Category Archives: DDoS Vendors

Mikrotik routers pwned en masse, send network data to mysterious box

Researchers uncover botnet malware pouncing on security holes More than 7,500 Mikrotik routers have been compromised with malware that logs and transmits network traffic data to an unknown control server.…

Read More:
Mikrotik routers pwned en masse, send network data to mysterious box

Department of Labour denies server compromise in recent cyberattack

The government department says the attack did not expose any sensitive or confidential information. The South African Department of Labour has confirmed a recent cyberattack which disrupted the government agency’s website. In a statement, the Department of Labour said that a distributed denial-of-service (DDoS) attack was launched against the organization’s front-facing servers over the weekend. According to the department’s acting chief information officer Xola Monakali, the “attempt was through the external Domain Name Server (DNS) server which is sitting at the State Information Technology Agency,” and “no internal servers, systems, or client information were compromised, as they are separated with the relevant protection in place.” The government agency has asked external cybersecurity experts to assist in the investigation. DDoS attacks are often launched through botnets, which contain countless enslaved devices — ranging from standard PCs to IoT devices — which are commanded to flood a domain with traffic requests.  When the volume reaches peak levels, this can prevent legitimate traffic from being able to access the same resource, leading to service disruption. Some of the worst we have seen in recent times include the Mirai botnet, made up of millions of compromised IoT devices, which was powerful enough to disrupt online services across an entire country. With the rapid adoption of IoT and connected devices, including mobile products, routers, smart lighting and more, botnets have become more powerful. Unfortunately, many of our IoT products lag behind in security and the use of lax or default credentials, open ports, and unpatched firmware has led to botnets which automatically scan for vulnerable devices online and add them to the slave pool with no-one the wiser. In July, a threat actor was able to create a botnet 18,000 device-strong in only 24 hours. The botnet scanned the Internet for connected devices left unpatched against Huawei router vulnerability CVE-2017-17215. It is not known who is behind the DDoS attack against the government agency. However, News24 reports that hacker “Paladin” may be responsible. The individual reportedly tipped off reporters that the attack was taking place as a test for a “full-scale attack” due to take place in the future against another government website. Paladin is also believed to be responsible for DDoS attacks launched against SA Express, the country’s Presidency domain, and the Department of Environmental Affairs. Source: https://www.zdnet.com/article/department-of-labour-denies-server-compromise-in-recent-cyberattack/

View the original here:
Department of Labour denies server compromise in recent cyberattack

Rise in multifunctional botnets

There is a growing demand around the world for multifunctional malware that is not designed for specific purposes but is flexible enough to perform almost any task. This was revealed by Kaspersky Lab researchers in a report on botnet activity in the first half of 2018. The research analysed more than 150 malware families and their modifications circulating through 600 000 botnets around the world. Botnets are large ‘nets’ of compromised machines that are used by cybercriminals to carry out nefarious activities, including DDoS attacks, spreading malware or sending spam. Kaspersky monitors botnet activity on an ongoing basis to prevent forthcoming attacks or to stop a new type of banking Trojan before it spreads. It does this by employing technology that emulates a compromised device , trapping the commands received from threat actors that are using the botnets to distribute malware. Researchers gain valuable malware samples and statistics in the process. Drop in single-purpose malware The first half of 2018 also saw the number of single-purpose pieces of malware distributed through botnets dropping significantly in comparison to the second half of 2017. In H2 2017, 22.46% of all unique malware strands were banking Trojans. This number dropped to 13.25% in the first half of this year. Moreover, the number of spamming bots, another type of single-purpose malware distributed through botnets, decreased dramatically, from 18.93% in the second half of 2017 to 12.23% in the first half 2018. DDoS bots, yet another typical single-purpose malware, also dropped, from 2.66% to 1.99%, in the same period. The only type of single-purpose malicious programs to demonstrate notable growth within botnet networks were miners. Even though their percentage of registered files is not comparable to highly popular multifunctional malware, their share increased two-fold and this fits in the general trend of a malicious mining boom, as noted in previous reports. There’s a RAT in my PC Alongside these findings, the company noted distinctive growth in malware that is more versatile, in particular Remote Access Tools (RATs) that give cyber crooks almost unlimited opportunities for exploiting infected machines. Since H1 2017, the share of RAT files found among the malware distributed by botnets almost doubled, rising from 6.55% to 12.22%, with the Njrat, DarkComet and Nanocore varieties topping the list of the most widespread RATs. “Due to their relatively simple structure, the three backdoors can be modified even by an amateur threat actor. This allows the malware to be adapted for distribution in a specific region,” the researchers said. Trojans, which can also be employed for a range of purposes, did not grow as much as RATs, but unlike a lot of single-purpose malware, still increased 32.89% in H2 2017 to 34.25% in H1 2018. In a similar manner to RATs, Trojans can be modified and controlled by multiple command and control servers, for a range of nefarious activities, including cyberespionage or the theft of personal information. Bot economy Alexander Eremin, a security expert at Kaspersky Lab, says the reason multipurpose malware is taking the lead when it comes to botnets is clear. “Botnet ownership costs a significant amount of money and, in order to make a profit, criminals must be able to use each and every opportunity to get money out of malware. A botnet built out of multipurpose malware can change its functions relatively quickly and shift from sending spam to DDoS or to the distribution of banking Trojans.” In addition to switching between different ‘active’ malicious activities, it also opens an opportunity for a passive income, as the owner can simply rent out their botnet to other criminals, he added. Source: https://www.itweb.co.za/content/LPwQ57lyaoPMNgkj

Link:
Rise in multifunctional botnets

Congress wants CVE stability, China wants your LinkedIn details, and Adobe wants you to patch Creative Cloud

Also: Belarus barely brushes botnet builder’s bankroll Another week has come and gone. This one included some Fortnite flaws , a nasty Intel bug , and a voting machine maker whining about hacking contests.…

More:
Congress wants CVE stability, China wants your LinkedIn details, and Adobe wants you to patch Creative Cloud

How to Protect Businesses Against DDoS Attacks

Security, for any business today, is important; we, at HackerCombat, have already reported on the rising costs of IT security on the global level. More and more business today invest heavily in security; they have started realizing that without security, it’s almost impossible for any business to flourish in today’s circumstances. We have arrived at a stage when businesses cannot handle security by simply relying on their ISPs. Proactive measures that businesses adopt for ensuring proper and better security really counts. Businesses today are often targeted by DDoS (Distributed Denial of Service) attacks, planned and executed by cybercriminals all the world over. Hence it becomes important that every business today is armed, in all ways possible, to combat DDoS attacks, in the most effective of manners. Let’s discuss how businesses can secure themselves against such attacks. Let’s begin by discussing how DDoS attacks happen and what they are, in the first place… DDoS Attacks: An Introduction The basic principle of a DDoS attack is this- a very large number of requests are sent from several points targeting a network or server, and that too in a very short span of time. This kind of bombardment causes an overload on the server, which consequently leads to the exhaustion of its resources. The obvious result is that the server would fail and sometime would even become inaccessible, thereby causing a total denial of service, hence the name Distributed Denial of Service attack. The main issue, however, is not that the server or network becomes inaccessible; on the other hand, it pertains to the security of the data stored in the network. A DDoS attack makes a server vulnerable and hackers can penetrate the information system and cause huge losses to the business that’s targeted. The cybercriminals behind a DDoS attack can thus make big money at the expense of the company that’s targeted. The motives behind DDoS attacks vary; such attacks could be carried out for political or financial gains, while some such attacks would have retaliation as the sole purpose. Those who look for political gains would target those who hold contradicting political, social or religious beliefs. Crippling them through a well-planned and well-executed DDoS attack would be the motive here. Retaliatory attacks happen when a botnet or a large cybercriminal network is dismantled and those who stood by the authorities need to be targeted. DDoS attacks that are carried out for financial gains follow a simple pattern. Those who want a business targeted would hire the services of cybercriminals who would carry out the DDoS attack. The hackers are paid for the work they do. Well, irrespective of the motive, the end result for the business that’s targeted is always the same. The network and online services become unavailable, sometimes for a short period and sometimes for a really long period of time, and data security also is at risk. How to protect a business from DDoS attacks ISPs may offer layer 3 and layer 4 DDoS protection, which would help businesses save themselves from many volumetric attacks. But most such ISPs fail when it comes to detecting small, layer 7 attacks. That’s why it’s said that businesses should not depend on their ISPs alone for protecting themselves against DDoS attacks. They should be set to implement measures that ensure comprehensive protection against DDoS attacks. Here’s a look at the different things that need to be done to combat DDoS attacks in the most effective of manners: Go for a good solution provider- There are many service providers who provide Layer 3, 4 and 7 protection against DDoS attacks. There are providers of all kinds, ranging from those that offer low-cost solutions for small websites to those that provide multiple coverages for large enterprises. Most of them would offer custom pricing option, based on your requirements. If yours is a large organization, they would offer advanced layer 7 discovery services with sensors to be installed in your data center. Well, always go for a good provider of security solutions, as per your needs. Always have firewall or IPS installed- Modern firewall software and IPS (Intrusion Prevention Systems) claim to provide a certain level of protection against DDoS attacks. The New Generation Firewalls offers both DDoS protection as well as IPS services and thus would suffice to protect you against most DDoS attacks. There, of course, are some other aspects that need to be kept in mind. Your New Generation Firewall might get overwhelmed by volumetric attacks and might not even suffice for layer 7 detections. Similarly, enabling DDoS protection on your firewall or IPS could even impact the overall performance of your system/network in an adverse manner. Use dedicated appliances that fight DDoS attacks- Today, there are many hardware devices that protect you from DDoS attacks. Some of these provide protection against layer 3 and 4 attacks while some advanced ones give protection against layer 7 DDoS attacks. Such appliances are deployed at the main point of entry for all web traffic and they monitor all incoming and outgoing network traffic. They can detect and block layer 7 threats. There are two versions of these hardware solutions- one for enterprises and the other for telecom operators. The ones for enterprises are cost-effective ones while the ones for providers are too expensive. Investing in getting such hardware appliances would always be advisable. It’s always good to go for devices that use behavior-based adaptation methods to identify threats. These appliances would help protect from unknown zero-day attacks since there is no need to wait for the signature files to be updated. Remember, for any organization, big or small, it’s really important today to be prepared to combat DDoS attacks. For any organization that has a web property, the probability of being attacked is higher today than ever before. Hence, it’s always good to stay prepared. Prevention, as they say, is always better than cure! Source: https://hackercombat.com/how-to-protect-businesses-against-ddos-attacks/

Visit link:
How to Protect Businesses Against DDoS Attacks

A DDoS Knocked Spain’s Central Bank Offline

In a distributed-denial-of-service (DDoS) attack that began on Sunday, 26 August, and extended into today, Spain’s central bank was knocked offline. While Banco de Espana struggled to fight off the attack, business operations were not disrupted, according to Reuters . “We suffered a denial-of-service attack that intermittently affected access to our website, but it had no effect on the normal functioning of the entity,” a spokeswoman for Banco de Espana wrote in an email. DDoS attacks interrupt services by overwhelming network resources. Spain’s central bank is a noncommercial bank, which means that it does not offer banking services online or on site, and communications with the European Central Bank were not impacted. “Worryingly, as of Tuesday afternoon their website remained offline despite the attack having started on Sunday. Whether this was as a result of an ongoing attack, recovering from any resulting damage or as a precaution pending a forensic investigation is not clear,” said Andrew Lloyd, president, Corero Network Security. “The recent guidance from the Bank of England (BoE) requires banks to have the cyber-resilience to ‘resist and recover’ with a heavy emphasis on ‘resist.’ The BoE guidance is a modern take on the old adage that ‘prevention is better than cure.’  Whatever protection the Bank of Spain had in place to resist a DDoS attack has clearly proven to be insufficient to prevent this outage.” To help mitigate the risk of a DDoS attack, banks and other financial institutions can invest in real-time protection that can detect attacks before they compromise systems and impact customer service. As of the time of writing this, the bank’s website appears to be back online. Source: https://www.infosecurity-magazine.com/news/ddos-knocked-spains-central-bank/

Read More:
A DDoS Knocked Spain’s Central Bank Offline

Online Poker Sites Suffer DDoS Attacks

The online poker industry has recently been plagued by a spate of Distributed Denial of Service (DDoS) attacks, with three highly popular gaming websites being impacted by the onslaught. Initial reports of the attacks emerged on US-facing America’s Card Room on Sunday, August 5, which coincided with the beginning of the brand’s Mini Online Super Series (MOSS) tournament. The MOSS series offered guaranteed wins of $10 million, but the operator had no choice but to cancel several of its tournaments throughout the event as a result of the DDoS attacks. Popular Canadian-operated site PokerStars and its fellow platform partypoker would shortly become the next targets. Denial of Service attacks are cyber-attacks in which criminals aim to make a machine or network unavailable to its users by indefinitely disrupting service provision of a host connected to the web. Next In the Hit-Line The attacks are carried out by overwhelming the target network with superfluous requests, which overload its system and make it unable to fulfill legitimate requests from customers. The ‘distributed’ part comes in when the flood of superfluous requests stem from multiple sources. This essentially makes it impossible to halt the attack by blocking a single request source. On August 9, partypoker tournaments were stopped and cancelled after players began to complain of connectivity issues. The brand later confirmed that it was indeed DDoS attacks that had disrupted the tourneys, with Managing Director Tom Waters issuing an apology and an explanation on the site’s blog. In the post, Waters confirmed that the third-party attacks lasted for several hours, and caused problems like in-play pauses and an inability for players to log into the site’s software. He also assured customers that the operator’s team is working with a DDoS mitigation service provider to remove the risks of similar future events. Players Blinded Down Then, on Sunday, August 12, PokerStars became the latest victim to undergo DDoS attacks, with reports of technical difficulties beginning to flood in. It was on this day that several tournaments, including the brand’s popular Sunday Million, were set to be hosted – but they were interrupted and stopped across its European network and its Indian and Italian domains. With the bulk of tournament players sitting out and unable to connect, players in other connected countries were able to steal the blinds of the absent players until The Stars Group cancelled all of the tournaments. Players were automatically paid out according to their chip counts at the time of cancellation, which elicited many complaints from those players who were blinded down to a smaller stack. PokerStars has since assured its customers that they will be refunded based on their stacks at the time when the first disconnection began. Currently, the industry has not undergone any further attacks, but only time will tell if DDoS attacks will continue to wound the market – and how sites will work to prevent further disruptions and address players’ concerns about this worrisome issue. Source: https://www.gamingpost.ca/canadian-poker-news/online-poker-sites-suffer-ddos-attacks/

More:
Online Poker Sites Suffer DDoS Attacks

Sweden’s Social Democrats’ website hacked in attack linked to Russia and North Korea

The website of Sweden’s centre-left Social Democrats has been hacked for a second time, and the IP address responsible was linked to Russia and North Korea, according to the party’s IT provider. The hack was a distributed denial-of-service (DDoS) attack, meaning those responsible disrupted the site to make it unavailable to users. “This is serious. Citizens don’t have access to our site, the heart of our election campaign, where the information about our policies is,” the party’s head of communications, Helena Salomonson, told TT. The site was attacked at around 9pm on Monday, and was down for around six minutes in total, Salomonson said. The party has reported the incident to police. It’s the second time in around a week that the Social Democrats, currently part of the ruling coalition with the Green Party, have experienced an online attack, after a similar hack when they first launched their election campaign. On that occasion, the site remained down for several hours. “Denial-of-service attacks are quite hard to prevent,” Salomonson said. “Now we need to look over our preventative measures again.” The IP addresses behind the attack were linked to Russia and North Korea, according to information from the party’s IP provider, but Salomonson said: “It feels difficult to speculate about possible participants and motives.” Source: https://www.thelocal.se/20180822/swedens-social-democrats-website-hacked

Taken from:
Sweden’s Social Democrats’ website hacked in attack linked to Russia and North Korea

It’s Time To Protect Your Enterprise From DDoS Attacks

DDoS (Distributed Denial of Service) attacks feature amongst the most dreaded kinds of cyber attacks, for any enterprise today. This is especially because, as the name itself suggests, there it causes a total denial of service; it exhausts all resources of an enterprise network, application or service and consequently it becomes impossible to gain access to the network, application or the service. In general, a DDoS attack is launched simultaneously from multiple hosts and it would suffice to host the resources, the network and the internet services of enterprises of any size. Many prominent organizations today encounter DDoS attacks on a daily basis. Today DDoS attacks are becoming more frequent and they are increasing in size, at the same time becoming more sophisticated. In this context, it becomes really important that enterprises look for DDoS attack prevention services, in fact the best DDoS attack prevention services, so as to ensure maximum protection for their network and data. The different kinds of DDoS attacks Though there are different kinds of DDoS attacks, broadly speaking there are three categories into which all the different kinds of DDoS attacks would fit. The first category is the volumetric attacks, which include those attacks that aim at overwhelming network infrastructure with bandwidth-consuming traffic or by deploying resource-sapping requests. The next category, the TCP state-exhaustion attacks, refer to the attacks that help hackers abuse the stateful nature of the TCP protocol to exhaust resources in servers, load balancers and firewalls. The third category of DDoS attacks, the application layer attacks, are basically the ones targeting any one aspect of an application or service at Layer 7. Of the above-mentioned three categories, volumetric attacks are the most common ones; at the same time there are DDoS attacks that combine all these three vectors and such attacks are becoming commonplace today. DDoS attacks getting sophisticated, complex and easy-to-use Cybercriminals today are getting cleverer and smarter. They tend to package complex, sophisticated DDoS attack tools into easy-to-use downloadable programs, thereby making it easy even for non-techies to carry out DDoS attacks against organizations. What are the main drivers behind DDoS attacks? Well, there could be many, ranging from ideology or politics to vandalism and extortion. DDoS is increasingly becoming a weapon of choice for hacktivists as well as terrorists who seek to disrupt operations or resort to extortion. Gamers too use DDoS as a means to gain competitive advantage and win online games. There are clever cybercriminals who use DDoS as part of their diversionary tactics, intending to distract organizations during APT campaigns that are planned and executed in order to steal data. How to prevent DDoS attacks The first thing that needs to be done, to prevent DDoS attacks from happening, is to secure internet-facing devices and services. This helps reduce the number of devices that can be recruited by hackers to participate in DDoS attacks. Since cybercriminals abuse protocols like NTP, DNS, SSDP, Chargen, SNMP and DVMRP to generate DDoS traffic, it’s advisable that services that use any of these ought to be carefully configured and run on hardened, dedicated servers. Do repeated tests for security issues and vulnerabilities. One good example is doing penetration tests for detecting web application vulnerabilities. Ensure that your enterprise implements anti-spoofing filters as covered in IETF Best Common Practices documents BCP 38 and BCP 84. This is because hackers who plan DDoS attacks would generate traffic with spoofed source IP addresses. Though there are no fool-proof techniques that can prevent DDoS attacks completely, you can ensure maximum protection by ensuring proper configuration of all machines and services. This would ensure that attackers don’t harness publicly available services to carry out DDoS attacks. It’s to be remembered that it’s difficult to predict or avoid DDoS attacks and also that even an attacker with limited resources can bring down networks or websites. Hence, for any organization, it becomes important that the focus is always on maximum level protection for enterprise networks, devices, websites etc.  Source: https://ddosattacks.net/wp-admin/post-new.php

See more here:
It’s Time To Protect Your Enterprise From DDoS Attacks