Krebs says he’s fingered author of epic IoT web assault code The author of the massive distributed denial-of-service attack malware Mirai, which ropes infected routers and internet of things devices into remotely controlled armies, is a New Jersey man, according to journo Brian Krebs.…
More:
Operator of DDoS protection service named as Mirai author
A software engineer is calling for protesters to flood the site with traffic during the presidential inauguration It’s almost time. Ex-reality TV host and businessman Donald Trump will be officially sworn in as the US president on Friday January 20. His campaign was divisive, to say the least, and it seems his tenure as president is looking like having a bumpy start, with protests planned in all states of the US, including on the streets of Washington DC. However, rather than stand outside, some protestors are choosing to target the President-elect with other, indoor-based, means. Software engineer, Juan Soberanis, is calling on protestors to attempt to take down the White House’s website in a DDoS attack – simply by flooding the website with traffic. Soberanis is calling it “Occupy White House”. According to the International Business Times, Soberanis wrote on his online protest pledge: “”If you can’t make it to Washington DC on inauguration day to protest Trump’s presidency, you can still fight for the cause by helping to take down whitehouse.gov as a show of solidarity for the lives impacted by Trump’s policy agenda. “It’s simple. By overloading the site with visitors, we will be able to demonstrate the will of the American people,” he continued. Soberanis then goes on to tell fellow protestors to overwhelm the website by setting up auto-refresh on the WhiteHouse.gov homepage throughout the day. The San-Francisco engineer is the creator of Protester.io, a Kickstarter-type site that encourages individuals to get involved in online protests. However, only one protest is currently live on the site, a finished protest set up by Soberanis to incite people to join the ACLU as a protest against Trump. The alleged URL for his Occupy White House protest page on the site appears to be inaccessible at the moment. Hacking group Anonymous is additionally, and allegedly, planning cyber attacks against Trump’s new administration. It should be noted, though, that this type of attack is considered criminal activity in the US under the Computer Fraud and Abuse Act. The act dictates that sending a command to a protected computer with the intent to cause damage can be judged a criminal offence, and people affiliated with Anonymous have been charged in the past by the US government for launching DDoS attacks on government entities and trade groups. Thousands of people are planning to protest Trump’s inauguration on January 20 As well as being a controversial choice for president, Trump’s inauguration is set to be a controversial affair, too. The likes of Cher, Chelsea Handler and Katy Perry have promised to take part in the Women’s March, either in the capital or in the states around, the day after the inauguration, to protest the Republican party’s threats to defund Planned Parenthood. According to Google, the statewide searches for “inauguration protest” are much higher than “attend inauguration” searches on the site. During the transition from Obama stepping down and Trump stepping up, “Russia” has been one of the top searched-for big issuesin the States on Google, alongside immigration and Obamacare. Source: http://www.wired.co.uk/article/donald-trump-inauguration-ddos-attack-planned
Visit site:
Activists plan DDoS attack on the White House website during Trump’s inauguration
A recent decrease of Locky ransomware infections has been tied with the lack of activity of the Necurs botnet, which is used to deliver the malware directly to potential victims’ email accounts. In fact, most ransomware – and malware in general – is delivered via spam or spoofed emails, but some malware authors also try to make their creation spread by itself. This is the case with the recently discovered Spora ransomware. Spora (meaning “spore” … More ?
Taken from:
Spora ransomware could become the new Locky
Carbanak: It’s not just a caramel-flavoured choc-trocity. It’s also malware The Carbanak cyber criminal gang is abusing Google’s infrastructure as a conduit for botnet control.…
Read More:
‘Beeeellion-dollar’ mastercrooks in hotel, restaurant blitzkrieg
Whitehouse.gov down? A software engineer is calling on netizens opposed to Donald Trump to visit the Whitehouse.gov site and overload it with traffic tomorrow.…
Read this article:
Trump inauguration DDoS protest is ‘illegal’, warn securobods
National PR service circulates—then pulls—release highlighting campaign to crash government website BY: Morgan Chalfant January 14, 2017 4:56 am A leading public-relations service blasted and then removed a news release this week highlighting a campaign to protest the inauguration of Donald Trump by crashing WhiteHouse.gov. PR Newswire, a global news-release distribution service, circulated a release on Thursday highlighting a campaign launched by Protester.io, a digital protest organizing platform, to “take down” the White House website next Friday in protest of Trump’s inauguration. “On January 20th, hundreds of thousands of Americans are going to Washington, DC to march in protest of the inauguration of Donald Trump. Millions more around the country will be joining the cause from home. If you can’t make it to Washington DC on inauguration day, you can still participate by occupying whitehouse.gov online,” the release read. “Why is it important to participate? Isn’t this just another election? We haven’t lost our democracy yet, but it is most definitely under threat. The only way we’re going to defend and revive our democracy is by mobilizing.” Protester.io describes itself as a platform that helps individuals “organize protests like a crowdfunding campaign.” A description of the Inauguration Day protest on its website, named “Occupy WhiteHouse.gov,” instructs interested parties to go to the White House website on Jan. 20 and refresh the page as often as possible throughout the day. The page also includes instructions for protesters to “automate” page refresh so that their computers do this automatically. “When enough people occupy www.WhiteHouse.gov the site will go down. Please join us and stand up against this demagogue who is threatening our democracy and our security,” the protest page states. Shortly after blasting the news release, PR Newswire issued a correction, changing the headline of the release from “Protester.io Launches Campaign to Take Down WhiteHouse.gov on Inauguration Day” to “Protester.io Launches Campaign to Voice Your Opinion at WhiteHouse.gov on Inauguration Day.” Later, the news-release service removed the press release entirely. PR Newswire was purchased by Cision, a global public relations software company based in Chicago, for $841 million from British business events organizer UBM in 2015. PR Newswire is based in New York and distributes public relations messages for companies largely located in the United States and Canada, according to the New York Times. When contacted, a spokesman for Cision confirmed to the Washington Free Beacon that the original release had been modified and later removed entirely “after further evaluation.” “The issuer modified the original release at our request, but after further evaluation, we ultimately decided to remove the release in its entirety and have requested that the rest of our network remove the content as well,” Stacey Miller, director of communication for Cision, wrote in an email Friday afternoon. An organizer for the protest did not respond to a request for comment. Federal investigators have probed what are called distributed denial of service, or DDoS, attacks, which block users from websites by overloading them with traffic. Such attacks brought down Twitter, Spotify, and Amazon last October, prompting investigations by the FBI and Department of Homeland Security. It is unclear whether the planned “Occupy WhiteHouse.gov” protest campaign would constitute a DDoS attack. Attempts to reach the FBI on Friday were unsuccessful. Several protests have been organized around Inauguration Day, including the “Women’s March on Washington” that is expected to draw some 200,000 women to the nation’s capital on Jan. 21, the day following Trump’s inauguration. Fox News reported that protesters are also planning to blockade security checkpoints at the inauguration and organize a “dance party” outside the home of Vice President-elect Mike Pence. Source: http://freebeacon.com/culture/protest-aims-take-whitehouse-gov-inauguration-day/
View post:
Protest Aims to ‘Take Down’ WhiteHouse.Gov on Inauguration Day
Phishing, denial of service, and remote exploitation part of hacking banquet Hackers of unknown origin cut power supplies in Ukraine for a second time in 12 months as part of wide-ranging attacks that hit the country in December.…
See the article here:
Crims shut off Ukraine power in wide-ranging anniversary hacks
In 2017 has the cyber landscape changed? What are the objectives of hackers? What are their methods? The variety of attacks used has increased, so how can you mitigate the risk? Hackers can have many different possible objectives. For instance, they may aim to interrupt business, corrupt data, steal information – or even all of these at the same time. To reach their goals, they continuously look for any vulnerability – and will use any vulnerability – to attack. They’re getting increasingly smarter and always looking for more, faster and easier ways to strike. Furthermore, their attacks are no longer designed simply to deny service but to deny security. The initial service denial attack is often used as a camouflage to mask further – and potentially more sinister – activities. These include data theft, network infiltration, data exfiltration, networks being mapped for vulnerabilities, and a whole host of other potential risks. These types of attacks are often referred to as ‘Dark DDoS’ because of initial smokescreen attack which acts to distract organisations from the real breach that’s taking place. In a large proportion of recent data breaches, DDoS (distributed denial of service attacks) have been occurring simultaneously – as a component of a wider strategy – meaning hackers are utilising this technique in a significant way. According to a report by SurfWatch Labs, DDoS attacks rose 162% in 2016. SurfWatch Labs claims this is due to the increasing use of IoT devices and the attacks on the KrebsOnSecurity.com and on domain name provider, Dyn – believed to be some of the biggest DDoS attacks ever recorded. Last year, France was also hit by one of the largest DDoS attacks when hosting company, OVH, was targeted through 174,000 connected cameras. Today’s hackers have developed a high variety of DNS attacks that fall into three main categories: Volumetric DoS attacks An attempt to overwhelm the DNS server by flooding it with a very high number of requests from one or multiple sources, leading to degradation or unavailability of the service. Stealth/slow drip DoS attacks Low-volume of specific DNS requests causing capacity exhaustion of outgoing query processing, leading to degradation or unavailability of the service. Exploits Attacks exploiting bugs and/or flaws in DNS services, protocol or on operating systems running DNS services. Often DNS threats are geared towards a specific DNS function (cache, recursive & authoritative), with precise damage objectives. This aspect must be integrated into the DNS security strategy to develop an in-depth defence solution, ensuring comprehensive attack protection. The list below of the most common attacks aims to emphasise the diversity of the threats and details the extent of the attack surfaces: Volumetric attacks Direct DNS attacks Flooding of DNS servers with direct requests, causing saturation of cache, recursion or authoritative functions. This attack is usually sent from a spoofed IP address. DNS amplification DNS requests generating an amplified response to overwhelm the victim’s servers with very large traffic. DNS reflection Attacks using numerous distributed open resolver servers on the Internet to flood victim’s authoritative servers (usually combined with amplification attacks). NXDOMAIN Flooding of the DNS servers with non-existing domains requests, implying recursive function saturation. Stealth/slow drip DoS attacks Sloth domain attacks Attacks using queries sent to hacker’s authoritative domain that very slowly answers requests – just before the time out, to cause victim’s recursive server capacity exhaustion. Phantom domain attack Attacks targeting DNS resolvers by sending them sub-domains for which the domain server is unreachable, causing saturation of cache server capacity. Random subdomain attack (RQName) Attacks using random query name, causing saturation of victim’s authoritative domain and recursive server capacity. Exploits Zero-Day vulnerability Zero-day attacks take advantage of DNS security holes for which no solution is currently available. DNS-based exploits Attacks exploiting bugs and/or flaws in DNS services, protocol or on operating systems running DNS services. DNS tunnelling The DNS protocol is used to encapsulate data in order to remotely control malware or/and the exfiltration of data. Protocol anomalies DNS Attacks based on malformed queries, intending to crash the service. DNS cache poisoning Attacks introducing data into a DNS resolver’s cache, causing the name server to return an incorrect IP address and diverting traffic to the attacker’s computer. The DNS landscape security is continuously moving and DNS attacks are becoming more and more sophisticated, combining multiple attack vectors at the same time. Today’s DDoS attacks are almost unrecognisable from the simple volumetric attacks that gave the technique its name. In 2017, they have the power to wreak significant damage – as all those affected by the Dyn breach last year will testify – they are far more sophisticated, deceptive and frequent. To keep ahead of these threats, today’s security solutions must continuously protect against a family of attacks rather than a limited list of predefined attacks that must be frequently updated or tuned. Source: http://www.information-age.com/securing-website-content-management-system-123463910/
Read the original post:
Dark DDoS: hacker tools and techniques – the challenges faced
Accelerating cloud adoption is creating increased demand for security application services including WAF, DNSSEC, and DDoS protection, according to F5 Networks. As an increase in application services often requires additional resources, respondents also indicated a shift toward DevOps methodologies to gain operational efficiencies through automation and programmability. This need for scalability replaces speed to market as the prime driver of DevOps adoption. “This past year, not a week went by without some hack or vulnerability … More ?
Original post:
How the application landscape is impacting IT organizations
123-Reg, the biggest hosting company in the UK, is targeted a second time in as many years with a chain of major DDoS attacks. The biggest provider of domain registrations in the UK, 123-reg, has once again been the target of a DDoS attack. The result was that users weren’t able to get into their websites or email accounts. Considering this is just the start of 2017, the company has had to deal with another major blow. The company informed of the attacks formally using Twitter, explaining that they believed the attack had just begun and they were working on options to redress the situation and were attempting to work out the impact of the attack. They promised updates would follow. They continued to explain that the company’s network teams kept scrubbing and rerouting bad traffic. Of course, apologies were made for any problems their customers were experiencing. Once again, they reiterated that their team was still rerouting traffic and that they would provide further information soon. The DDoS attack took place on Friday, with the company stating that their IT team had mitigated the DDoS attacks, as evidenced by the resumption of services at around 1 PM. However, some users are still complaining today that they can’t get into their websites. 123-Reg sent out another two tweets in which they attempted to explain that the DDoS attack had just begun and they were attempting to resolve the issue. Later that day, they issued another tweet, stating that the problem had been fixed by 1 PM and that they apologized for any issues. In 2016, 123-Reg was the target of 2 big DDoS or Distributed Denial of Service, attacks. One took place in April, while one occurred in August. The firm stated that it was possible they lost a small amount of user information after the attack that occurred in April. Customers were very displeased at the time because, even after doing their best, the firm only succeeded in bringing back online only 39 percent of their Virtual Private Servers after a week. In August, the company was once again hit by a huge 30Gbps DDoS attack, which completely brought their site down. OVH, a French hosting company, was also the target of large DDoS attacks going up to 1Tbps last year. The firm stated that the Mirai botnet malicious code had been used in the attacks against them but 123-Reg did not make any similar statements. Source: https://www.socpedia.com/biggest-british-hosting-company-123-reg-suffers-major-ddos-attack
View original post here:
Biggest British Hosting Company 123-Reg Suffers Major DDoS Attack