Category Archives: DDoS News

DNS Root Servers Hit by DDoS Attack

Unknown parties carried out a large-scale DDoS attack on the Internet’s DNS root servers, causing slight timeouts for four nodes, more exactly on the B, C, G, and H servers, RootOps reports. There were two different attacks, one launched on November 30 that lasted 160 minutes (from 06:50 to 09:30 UTC), and a second, shorter one on December 1 that lasted only one hour (from 05:10 to 06:10 UTC). RootOps, the DNS root server operators, are reporting that the attacks were valid DNS queries addressed towards one domain in the first attack, and to a different domain on the second day. Each attack blasted up to five million queries per second per DNS root name server. RootOps has no hopes to catch the culprit, since IP source addresses can be easily spoofed, and the source IP addresses used in the DDoS attack were very well spread and randomized across the entire IPv4 address space. The DDoS didn’t cause any serious damage, but a mere delay for some users making DNS queries via their browser, FTP, SSH, or other clients. DNS protocol’s design  saves the day “The DNS root name server system functioned as designed, demonstrating overall robustness in the face of large-scale traffic floods observed at numerous DNS root name servers,” said the DNS root server operators, referring to the fallback system employed by DNS servers. Because of the way DNS is constructed, on a mesh-like structure like the Internet itself, if one server does not respond, other servers intervene and provide a DNS query result. The DNS root server operators did not speculate on the reasons this massive attack was carried out against their infrastructure but did say this was not the result of a reflected DDoS attack. RootOps recommended that ISPs that don’t want to allow DDoS attacks that use IP address spoofing to be carried from their network should implement Source Address Validation and the BCP-38 specification. Source: http://news.softpedia.com/news/dns-root-servers-hit-by-ddos-attack-497363.shtml

Read this article:
DNS Root Servers Hit by DDoS Attack

UK research network Janet under ongoing and persistent DDoS attack

Attackers seem to be adjusting methods in response to Tweets Publicly-funded academic computer network Janet has come under a persistent DDoS attack today, which hobbled multiple internet connections, including the Manchester to Manchester Core Router.…

Continued here:
UK research network Janet under ongoing and persistent DDoS attack

White hats, FBI and cops team up for Dorkbot botnet takedown

Your four-year reign of terror is (temporarily) over Operations of the Dorkbot botnet have been disrupted following an operation that brought together law enforcement agencies led by the FBI, Interpol and Europol, and various infosec firms.…

Visit link:
White hats, FBI and cops team up for Dorkbot botnet takedown

Ponmocup is the ’15 million’ machine botnet you’ve never heard of

Skilled VXers have built 25 plugins, made 4000 variants, say crack security team Botconf   One of the world’s most successful, oldest, and largest botnets is an underestimated and largely-unknown threat that has over time infected 15 million machines and made millions plundering bank accounts.…

Read more here:
Ponmocup is the ’15 million’ machine botnet you’ve never heard of

Warnings over Node.js flaw that could lead to DoS attacks

TheNode.js Foundation has revealed a couple of bugs within its JavaScript software that could lead to major denial of service attacks against websites using the code. The issues affects versions of Node.js from version 0.12 up to version 5. In a bulletin issued by the Foundation, the popular server-id JavaScript platform has two vulnerabilities. One covers “a high-impact denial-of-service vulnerability” while the other is a “low-impact V8 out-of-bounds access vulnerability.” V8 is the JavaScript engine developed by Google and used by Node.js. The DoS issue is labelled as CVE 2015-8027, while the access problem is identified as CVE-2015-6764. According to the bulletin, the first bug could allow a hacker to launch a denial of service. The second bug could enable a hacker to trigger an out-of-bounds access and/or denial of service if user-supplied JavaScript can be executed by an application. The issues were disclosed last week with patches due to be released yesterday. However, the Foundation announced that it will now delay releasing the patches until Friday. It said this was because of dependencies on OpenSSL, which itself has been found to contain further vulnerabilities. “Node.js versions v0.10.x and v0.12.x depend on OpenSSL v1.0.1 and versions v4.x (LTS Argon) and v5.x depend on OpenSSL v1.0.2,” stated an advisory on the Node.js website. “As the Node.js build process statically links OpenSSL into binaries, we will be required to release patch-level updates to all of our actively supported versions to include the upstream fixes. While we are unaware of the exact nature of the OpenSSL vulnerabilities being fixed, we must consider it likely that Node.js releases will be required in order to protect users.” It said the move to Friday was “unfortunate” but has to take into account of “the possibility of introducing a vulnerability gap between disclosure of OpenSSL vulnerabilities and patched releases by Node.js and therefore must respond as quickly as practical.” “Please be aware that patching and testing of OpenSSL updates is a non-trivial exercise and there will be significant delay after the OpenSSL releases before we can be confident that Node.js builds are stable and suitable for release,” the organisation said. Wim Remes, strategic services manager EMEA at Rapid7, said vulnerabilities in Node.js “impacts organisations across verticals, from ecommerce websites, over healthcare organisations, to critical infrastructure.” “Hackers will leverage any vulnerability that allows them to gain control over a target. Denial of Service vulnerabilities are mostly used for targeted hacktivism or extortion purposes. The out-of-bounds access vulnerability, as it provides direct access to an infrastructure, would be a welcome tool in the arsenal of any digital criminal,” he said. “With access to part of the infrastructure, an attacker can pivot further through the infrastructure, destroy information, exfiltrate information, install spying software, etc.  A vulnerability that provides direct access is the first tool an attacker needs to achieve their goals.” Remes added that in this case patching is about the only thing an organisation can do. “There are obviously ways to stop attacks using Web Application Firewalls or Intrusion Prevention Systems but given the severity of the issues, I would definitely recommend to prioritise patching. Additionally, making sure that any system which doesn’t need to be on the internet is not reachable by external users is something that makes sense too,” said Remes. Source: http://www.scmagazineuk.com/warnings-over-nodejs-flaw-that-could-lead-to-dos-attacks/article/457205/

See more here:
Warnings over Node.js flaw that could lead to DoS attacks

Netherlands public broadcaster hit in worst-ever DDoS attack

The Netherlands public broadcaster NPO was hit by the largest DDoS attack ever, leaving the NOS site and app unreachable for some time on Sunday night. Other national and regional broadcasters’ sites were still online, but difficult to reach. During a DDoS attack a computer system is bombarded with an extreme number of visits. “We are used to large groups of users with big news, but this number surpassed everything. And all at the same time”, NPO said, according to NOS. The public broadcaster is considering which measures to implement, on top of the measures already in place, to prevent similar disturbances in future. The perpetrators behind the attack have not yet been identified. Source: http://www.nltimes.nl/2015/11/30/netherlands-public-broadcaster-hit-in-worst-ever-ddos-attack/

Read More:
Netherlands public broadcaster hit in worst-ever DDoS attack

Finance, telco and IT sectors were top targets for DDoS attacks in 2015

A new study conducted by Kasperky Labs and B2B International, has revealed that around one in four IT, telecommunication, and financial services companies have experienced a distributed denial of service (DDoS) attack over the last year. Almost half of the financial businesses understand that they are a prime target for these attacks while IT and telecommunication companies do not believe they are as at risk. This is dangerous because it could leave them more vulnerable to potential attacks. DDoS attacks have grown in popularity amongst cyber criminals and have been used to extort money, disrupt a site’s operation, and serve as a distraction whilst another cyber attack is occurring. 75 per cent of businesses that were victims of DDoS attacks said that the timing of attacks corresponded with other security incidents. Evgeny Vigovsky, Head of Kaspersky DDoS Protection, Kaspersky Lab said: “As the recent DDoS attacks on telecoms companies and banks reveal, businesses in these sectors represent prime targets for DDoS attackers. In some cases, DDoS attacks are a smokescreen for the cyber-theft or result in exorbitant ransom demands. That is why vulnerable sectors need to be extra-vigilant about security and be ready to deal with DDoS attacks. They need to build their understanding of the threat and choose the best protection against it. The days of DDoS attacks being an operational frustration that just resulted in some downtime are long over.” However the study showed that many companies are unaware of the threat of DDoS attacks and are unclear about how to stop them or contain them. Only 52 per cent of the companies surveyed felt that they had the necessary information regarding the intricacies of these attacks. This could be troublesome as DDoS attacks have become a popular tool among cyber criminals due to their difficulty to trace and ease to implement. Kaspersky Labs does offer DDoS protection to its customers and is able to reroute traffic allowing junk requests to be filtered out while legitimate traffic is forwarded to the site. This allows users to continue using the site or service safely even while an attack is taking place. Source: http://www.itproportal.com/2015/11/26/finance-telco-it-sectors-top-targets-for-ddos-attacks-2015/

View the original here:
Finance, telco and IT sectors were top targets for DDoS attacks in 2015

Anonymous vs ISIS, Australian attorney general, NTP and DDoS exploits

Anonymous vs ISIS Naturally, even cybersecurity news in this past week has centred around ISIS in the wake of the Paris attacks. The main headline has come from Anonymous, who have again but more formally waged ‘war’ on ISIS themselves. So far their efforts seem to have focused on communication; deleting thousands of Twitter accounts they believe are associated with the terrorist group. One notable aspect of how ISIS recruit supporters is through social media such as Twitter and Facebook, with an estimated 46,000 affiliated Twitter accounts. The move by Anonymous was announced immediately after ISIS dubbed the group ‘idiots’ and began circulating some useless cybersecurity advice to its followers via messaging app Telegram. Anonymous’s efforts, dubbed #OpParis are likely to irritate the group and possibly damage their recruitment opportunities. Australian attorney general warns terrorism means privacy will suffer Australian Attorney General George Brandis has said that Australians should expect ‘greater impediments to personal privacy’ in the wake of the Paris attacks. Measures have already become more strict under his tenure, with legislation passed to collect call records, IP addresses, location and billing information but it remains to be seen what further changes might be made. He also said during the interview by Nine Network that the situation with ISIS was tantamount to war. UK warns terrorists are targeting hospitals, power stations and air traffic control In an address at GCHQ (Government Communication Headquarters, a branch of British intelligence), chancellor George Osborne warned that terrorists will also be making efforts to target national infrastructure in order to carry out attacks. He also said that the government intend to double cybersecurity spending over the next five years. While we know such attacks are possible, we are yet to see terrorist groups like ISIS leverage this type of capability. NTP being made more secure to avoid DDoS exploits A new beta version of the Network Time Protocol (NTPsec) has been released, in efforts to avoid exploitation in DDoS attacks. Currently only available for open source use and feedback, the protocols codebase has been greatly streamlined; reduced from 30,000 lines of code to just 884. One of the project’s lead developers Eric S Raymond said: ‘The most important change you can’t see is that the code has been very seriously security-hardened, not only by plugging all publicly disclosed holes but by internal preventive measures to close off entire classes of vulnerabilities.’ Hackers offer 200,000 Comcast user passwords for sale Hackers have offered 200,000 Comcast user passwords for sale on the dark web, leading to a mass password reset from the company. What’s interesting in this case is that this was not a breach, but the result of users being duped into revealing their passwords themselves. Fortunately, Comcast’s own security officer discovered the passwords up for sale and initiated the mass reset before any accounts were known to be exploited. A reminder to be more careful with our password management! Vodafone reveal breach as further arrests made in TalkTalk case In the wake of the large TalkTalk breach and as a third man was arrested in the case, Vodafone announced their own breach. Affecting just 1827 users, who have all since been informed, Vodafone have not revealed how the attack was carried out. The number of customers affected by the TalkTalk breach has now been revised; originally given as 4 million, the number is now down to 1.2 million. In addition to usernames, emails and passwords 21,000 of these included bank account details and 28,000 credit card details. Source: https://www.acunetix.com/blog/articles/in-the-headlines-anonymous-vs-isis-australian-attorney-general-ntp-and-ddos-exploits/

Follow this link:
Anonymous vs ISIS, Australian attorney general, NTP and DDoS exploits

UK Broadband Provider AAISP Suffers Strong DDoS Assault

Internet provider Andrews and Arnold (AAISP) appears to have become the target for a semi-sporadic Distributed Denial of Service (DDoS) assault, which began hitting their network yesterday and has caused some of their customers to lose connection. Generally speaking DDoS attacks work by overloading a target server (e.g. a website or other network service) with masses of data requests from multiple internet connected computers / devices; usually Trojan/Virus infected computers that then become part of a botnet , which can be controlled by a single individual that usually hides their connection behind other servers. At this point it’s crucial to reflect that DDoS attacks happen to ISPs all the time (we read about them on an almost weekly basis), they’re practically par-for-the-course, but most can be mitigated and few are ever significant enough to knock lots of end-users offline. In nearly all cases these incidents aren’t actually an attack against the ISP, but rather somebody targeting a specific customer on the ISPs network. As such this should NOT be confused with the recent TalkTalk incident, which also involved a separate hacking attempt and was aimed at the ISPs web server. By comparison the assault against AAISP appears to have targeted part of their network and NOT their website, which is usually what happens when somebody is looking to knock a specific subscriber offline. The nature of this assault, which seems both powerful and aimed at several areas of their network, meant that AAISP’s “ usual anti-DOS systems have not helped “, although they were later able to “ mitigated most of the problems. ” Unfortunately the assault began again this morning and moved to a new target block, which has kept AAISP’s staff on their toes. Adrian Kennard, Director of AAISP, told ISPreview.co.uk: “ Staff have been working on this to reduce the impact on all customers as much as possible, and are continuing to do so today. There are still a handful customers that are collateral damage from the attack and we are working on getting those customers on line right now .” Apparently “ many ” of AAISPs customers have been affected by the DDoS, although only a handful were actually left without Internet connectivity and the provider is now attempting to identify which customers were being targeted by the assault (in practice they may not get to the bottom of this, just as most other ISPs rarely do). In the meantime some of provider’s customers are having their WAN IP address changed to get them on-line, including a few that own blocks of IPs (this can sometimes be a bit more tricky for the customer). One of those is Basingstoke based fixed wireless broadband ISP HiWiFi, which has been tweeting about the incident since last night. It’s worth pointing out that the Computer Misuse Act effectively makes DDoS illegal, although finding the perpetrators is rather more difficult, not least because such attacks are usually short-lived (the longer they go on the greater the chance of being traced and caught). Source: http://www.ispreview.co.uk/index.php/2015/11/uk-broadband-provider-aaisp-suffers-strong-ddos-assault.html

Continued here:
UK Broadband Provider AAISP Suffers Strong DDoS Assault

Merseyside DDoS daddy given eight months behind bars

When bragging of your illegal exploits, leave off your real name A UK man has been given eight and a half months in prison for launching a series of distributed denial-of-service attacks in 2013.…

More:
Merseyside DDoS daddy given eight months behind bars