Category Archives: Security Websies

Hackers Target Anti-DDoS Firm Staminus

Staminus Communications Inc ., a California-based Internet hosting provider that specializes in protecting customers from massive “distributed denial of service” (DDoS) attacks aimed at knocking sites offline, has itself apparently been massively hacked. Staminus’s entire network was down for more than 20 hours until Thursday evening, leaving customers to vent their rage on the company’s Facebook and Twitter pages. In the midst of the outage, someone posted online download links for what appear to be Staminus’s customer credentials, support tickets, credit card numbers and other sensitive data. Newport Beach, Calif.-based Staminus first acknowledged an issue on its social media pages because the company’s Web site was unavailable much of Thursday. “Around 5am PST today, a rare event cascaded across multiple routers in a system wide event, making our backbone unavailable,” Staminus wrote to its customers. “Our technicians quickly began working to identify the problem. We understand and share your frustration. We currently have all hands on deck working to restore service but have no ETA for full recovery.” Staminus now says its global services are back online, and that ancillary services are being brought back online. However, the company’s Web site still displays a black page with a short message directing customers to Staminus’s social media pages. Meanwhile, a huge trove of data appeared online Thursday, in a classic “hacker e-zine” format entitled, “Fuck ’em all.” The page includes links to download databases reportedly stolen from Staminus and from Intreppid, another Staminus project that targets customers looking for protection against large DDoS attacks. The authors of this particular e-zine indicated that they seized control over most or all of Staminus’s Internet routers and reset the devices to their factory settings. They also accuse Staminus of “using one root password for all the boxes,” and of storing customer credit card data in plain text, which is violation of payment card industry standards. Staminus so far has not offered any additional details about what may have caused the outage, nor has it acknowledged any kind of intrusion. Several Twitter accounts associated with people who claim to be Staminus customers frustrated by the outage say they have confirmed seeing their own account credentials in the trove of data dumped online. I’ve sent multiple requests for comment to Staminus, which is no doubt busy with more pressing matters at the moment. I’ll update this post in the event I hear back from them. It is not unusual for attackers to target Anti-DDoS providers. After all, they typically host many customers whose content or message might be offensive — even hateful — speech to many. For example, among the company’s many other clients is kkk-dot-com, the official home page of the Ku Klux Klan (KKK) white supremacist group. In addition, Staminus appears to be hosting a large number of internet relay chat (IRC) networks, text-based communities that are often the staging grounds for large-scale DDoS attack services. Source: https://krebsonsecurity.com/2016/03/hackers-target-anti-ddos-firm-staminus/

More:
Hackers Target Anti-DDoS Firm Staminus

DDoS protection biz Incapsula knackers its customers’ websites

An unwelcome PITSTOP Glitches at distributed denial-of-service mitigation biz Incapsula left the websites it defends offline twice on Thursday.…

Taken from:
DDoS protection biz Incapsula knackers its customers’ websites

Health orgs hit with cyberattacks every month

Healthcare organizations “are in the crosshairs” of cyber attackers, suffering one hack per month over the last year, with about half experiencing an incident involving the loss or exposure of patient information and another third unsure whether or not data was exposed, according to a new report. Conducted by the Ponemon Institute for security software company ESET, the report questioned 535 IT security practitioners from a variety of healthcare organizations, including private and public providers as well as government agencies, and found an industry beset by security breaches of all kinds. “With cyber attacks against healthcare organizations growing increasingly frequent and complex, there is more pressure to refine cybersecurity strategies,” the report’s authors wrote. “The State of Cybersecurity in Healthcare Organizations” also found that organizations struggle to deal with a variety of threats, including system failures (79 percent), unsecure medical devices (77 percent), cyberattackers (77 percent), employee-owned mobile devices or BYOD (76 percent), identity thieves (73 percent) and unsecure mobile devices (72 percent). Despite citing unsecure medical devices as a top security threat, only 27 percent of respondents said their organization has guidelines for medical devices as part of its cybersecurity strategy. The most common security incident sited was the exploitation of existing software vulnerabilities greater than three months old, according to 78 percent of respondents. Web-borne malware attacks were named by 75 percent of respondents. Following next were exploits of existing software vulnerability less than three months old (70 percent), spear phishing (69 percent) and lost or stolen devices (61 percent), according to the study. What’s more, participating organizations were only partly effective at preventing attacks. Almost half (49 percent) said their organizations experienced situations when cyberattacks have evaded their intrusion prevention systems (IPS), but many respondents (27 percent) were unsure.  Another 37 percent said their organizations have experienced cyber attacks that evaded their anti-virus (AV) solutions or traditional security controls but 25 percent were unsure. On average, organizations have an APT incident every three months. Only 26 percent of respondents say their organizations have systems and controls in place to detect and stop advanced persistent threats (APTs) and 21 percent are unsure. On average, over a 12-month period, organizations had an APT attack about every 3 months (3.46 APT-related incidents in one year), the survey said. As for the consequences of theses breaches, 63 percent of respondents said the primary consequences of APTs and zero day attacks were IT downtime, followed by the inability to provide services (46 percent), while 44 percent said these incidents resulted in the theft of personal information. In addition, DDoS attacks have cost organizations on average $1.32 million in the past 12 months, the survey said. Healthcare organizations in the report spend an average of $23 million on IT and approximately 12 percent is allocated to information security. “Since an average of $1.3 million is spent annually just to deal with DDoS attacks, the business case can be made to increase technology investments to reduce the frequency of successful attacks,” the report said. Source: http://www.govhealthit.com/news/ponemon-health-orgs-hit-cyberattacks-every-month

More:
Health orgs hit with cyberattacks every month

Cyber-crooks now prefer ransomware to botnets. Yep, firms are paying up

CryptoWall most prevalent nasty – survey File-encrypting ransomware has eclipsed botnets to become the main threat to enterprises, according to Trend Micro.…

Continued here:
Cyber-crooks now prefer ransomware to botnets. Yep, firms are paying up

Customers of large NZ website company Zeald have been hit by DDoS attack

Customers of a large New Zealand website design company have had their websites shut down due to a cyber attack believed to target one or more of the company’s customers. Customers of Zeald were informed on Thursday that some clients had experienced outages with their websites in recent weeks. The company, formed in 2001, with thousands of customers in New Zealand and Australia, has told clients the outages were caused by Distributed Denial of Service (DDoS) attacks. These attacks attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. They present a major challenge to making sure people can publish and access important information. “Simply put, a DDoS attack simulates millions of computers trying to access a website at the same time. This puts tremendous stress on the online infrastructure, and can make access to a website difficult, or impossible,” the company said in its email. “We believe these attacks are targeted at one of our customers,” it said. It said the attacks were difficult to resolve and were a rapidly expanding class of security attack. They did not involve ‘hacking’ and did not lead to the loss of confidential information, but they made it impossible to access a site. “They can be created by attackers with limited technical skill but options for dealing with them are extremely limited”. “Working with our upstream providers, we have been able to stop these attacks temporarily by blocking international traffic. Unfortunately, these attacks keep resuming and are no longer isolated to international traffic alone. These attacks are also causing major issues for our upstream providers as well as the other websites and services that they provide,” it said. “If you have experienced any kind of extortion attempt or communication threatening an attack like this please let us know. Any feedback regarding recent threats will be treated in the strictest confidence. If we know the target of the attack there are measures we can put in place to eliminate the problem”. Source: http://www.stuff.co.nz/technology/77539929/customers-of-large-nz-website-company-zeald-have-been-hit-by-cyber-attack

Excerpt from:
Customers of large NZ website company Zeald have been hit by DDoS attack

OPSEC mistakes spill Russian DDoS scum’s payment secrets

$66 a pop, if you’re the sort who pays for these things OPSEC mistakes by a cybercrook have allowed security researchers to estimate the revenue of a Russian DDoS booter merchant.…

View article:
OPSEC mistakes spill Russian DDoS scum’s payment secrets

F2Pool Suffers from Series of DDoS Attacks

F2Pool, a Chinese mining pool also referred to as Discus Fish, which holds the largest share of the Bitcoin network’s hashrate at 26%, has been experiencing a series of extreme DDoS attacks. The attacks began to target the F2Pool Bitcoin mining pool almost immediately after the F2Pool team announced their decision to “test” Bitcoin Classic by launching a subpool in which miners can mine Bitcoin Classic blocks. Peter Todd and other Bitcoin experts requested the hackers and the individuals behind the series of DDoS attacks to terminate them immediately, as they are delaying the mining pools and companies to reach a consensus on the block size debate. Whomever is DoS attacking f2pool please stop. You’re only making it harder to come to consensus.https://t.co/GoicJNhcMY — Peter Todd (@petertoddbtc) February 25, 2016 Behind the DDoS attack Some bitcoin enthusiasts and supporters of Bitcoin Classic claim that the attacks have been directed and paid for by Bitcoin Core supporters, and its developers, to forcefully cause Bitcoin Classic nodes to become inoperable. A hacker, or a hacking group, that goes by the online alias botneko-chan stated on a forum that they have been paid to launch professional DDoS attacks on F2Pool’s Bitcoin Classic subpools. “Just paid, I’m professional ddoser lol. Don’t know why someone want to bring it down. Maybe increasing block size will decrease miners profit? I’m using bitcoin a lot but don’t care about it’s politics too much, XT had too fast block size grow rate which looks unrealistic to me. I think BIP100 is okay since it allows voting and also bitcoin unlimited also seems like good idea and looks simpler for me. If classic will fork to 2mb blocksize and it would be not enough then what? Next hard fork? I think protocol should support miner voting by design,” the hacker himself said on Reddit. Jonathan Toomim, the leading developer and founder of Bitcoin Classic, further explained that Chinese miners and mining pools are quite skeptical towards Bitcoin Classic as they prefer not to change pool information on their hardware to adopt the 2 megabyte hard fork. “Actual miners are lazy,” said Toomim. “They don’t like to change pool information on their hardware very often, because that would require logging into each of your machines and copy-pasting in new data to a web form and clicking submit. A typical mining farm will have hundreds to tens of thousands of these machines. The approach that Slush is taking is different. Rather than requiring users to reconfigure each machine, Slush is giving users a way to switch all of their hardware between Classic and Core by clicking on one button on Slush’s website. This should result in much faster changes.” As of now, leading bitcoin mining pools, including Antpool, F2Pool and BitFury, are supporting the roadmap and development of the Bitcoin Core development team. Source: http://cointelegraph.com/news/f2pool-suffers-from-series-of-ddos-attacks

View post:
F2Pool Suffers from Series of DDoS Attacks

DDoS attacks up 149 percent as brassy booter kids make bank

Akamai report finds surge in weighty packets. The number of distributed denial of service attacks rose 149 percent in dying months of 2015 according to Akamai’s networking wonks.…

Continue Reading:
DDoS attacks up 149 percent as brassy booter kids make bank

Does the Internet of Things need an indie security assessor?

Some in the IEEE reckon it’d be a good idea, before your toaster burns more than bread The Internet toaster that’s browning your crumpets, talking to its home servers, and participating in a ransomware-distributing botnet should get the kind of cyber-safety testing that it gets for physical safety.…

See the article here:
Does the Internet of Things need an indie security assessor?

Serbian President’s website comes under DDoS attack

The Serbian president’s website faced a large-scale “hacking” attack on Monday, which brought it down for several hours, his press office said. A statement carried by Tanjug explained that the distributed denial-of-service attack (SYN flood) targeted www.predsednik.rs, and that the president’s website is “subject to daily hacking attacks.” In a SYN flood attack, the server is overwhelmed by a large number of legitimate and false connections requests which consume its resources and render it unresponsive or difficult to access. “The hosting and security of the president’s website falls within the competence of the Defense Ministry. In cooperation with Telekom Srbija, the ministry blocked and prevented further attacks and possible damage to the computer equipment and services,” the statement said. Source:http://www.b92.net/eng/news/crimes.php?yyyy=2016&mm=02&dd=23&nav_id=97147

Read this article:
Serbian President’s website comes under DDoS attack