Category Archives: DDoS Criminals

Overwatch,’ ‘Warcraft’ Servers Sidelined By DDoS Attack From Hacking Group PoodleCorp

Blizzard was hit with a DDoS attack that made its servers inaccessible, disrupting gameplay for Battle.net users on Aug. 2. Someone from Blizzard’s customer support team posted on the Battle.net forums to acknowledge the attack, saying network engineers are on the case, working to address the issue. The problem has since been resolved, but according to a tweet from Blizzard’s North American customer support team, reports of World Server Down in World of Warcraft are being investigated. In a tweet, hacker group PoodleCorp claimed responsibility for the DDoS attack. It’s not clear who is PoodleCorp exactly, but some Battle.net users have surmised that some of the hacking group’s members could be players who were recently banned from Overwatch , and thus now out for revenge. Whoever they are, PoodleCorp appears to be a busy group. A day before the DDoS attack on Blizzard, the hackers apparently took on Pokémon GO , marking their second takedown of the mobile game after first attacking it on July 16. Pokémon GO servers were also down for several hours on July 17, but OurMine, another hacking group, took the credit for that attack. In an interview via Twitter DM, PoodleCorp’s leader, @xotehpoodle, told Mic that they targeted Pokémon GO because it’s popular right now. Also, they’re doing what they’re doing because nobody can stop them. “We do it because we can, nobody can stop us and we just like to cause chaos,” said the hacking group’s head, who added that their botnet is worth more than Niantic. Over the summer, PoodleCorp also claimed responsibility for hacking League of Legends and popular YouTubers. Earlier in June, Blizzard also experienced a major outage as another DDoS attack took out its servers. Twitter user AppleJ4ck, said to be tied to hacking group Lizard Squad, claimed responsibility for the attack and mocked Blizzard, saying the attack was part of some “preparations.” As PoodleCorp has claimed responsibility for the most recent outage, does that mean that there’s more to come given what AppleJ4ck’s been preparing for has not come to fruition? In the past, Lizard Squad had been connected to disruptions on Microsoft’s Xbox Live and Sony’s PlayStation Network. When angry gamers swarmed the hackers’ Twitter accounts, PoodleCorp and AppleJ4ck replied with similar messages, saying anyone who gets upset over a game should get a life and that they’re doing everyone a favor by knocking them offline. Source: http://www.techtimes.com/articles/172361/20160803/overwatch-warcraft-servers-sidelined-by-ddos-attack-from-hacking-group-poodlecorp.htm

Follow this link:
Overwatch,’ ‘Warcraft’ Servers Sidelined By DDoS Attack From Hacking Group PoodleCorp

Security testing platform for app-aware infrastructures

At Black Hat USA 2016, Spirent Communications will be presenting CyberFlood, a security and performance testing platform suitable for complex testing scenarios. With CyberFlood, users can ensure that their security and performance testing addresses their unique environments by emulating realistic traffic volume, threats, and attack scenarios including fuzzing, malware, and DDoS attacks. Designed with team testing in mind, CyberFlood’s intuitive web UI extends easy-to-use best practices for faster, repeatable, and more accurate testing. Users can … More ?

Media Organizations Beware – DDos Attacks are Coming

There’s nothing subtle about a DDoS attack. Your incident response console is lit up like a Christmas tree. Alarms are going off indicating that your network is down or severely disrupted. System users and managers are sending you panicky messages that business has ground to a halt. Meanwhile your mind is racing: Who would do this to us? Some kind of cyber extortionist? An unsavoury competitor? Hacktivists trying to send a message? And why would they do this? There are many reasons behind a DDoS attack but one thing we have continued to see is the rise of DDoS attacks on media publications – most recently demonstrated by the attacks on Swedish media sites. After a bit of investigation, Arbor found that the attack was not endorsed by the Russian government, but instead a typical distributed attack, with computers located in Russia, among many other countries, generating attack traffic – most likely a botnet for hire service. At the end of last year, we also saw the BBC hit by a DDoS attack and according to Newscycle Solutions, while Brian Krebs was hit by a DDoS back in 2013. Over 50% of media companies have been the victim of some sort of cyber-attack in the last two years – it’s clear that media organizations are currently in the firing line for hackers. We know that every business has a different IT team and because of this have different views towards security. But it is important that even soft targets such as media organizations have a good understanding of the threat landscape and implement the right security processes. There are several factors media organizations should consider. Easy to implement, easy to attack Firstly, it is now far too easy to launch a DDoS attack. For a mere $5/hr anyone without any technical knowledge can purchase a DDoS for Hire Service and launch a DDoS attack. Quite often, it is used as a smokescreen to cover fraudulent activity. Combine this with the many motives behind a DDoS attack and you see why there is such a rise in the number of DDoS attacks across all types of industries. Changing motivations Traditionally, vandalism and political/ideological disputes are the common reason for attacks on media organizations. The poster child for this is the DDoS attack on the BBC. It is just a way for hackers to flex their muscles to show everyone what they’re capable of. More recent attacks have highlighted the growth of criminal extortion, data exfiltration and DDoS for Bitcoin. As media organizations report on all types events, while they may not take a side, they could still become a target of an attack. Interestingly there is usually a correlation between political conflicts in the real world and online attacks – often called cyber-reflection. The variety of DDoS continues to grow DDoS attacks are utilized as a diversion or smokescreen in multiple stages of the cyberattack kill chain. The following cases have all been documented as part of complex attacks and should be steps every business should be aware of: Reconnaissance : In this initial stage, cybercriminals launch a small DDoS attack to size up your security posture and ability to respond. If they find that a business’ security is weak, they will stick around to do some discrete probing and port scanning, looking for vulnerabilities to exploit so they can break into the organization. The knowledge they gather in this phase will be used for the Extract Data/Complete Mission Phase Malware Delivery/Exploitation : Now they’re inside the network and spreading out, dropping malware onto your machines. To cover their tracks, hackers will launch a DDoS attack to overwhelm an organization’s threat detection and forensics tools, making the search for the breach and the planted malware much harder to detect Extract Data/Complete Mission : In the final stage, they launch a DDoS attack as a diversion while they steal confidential data such as credit card information, intellectual property or other valuable information they can get their hands on. While the IT team are distracted, cyber criminals quietly slip away undetected with their loot and the DDoS attack mysteriously ends Don’t be low-hanging fruit If a media organization is hit with a DDoS attack, it might not be an independent event. It’s important to make sure there’s nothing happening inside the network that could be related to that attack – otherwise the consequences could be far worse. In fact, businesses may be able to take some cues from the DDoS attack that will help them investigate further. For example, if the IT team knows where the attack is coming from, that could indicate who the threat actor may be. Plus the tactics, techniques and procedures (TTPs) the threat actor uses may help you hunt for other indicators of compromise (IOCs) potentially signalling that you’re falling victim to a larger threat campaign. But why take all the risk? Preventing smokescreen attacks, and the potentially devastating damage they cause, is one more reason why many companies invest in strong DDoS protection. Like a burglar checking for unlocked doors, cyber-criminals look for low-hanging fruit. If they realize that a media site has the defenses in place that can deflect their initial attack, they’re more likely to abandon their efforts and look for an easier victim. Source: http://www.infosecurity-magazine.com/opinions/media-organizations-beware-ddos/

See more here:
Media Organizations Beware – DDos Attacks are Coming

123-Reg drowns in ongoing DDoS tsunami

Data centre target of attack of 30+ Gbps Beleaguered web host 123-Reg has suffered a “huge scale” distributed denial of service (DDoS) attack to its data centre – knocking the Brit outfit’s website offline and a number of users’ services. The attack began this morning and is still ongoing but no performance-related issues have been reported since the traffic was rerouted. The Register understands that the outfit experienced a DDoS attack of 30-plus Gbps to its data centre, with its protection systems kicking in within seconds of the attack being detected. Consequently the business redirected traffic through its secondary “DDoS protection platform” in Germany, which doubled its capacity. No servers were offline, although customers experienced intermittent connection issues such as our website, control panel, email or websites. A 123-Reg spokeswoman said: “At about 10:10am we received a huge scale DDoS attack to our data centre. “Our protection systems kicked in immediately and the attack was contained by 10:40am. We apologise for any intermittent connection issues to our services that some of our customers may have experienced during this time.” Back in November, internet provider Eclipse was hit by a DDoS attack. ® Source: http://www.theregister.co.uk/2016/08/02/123reg_suffers/

DDoS attacks increase by over 80 percent

In the second quarter of this year DDoS attacks increased by 83 percent to more than 182,900, according to the latest threat report from security solutions company Nexusguard. The report shows that Russia has become the number one victim country. Starlink — a Russian ISP supporting small, medium and large enterprises — received more than 40 percent of the DDoS attacks measured over a two-day period. This targeted DNS attack also pushed the mean average DDoS duration to hours instead of minutes, as measured in the previous quarter. Nexusguard’s researchers attributed this increase to nationalist hactivists organizing a targeted attack to take out Russian businesses, rather than outbreaks driven by popular DDoS-for-hire activity. As a result, they advise businesses to safeguard their infrastructures and check service provider security to ensure continuity for their web presence. The United States and China continue to hold spots in the top three target countries. Brazil remains in the top 10, as well, but saw its attacks decline by more than half. Nexusguard also recorded increases in other attack varieties, including routing information protocol (RIP) and multicast domain name system (mDNS) threats. Hackers are experimenting with new attack methodologies, and with the upcoming Olympics in Brazil and political tensions around the world, researchers predict these factors will contribute to a DDoS spike in Q3. “We were surprised to see an increase in DDoS attacks this quarter, especially as hackers experiment with ransomware, phishing schemes and other data-grabbing methods for monetary gain,” says Terrence Gareau, chief scientist at Nexusguard. “Organizations can expect cyberattacks to continue growing in frequency this year, especially with more attention on the Summer Olympics and the November election season in the US. The results from this quarter also show how important it is to not only protect your website, but also to plan for new payloads and attacks on your infrastructure”. Source: http://betanews.com/2016/07/27/ddos-attacks-increase-by-over-80-percent/

Internet Service Providers Under DDOS Attack in Mumbai, Probe Ordered

“Thus, an attack on ISPs is an attack on the nation”. Internet Service Providers (ISPs) in Mumbai are facing an unprecedented attack by hackers which has reduced surfing speeds in the city. Inspector General of Police (Cyber Crime) Brijesh Singh said, “Some unknown people are involved in crashing the ports of Internet Service Providers by making lakhs of requests at a particular terminal at a particular time, which we call “Distributed Denial Of Service”. According to the post on The Hindu, IGP (Cyber Crime) Brijesh Singh said, ‘An FIR has been filed with the Cyber police station in BKC under sections 43 (F) and 66 of the Information Technology Act. They also said the attack was still being carried out. “We have registered an FIR and started tracking down the operators who are trying to crash the servers or ports of ISPs”, he said, adding that the attack has slowed down the internet services and affected subscribers of ISPs. “We are investigating the matter”. Other than this, it’s not clear which ISPs are affected although this reddit thread claims that Airtel is the primary ISP being DDoSed, which distributes broadband to other smaller companies, leading to network blockages across a wide range of ISPs. The attack, however, still continues. The resources behind the attack have to be considerable. “Kindly bare with us as we are trying to solve this problem in very short period with the help of high skilled technicians. please be with us and let’s fight against these hackers (sic)”. As of Monday morning, small and medium ISPs are still struggling to provide uninterrupted service to users. IT expert Vijay Mukhi says, “The idea of a DDoS is to make a computer or a server very slow so that anyone who uses an ISP’s services can not connect. All a hacker has to do is buy enough infected IP addresses and use them for a DDOS attack”. Typically, DDoS attacks are targeted at big websites or platforms with the intention of taking them down or blocking access to them. Source: http://nanonews.org/internet-service-providers-under-ddos-attack-in-mumbai/

More:
Internet Service Providers Under DDOS Attack in Mumbai, Probe Ordered

Bart ransomware victims get free decryptor

AVG malware analyst Jakub Kroustek has devised a decryptor for Bart ransomware, and the company has made it available for download (for free). Bart ransomware This particular piece of malware was first spotted in late June, being delivered via spam emails sent out by the Necurs botnet – the botnet that’s responsible for the onslaught of Locky ransomware and the Dridex Trojan. Bart is not your typical crypto ransomware as it doesn’t encrypt victims’ files. … More ?

See the original article here:
Bart ransomware victims get free decryptor

DDoS trends: Bigger, badder but not longer

10Gbps is the new norm, warns Arbor Networks DDoS attacks once again escalated in both size and frequency during the first six months of 2016.…

Continue Reading:
DDoS trends: Bigger, badder but not longer

Whitepaper: Does your DDoS protection strategy address the changing threat landscape?

When it comes to DDoS attacks, you need a protection strategy that quickly adapts to the increasing sophistication of today’s attackers and the other current changes and trends in the DDoS threat landscape. Find out: What are the newest trends in Network and Applicative DDoS attacks What are the implications on your DDoS protection strategy How Incapsula’s DDoS Protection service addresses the new protection requirements. DDoS Downtime Calculator Incapsula’s DDoS Downtime Calculator is designed to … More ?

More:
Whitepaper: Does your DDoS protection strategy address the changing threat landscape?

68 gov’t websites attacked

Several Philippine government websites have been subjected to various forms of cyberattacks following the release of the ruling on the arbitration case filed by the Philippines against China. The STAR learned yesterday that at least 68 websites have been subjected to attacks, which included attempts of hacking and defacement, slowdowns and distributed denial of service attacks. Among those at the receiving end were agencies such as the Department of National Defense, the Philippine Coast Guard, Department of Foreign Affairs, Department of Health, the Presidential Management Staff and the gov.ph domain registry website. The website of the Bangko Sentral ng Pilipinas was also subjected to a supposed hacking, although authorities were able to immediately foil it. The websites of these agencies were all accessible yesterday. The source of the attacks has yet to be determined, although initial investigation supposedly pointed to an entity supposedly operating from the Netherlands. The Permanent Court of Arbitration (PCA) that issued the ruling on the Philippine case is based in The Hague in the Netherlands. The Information and Communications Technology Office, the precursor of the newly created Department of Information and Communications Technology, has yet to respond to request for comment regarding the cyberattacks. The Department of Science and Technology earlier provided additional protection to Philippine government websites amid repeated incidents of defacements and denial of service attacks. PCA website hacking Earlier, a cyber-security company reported that the PCA website was infected with a malware by “someone from China” in July 2015. Citing information from ThreatConnect Inc., Bloomberg Business reported the attack happened in the midst of the week-long hearing on the jurisdiction of the arbitration case filed by Manila against Beijing over the territorial dispute in the South China Sea. Gaelle Chevalier, a case manager at the PCA, told Bloomberg that they “have no information about the cause of the problems.” Source: http://www.philstar.com/headlines/2016/07/16/1603250/68-govt-websites-attacked

Read the article:
68 gov’t websites attacked