After first wave attacks ended, thing-herders took aim at PlayStation, XBOX and Valve The Mirai botnet that took down large chunks of the Internet in 2016 was notable for hosing targets like Krebs on Security and domain host Dyn, but research presented at a security conference last week suggests a bunch of high-profile game networks were also targeted.…
Read More:
Mirai copycats fired the IoT-cannon at game hosts, researchers find
Cloudflare no longer protects the Daily Stormer from distributed denial of service attacks.
Read more here:
Daily Stormer: Cloudflare drops neo-Nazi site
Games company Blizzard has reported on Twitter that: “We are currently monitoring a DDOS attack against network providers which is affecting latency/connections to our games.” World of Warcraft, Overwatch, Hearthstone and other game servers are believed to have been hit. At about 5pm last night Blizzard noticed Down Detector – which monitors online outages -logging a huge upsurge of problems and 2800+ reports for Overwatch, World of Warcraft and several other Blizzard gaming services. Commenting on the way that even failure to bring a service down completely has a severe impact on online games , Igal Zeifman, director at Imperva Incapsula said in an email to SC: “Competitive online games are an attractive target for any DDoS offender looking to create large-scale mayhem in hope of some Internet notoriety. Moreover, such gaming networks are also particularly vulnerable to denial of service assaults because, unlike many other targets, they don’t need to be taken offline to become unusable. “In the case of a real-time online game, even a small amount of latency–as a result of a technically “failed” attacks–is enough to cause major disruption to gamers looking for a completely responsive and immersive experience. This is exactly what is happening in this case. Even if some users are able to log in, the latency they experience still makes Overwatch unplayable.” Source: https://www.scmagazineuk.com/world-of-warcraft-overwatch-hearthstone-and-other-games-hit-by-ddos/article/681508/
View post:
World of Warcraft, Overwatch, Hearthstone and other games hit by DDoS
Teenagers have typically not been known as the most motivated demographic, napping through classes and slouching through shifts at McDonald’s. While yelling at a 16-year-old four times just to get him to unload the dishwasher is annoying, consider the other end of the spectrum: the ambitious 16-year-old who earned over $500,000 USD by building a DDoS stresser responsible for 1.7 million attacks, causing millions of dollars in damages. It’s cool Brayden, you can unload the dishwasher later. Dirty dealings A successful distributed denial of service or DDoS attack is one in which a website or online service is overwhelmed by malicious traffic or requests, pushing the site or service offline so it’s unavailable to its users. DDoS attacks have been big news the last few years. Big news to website owners who have had users frustrated by downtime, to business owners who have suffered reputation damage and monetary losses, to the public at large who have been unable to use websites and services big and small because of these attacks, and big news to the media itself who have been devoting headlines to the ever-growing scourge of attacks. One of the main reasons for the increase in attacks has been DDoS for hire servers, otherwise known as booters or stressers. For as little as a few dollars, anyone with an internet connection can buy access to a service that allows them to aim a DDoS attack at the targets of their choosing. Stressers are so named because they masquerade as a legitimate tool, one that stresses a server to test its reliability. This is where Adam Mudd comes in. In the Mudd When Adam Mudd was just 16 years old he went to work on the computer in his bedroom and created what he called the Titanium Stresser. Mudd himself carried out 594 distributed denial of service attacks, including an attack against his former college, but those nearly 600 attacks were but a drop in the bucket compared to how busy his stresser got when he opened it up as a DDoS for hire service. In just over two years the Titanium Stresser racked up 112,000 registered users who launched 1.7 million DDoS attacks against 660,000 IP addresses. There were obviously many repeat targets amongst those 660,000 IP addresses, perhaps most notably the company behind the online game RuneScape which was hit 25,000 times and led to the company spending roughly $10 million in mitigation efforts. Other notable targets of the Titanium Stresser included Sony, Xbox Live, Microsoft and Team Speak. Mudd reportedly earned over $500,000 from his stresser service. It all came to an end for Mudd in March of 2015 when the police arrived at his parents’ house. Mudd refused to unlock his computer until his father intervened. He has since pleaded guilty to three charges under the United Kingdom Computer Misuse Act, and one charge of money laundering. He was sentenced to 24 months in jail. The big picture Mudd was nothing more than a teenager in the bedroom of his parents’ house, yet his stresser service caused millions of dollars in quantitative damages and untold further damages when it comes to lost productivity, lost user loyalty and lost revenue in both the short and long term. There are Adam Mudds all over the world, many more experienced, running stresser services that are just as successful as the Titanium Stresser and even more so. Further, while Mudd’s arrest and conviction is a success for law enforcement, he joins a list of recent DDoS-related arrests that include members of the famed Lizard Squad, owners of the vDos botnet, and three dozen patrons of stresser services. Hackforums, the biggest hacking forums in the world, also recently banned DDoS for hire services. All seemingly good things. Yet the number of DDoS attacks being perpetrated hasn’t gone down. When the FBI or Interpol shuts down a stresser service, another stresser service simply scoops up its customers. The lesson here has to be that DDoS attacks can be perpetrated by anyone and aren’t going anywhere anytime soon. With stresser services so affordable and accessible, almost every website on the internet is a potential target, and potentially a repeat target. Without professional DDoS protection, websites will be left picking up the pieces and paying exorbitant sums in order to do so. Source: http://www.bmmagazine.co.uk/in-business/kids-days-16-year-old-behind-1-7-million-ddos-attacks/
See the original post:
Kids these days: the 16-year-old behind 1.7 million DDoS attacks
Quillette Magazine, a small but respected libertarian publication based in Australia, suffered a DDoS attack Tuesday after publishing an article supportive of James Damore, the fired Google memo writer. The attack, which crashed the site for a day, came after Quillette published the opinion of four scientists on the Google memo. The scientists found that the conservative Google employee’s views on gender differences were supported by substantial scientific evidence. The Google memo’s “key claims about sex differences are especially well-supported by large volumes of research across species, culture,” wrote Geoffrey Miller, a professor of evolutionary psychology at the University of New Mexico, explaining that the memo “is consistent with the scientific state of the art on sex differences.” “Among commentators who claim the memo’s empirical facts are wrong, I haven’t read a single one who understand sexual selection theory, animal behavior, and sex differences research,” Miller added. Deborah Soh, who has a PhD in sexual neuroscience and works as a Toronto-based science writer, concurred with Miller. “Sex differences between women and men—when it comes to brain structure and function and associated differences in personality and occupational preferences—are understood to be true, because the evidence for them (thousands of studies) is strong.” “This is not information that’s considered controversial or up for debate; if you tried to argue otherwise, or for purely social influences, you’d be laughed at,” Soh said. Unfortunately, liberal-hacker-activists couldn’t handle the truth, and Quillette’s website took an arrow to the knee. Claire Lehmann, the founder of Quillette, told PJ Media that her website was especially susceptible to attack. While there are many programs that can be used to protect against DDoS attacks (which are when hackers flood websites with traffic to crash it), Claire said she didn’t have any. “I’m a small site and my technical skills are not at a high level, so I was unaware that I should have had these protections. Apparently they are fairly standard,” she told PJ Media. Her site, which has received endorsements from well-known figures such as Charles Murray and Richard Dawkins, has a history of publishing science-based journalism, but this is the first time they’ve suffered a DDoS attack, Lehman says. (Disclosure: I’ve written a few articles on higher education for them. Small world.) Lehmann, whose site has been dedicated to supporting alternative viewpoints since it launched in 2016, said her work is crucial to helping people see the truth behind things. “It’s important to hear alternative viewpoints so that we can work out what is the truth, and not merely consensus,” Lehmann said. “Over the past few years, both academic and media institutions have become highly conformist. And we know that groupthink leads to blindspots, which makes us unable to see what is actually true.” Source: https://pjmedia.com/trending/2017/08/09/libertarian-site-suffers-ddos-attack-after-supporting-google-worker/
View the original here:
Libertarian Site Suffers DDoS Attack After Supporting Google Worker
Ukrposhta, the national postal service in Ukraine, was hit with a two-day DDoS attack that began on Monday, knocking some systems offline. According to the Interfax news agency, the computer systems targeted by the unknown assailants are used to track customer parcels and shipments. Ukrposhta is managed by the Infrastructure Ministry in Ukraine, and employs almost 12,000 postal officers across the country and 76,000 employees in all—meaning that disruptions could have far-reaching effects. The company gave DDoS updates via its Facebook page yesterday. The latest (in translation) reads: “During the first wave of the attack, which began yesterday in the morning, our IT services could normalize the situation, and after 5 p.m., all the services on the site worked properly. But today, hackers are at it again. Due to their actions, both the website and services are working, but slowly and with interruptions.” Igal Zeifman, director of marketing at Imperva for the Incapsula product line, said via email that it sounds like Ukrposhta is dealing with several repeat assaults, occurring in rapid succession. “Recently, such tactics had become more common due to their ability to disrupt some security measures and cause fatigue to the people in charge of the attack mitigation, forcing them to stay alert even in the quiet time between the attacks,” he said. “In the first quarter of the year, we saw the number of such repeat assaults reach an all-time-high, with over 74% of DDoS targets attacked at least twice in the span of that quarter.” This is not the first time that Ukraine’s postal service has faced significant attacks this year. The country was ground zero for the Petya/NotPetya ransomware attacks that proliferated around the globe in June, which affected not just the postal service but also banks and the state-owned power companies, Ukenergo and Kyivenergo. Source: https://www.infosecurity-magazine.com/news/ukrainian-postal-service-repeated/
Read the original:
Ukrainian Postal Service Knocked Offline By Repeated DDoS
Bombshell story from Gizmodo underscores need for FCC to address serious issues with its public comment process before making any decision on net neutrality. 15,000+ people call on lawmakers to demand that FCC comply with transparency laws In a bombshell story from Gizmodo today, a former FCC security employee lays waste to the agency’s claims that a pair of DDoS attacks took down the FCC comment website at the exact moments when large amounts of pro net neutrality comments would have been flooding into the docket following viral segments from comedian John Oliver in 2014 and 2017. The agency’s inability to maintain a functional way for the public to comment on its net neutrality proceedings has become an issue of concern for members of Congress overseeing the agency, and raises questions about how it can or should move forward with its rulemaking process. The security expert who spoke to Gizmodo reveals that the FCC security team concluded that there had not been a malicious attack after the John Oliver segment in 2014. But until-recent FCC CIO David Bray told reporters that anyway, despite the fact there was no evidence of it, and he did not even have access to the types of logs and information that could have led him to that conclusion. The source also leaked a photo of the FCC’s server room to Gizmodo, revealing a mess of wires that would make any competent IT professional cringe. When pressed, Bray admitted to being the source of news reports about the made up “hacking” attack, but he never reported the incident to the Department of Homeland Security, who require that government agencies notify them of such attacks. With the backing of the FCC press office, Bray fed reporters that exact same story when the agency’s comment system collapsed again this year, preventing large numbers of people from making their voices heard in the agency’s proceeding. Evan Greer, campaign director of Fight for the Future, said: “These latest revelations are outrageous. A senior FCC official intentionally misled the public and invented cyber attacks to cover up the fact that the agency is failing at their responsibility to maintain a functioning system to receive feedback about an issue that affects every single person using the Internet. The FCC must address these serious issues with their comment process before moving forward, or it will be clear that this is a rogue agency that answers only to large telecom companies, and not to the American people.” The news comes after more than 15,000 people have signed a petition calling on their lawmakers to instruct the FCC to comply with transparency laws as the agency moves ahead with its unpopular plan to gut net neutrality protections that prevent ISPs from charging extra fees, throttling, or blocking content online. The agency is currently facing multiple lawsuits for refusing to release information related to the now-debunked DDoS claims, Chairman Ajit Pai’s discussions with telecom companies, large amounts of fake comments using real people’s names and addresses without their permission. “Members of Congress need to understand that this is not an issue they can ignore or hide from,” Greer added, “Voters from across the political spectrum overwhelmingly support the current net neutrality rules, and want their Senators and Representatives to do their job and speak out to ensure that the FCC is listening to the will of the public, not just to lobbyists from giant telecom companies. Lawmakers from both sides of the aisle need to exercise their oversight and demand that the FCC act transparently during this proceeding.” Fight for the Future has been working to inform the public about the serious issues surrounding the FCC’s comment process. The group organized a letter from dozens of people whose names and addresses were used to submit anti net neutrality comments without their permission, as well as several petitions garnering tens of thousands of signatures calling on the agency to come clean about the alleged DDoS attack that prevented concerned citizens from submitting comments. Fight for the Future was also one of the leading organizations behind the historic Internet-Wide Day of Action for Net Neutrality on July 12, which drove a record breaking 2 million+ comments to the FCC and Congress in a single day. Learn more at fightforthefuture.org Source: https://www.commondreams.org/newswire/2017/08/07/breaking-former-fcc-security-employee-destroys-agencys-claims-ddos-attacks
What would you do if your company was hit with a DDoS attack that lasted 11 days? Perhaps a large organization could withstand that kind of outage, but it could be devastating to the SMB, especially if it relies on web traffic for business transactions. That 11-day – 277 hours to be more exact – attack did happen in the second quarter of 2017. Kaspersky Lab said it was longest attack of the year, and 131 percent longer than the longest attack in the first quarter. And unfortunately, the company’s latest DDoS intelligence report said we should expect to see these long attacks more frequently, as they are coming back into fashion. This is not the news businesses want to hear. Enduring DDoS attacks isn’t new. Igal Zeifman, senior manager at Imperva for the Incapsula product line, told me in an email comment that in 2016, the company tracked a network layer attack that lasted more than 29 days and an application layer assault that persisted for 69 days straight. However, Zeifman argued against the Kaspersky finding, saying that it doesn’t mesh with what his company has seen, despite those extended attacks from last year: For the past four quarters we continued to see a persistent decline in the average attack duration, driven by an increased number of short attack burst of 30 minutes or less. These bursts accounted for over 58 percent of all network layer attacks and more than 90 percent of all assault layer attacks in the first quarter of the year. Interesting to see such disparate results in the length of DDoS attacks . Whether days long or short bursts, one thing is certain – those initiating the attacks have very definite reasons for doing so. As the Kaspersky Lab report stated, financial extortion was a top reason for the attacks in the second quarter: This approach was dubbed “ransom DDoS”, or “RDoS”. Cybercriminals send a message to a victim company demanding a ransom of 5 to 200 bitcoins. In case of nonpayment, they promise to organize a DDoS attack on an essential web resource of the victim. Such messages are often accompanied by short-term attacks which serve as demonstration of the attacker’s power. The victim is chosen carefully. Usually, the victim is a company which would suffer substantial losses if their resources are unavailable. Political hacktivists are hard at work, too, going after news organizations, elections and, in the U.S., the FCC, likely in retaliation for wanting to abolish net neutrality. The FCC has acknowledged the attack, but reports are the agency is making its cybersecurity efforts secret . I’ll be following up more on that story later this week. Source: http://www.itbusinessedge.com/blogs/data-security/second-quarter-reported-ddos-attacks-lasting-days-not-minutes.html
Original post:
Second Quarter Reported DDoS Attacks Lasting Days, Not Minutes
A distributed denial of service siege spanning more than 11 days broke a DDoS record for the year, according to a report from Kaspersky Lab. DDoS attackers launched a 277-hour attack against a Chinese telecom company in the second quarter of 2017, registering a 131% hourly increase compared to the longest attack recorded earlier this year, according to a report released this week by Kaspersky Lab. The 2017 DDoS Intelligence Report, which culls data from botnets detected and analyzed by Kaspersky Lab, says that the Chinese telecom siege that spanned more than 11 days is also, so far, a record for the year, demonstrating that long-lasting DDoS attacks have re-emerged. But pinpointing the reason for this rise is difficult. “There is no explanation why the length grew – such fluctuation happens from time to time,” says Oleg Kupreev, lead malware and anti-botnet analyst for Kaspersky Lab. The most powerful attack that the Kaspersky report notes occurred in the second quarter. It was 20GB per second, Kupreev says, adding that it lasted about an hour and used the connectionless User Datagram Protocol (UDP). Usually, most UDP flood attackers are not more than 4GB per second, he says. According to a Corero Network Security report, low-volume DDoS attacks still represent a majority of the sieges against networks. DDoS Attack Footprint Expands During the second quarter, the number of countries facing DDoS attacks jumped to 86 countries verses 72 in the first quarter, according to the report. The top 10 countries hit with attacks include the US, China, South Korea, Hong Kong, UK, Russia, Italy, France, Canada, and the Netherlands. “Online resources in one country can often be located on servers in another country – mostly in China, US, South Korea, and this is why these countries are always among the most targeted,” Kupreev says. Italy posted a 10-fold increase in DDoS attacks while the Netherlands experienced a 1.5x increase, which pushed Vietnam and Denmark off the top 10 list, according to the Kaspersky report. Ransom Without DDoS Attacks Rise A popular twist to ransom DDoS attack threats emerged in the second quarter, says Kupreev. Cybercrimminals would distribute their ransom threats to pay up or face a DDoS attack to a large group of companies, he says. But rather than send a short-term DDoS attack to show they mean business, no demo is sent with the hope that the company will pay the ransom on the threat alone, he explains. “Any fraudster who doesn’t even have the technical knowledge or skill to organize a full-scale DDoS attack can purchase a demonstrative attack for the purpose of extortion,” adds Kirill Ilganaev, head of Kaspersky DDoS Protection at Kaspersky Lab. “These people are mostly picking unsavvy companies that don’t protect their resources from DDoS in any way and therefore, can be easily convinced to pay ransom with a simple demonstration.” Despite a growing interest by cyberthieves to conduct a DDoS-less ransom scheme or a full-fledge DDoS Ransom attack, Kupreev says he does not expect this form of extortion to overtake normal DDoS attacks anytime soon. “The share of ‘normal’ DDoS attacks will always outnumber RDDoS, as there are many other reasons behind DDoS attacks in addition to money extortion: unfair competition, political struggle, hacktivism, smokescreening etc.,” Kupreev says. “Moreover, unavailability of online resources for many companies can be even more damaging than [the] amount of extortion.” Source: https://www.darkreading.com/attacks-breaches/chinese-telecom-ddos-attack-breaks-record-/d/d-id/1329518
See the article here:
Chinese Telecom DDoS Attack Breaks Record
Kaspersky report reveals the return of major DDoS threats, which are now also lasting longer than ever before. Long-lasting DDoS attacks are back, and they’re harder than ever, new research has claimed. According to a report from Kaspersky Lab, the second three months of 2017 saw a DDoS attack last more than 11 days – 277 hours straight. That’s a 131 per cent increase compared to Q1 2017, and a record for the year so far. The report also says that duration was not the only key feature of DDoS attacksthis quarter, identifying a ‘dramatic change’ in the geography of these threats. The top 10 most affected countries are China, South Korea, USA, Hong Kong, UK, Russia, Italy, the Netherlands, Canada and France — with Italy and the Netherlands replacing Vietnam and Denmark among the top targets in Q1. Al Jazeera, Le Monde and Figaro were the biggest targets, alongside Skype servers. Criminals also tried to manipulate cryptocurrency prices through DDoS. Bitfinex was attacked simultaneously with the launch of trading in a new cryptocurrency called IOTA token. “Nowadays, it’s not just experienced teams of hi-tech cybercriminals that can be Ransom DDoS-attackers. Any fraudster who doesn’t even have the technical knowledge or skill to organise a full-scale DDoS attack can purchase a demonstrative attack for the purpose of extortion. These people are mostly picking unsavvy companies that don’t protect their resources from DDoS in any way and therefore, can be easily convinced to pay ransom with a simple demonstration,” comments Kirill Ilganaev, head of Kaspersky DDoS protection at Kaspersky Lab. Source: http://www.itproportal.com/news/long-lasting-ddos-attacks-are-back/