U.K. officials have extradited the man who allegedly masterminded a cyberattack earlier this year that impacted two of England’s biggest banks. They have accused 29-year-old Daniel Kaye, who was found in Germany, of using an infected computer network to damage and blackmail both Barclays and Lloyds Banking Group, The Financial Times reported. Following the cyberattack, Lloyds found its digital services crippled on and off for over 48 hours in January 2017, preventing some customers from being able to check their bank balances or send out payments via the network. The assault was a distributed “denial of service” (DDoS) attack, which overwhelms a firm’s website so its services don’t operate properly. The same month, Barclays fought off their own cyberattack, according to the National Crime Agency. These cybercrime attacks occurred just months following a high-profile cyberattack against Tesco Bank that caused 9,000 people to have their money stolen from accounts. HSBC also saw an attack against its personal banking website and mobile app in 2016, causing thousands of customers to be locked out of their accounts. “The investigation leading to these charges was complex and crossed borders,” said Luke Wyllie, the National Crime Agency’s senior operations manager. “Our cybercrime officers have analyzed reams of data on the way. Cybercrime is not victimless, and we are determined to bring suspects before the courts,” the Financial Times reported. Daniel Kaye is also being accused of operating a cyberattack against Liberia’s largest internet provider, Lonestar MTN. Kaye is scheduled to appear in the U.K.’s Westminster Magistrates Court on Aug. 31. “In January, we were the target of a substantial distributed denial of service (DDoS) attack,” Lloyds Banking Group said in remarks according to news by the Financial Times . “This was successfully defended but resulted in intermittent and temporary service issues for some customers. There was no attempt to access the bank’s systems and no customer details or accounts were compromised.” Source: http://www.pymnts.com/news/security-and-risk/2017/cybercriminal-daniel-kaye-extradited-following-ddos-cyberattacks/
Category Archives: Security Websies
Tech firms band together to take down Android DDoS botnet
An ad-hoc alliance of tech firms has managed to seriously cripple an Android-based botnet that was being actively used to DDoS multiple content providers. The botnet, dubbed WireX by the researchers, consisted of Android devices with malicious apps installed. In fact, in the wake of the discovery, Google has pulled some 300 such apps from Google Play, began removing them remotely from affected users’ devices, and blocked them from being installed. The malicious apps The … More ?
Read the article:
Tech firms band together to take down Android DDoS botnet
3 Ways to Defeat DDoS Attacks
In 2012, a number of DDoS attacks hit Bank of America, JPMorgan Chase, Wells Fargo, U.S. Bank and PNC Bank. These attacks have since spread across most industries from government agencies to local schools and are showing an almost yearly evolution, with the most recent focus being the Internet of Things (IoT). In 2016, compromised cameras, printers, DVRs and other IoT appliances were used in a large attack on Dyn that took down major websites including Amazon, Twitter, Netflix, Etsy and Spotify. Inside Distributed Denial-of-Service Threats Although these large attacks dominate the headlines, they’re not what most enterprises will deal with day to day. The most common attacks are in the range of 20 to 30 Gbps or less, while larger attacks have been reported at 1.2 tbps. Creating DDoS Defense Security technology is becoming more sophisticated, but so are hackers, which means attacks can be much more difficult to mitigate now than in the past. Enterprises must be knowledgeable and prepared with mitigation techniques as the attacks continue to evolve. DDoS mitigation comes in three models: Scrubbing Centers The most common DDoS mitigation option for enterprises is to buy access to a scrubbing center service. During an attack, traffic is redirected to the security provider’s network, where the bad traffic is “scrubbed out” and only good traffic is returned to the customer. This option is good for multi-ISP environments and can be used to counter both volumetric and application-based attacks. For added protection, some providers can actually place a device in your data center, but this is not as cost-effective as the cloud-based option. ISP- Clean Pipes Approach With the rise of DDoS attacks, many ISPs have started their own scrubbing centers internally, and for a premium will monitor and mitigate attacks on their customers’ websites. In this scenario, ISPs operate as a one-stop-shop for bandwidth, hosting and DDoS mitigation. But some ISPs are more experienced at this than others, so customers must be sure to thoroughly test and research the quality of the service offered by their ISPs. Content Delivery Network Approach The distributed nature of content delivery networks (CDNs) means that websites live globally on multiple servers versus one origin server, making them difficult to take down. Large CDNs may have over 100,000 servers distributing or caching web content all over the world. However, CDN-based mitigation is really only a good option for enterprises that require core CDN functionality, as porting content to a CDN can be a time-intensive project. Source: https://www.forbes.com/sites/gartnergroup/2017/08/28/3-ways-to-defeat-ddos-attacks/#dda62aada78f
See the original article here:
3 Ways to Defeat DDoS Attacks
Week in review: Android Oreo security, hacking robots, DDoS attacks on the rise
Here’s an overview of some of last week’s most interesting news, podcasts and articles: Judge limits DOJ’s search of anti-Trump website data On Thursday, District of Columbia Superior Court Judge Robert Morin ruled that DreamHost must comply with the narrowed warrant, but has further limited the government’s access to the asked-for data, in order to limit exposure of sensitive user information. Review: Securing the Internet of Things The authors do a good job explaining the … More ?
Read more here:
Week in review: Android Oreo security, hacking robots, DDoS attacks on the rise
DreamHost, web hosting company, blames powerful DDoS attack for online outages
DreamHost, one of the world’s largest web hosting companies, said a distributed denial-of-service (DDoS) caused significant outages Thursday affecting customers of its web and email services. The Los Angeles-based hosting provider said that “internet vigilantes” conducted an attack against part of its online infrastructure resulting in connectivity issues affecting several aspects of its operations, ranging from its online customer support features to the hosting service used by over 1.5 million websites. The attack targeted DreamHost’s Domain Name Servers (DNS) – digital directories that allow internet users to access specific websites without remembering their lengthy, numeric IP addresses – and was remedied about four hours after first being detected, according to the company. DDoS attacks involve knocking websites offline by overloading their servers with illegitimate traffic and effectively rendering them inaccessible. Low-level attacks are capable of briefly disabling websites lacking DDoS protection, but wide-scale attacks like the one conducted last year against Dyn, an American DNS provider, caused unprecedented outages affecting some of the world’s most popular websites, including Amazon and Netflix. DreamHost customers, including the Cambridge Seventh-day Adventist Church in England and the Tale of Two Wastelands video gaming project, were among those who said their websites were unavailable Thursday due to the powerful DDoS attack. The DDoS attack was confirmed by DreamHost as two of the company’s customers made headlines in their own right over their unrelated efforts to survive scrutiny: DisruptJ20, an anti-Trump protest site, and The Daily Stormer, a white supremacist website that remerged online this week with the help of DreamHost after being all but driven off the internet. A federal judge earlier Thursday ordered DreamHost to provide information sought by federal prosectors investigating the riots that erupted in Washington, D.C. during President Trump’s inauguration Jan. 20. The Daily Stormer, meanwhile, relaunched on a DreamHost website Thursday after previously being banned from the internet’s biggest domain registrars and hosting providers, including GoDaddy, Google and Cloudflare. The Daily Stormer had quietly registered the new domain using an automated signup form and was subsequently booted several hours later, , DreamHot said Thursday evening. “Unfortunately, determined internet vigilantes weren’t willing to wait for us to take that action,” DreamHost said in a statement to Ars Technica. “They instead launched a DDoS attack against all of DreamHost this morning. We were ultimately able to declaw that attack, but the end result was that most of our customers experienced intermittent connectivity issues to their sites today.” Source: http://www.washingtontimes.com/news/2017/aug/24/dreamhost-web-hosting-company-blames-powerful-ddos/
View the original here:
DreamHost, web hosting company, blames powerful DDoS attack for online outages
DreamHost smashed in DDoS attack: Who’s to blame? Take a guess…
Is it the alt-right or anti-fascists? Most likely the latter Web hosting biz DreamHost has been largely crippled today by a distributed denial of service attack, bringing down most of its services.…
Read the original:
DreamHost smashed in DDoS attack: Who’s to blame? Take a guess…
90% of Companies Get Attacked with Three-Year-Old Vulnerabilities
A Fortinet report released this week highlights the importance of keeping secure systems up to date, or at least a few cycles off the main release, albeit this is not recommended, but better than leaving systems unpatched for years. According to the Fortinet Q2 2017 Global Threat Landscape, 90% of organizations the company protects have experienced cyber-attacks during which intruders tried to exploit vulnerabilities that were three years or older. In addition, 60% of organizations were attacked with exploits ten years or older. Organizations that did a relatively good job at keeping systems patched would have been able to block the attacks. Nonetheless, it is always recommended that companies keep systems up to date at all times. This has been shown in the past year. First last year with a Joomla flaw that saw exploit attempts days after being disclosed, then again at the start of January when attackers started scanning for a recently disclosed WordPress flaw hours after the official announcement. The focus on older exploits is simple to explain. Not all hackers are on the same skill level of nation-state cyber-espionage units, and most rely on open-sourced exploits. The older the vulnerability, the better the chances of finding a working exploit on one of the many exploit-sharing sites currently available online. Weekend warriors Furthermore, the Fortinet includes an interesting chart that shows attackers launching attacks mostly over the weekend. There are a few simple explanations for these. First, there are no SIRT (Security Incident Response Team) responders at most businesses over the weekend. Second, most hackers have jobs as well, and the weekend is when most are free for “side activities.” Number of DDoS attacks grew after Mirai source code release Also this week, Akamai released the State of the Internet/Security Report for Q2 2017. The report contains statistics on a wide variety of web attacks that took place via the company’s infrastructure in April, May, and June. The report’s main finding is the rise in the number of DDoS attacks during the first half of 2017 after DDoS attacks went down during the second half of 2016. According to Akamai, the release of the Mirai DDoS malware source code in September 2016 helped breathe new life into a declining DDoS booter market. Since then, a large number of different botnets built on the Mirai source code have been spotted, many of which were offered as DDoS-for-hire services. In a separate research presented at the USENIX security conference last week, researchers from Cisco, Akamai, Google, and three US universities revealed that despite having a reputation of being able to take down some of the largest online companies around, most Mirai botnets were mainly used to target online gaming servers. Besides Mirai, another very active strain of DDoS-capable malware was the PBos trojan, also targeting Linux-based devices. Some of these attacks even reached the massive size of 75 Gbps. Source: https://www.bleepingcomputer.com/news/security/90-percent-of-companies-get-attacked-with-three-year-old-vulnerabilities/
See the original article here:
90% of Companies Get Attacked with Three-Year-Old Vulnerabilities
DDoS attacks down in second quarter
Attacks designed to overwhelm servers with internet traffic — known as distributed denial of service (DDoS) attacks — were less frequent this spring than last, according to Akamai’s second quarter report. Akamai is a major seller of services to fight DDoS attacks. According to the company’s report, attacks declined by 18 percent between the beginning of April and end of June from the same period last year. DDoS attacks use hacked computers and internet-connected devices to send abnormal levels of traffic to a target, forcing it to slow or crash. A DDoS attack knocked out a critical internet switchboard known as Dyn, a domain name system provider, in October that rendered Twitter, Netflix and The New York Times unreachable. In May, the FCC reported a DDoS attack slammed its commenting system, though critics have questioned whether this was an attack or just a flood of commenters weighing in on the contentious issue of net neutrality. The report notes that while attacks are down year over year, attacks jumped 28 percent from the first quarter. But, it cautions quarterly data may not be the best measure of trends. It explains many attacks are tied to yearly events: “For most organizations, security events aren’t seasonal, they happen year round, without the ability to anticipate attacks. Unless you’re the security team for a merchant, in which case you need to plan for Black Friday and Cyber Monday, since they are likely to be the high water marks for attack traffic for the year.” While attacks rose from the beginning of the year, attack severity declined. “[F]or the first time in many years” Akamai observed no attacks exceeding 100 gigabits per second. The report speculates one potential cause of lower severity attacks might be international success taking the networks of hijacked computers, known as botnets, offline. Gaming companies were the victim in around 80 percent of attacks observed by Akamai in the second quarter, with one customer seeing more than 550 attacks. At the USENIX conference this year, Akamai researchers, teaming with other industry players and academics, presented research that the Dyn attack was actually intended as an attack on one of Dyn’s clients — the gaming platform PlayStation. According to that presentation, Dyn crashed as it handled requests headed to PlayStation. Source: http://thehill.com/policy/cybersecurity/347496-ddos-attacks-down-in-second-quarter
View the original here:
DDoS attacks down in second quarter
Here we go again: DDoS attacks on the rise!
Newly released data shows that DDoS and web application attacks are on the rise once again, according to Akamai’s Second Quarter, 2017 State of the Internet / Security Report. Contributing to this rise was the PBot DDoS malware which re-emerged as the foundation for the strongest DDoS attacks seen by Akamai this quarter. In the case of PBot, malicious actors used decades-old PHP code to generate the largest DDoS attack observed by Akamai in the … More ?
See the original article here:
Here we go again: DDoS attacks on the rise!
Online Extortion Campaigns Target Users, Companies, Security Researchers
During the past week, there has been a sudden surge in online extortion campaigns, against regular users and security researchers alike. The most devious of these was a campaign detected by Forcepoint security researcher Roland Dela Paz, and which tried to trick users into thinking hackers had gotten their hands on sensitive or sexually explicit images. Attackers wanted payments of $320 to a Bitcoin address or they would have sent the compromising materials to the victim’s friends. Massive spam wave delivered fake threats This attempted blackmail message was the subject of a massive spam campaign that took place between August 11 and 18. Dela Paz says attackers sent out extortion emails to over 33,500 victims. Most of the targets were from Australia and France. The extortion campaign was particularly active in Australia, where it caught the eye of officials at the Australian National University, who issued a safety warning on the topic, alerting students of the emails. The extortion attempt was obviously fake, says Dela Paz. “The scale of this campaign suggests that the threat is ultimately empty,” the expert explained. “If the actors did indeed possess personal details of the recipients, it seems likely they would have included elements (e.g. name, address, or date of birth) in more targeted threat emails in order to increase their credibility.” Dela Paz warns that the campaign is still ongoing. Users can recognize the blackmail attempts by the following subject line formats: “Three random letters: [recipient email] date and time ??n??rning ?ur yest?rday’s ??nv?rs?tion” “Three random letters: [recipient email] date and time I hav? s?m?thing that can m??? y?ur lif? w?rse” “Three random letters: [recipient email] date and time I would not li?e t? start our kn?winga?qu?int?n?? with this” “Three random letters: [recipient email] date and time I’m not h?p?y with y?ur beh?vior lately” “Three random letters: [recipient email] date and time Dont y?u thin? th?t your devi?? w?r?s w?ird?” “Three random letters: [recipient email] date and time I think th?t it is not as funny for you as it is funny for m?” Hackers tried to blackmail Swiss security researcher In addition, during the past week, there were also extortion attempts sent to organizations. A hacker group calling itself ANX-Rans tried to extort a French company. Another group calling itself CyberTeam also tried to extract a ransom payment of 5 Bitcoin (~$20,000) from Abuse.ch, the website of a prominent Swiss security researcher. These DDoS threats in the hope of extracting Bitcoin payments are called DDoS-for-Bitcoin or RDoS (Ransom DDoS) attacks. RDoS attacks have been on the rise since mid-June after a South Korean hosting provider paid a ransom of nearly $1 million after web ransomware encrypted its customer servers. Ever since then, RDoS groups became extremely active hoping for a similar payday. We’ve already covered the active groups at the time in an article here. Group posing as Anonymous targeted US companies Since then, the most prominent RDoS campaign that took place was in mid-July when a group using the name of the Anonymous hacker collective tried to extort payments from US companies under the threat of DDoS attacks. At the time, Bleeping Computer obtained a copy of the ransom email from cyber-security firm Radware, who was investigating the threats. Radware said that despite posing as Anonymous hackers, this was the same group who tried to obtain ransoms of $315,000 from four South Korean banks (for these RDoS extortions the group posed as Armada Collective, another famous hacking crew). “This is not an isolated case. This is a coordinated large-scale RDoS spam campaign that appears to be shifting across regions of the world,” Radware security researcher Daniel Smith told Bleeping Computer via email at the time. “All ransom notes received have the same expiration date,” he added. “In RDoS spam campaigns like this one the actors threaten multiple victims with a 1Tbps attack on the same day.” Most RDoS extortion attempts are empty threats The group also claimed it was in control of a Mirai botnet made up of compromised IoT devices and was capable of launching DDoS attacks of 1 Tbps. No such attacks have been observed following the ransom demands on US companies. In research presented at the USENIX security conference last week, researchers from Cisco, Akamai, Google, and three US universities revealed that despite having a reputation of being able to take down some of the largest online companies around, the most variants of the Mirai botnet were mainly used to target online gaming servers. Most of these DDoS attacks on gaming servers were also relatively small as multiple botnets broke up IoT devices (DDoS resources) among them. In addition to the group posing as Anonymous, Radware also reported on multiple RDoS extortion attempts on gaming providers that also took place in July. “We suggest companies do not pay the ransom,” Smith said at the time, a recommendation still valid today, as this encourages more blackmailers to join in. Source: https://www.bleepingcomputer.com/news/security/online-extortion-campaigns-target-users-companies-security-researchers/
Read More:
Online Extortion Campaigns Target Users, Companies, Security Researchers