Category Archives: Security Websies

US Congress websites recovering after three-day DDoS attack

Library of Congress among the victims to go temporarily offline. Several websites owned and operated by the United States Congress are recovering from a three-day distributed denial-of-service (DDoS) attack. The DDoS campaign began on July 17 when the websites for the Library of Congress (LoC) began experiencing technical difficulties. A day later, the websites went temporarily offline: During the attack, Library of Congress employees were unable to access their work emails or visit any of the Library’s websites. Softpedia reports the attackers ultimately overcame initial defense measures to escalate their campaign. Specifically, they brought down two additional targets: congress.gov, the online portal for the United States Congress; and copyright.gov, the website for the United States Copyright Office. On Tuesday morning, things started to get back to normal. Some email accounts were functioning, writes FedScoop, but other online properties by the LoC remained offline. As of this writing, the three government portals affected by the attack are back online. Tod Beardsley, a senior research manager for Boston-based cybersecurity firm Rapid7, feels that denial-of-service attacks remain popular because of how difficult it is for a target to mitigate a campaign while it is still in progress. As he told FedScoop : “DoS attacks that leverage DNS as a transport is a common mechanism for flooding target sites with unwanted traffic for two reasons. [First,] DNS traffic is often passed through firewalls without traffic inspection, since timely responses to DNS are critical for many networked environments. [And] second, DNS nearly always uses User Datagram Protocol, or UDP, rather than Transmission Control Protocol, or TCP, and UDP-based protocols like DNS are connectionless. As a result of this design, it’s easier for attackers to forge data packets with many fake source addresses, making it difficult to filter good data over bad.” Network filtering devices can help, but only if a company decides to buy one. Perhaps the Library of Congress didn’t own such a device or lacked a service provider with expertise in mitigating DoS/DDoS attacks. There’s little companies can do to protect against DDoS attacks, as script kiddies with a few bucks can rent a botnet online to attack whichever target they choose. With that in mind, organizations should prepare for these attacks by investing in DDoS mitigation technologies that can in the event of an attack help accommodate and filter attack traffic. Source: https://www.grahamcluley.com/2016/07/congress-website-ddos/

See more here:
US Congress websites recovering after three-day DDoS attack

DDoS trends: Bigger, badder but not longer

10Gbps is the new norm, warns Arbor Networks DDoS attacks once again escalated in both size and frequency during the first six months of 2016.…

Continue Reading:
DDoS trends: Bigger, badder but not longer

UK: Cybercrime now bigger threat than traditional crime

The accelerating pace of technology and criminal cyber capability currently outpaces the UK’s collective response to cybercrime, calling for stronger collaborative working between government, law enforcement and, crucially, business to reduce vulnerabilities and prevent crime. Cybercrime as a proportion of total UK crime in 2015 An assessment by the National Crime Agency shows that cybercrime activity is growing fast and evolving, with the threats from DDoS and ransomware attacks increasing significantly in 2015. The most … More ?

View original post here:
UK: Cybercrime now bigger threat than traditional crime

Ransomware: Can we finally start learning from past mistakes?

There is a phrase I am finding quite relevant lately. It is attributed to the philosopher George Santayana and it goes like this: “Those who cannot remember the past are condemned to repeat it.” The reason it comes to my mind a lot these days is the headlines we are seeing relating to the latest ransomware attacks against companies’, hospitals’ and government departments’ systems. Previous headlines highlighted how criminals used DDoS attacks to extort money … More ?

See the article here:
Ransomware: Can we finally start learning from past mistakes?

DDoS extortion campaigns increasingly target businesses

80 percent of European IT security professionals expect their business to be threatened with a DDoS ransom attack during the next 12 months, according to Corero Network Security. The research, which polled over 100 security professionals at the Infosecurity Europe conference in London, highlights the growing threat of cyber extortion attempts targeting businesses in the United Kingdom and continental Europe. The rise of DDoS extortion campaigns Last month, (May 2016), the City of London Police … More ?

Visit link:
DDoS extortion campaigns increasingly target businesses

WikiLeaks’ website was taken offline with a DDoS attack amid an ongoing hacker feud.

As a long-time feud between rival hacking groups boiled over, the WikiLeaks website was caught in the crossfire and brought offline by a distributed-denial-of-service (DDoS) attack on 5 June. However, rather than react with anger, leaked chat logs show how WikiLeaks’ Twitter account engaged the group responsible, called OurMine, and even offered hacking tips for the future. Direct messages leaked to Buzzfeed show how WikiLeaks’ account, rumoured to be helmed by the website’s founder Julian Assange, told the group – which has become known for hacking the online profiles of high-profile figures – their talents could be put to better use. OurMine has recently hacked a slew of celebrities and technology executives including Facebook’s Mark Zuckerberg, Google’s Sundar Pichai and Spotify founder Daniel Ek. Every time, they leave a message telling the victim how weak their security is and leave a link to their website. Indeed the group claims to be a security firm rather than a hacking outfit. In any case, as far as ‘hacks’ go, OurMine’s activity is fairly tame. Until WikiLeaks’ website was taken down – thanks to an ongoing head-to-head with the Anonymous collective – there was little real damage caused to victims other than embarrassment. The DDoS attack took down the famous whistleblowing website by sending waves of traffic towards its servers, a common tactic used in hacktivist circles as a means of protest. After the incident, WikiLeaks got in touch and said the group was wasting its time by not making the most of the chances received by infiltrating profiles of the rich and famous. “If you support us and want to show you’re skills, then don’t waste your time with DDoS etc,” the account wrote. “Find us interesting mail spools or docs and send them to [WikiLeaks]. That’ll have a much greater impact.” After OurMine replied with “We never change their passwords we are just testing their accounts’ security” WikiLeaks said it was a “huge waste.” The message continued: “There’s a lot more than (sic) could have been done with those accounts. Sending DM’s as Zuckerberg to further access elsewhere. Same with Google CEO. You could have used these accounts to gain access to much more significant information, revealing corrupt behaviour elsewhere.” Based on the chats, OurMine appeared to agree with the new direction. “Great idea,” it said. One the hackers, speaking with Wired, previously said: “We don’t need money, but we are selling security services because there is a lot [of] people [who] want to check their security. We are not blackhat hackers, we are just a security group…we are just trying to tell people that nobody is safe.” Source: http://www.ibtimes.co.uk/wikileaks-tells-ourmine-hackers-impersonate-high-profile-victims-reveal-corrupt-behaviour-1569499

EasyDoc malware adds Tor backdoor to Macs for botnet control

Smugness levels cut among Apple fanbois Security firm Bitdefender has issued an alert about a malicious app that hands over control of Macs to criminals via Tor.…

Originally posted here:
EasyDoc malware adds Tor backdoor to Macs for botnet control

IoT Devices Are Being Hacked By Lizard Squad To Execute DDoS Attacks

People who have been following the tech news may recall the name Lizard Squad. This hacker collective has been a major pain in the neck for computer users all over the world. But it looks like they are changing tactics. Instead of relying on computer botnets, they are now enslaving other internet-connected devices to wreak more havoc. Lizard Squad Is Still On The Scene While most people agree the Internet of Things is a magnificent concept, it also poses a significant security risk. The majority of Internet-connected devices is not equipped with proper security precautions. In theory, any device connected to the internet can be hacked and taken over by malicious individuals. That seems to what Lizard Squad is showcasing already. The collective has been making a name for itself by using compromised computers to execute DDoS attacks around the world. But it looks like the Internet of Things is their new favorite target as of late. With millions of connected devices to choose from, creating a botnet has never been easier. Over the past few months, Lizard Squad hacked CCTV cameras and webcams all over the world to execute its DDoS attacks. Targets ranged from banks to governments, and gaming sites to ISPs. Albeit internet-connected devices are not always as powerful as a computer, they are much easier to control remotely. Plus, a lot of less-powerful devices combined can still pack quite the punch. Top put this into perspective, some of the recent Lizard Squad attacks managed to drive 400 Gbps of data to specific websites and servers. That is quite a lot of computer requests to bring down any network, or at least cripple it severely. Interestingly enough, it remains unknown whether or not Lizard Squad is trying to force targets to pay up to get rid of the attacks altogether. These attacks paint a worrisome picture for the future of Internet of Things security, though. The vast majority of devices will need to be made a lot more secure before they are actively used on the Internet. Computers are not safe from harm, either, though, as hacker collectives will try to exploit any weakness in any device. Source: http://themerkle.com/iot-devices-are-being-hacked-by-lizard-squad-to-execute-ddos-attacks/

More:
IoT Devices Are Being Hacked By Lizard Squad To Execute DDoS Attacks

Hydra hacker bot spawns internet of things DDoS clones

LizardStresser makes a messer of Brazil banks, gamer outfits Lizard Squad may be mostly behind bars, but their LizardStresser botnet has spawned more than 100 clones.…

Chinese Gambling Company Was Target of a Nine-Vector 470 Gbps DDoS Attack

The attack also reached 110 million packets per second On June 14, a Chinese gambling company was unlucky enough to be at the end of a complex multi-vector DDoS attack that blasted over 470 gigabits per second (Gbps) and over 110 million packets per second (Mpps) at its servers. The attack came after the company had already faced multiple 250+ Gbps attacks in the previous days. The good news is that this 470 Gbps attack only lasted four hours and was deflected by the company’s DDoS mitigation service. Nine-vector DDoS attacks are rare Even if short, the attack itself was extremely complex, with the crooks utilizing nine different attack vectors. Compared to data from the first quarter of 2016, nine-vector DDoS attacks are extremely rare and happen once every 500 attacks (0.2% of all attacks). This particular attack started with a basic network-level assault that wanted to suffocate the network with large amounts of data. It first blasted SYN payloads, then generic TCP and UDP data packets. From the get-go, the attack was different from all the previous attacks, throwing over 300 Gbps at its target from its initial seconds, before growing bigger to reach its peak value. Attack evolved from network to application level Midway through the attack, the crooks completely changed tactics. They stopped the network-level attack and shifted to an application layer DDoS, during which attackers send packets of a smaller size, but in larger numbers to occupy the memory of the receiving servers. Incapsula, the company that was providing DDoS mitigation, said that in Q1 2016, it regularly mitigated application layer 50+ Mpps DDoS attacks every four days, and 80+ Mpps attacks every eight days. Even if this attack exceeded 110 Mpps, the company was able to mitigate the threat. The combination of all these vectors makes this one of the most complex attacks the company saw. In fact, Incapsula said this was the biggest DDoS attack it mitigated in terms of sheer size (470 Gbps) in its entire history. “On a technical level we want to make clear that there isn’t much difference in mitigating 300, 400, or 500 Gbps network layer attacks,” Incapsula’s Igal Zeifman and Ofer Gayer explain. “They’re similar threats, each dealt with in a similar manner. Large attack waves aren’t more dangerous than smaller ones. All you need is a bigger boat.” Source: http://news.softpedia.com/news/chinese-gambling-company-was-target-of-a-nine-vector-470-gbps-ddos-attack-505850.shtml#ixzz4D57R4eWd