Kaspersky Lab and B2B International suggests. Over half of businesses questioned (56%) are confident that DDoS has been used as a smokescreen for other kinds of cybercrime, and of those business respondents, a large majority (87%) reported that they had also been the victim of a targeted attack. The Kaspersky Lab IT Security Risks 2016 study showed that when businesses have suffered from cybercrime, DDoS has often been part of the attack tactics (29%). For example, a worrying quarter (26%) of businesses that have suffered data loss as a result of a targeted attack, named DDoS as one of the contributing vectors. Overall, 56% of business representatives surveyed believed that the DDoS attacks their companies had experienced were a smokescreen or decoy for other criminal activities. Kirill Ilganaev, Head of Kaspersky DDoS Protection, explained why DDoS attacks may appeal to cybercriminals as part of their tactics. He said, “DDoS prevents a company from carrying on its normal activities by putting either public or internal services on hold. This is obviously a real problem to businesses and it is often ‘all hands on deck’ in the IT team, to try and fix the problem quickly, so the business can carry on as before. DDoS can therefore be used not only as an easy way to stop the activity of a company, but also as a decoy to distract IT staff from another intrusion taking place through other channels.” The study found that when DDoS attacks have been used by cybercriminals as a smokescreen, businesses also faced threats such as losses and exploits through mobile devices (81%), the actions of other organizations (78%), phishing scams (75%) and even the malicious activity of internal staff (75%). The majority (87%) were also victims of targeted attacks. Ilganaev continued, “The research shows us that DDoS attacks are often aligned with other threats. Businesses therefore need to be aware of the full threat landscape, and prepared to deal with multiple types of criminal activity at any one time. Failure to do this could increase the collateral damage, on top of already significant losses caused by downtime and the resulting impact on reputation. Businesses need to use a reliable DDoS protection service to reduce the risk of DDoS and help staff concentrate their efforts on protecting the business from any threats that can be hidden as a result.” Source: http://www.networksasia.net/article/cybercriminals-use-ddos-smokescreen-other-attacks-business.1480989900

See original article:
Cybercriminals use DDoS as smokescreen for other attacks on business

New botnet launching daily massive DDoS attacks

CloudFlare spotted a new botnet in the wild which launched massive DDoS attacks aimed at the US West Coast for 10 days in a row. A new monster botnet, which hasn’t been given a name yet, has been spotted in the wild launching massive DDoS attacks. Security experts at CloudFlare said the emerging botnet is not related to Mirai, but it is capable of enormous distributed denial-of-service attacks. If this new botnet is just starting up, it could eventually be as powerful as Mirai. The company has so far spent 10 days fending off DDoS attacks aimed at targets on the US West Coast; the strongest attacks peaked at over 480 gigabits per second (Gbps) and 200 million packets per second (Mpps). CloudFlare first detected the new botnet on November 23; peaking at 400 Gbps and 172 Mpps, the DDoS attack hammered on targets “non-stop for almost exactly 8.5 hours” before the attack ended. CloudFlare’s John Graham-Cumming noted, “It felt as if an attacker ‘worked’ a day and then went home.” The botnet DDoS attacks followed the same pattern the next day, like the attacker was “someone working at a desk job,” except the attacks began 30 minutes earlier. On the third day, the attacks reached over 480 Gbps and 200 Mpps before the attacker decided to knock off a bit early from ‘work.’ Once Thanksgiving, Black Friday and Cyber Monday were over, the attacker changed patterns and started working 24 hours a day. The attacks continued for 10 days; each day the DDoS attacks “were peaking at 400 Gbps and hitting 320 Gbps for hours on end.” That’s not as powerful as the Mirai botnet made up of insecure IoT devices, but this botnet is presumably just getting started. It’s already plenty big enough to bring a site to its knees for hours on end unless it has some decent form of DDoS protection. If it were to be combined with other botnet strains, it might be capable of beating the unprecedented records set by the Mirai attacks. Although CloudFlare never elaborated on what devices the new botnet was abusing for its attacks, the company said it uses different attack software then Mirai. The emerging botnet sends very large Layer 3 and Layer 4 floods aimed at the TCP protocol. Hopefully it’s not using poorly secured internet of things devices as there seems to be an endless supply of IoT devices with pitiful-to-no security waiting to be added to botnets. That’s likely going to get worse, since IoT gadgets are expected to sell in record-breaking numbers this holiday season. It’s just a guess, but it does seem likely that the new botnet is aimed at such devices. CloudFlare posted the new botnet information on Friday, so it is unknown if the attacks have continued since the article was published. Last week, a modified version of the Mirai IoT malware was responsible for creating chaos in Germany and other worldwide locations; the hackers reportedly responsible for attempting to add routers to their botnet apologized for knocking Deutsche Telekom customers offline as it was allegedly not their intention. DDoS attacks may give a blue Christmas to gamers Regarding DDoS attacks, the most recent Akamai State of the Internet/Security Report suggested that gamers might not have the best holiday season. For the past several years, hackers have attacked and sometimes taken down Microsoft’s Xbox and Sony’s PlayStation networks, even Steam, making it impossible for seasoned gamers as well as those who received new gaming platforms for Christmas to enjoy new games and consoles. “Thanksgiving, Christmas, and the holiday season in general have long been characterized by a rise in the threat of DDoS attacks,” the Akamai report stated. “Malicious actors have new tools – IoT botnets – that will almost certainly be used in the coming quarter.” As first pointed out by Network World’s Tim Greene, Akamai added, “It is very likely that malicious actors are now working diligently to understand how they can capture their own huge botnet of IoT devices to create the next largest DDoS ever.” Let’s hope the newly discovered botnet isn’t an example of Akamai’s prediction. Source:http://www.computerworld.com/article/3147081/security/new-botnet-launching-daily-massive-ddos-attacks.html

View article:
New botnet launching daily massive DDoS attacks

CloudFlare warns of another massive botnet, er, flaring up

DDoS attacks on the horizon as White House cybersecurity report issues recommendations CloudFlare has warned of another massive botnet that appears to be ramping up and targeting the US West Coast.…

More here:
CloudFlare warns of another massive botnet, er, flaring up

Warcraft, Overwatch Down? Blizzard DDoS Attacks Affect Gaming Service

Miscreants have struck Blizzard servers again with multiple waves of DDoS attacks over the last 12 hours. Warcraft and Overwatch, two massively popular games, have been facing latency, login and disconnection issues even while Blizzard has been working on fixing the problem. The company first acknowledged the problem in a tweet Sunday evening. Since then, Blizzard claimed to have regained control over matters at its end, only to announce twice the DDoS attacks had restarted. Its last update, at 11:42 p.m. EST Sunday, came three hours after the last wave of DDoS attacks. On Twitter, a group calling itself Phantom Squad claimed responsibility for the attack Blizzard also provided a link to a support page on its website that may help some users troubleshoot their connection problems. As always, social media was abuzz with users venting their frustration at the gaming servers being affected. This is at least the fifth such instance in the last few months. The company also has a scheduled maintenance coming up Tuesday. Source: http://www.ibtimes.com/warcraft-overwatch-down-blizzard-ddos-attacks-affect-gaming-service-2454782

View the original here:
Warcraft, Overwatch Down? Blizzard DDoS Attacks Affect Gaming Service