Category Archives: Security Websies

Blizzard’s Battle.net Hit With Major DDoS Attack

When the waters finally calmed, Blizzard took to Twitter with the following message. That’s because some nefarious individuals launched a DDOS attack on the service. In fact, all of Blizzard’s U.S. servers were down for an extended period last night. Sony and Microsoft undergo similar attacks on a regular basis and are especially prone to such attacks during the holidays. GAMING SERVICES were hit with a distributed denial-of-service (DDoS) attack that forced users to eat Cheetos while not screaming at total strangers. This isn’t the first time the group has attacked a gaming company. Blizzard has suffered an attack on its servers that halted access to many of its games. By about 11:45 p.m., Blizzard sent out the above tweet giving gamers the all clear to jump back online. Given some of the realm stability issues caused by the service interruptions, there may be some log loss when loot is dropped or crafting occurs. A DDoS attack targeting game developer Blizzard’s servers has disrupted gamers from logging into popular games such as Diablo 3 and World of Warcraft. From the looks of it, a Blizzard employee’s Outlook account was hacked which lead to personal information and contact lists with information about other Blizzard employees being found. Maybe the hacking group felt their fellow gamers were being wronged (they weren’t) and this was their grand form of retaliation. They have teased that they have “more to come” without explaining what they plan to do next. Source: http://sacredheartspectrum.com/2016/04/blizzards-battle-net-hit-with-major-ddos-attack/

Originally posted here:
Blizzard’s Battle.net Hit With Major DDoS Attack

DDoS Attacks With BillGates Linux Malware Intensify

XOR botnet authors migrate to using BillGates malware Over the past six months, security researchers from Akamai’s SIRT team have observed a shift in the cyber-criminal underground to using botnets created via the BillGates malware to launch massive 100+ Gbps DDoS attacks. The BillGates malware is a relatively old malware family aimed at Linux machines running in server environments. Its primary purpose is to infect servers, link them together in a botnet controlled via a central C&C server, which instructs bots to launch DDoS attacks at their targets. The malware has been around for some years and due to its (irony-filled) name is probably one of the most well-known Linux-targeting malware families. Former XOR botnet operators reverted to using BillGates A BillGates botnet is capable of launching Layer 3, 4, and 7 DDoS attacks. More accurately it supports ICMP floods, TCP floods, UDP floods, SYN floods, HTTP floods and DNS reflection floods. According to Akamai’s Security Intelligence Research Team (SIRT), ever since the XOR DDoS botnet , also Linux-based, has been neutralized a few months back, hacking outfits have switched to the BillGates botnet for their attacks. While not as powerful as the XOR botnet, which was capable of launching 150+ Gbps attacks, BillGates attacks can go over 100 Gbps when needed. Moreover, as Akamai noticed, the hacking crew that deployed the XOR botnet has also switched to using BillGates malware, the CDN and cyber-security provider seeing DDoS attacks on the very same targets the XOR botnet crew was previously attacking. Most BillGates DDoS attacks targeted Asian online gaming servers DDoS attacks launched with this botnet have were seen  targeting  Asia-based companies and their digital properties, mostly located in online gaming. Besides the original XOR crew, the malware has been used to build different botnet by multiple gangs and has even been used as the base for other Linux-based DDoSing malware. The BillGates malware is available for purchase on underground hacking forums, and it comes in the form of a “malware builder” which allows each crew to generate its own strand, that can run on different C&C servers. Last June , Akamai observed a similar spike in DDoS attacks coming from botnets built with the BillGates malware. Source: http://news.softpedia.com/news/ddos-attacks-with-billgates-linux-malware-intensify-502697.shtml

See the original article here:
DDoS Attacks With BillGates Linux Malware Intensify

New application level attack bodes ill for hybrid DDoS protection

Imperva has recently witnessed a new type of DDoS attack they believe might become a go-to for cyber criminals looking to take sites and services down. The attack was an application layer DDoS attack, aimed at exhausting a target server’s RAM and CPU resources. But unlike previous ones they have seen, this one was “ginormous.” “While deadly to servers, application layer attacks are not especially large in volume. Nor do they have to be, as … More ?

View article:
New application level attack bodes ill for hybrid DDoS protection

Novosti-Armenia and ARKA news agencies come Tuesday under heavy DDoS-attacks

The websites of Novosti-Armenia (newsarmenia.am) and ARKA (arka.am) news agencies came Tuesday under heavy DDoS-attacks, hampering access to these resources for half an hour. An inquiry found that the attacks were carried out from Russian IP addresses, but this does not mean that the order came from that country. The administrations of both websites have managed to eliminate the problem. DDoS attack is short for Distributed Denial of Service Attack. DDoS is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. There are two general forms of DoS attacks: those that crash services and those that flood services. The most serious attacks are distributed   and in   many or most cases involve forging of IP sender addresses so that  the location of the attacking machines cannot easily be identified, nor can filtering be done based on the source address. Source: http://arka.am/en/news/technology/novosti_armenia_and_arka_news_agencies_come_tuesday_under_heavy_dddos_attacks/

Link:
Novosti-Armenia and ARKA news agencies come Tuesday under heavy DDoS-attacks

Hacker Redirects DDoS Attack to Israeli Intelligence Site

A hacker using the handle “The Jester” allegedly rerouted distributed denial-of-service (DDoS) attacks to hit the Israeli intelligence agency Mossad. The Jester became a high-profile hacker in 2010 when he claimed to have attacked the Wikileaks website. He also is known to attack websites affiliated with ISIS, Hamas, Anonymous and the Occupy movement. In a 2010 article, the New York Times claimed the Jester is a former military contractor who was involved with US special forces operations. The Jester’s website reportedly came under attack with DDoS attacks, which the hacker claims to have redirected against the Israeli intelligence service. He claims to have altered the IP address that his website was registered on to the Mossad address. “To the s***loads attacking my blog, I’ve pointed my domain to 147.237.0.71. Ur now hitting Israeli Intelligence Service (Mossad). Good luck,” the Jester, or th3j35t3r, wrote in an online post. The hacker said he redirected the traffic to Mossad’s IP address because “they can look after themselves perfectly well,” according to reports. Israel’s Information and Communications Technology Authority reportedly issued a statement that Mossad’s website did not encounter irregularities or down time. The Israeli intelligence service’s website remains online and functional, while the Jester’s site is offline at the time of this post. Source: http://www.batblue.com/hacker-redirects-ddos-attack-to-israeli-intelligence-site/

Read More:
Hacker Redirects DDoS Attack to Israeli Intelligence Site

Calculate the cost and probability of a DDoS attack

DDoS attacks are becoming increasingly larger, more complex, and perpetrated by cyber extortionist instead of hacktivists and vandals, according to a recent survey from Arbor Networks. New analysis from Frost & Sullivan finds that the DDoS mitigation market earned revenues of $449.5 million in 2014 and estimates this to more than double to $977.2 million by 2019. DDoS Downtime Calculator Incapsula’s DDoS Downtime Calculator is designed to help you assess the risks associated with an … More ?

View the original here:
Calculate the cost and probability of a DDoS attack

Notorious pro-US hacker Jester diverts DoS attack towards Israeli spy service Mossad

A high-profile US hacker has turned an attack on his website into an assault against the Israeli intelligence service. ‘The Jester’ – or th3j35t3r – claims that he diverted an attempt to overload his website to assault Mossad’s online presence. Haaretz reported that Jester’s website – jesterscourt.cc – was the victim of a denial of service (DoS) attack on the night of 1 April. In a tweet, Jester announced that he had diverted the hacker’s attack by simply changing the IP address his website was registered on. When asked why he picked Mossad by one of his 74,400 Twitter followers, Jester replied “Because they can look after themselves perfectly well.” On his blog, Jester claims to have used this technique before. In a post called Offensive Counter Measures – Be Like Water, Jester details the steps he took to divert another DoS attack, which he alleges was carried out by Anonymous, towards websites linked with the Occupy movement. According to Haaratz, Israel’s Information and Communications Technology Authority said Mossad’s website had not seen any irregularities or disruptions of service. At the time of writing, Mossad’s website was working, but IBTimes UK could not confirm whether it had suffered any downtime. However, The Jester’s website was not working. Anti-ISIS, anti-Anonymous Jester is one of the hacking community’s most high-profile members. What is a DoS attack? During a denial of service (DoS) or a distributed denial of service (DoS) attack, hackers attempt to overload a website’s connections by sending in data requests from multiple sources. Most often hackers use a ‘botnet’ – internet-connected PCs that are compromised by malware – to send in the requests to visit the site, without the users’ knowledge. The huge number of requests, which can reach thousands per second, overload the ability of a website’s server to respond, eventually causing an error message to appear instead of the site’s pages. Making a DDoS is relatively simple. Botnets are available to hire on websites not reachable via search engines (deep web) or on encrypted websites (the dark web). Jester’s career as a vigilante hacker appears to have started in 2010, when he claimed to have been involved in an attack on the Wikileaks website. That year, the New York Times reported Jester was a a former military contractor who had worked with US special forces. Since then, Jester has developed a reputation as a pro-US hacker vigilante and cybersecurity expert. Through writing his own blog on cybersecurity, he gives talks on the subject through text chat to keep his identity a secret, and is known for attacking websites linked to Hamas and Islamic State (Isis). Jester has also attacked websites used by the Occupy movement and Anonymous – whom he described as “pathetic terrorist sympathizing buttholes”. He claims to have caused more than 180 websites to go offline since 2010. Jester was listed as one of Time magazine’s “most influential people on the internet” in March 2015. Source: http://www.ibtimes.co.uk/notorious-pro-us-hacker-jester-diverts-dos-attack-towards-israeli-spy-service-mossad-1552895

Link:
Notorious pro-US hacker Jester diverts DoS attack towards Israeli spy service Mossad

The Anonymous ‘war’ on Donald Trump is a complete disaster

The “total war” that Anonymous declared earlier this month against Donald Trump has quickly devolved into a civil war among hackers fighting within the group and pro-Trump supporters who are trolling them within their chat rooms. In early March, hackers affiliated with Anonymous tried to reboot their Operation Trump campaign by calling for everyone to take down Trump’s websites in a coordinated effort on April 1. Almost immediately, the initiative was criticized by people within Anonymous as irresponsible and “cringeworthy,” but a dedicated group apparently moved on with the plan. It’s April 1: Many of the GOP frontrunner’s sites are still standing, there are now two competing OpTrump chat rooms with totally different missions, and one of them has been flooded with pro-Trump supporters and others leaving trolling comments like “Hitler did nothing wrong.” In short: The so-called war seems to be a complete disaster. ‘A mess is happening’ It’s unclear when the split between Anonymous factions occurred, but it seems to have happened sometime after a hacker named Beemsee, who has been leading the original OpTrump effort, released a new statement claiming that attacking Trump’s websites was all a ruse for publicity around April Fools’ Day. “There is no DDoS,” Beemsee and two other hackers wrote, using the acronym for a distributed denial-of-service attack, a tactic used to overload a website. “It’s only purpose was to gain attention, which this Operation needs. … the point of this Operation is not to attack Donald Trump. Instead, it is going to try to give citizens some insight.” Beemsee and their cohorts say in their statement that people should try and capture “the darker nature of Trump’s supporters” and post it on social media sites with hashtags like #OpTrump and #Trump2016. But a hacker called AnonymousLoyalist disagreed. In a competing statement, the hacker wrote that they moved to a “far more organized channel, which has already seen unsurprisingly large amounts of success.” That channel is #OpTrump2016, but it was unclear exactly what that success boiled down to. When Tech Insider viewed the #OpTrump2016 chat room on Friday, it was an unorganized mess. Most Anonymous chat rooms are moderated in some way, and people usually get kicked out for spamming or posting nonsense. But it appeared to be flooded with trolls intent on calling them children, “social justice warriors,” and, more often than not, homophobic slurs. “A mess is happening,” wrote one user in #OpTrump, expressing a shared frustration among others in Beemsee’s chat room. The ‘war’ goes on It was clear on Friday that at least some of Trump’s websites were indeed under cyberattack. The website CitizensForTrump.com is currently unreachable, and the site for Trump’s hotels brought up an error for a few seconds before pulling up a cached version powered by CloudFlare, a service that protects from attacks like this. Anonymous may be able to bring down some of Trump’s unprotected websites, but it will almost certainly come back online after a few hours or days. And many of his other sites are probably not at risk at all, since Tech Insider previously spoke with CloudFlare CEO Matthew Prince, and he wasn’t particularly worried. “DDoS attacks are not particularly sophisticated cyber attacks,” Prince said. “They are sort of the functional equivalent of a caveman with a club.” A representative for Trump did not immediately respond to a request for comment from Tech Insider, but spokeswoman Hope Hicks previously told Tech Insider: “The government and law-enforcement authorities are seeking the arrest of the people responsible for attempting to illegally hack Mr. Trump’s accounts and telephone information.” Depending on who you believe in Anonymous, the plan is a coordinated DDoS attack or a social-media shaming campaign against Trump’s supporters. But Beemsee left open the possibility of something else, perhaps an actual way to take over one of their targeted websites — which the hacker collective has been scanning for vulnerabilities since the beginning. “This is NOT the last time you hear of this operation,” Beemsee wrote. “We will be watching, and will act when the time is right.” Source: http://www.businessinsider.com/anonymous-war-donald-trump-fail-2016-4

Excerpt from:
The Anonymous ‘war’ on Donald Trump is a complete disaster