Ah, great. Ave AV Part of the distribution channel of the Dridex banking Trojan botnet may have been hacked, with malicious links replaced by installers for Avira Antivirus.…
View original post here:
Mystery hacker pwns Dridex Trojan botnet… to serve antivirus installer
Last week HSBC’s online banking website was taken down by a DDoS attack, leaving thousands of customers unable to access its services. Here are some of the comments Help Net Security received. …
Original post:
Reactions to the HSBC DDoS attack
HSBC said today it was working with local police to find those who disrupted its online banking services with a denial of service attack, as customers complained of not being able to access their accounts. The attack was made even more painful for customers as the last Friday of the month is a traditional payday in the UK, the home of HSBC. Little information was provided by HSBC other than a terse statement over Twitter: “HSBC UK internet banking was attacked this morning. We successfully defended our systems. “We are working hard to restore services, and normal service is now being resumed. We apologise for any inconvenience.” A spokesperson told the BBC a denial of service attack was the cause of the downtime. A subsequent tweet revealed the police had been contacted: “HSBC is working closely with law enforcement authorities to pursue the criminals responsible for today’s attack on our Internet banking.” HSBC was hit by a distributed denial of service (DDoS), where infected machines fire an overwhelming number of data packets at a server to stop it working, most recently in 2012. That time the Anonymous hacktivist crew was believed to have carried out the hit. DDoS attacks in general have been causing havoc in recent months, as criminals have tried to extort targets, threatening to knock businesses offline unless a ransom was paid. Encrypted email provider ProtonMail was criticised for paying a ransom of $6,000 in Bitcoin at the end of 2015 to a DDoS extortionist crew called the Armada Collective. That group targeted other secure email providers Hushmail, Runbox and VFEMail. Anti-DDoS provider Arbor Networks reported earlier this month that the record for DDoS power hit a new peak in 2015, hitting 500Gbps. Numerous organizations had reported attacks in the 400Gbps-500Gbps range throughout 2015, Arbor noted. With so much power, and such easy money to be made with extortion attacks, no business appears immune from DDoS downtime. Professor Alan Woodward, a security expert from the University of Surrey, said an attack capable of taking down an entity like HSBC would need to be big. “In addition we’re seeing the emergence of techniques that mean that these attacks are circumventing some of the systems put in place to mitigate agains these attacks,” Woodward said. He also warned DDoS has been used as a “smokescreen” for other malicious activity in the past. “They want to tie up the technical departments, of which there is obviously a finite number, so that they might miss some unusual activity that would give away the fact that the hackers are breaches the corporate boundary.” Source: http://www.forbes.com/sites/thomasbrewster/2016/01/29/hsbc-ddos-downtime/2/#4eea0f825126 http://www.forbes.com/sites/thomasbrewster/2016/01/29/hsbc-ddos-downtime/#109a8cc451c2
Taken from:
HSBC Calls In Cops To Chase DDoS Attackers Who Took Online Banking Down
Isolated attacks can add up to concerted malbot action , say boffins Ben Gurion University researchers have developed a tool capable of predicting future botnet attacks while also distinguishing between human and automated campaigns.…
Read More:
Israeli academics claim they can predict botnet attacks
In its latest Worldwide Infrastructure Security Report, Arbor Networks reports on the biggest distributed denial of service attack, which had a whopping load of 500 Gbps. The previous largest DDoS attack was of “only” 300 Gbps. It involved young aspiring hacker Seth Nolan-Mcdonagh, who temporarily took down SpamHaus’ webpage. In some cases, the attacks are carried out by state-funded organizations instead of individuals. Last year, GitHub went down after it suffered a DDoS attack, and the main suspect was China, which has a tumultuous history with the software repository. The programming website was even blocked by the Chinese authorities for a short amount of time. The yearly Arbor survey uses data from hosts, mobile service providers and service providers. The survey, which ran until November 2015, got the results based on the 354 global participants who answered questions on network safety specifically about protocols used for reflection/amplification. “The largest attack reported by a respondent this year was 500Gbps, with other respondents reporting attacks of 450Gbps, 425Gbps, and 337Gbps,” the report states. This marks a worrying trend among top-end size DDoS attacks, which get more ambitious every year. The security firm has the numbers to back this statement up. In the previous report, Arbor discovered that one-fifth of respondents got slammed with attacks that topped 50 Gbps. This year’s survey shows a hefty increase, as a quarter of respondents talk of attacks that go more than 100 Gbps. While only five respondents found evidence of DDoS attacks topping 200 Gbps, there were many reports of attacks between 100 and 200 Gbps. Arbor Networks points out that cloud-based services are increasingly becoming tempting targets, as they now make up 33 percent of attacks. Another staple of last year’s hacking attempts is the exploitation of weaknesses in the network time protocol. Reflection and amplification attacks can easily make use of the soft spots in the security infrastructure, leading to significant damages. As a countermeasure, servers keep receiving updates and security patches that should (in theory) keep them safe from attackers who gain a large response to a small query and use it towards a target of their choosing. “[S]ecurity is a human endeavor and there are skilled adversaries on both sides,” Darren Anstee, chief security technologist at Arbor Networks, says. An interesting shift exists in the DDoS attackers’ motivation: the perpetrators no longer seem to find joy in hacktivism or vandalism. Unlike in previous years, extorting the victims and banking on the vulnerabilities of network systems now seem to be the prevalent reasons. In order to accomplish this, they use multi-vector simultaneous attacks which plow through applications, services and infrastructure. A vast majority of respondents identified application-layer DDoS attacks, which targeted DNS services instead of Web servers. Looking at the larger picture, multi-vector attacks counted for 56 percent of customer outages, up from 42 percent in the previous year. More than 50 percent of the respondents told Arbor that DDoS attacks go after the inline firewalls and bring down the internet connectivity. Arbor explains that these devices are the first to fall in case of a DDoS attack and underlines that being inline can greatly add to network latency. Source: http://www.techtimes.com/articles/128260/20160127/worlds-largest-ddos-attack-breaks-records-clocks-at-massive-500-gbps-worldwide-infrastructure-security-report.htm
View article:
World’s Largest DDoS Attack Breaks Records, Clocks At Massive 500 Gbps
DDoS attacks are becoming increasingly larger, more complex, and perpetrated by cyber extortionist instead of hacktivists and vandals, the results of Arbor Networks' 11th Annual Worldwide Infrastructu…
See more here:
Larger, more complex, financially motivated DDoS attacks on the rise
Booter blasters belt businesses. The world’s largest distributed denial of service attack has been clocked at 500Gbps, according to Arbor Networks.…
See original article:
500Gbps DDoS attack flattens world record
Ireland’s National Lottery website and ticket machines were knocked offline after a distributed denial of service (DDoS) attack on Wednesday. Customers trying to buy tickets for the €12m (£9m) draw found themselves unable to do so for nearly two hours. The jackpot was the largest in 18 months. Premier Lotteries Ireland (PLI), the operator, has said the incident is under investigation. During a DDoS attack, a website or online service’s capacity to handle internet traffic is overloaded – usually by automated programs set to flood the site with requests. The attack began at 11:21 GMT on Wednesday and lasted for about two hours. Retail systems were brought back online by 12:45 GMT and the website by 13:25 GMT. “They said you couldn’t buy tickets from the ticket machines, which is really interesting, it’s not just the website – it would be quite interesting to understand why that happened,” said John Graham-Cumming at DDoS-protection company Cloudflare. ‘Under investigation’ “This incident is still under investigation,” a spokeswoman said. “However, we can confirm that at no point was the National Lottery gaming system or player data affected.” Given the large jackpot involved, the lottery was experiencing high demand for tickets on Wednesday lunchtime. The impact of the attack may well have been heightened by this, according to Igal Zeifman, senior digital strategist at cybersecurity company Imperva. “As a rule, record-setting prizes and jackpots result in traffic spikes on lottery sites, and it is very common for DDoS attackers to strike during such predictable peak traffic times, especially when going after big targets,” he said. Source: http://www.bbc.com/news/technology-35373890
See the original post:
Irish lottery site and ticket machines hit by DDoS attack
Attack KO’d the website and ticket machines A DDoS attack disrupted the Irish National Lottery’s website and ticket machines on Wednesday (January 20).…
Read the article:
Bad luck, Ireland: DDoS attack disrupts isle’s National Lottery
While overall unplanned data center outages have decreased, those that were the result of targeted DDoS attacks have skyrocketed. Think housing your servers in a data center rather than squeezing them under your desk is a bulletproof solution? Well, they might be safer in a data center, but believe it or not, some of the same pitfalls that can create trouble in the office can affect those secure data centers too. Namely UPS failure, human error, and cybercrime. ‘Unplanned’ UPS system failure is still the principal cause of “unplanned data center outages,” according to a new report. A quarter of all such events were related to UPS systems and batteries, according to Emerson Network Power in association with Ponemon Institute. The two organizations have been studying the cost of unplanned data center outages. Cybercrime But cybercrime-caused outages, specifically Distributed Denial of Service (DDoS) attacks, constituted a whopping 22% of the unplanned disruptions last year. That’s up from just 2% in 2010 and 18% in 2013, the last times the two organizations performed the survey. The survey collected responses from 63 data center operations who had observed an outage in the prior about year about what exactly happened. The report was published this month. Root causes Accidental causes or human error were the third biggest cause of unplanned outages, according to the report. Those mishaps caused 22% of the failures. That’s the same percentage as in 2013, but lower than in 2010, when 24% of outages were accidental or human-caused. Interestingly, many other causes of outages are lower now than they were in 2010 and 2013. They’ve been usurped by cybercrime’s huge gain. UPS failure is down slightly on 2010, when it accounted for 29% of the outages. And the aforementioned human error is down a bit. And utility failure, such as water, heat, and Computer Room Air Conditioning, which today makes up just 11% of the outages, was at 15% in 2010. Generators Likewise, generators appear to have become more reliable. Those systems contributed to 10% of the failures in 2010, whereas today they only make up 6%. The researchers don’t provide numbers relating to changing data center design over the period. Fewer generators in use—replaced by solar and alternative energy—could conceivably have caused that statistical decline. The report doesn’t specify. Weather Overall, most unplanned outage causes—including those caused by weather, which accounted for 10% of outages this year, compared to 12% in 2010 and 2013—have declined in favor of cybercrime. Even IT failure, a measly 4% of failures today, dropped from 5% in 2010. About $9K per minute And the cost? The report was released to expound on the cost of the outages, rather than to apportion blame. Well, the “average total cost per minute of an unplanned outage increased from $5,617 in 2010 to $7,908 in 2013 to $8,851 now,” according to the report. Downtime at data centers now costs an average of $740,357. That’s a 38% increase on 2010, the study calculates. And maximum costs are even higher. “Maximum downtime costs are rising faster than average, increasing 81% since 2010 to a current high of $2,409,991,” the report says. Source: http://www.networkworld.com/article/3024773/data-center/data-center-outages-increasingly-caused-by-ddos.html