Category Archives: DDoS News

Anonymous Legion claims attack on Minnesota courts website

The international activist hacker group Anonymous Legion is claiming responsibility for an attack on the Minnesota Judicial Branch’s website that rendered it unusable for most of Wednesday. State officials became aware of the “distributed denial-of-service” (DDoS) attack about 8 a.m. Wednesday, around the same time Anonymous Legion e-mailed the Star Tribune. “Servers have also been penetrated and data has been secured, contrary to what they will tell you,” said Anonymous Legion’s e-mail. “This will occur frequently.” The group said the act was executed “collectively, through a global attack.” It is known for DDOS attacks on government websites, among others. The attack is similar to ones that interrupted the site last December. Last year’s attacks were traced to Asia and Canada. The state did not say Wednesday whether the attacks may be linked. “We are in the process of communicating with the FBI Cyber Task Force about this incident,” Beau Berentson, a spokesman for the state court administration office, said in a written statement. The website (www.mncourts.gov), visited by thousands every day looking to access court resources and information, was taken offline as the attack was investigated. Access to the site was restored around 5:15 p.m. “We have no evidence that any secure data has been inappropriately accessed,” Berentson said. Other online resources linked through the website are still functioning, including eFiling and eService, the Court Payment Center and remote access to district and appellate court records. The website was down for several hours from Dec. 21 to 31 in the previous attacks. “In a DDOS attack, an outside entity attempts to overwhelm an online resource with so much network traffic that it is no longer accessible to legitimate users,” State Court Administrator Jeff Shorba said in a January statement about last year’s attacks. “During these attacks, the Minnesota Judicial Branch did not experience any form of data breach or inappropriate access to court records, nor is there any evidence to suggest that the attackers attempted to gain access to Judicial Branch records or information.” Those attacks were reported to the federal government and Canadian authorities. “DDoS attacks are becoming increasingly common against high-profile websites in both the public and private sectors,” Shorba said in January. “While we cannot prevent these attacks from being launched, the Minnesota Judicial Branch is now better prepared to respond to these types of attacks in the future.” Source: http://www.startribune.com/minnesota-courts-website-attacked-again-by-hackers/384003231/

Continue Reading:
Anonymous Legion claims attack on Minnesota courts website

Overwatch Servers Went Down After Alleged DDoS Attack

Infamous hacker group Lizard Squad is thought to be at it again, this time taking down Overwatch servers and leaving players unable to join and remain in a session. Over the past week, Blizzard has been experiencing some problems with Battle.net that have made it difficult for players to use the service as intended with games like Overwatch . Now, there’s word that these issues might have been caused by a DDoS attack launched by members of hacker group Lizard Squad. Some users are reporting that they are unable to log in to Battle.net. Others are able to enter, but find themselves kicked out of multiplayer matches in Overwatch for seemingly no reason. Ordinarily, issues like these would be brushed off as being part and parcel of the modern online experience. However, a suspicious tweet from a known Lizard Squad member has led to the group being implicated, according to a report from VG247. The above tweet is being taken as proof that Lizard Squad member AppleJ4ck was involved with the attack. Some Overwatch players responded to his post to vent their annoyance about the situation — to which AppleJ4ck responded, “in a way, I’m doing y’all a favor.” This is not the first time that Lizard Squad has targeted organizations within the video game industry. The group rose to prominence back in 2014, when a coordinated attack brought down the PlayStation Network and Xbox Live over Christmas, causing massive headaches for the companies involved. Of course, the attack was not an unmitigated success for the group, as the high-profile hack made Lizard Squad an immediate target for authorities. Just days later, a 22-year-old alleged to be a part of the organization was the subject of a raid by police in the United Kingdom. However, the strength of a group like Lizard Squad is the fact that they are spread all over the world. Individual members can be found and brought to justice, but it’s difficult to make a concerted attempt to stamp out its activity outright. If the situation is hard on the authorities, then it’s even more challenging for a company like Blizzard. The overwhelming popularity of Overwatch means its hard enough for the company to keep Battle.net afloat at the best of team, never mind when there are hackers on the prowl. Unfortunately, criminal elements like Lizard Squad are part and parcel of the modern online experience. Companies like Blizzard have to take these groups into consideration when operating a service like Battle.net — hackers have the power to ruin the experience for the rest of us, and the only defence is a robust level of security. Source: http://gamerant.com/overwatch-servers-down-ddos-attack-846/

More:
Overwatch Servers Went Down After Alleged DDoS Attack

Muslim Brotherhood’s Website Suffers DDoS Attacks and Data Leak

The official English language website of Muslim Brotherhood movement was forced to go offline after facing massive DDoS attacks! Earlier today, a hacker going by the handle of SkyNetCentral conducted a series of distributed denial-of-service (DDoS) attack on the official website of Society of the Muslim Brothers or Muslim Brotherhood (Al-Ikhwan al-Muslimun in Arabic) forcing the website to go offline despite using CloudFlare DDoS protection service. The hacker also conducted DDoS attacks on the official website of Freedom and Justice Party, which is an Egyptian political party affiliated with Muslim Brotherhood. That’s not all, the attacker also managed to bypass site’s security and steal Al-Ikhwan al-Muslimun’s files from the database, ending up leaking it online for public access. Upon scanning the leaked data HackRead found it to be legit and never been leaked on the internet before. The data dump contains IP addresses, email conversation, comments and commenters’ names and IP addresses. It seems as if the hacker only managed to compromise some tables of the database without getting hold of any sensitive data. The only damage that can be caused is tracing the location of the commenters but that’s not a task just anyone can perform. Here is a screenshot from the leaked data showing comments and IP addresses: At the moment, the motive behind these attacks is unclear however after going through attacker’s profile it’s evident that they have been targeting Muslim Brotherhood, Council on American-Islamic Relations – CAIR and other similar organizations. Source: https://www.hackread.com/muslim-brotherhoods-website-suffers-ddos-attacks/

More here:
Muslim Brotherhood’s Website Suffers DDoS Attacks and Data Leak

Businesses receive another warning over the threat of DDoS attacks

We have all heard the stories of businesses which have suffered debilitating DDoS attacks and, in some cases, succumbing altogether. Take Code Spaces, the web-based SVN and Git hosting provider which suffered such an attack in June 2014 that it was forced to wave the white flag and cease trading after recovering all the data lost would cost too much. Now, a new piece of research from A10 Networks argues businesses face ‘sudden death’ from DDoS if caught unawares. The average company was hit by an average of 15 DDoS attacks per year, according to the survey of 120 IT decision makers, with larger organisations more badly affected. One in three (33%) respondents said they had encountered DDoS attacks of more than 40 Gbps, while one in five had suffered downtimes of more than 36 hours due to the attack. The average attack of those polled lasted 17 hours. More than half (54%) of respondents said they would increase their DDoS budgets in the coming six months, while multi-vector attacks were seen by the majority of those polled (77%) as the most dangerous form of DDoS threat in the future. “DDoS attacks are called ‘sudden death’ for good reason. If left unaddressed, the costs will include business, time to service restoration and a decline in customer satisfaction,” said A10 Networks CTO Raj Jalan. He added: “The good news is our findings show that security teams are making DDoS prevention a top priority. With a better threat prevention system, they can turn an urgent business threat into an FYI-level notification.” Previous research has examined the growing sophistication of DDoS threats. In April, Neustar argued that such DDoS issues were “unrelenting”, with more than seven in 10 global brands polled having been subject to an attack. Source: http://www.appstechnews.com/news/2016/jun/16/businesses-receive-another-warning-over-threat-ddos-attacks/

Continue reading here:
Businesses receive another warning over the threat of DDoS attacks

DNS attacks cost businesses more than $1 million a year

New research has revealed that DNS attacks are costing businesses more than $1 million a year in lost business and service downtime. For years, DNS has silently and peacefully served internet needs, but it’s mostly been thought of as a trivial protocol requiring very basic configuration and monitoring. Despite its criticality, this service has never really been considered as a potential security issue, mostly because common usage leads people to believe it is a trivial protocol requiring very basic confguration and monitoring. But while DNS may have been safe and apparently secure for the last twenty years, because of its complexity and evolving role in the IT industry it has become a powerful attack vector, with 91% of malware using the DNS protocol. According to the new study from IDC and EfficientIP , the top three DNS attacks that have the largest impact on an organisation are Distributed Denial of Service (DDoS attacks, Zero-Day vulnerabilities and data exfiltration. These types of attacks are the main cause of business outage and data theft. But despite 74% being victims of DNS attacks, 25% of businesses still aren’t implementing any kind of basic security software. EfficientIP’s experts warn that existing DNS defenses are outdated and no longer work. Until now, the approach to IT Security has been one that has downplayed the risk of DNS threats, bundling them in with a wide selection of diferent network threats that can be protected using traditional security tools and techniques. It is an approach that threatens DNS security by overcomplicating architectures, adding slow and inappropriate layers of defence. While firewalls can protect on a basic level, on their own they;re not designed to deal with high bandwidth DDoS attacks, or detect DNS tunnelling attempts (the majority of DDoS attacks are now over 1Gbps), and most businesses still rely on the ‘out-of-the-box’ non-secure DNS servers offered by Microsoft or Linux servers. ‘The report has highlighted that despite the massive increase in cyber attacks, companies and their IT departments still don’t fully appreciate the risks from DNS-based attacks,’ said David Williamson, EfficientIP CEO. ‘In just under two years GDPR will come into effect and companies will be held responsible for all security breaches and could face major fines. It’s crucial for all businesses to start taking DNS security seriously.’ Source: http://www.information-age.com/technology/security/123461604/dns-attacks-cost-businesses-more-1-million-year-study

View article:
DNS attacks cost businesses more than $1 million a year

Anonymous take down South African State Broadcasting Corp Website Over News Censorship

Anonymous DDoS South African State Broadcasting Corporation Website, SABC says Anonymous hackers are cowards The online hacktivist group, Anonymous have taken offence at the news censorship in South Africa. An Anonymous affiliated group yesterday brought down the SABC website to protest against the rising censorship in South Africa. The South African Broadcasting Corporation (SABC), which is the official state-sponsored broadcaster of Africa has confirmed that its websites were hacked on Sunday. A Twitter account belonging to a hacktivist group dubbed Anonymous Africa claimed responsibility for the downtime of the SABC websites. The hacker targeted the DDoS attacks at the websites for SABC’s main TV channel, but also the 5FM and SAFM radio stations. The attacks begun at noon on Sunday and stopped four hours later after bringing down all Web-related services. The hacker announced its intentions to carry out the attacks on Twitter, on the night between Saturday and Sunday, about nine hours before they started. Anonymous Africa in a series of tweets on Sunday, said it was carrying out the alleged attack in light of allegations of censorship at the SABC. SABC chief operating officer Hlaudi Motsoeneng has blocked the broadcaster from showing burning of public property in a move to discourage vandalism while he has further driven a controversial ‘good news’ policy. The censorship charges arised after anti-government protests in South Africa that turned violent. It’s after these protests that SABC took its decision, and also urged private TV stations to stand in solidarity. In statements to South African tech news site Fin24, an SABC representative called the attackers “cowards” for attacking a “national key-point.” In the meantime, Anonymous Africa, which claims links to global hacktivist group Anonymous has promised more cyberattacks against the SABC. “We will stop the attacks at SABC (for now) at 4pm. We are not done yet, lots of action coming. Things are going to get wild!” tweeted the group on Sunday. Source: http://www.techworm.net/2016/06/anonymous-take-south-african-state-broadcasting-corp-website-news-censorship.html

More:
Anonymous take down South African State Broadcasting Corp Website Over News Censorship

Flaw in Juniper’s JunOS router software could cause DDoS flood

Juniper has disclosed that that a problem with the Junos router could enable DDoS attacks Juniper has admitted that a vulnerability in IPv6 processing on its Junos router OS could allow malicious packets to be sent to networks resulting in a DDoS attack on infrastructure. In an advisory, the firm said the flaw could enable a specially crafted “IPv6 Neighbor Discovery” (ND) packet to be accepted by the router rather than discarded. “The crafted packet, destined to the router, will then be processed by the routing engine (RE). A malicious network-based packet flood, sourced from beyond the local broadcast domain, can cause the RE CPU to spike, or cause the DDoS protection ARP protocol group policer to engage. When this happens, the DDoS policer may start dropping legitimate IPv6 neighbors as legitimate ND times out,” the firm said. The firm added that this is similar to the router’s response to any purposeful malicious IPv6 ND flood destined to the router. “The difference is that the crafted packet identified in the vulnerability is such that the forwarding controllers/ASICs should disallow this traffic from reaching the RE for further processing,” according to the advisory. It said that following investigations, only its MX, PTX, and QFX products have been confirmed to experience this behaviour. Juniper added that no fix was presently available at the time of writing and neither was a complete workaround. “Security best current practices (BCPs) of filtering all ND traffic at the edge, destined to network infrastructure equipment, should be employed to limit the malicious attack surface of the vulnerability,” the firm advised. Rich Barger, chief intelligence officer at ThreatConnect, told SCMagazineUK.com that organisations should look to either filter the protocol or packet (if possible). “It looks as if Juniper has included edge firewall rules that can block the neighbour discovery packets as a means to buffer any vulnerable devices,” he said. Richard Cassidy, technical director EMEA at Alert Logic, said that this flaw represents a serious issue for organisations that “Dual Stack” networking with IPv6 and IPv4. He told SC that the issue was “essentially a DDoS attack, through a specially crafted IPv6 ND packet, that can be targeted at JunOS routers from remote attackers. It is fairly simple to identify router OS versions through scanning techniques, which of course leaves most organisations at risk at some level, given the prevalence of Juniper in networking infrastructures globally.” Alex Cruz Farmer, VP of cloud at Nsfocus, told SC that almost every network around the world is considering or planning IPv6 if they have not already. “With this in mind, it’s crucial that the protection is implemented now, to avoid this security hole being exploited in future.” Source: http://www.scmagazineuk.com/flaw-in-junipers-junos-router-software-could-cause-ddos-flood/article/501681/

Visit link:
Flaw in Juniper’s JunOS router software could cause DDoS flood

Retail, gaming industries hardest hit with web application and DDoS attacks

Akamai published the Q1 2016 State of the Internet – Security Report, which provides a detailed view of the global cloud security threat landscape and in-depth analysis and insight into malicious activity. Multi-vector attacks accounted for 59% of DDoS activity in Q1 2016, reflecting a slight increase compared with last quarter (56%) During Q1, Akamai mitigated more than 4,500 DDoS attacks, a 125 percent increase compared with Q1 2015. As in recent quarters, the vast … More ?

See more here:
Retail, gaming industries hardest hit with web application and DDoS attacks

Hackers Hit Facebook CEO Mark Zuckerberg’s Twitter and Pinterest Accounts

Facebook co-founder and CEO Mark Zuckerberg was apparently targeted by a hacking team over the weekend that was able to access his seldom-used Twitter and Pinterest accounts. The hacker group OurMine, believed to be based in Saudi Arabia, posted messages to Zuckerberg’s Twitter account, @finkd, which features just 19 tweets and hasn’t been otherwise updated since 2012. The team also briefly commandeered Zuckerberg’s Pinterest account, which has just a few boards and pins. Both Twitter and Pinterest have since removed the unauthorized content on Zuckerberg’s accounts, and Twitter has also suspended OurMine’s main account. The group is now posting on Twitter via a backup account. ‘Saving People from Other Hackers’ On Sunday, OurTeam tweeted on the backup account, “i don’t understand why @twitter suspended our account while we are saving people from other hackers!” Another tweet posted this morning added, “Our Old Twitter (@_OurMine_) is suspended because we are just trying to secure Mark Zuckerberg Accounts!” The person or people posting to the backup OurTeam Twitter page also noted they would try to get the team’s main Twitter account unsuspended. Contrary to some news reports stating that OurTeam claimed to have found Zuckerberg’s login information from user data leaked from a major hack attack on LinkedIn in 2012, the hacking group noted in a tweet yesterday that it had made no such claim and added that it had never used LinkedIn. ‘Relatively New’ Hacking Group OurMine is a “relatively new” hacking group that first appeared on Twitter in March 2015, according to a report published by the content delivery network specialist Akamai last year. The team initially appeared to focus on distributed denial of service (DDoS) attacks on gaming services, and later took responsibility for similar such attacks on financial service companies. Nine companies were attacked by OurTeam on July 22 of last year, with the combined DDoS attack levels exceeding 117 gigabytes per second. OurMine has also claimed to have attacked a number of other targets, including Soundcloud and PewDiePie. Zuckerberg hasn’t made any public statement regarding the OurMine attacks on his accounts. However, after OurMine tweeted it had accessed his accounts, Zuckerberg responded, “No you didn’t. Go away, skids.” That tweet has also since been removed. A June 2012 hack of LinkedIn was originally believed to have involved just 6.5 million passwords — at least, that’s the number LinkedIn first acknowledged. However, a report emerged last month that a dark Web marketplace and another site, LeakedSource, had obtained data from 167 million hacked LinkedIn accounts. Of those, 117 million included e-mails and passwords. The remaining accounts are thought to belong to users who logged into the site via Facebook. Some news reports have stated that OurTeam claimed to have found Zuckerberg’s Twitter and Pinterest password — “dadada” — in the compromised LinkedIn data. Source: http://www.sci-tech-today.com/news/Hackers-Hit-Zuckerberg-s-Accounts/story.xhtml?story_id=012001GT5W5O

BitGo Under DDoS Attack; Wirex Advises Customers Not To Use Platform

Wirex, a bitcoin debit card provider, sent an email to customers today advising them to avoid making transactions on the Wirex platform until it could confirm from thatBitGo services have been resumed. The message included a BitGo tweet advising users it was under a distributed denial of service (DDoS) attack. BitGo is a wallet and a security platform for bitcoin and blockchain technologies. “We, therefore, recommend to avoid making any transactions via E-Coin/Wirex platform until confirmation from BitGo that the services have been resumed,” the Wirex email noted. The BitGo tweet stated: “We apologize for the issue, but we’re under DDOS attack at this moment. We’re working on it and will keep you updated.” Wirex is a wallet service that provides both physical and virtual bitcoin debit cards. Wirex users were able to send bitcoin from within the BitGo Instant network. BitGo Offers Instant Settlement Wirex uses the BitGo Instant service, which provides immediate settlement of bitcoin transactions, CCN reported in February. There was nothing on the BitGo blog about the attack at the time of this report. BitGo’s service eliminates the “double spend” potentiality in bitcoin transactions. The service is for users seeking instant bitcoin transactions while securing funds against the possibility that the sender will spend the money elsewhere before the transaction gets confirmed via the blockchain. BitGo provides immediate transaction settlement using the crypto keys among participating users’ wallets. BitGo Gains A Following Other cryptocurrency exchanges and apps offering BitGo Instant include Bitstamp, Bitfinex, Unocoin, Kraken and the Fold app. There have been several DDoS attacks bitcoin wallets and exchanges in recent months. Bitcoin and alt.coins exchange BTC-e suffered a DDoS attack in January. BTCC, the Shanghai, China-based digital currency exchange, suffered a DDoS attack at the end of last year. OkCoin, another exchange, was also the target of a DDoS attack in July. Source: https://www.cryptocoinsnews.com/bitgo-ddos-wirex-advisory/

See more here:
BitGo Under DDoS Attack; Wirex Advises Customers Not To Use Platform