Tag Archives: 6folds-marketing

Dropbox hits by DDoS attack, but user data safe; The 1775 Sec claims responsibility

Dropbox website went offline last night with a hacking collecting calling itself The 1775 Sec claiming responsibility of the attack on the cloud storage company’s website. The 1775 Sec took to twitter just a few moments before Dropbox went down on Friday night claiming that they were responsible. “BREAKING NEWS: We have just compromised the @Dropbox Website http://www.dropbox.com #hacked #compromised” tweeted The 1775 Sec. This tweet was followed by a another one wherein the group claimed that it was giving Dropbox the time to fix their vulnerabilities and if they fail to do so, they should expect a Database leak. The group claimed that the hack was in honour of Aaron Swartz. Dropbox’s status page at the time acknowledged that there was a downtime and that they were ‘experiencing issues’. The hackers then revealed that their claims of a Database leak was a hoax. “Laughing our asses off: We DDoS attacked #DropBox. The site was down how exactly were we suppose to get the Database? Lulz” tweeted The 1775 Sec. The group claimed that they only launched a DDoS attack and didn’t breach Dropbox security and didn’t have access to Dropbox user data. Dropbox claimed that its website was down because of issues during “routine maintenance” rather than a malicious attack. In a statement Dropbox said “We have identified the cause, which was the result of an issue that arose during routine internal maintenance, and are working to fix this as soon as possible… We apologize for any inconvenience.” Just over an hour ago, Dropbox said that its site was back up. “Dropbox site is back up! Claims of leaked user info are a hoax. The outage was caused during internal maintenance. Thanks for your patience!” read the tweet from Dropbox. Source: http://www.techienews.co.uk/974664/dropbox-hits-ddos-user-data-safe-1775-sec-claims-responsibility/

Read More:
Dropbox hits by DDoS attack, but user data safe; The 1775 Sec claims responsibility

The 2014 cyber security roadmap

The burgeoning Internet of Things and smart devices 2014 is likely to be the year that many industries start to cash in on the much-hyped benefits of smart connected devices. But as more devices become IP-enabled, they contribute to the pool of things that can be recruited into botnets or other platforms used for distributed attacks – something which most companies are currently not prepared for, warns Mike Foreman, general manager of security software firm AVG Technologies. ‘Distributing attacks via unmanned smart devices helps make it more difficult to trace the source and easier to overwhelm the target,’ says Foreman. In order to meet the challenge of securely managing hundreds of millions of connected devices and securing the data transmitted between them, Jason Hart, VP of cloud solutions at security specialist SafeNet , says that organisations will need public key infrastructure solutions that combine comprehensive security with scalability and reliability. ‘PKIs, simply put, use digital certificates that can be embedded within devices, giving them the authorisation needed to access different networks,’ explains Hart. BYOD convenience vs. security Companies will need to adopt new tactics to tackle the increasing drawbacks of a BYOD environment, changing their focus from the devices themselves. When it comes to effective device management, says Chris Wysopal, co-founder and chief information security officer of application security expert Veracode , apps, not devices, are the real problem. ‘Companies need to look for MDMs that understand what apps are installed across corporate and BYOD devices, and the risk associated with those applications,’ he advises. Jonathan Foulkes of systems management software firm Kaseya thinks businesses will need to shift the focus away from devices and onto securing and managing data. ‘By “containerising” corporate data and only providing access through secure applications, IT is given full control over policies and the ability to decide which users – rather than devices – are allowed to connect to what data and with what application.’ The true security risks of cloud computing beginning to emerge The horse has left the barn for IT teams dealing with the cloud. Business units are demanding it and building apps there if their IT departments will not – and this is a trend that is set to continue in 2014 as adoption of core applications in the cloud grows. ‘This opens up application change errors that can be totally missed by the security team,’ warns Reuven Harrison, CTO of security policy orchestration company Tufin . ‘It also increases silos and puts the business network at great risk by bypassing traditional IT structures.’ Veracode’s Chris Wysopal stresses that cloud apps will need to follow the same application security practices that the organisation requires for internally built apps, while moving towards end-to-end automation of network changes should free up time to concentrate on monitoring all areas of the network. Controlling the privileged user Without a doubt, one of the biggest mistakes that organisations make is having insufficient control and oversight of the actions of ‘privileged users’, says Paul Ayers, VP EMEA of security firm Vormetric . ‘In 2014, after the Snowden leaks and other high-profile insider threats and data breaches, I expect organisations to increasingly put in place the security procedures and tools that allow them to audit and control the actions of these users,’ he comments. The effects of cyber war and cyber espionage Cyber is the new battlefield, and the fifth element of warfare, with states already pouring a huge range of resources into both defensive and offences capabilities. ‘Within the next couple of years, we will experience an increasing number of cyber attacks resulting in militaristic and economic damage,’ says Jarno Limnell, director of cyber security at McAfee Group security vendor Stonesoft . Rik Ferguson, VP of security research at security vendor Trend Micro , notes that the PRISM revelations will increasingly lead cyber criminals to turn to ‘darknets’ – a class of networks, such as The Onion Router (TOR), that guarantee anonymous and untraceable online access. ‘Law enforcement agencies may not have enough knowledge or experience to deal with cyber crime and will have a hard time tracking criminals in the Deep Web, prompting more investment in the fight against cyber crime,’ he says. Strengthened government agenda on cyber security and new compliance standards Over 2013-14, the UK cabinet office will have invested £180 million in cyber security, increasing this amount to £210 million in 2014-15. The government has announced its intention to back a new kite-mark standard for cyber security, with further details promised early this year. Around the same time, the European Commission will unveil a new directive on data privacy. ‘But while these measures are to be welcomed, organisations will have their work cut out preparing themselves to achieve compliance,’ says Alan Calder, founder of cyber security services provider IT Governance . ‘Add to these changes the multiple compliance challenges arising from recent updates of standards, such as ISO 27001 and PCI DSS, and you quickly have a considerable governance task in terms of planning, resourcing and training.’ The security skills gap The world faces an acute shortage of cyber security professionals who are adequately skilled for today’s threat landscape. According to Alan Calder of IT Governance, in 2014 we will feel the effects of this shortfall more than ever, resulting in yet more spectacular data breaches, as it will be several uncomfortable years before supply meets demand. ‘Large accountancy and professional services firms are, at the moment, heavily investing in IT security talent, which means that SMEs will struggle to compete for the best talent, putting the future of their businesses at risk,’ says Christian Toon, risk and security expert at data protection company Iron Mountain . Toon urges that when recruiting IT security professionals, companies should remember that it’s important to get someone who understands not just the technicalities of the job, but also the psychology of both the individuals they are helping to protect and of the cyber criminals who are attempting to steal information from the business. The ever-increasing sophistication of DDoS attacks The transparency shown by RBS in admitting that it failed to invest properly in its IT systems after DDoS attacks in 2013 is a common refrain amongst many enterprises, large and small. But, says Jag Bains, CTO of DDoS attack prevention firm DOSarrest Internet Security , ‘While each organisation may have multiple reasons for failing to invest, they all share the same notion that they won’t be a target – until they get attacked.’ With DDoS tools becoming more advanced and pervasive, Bains warns that all IT operations should work under the premise that they will be attacked, and so plan accordingly. ‘Every stack and layer within their purview should be reviewed, and they should identify cost-effective cloud solutions for their DDoS, which provide much better performance and mitigation than expensive hardware.’ Catherine Pearce, security consultant at mobile security firm Neohapsis , predicts that DDoS attackers will accelerate a move from simple volumetric attacks to those that take advantage of a site’s specific performance, with the spread of tools that profile specific targets and attack based upon certain weaknesses in configuration or implementation. Smarter analytics to combat cyber threats Martin Borrett, director at the IBM Institute for Advanced Security , believes that analytics will become a vital element in countering new threats, aided by advancements in machine learning algorithms that will further improve data and analytics technologies. ‘Security systems will greatly benefit from real-time correlation across massive structured data, such as security device alerts, operating system logs, DNS transactions and network flows, as well as unstructured data, such as emails, social media content, packet info and business transactions,’ says Borrett. ’Organisations can begin along this path by surveying the additional new data sources available and considering which could be used to improve their security analysis outcomes.’ However, each data source may bring its own challenges, such as the volume, velocity, variety and veracity of data, so it will be important for a business to consider also which skills and tools they have available to manage these issues. Challenges regarding authentication technologies such as 2-factor and biometric ‘With companies slowly adopting BYOD programmes, on-premise software still reigning supreme in many IT environments and big hacking attacks occurring every few weeks, there’s no question that the business world still lags in adopting people-centric technologies across workforces,’ says Phil Turner, VP EMEA at identity management company Okta . ‘As a result, in 2014, as businesses have added more applications and the proliferation of devices in the workplace continues to increase, we are likely to see significant growth in cloud-based identity and asset management (IAM) services that can deliver single sign-on across all applications.’ However, looking forward to the end of 2014, we can expect this to start to change. Multi-factor authentication (MFA) – which requires two or more factors to verify the legitimacy of the user – has taken off and evolved pretty substantially in the past decade. And authentication methodologies are becoming as personalised and specific to the individual as the experiences that they’re trying to access. ‘Customers’ expectations for seamless trusted authentication and the continued dominance of smartphones and smart devices will accelerate the move from legacy hardware one-time password tokens to mobile-friendly, embedded security and contextual access controls,’ says SafeNet’s Jason Hart. ‘We can already see early examples such as Apple’s iTouch of biometric authentication, and investments by vendors such as Samsung to bake enterprise-grade security controls into their KNOX platform.’ Cyber resilience, not cyber security In 2014, we will see savvier organisations relinquish futile hopes of ‘cyber security’ for a more pragmatic drive for ‘cyber resilience’. ‘We are living permanently with an irreducible level of cyber threat,’ says IT Governance’s Alan Calder. ‘As this realisation sinks in, organisations must adapt their strategies to avoid unhelpful restrictions on staff mobility and internet access, while ensuring their ability to recover swiftly when attacks take place.’ Jason Hart of SafeNet reiterates that in the coming year we can expect to see companies move away from the traditional strategy of focusing on breach prevention, and towards a ‘secure breach’ approach. ‘This means accepting that breaches happen and using best practice data protection to guarantee that data is effectively useless when it falls into unauthorised hands,’ he says. ‘So, we can expect to see an increase in the use of encryption that renders any data useless to an unauthorised party.’ Source: http://www.information-age.com/technology/security/123457584/the-2014-cyber-security-roadmap

See original article:
The 2014 cyber security roadmap

DDoS attacks costly for online companies

Distributed denial of service, or DDoS, attacks can be hugely damaging to companies that rely on their online presence for sales and new business, says DDoS mitigation provider, Prolexic. “All businesses are potentially vulnerable as there are no advance warnings of DDoS attacks, and no way to know if and when your business could be targeted,” says sales and innovation director at DRS, Jayson O’Reilly. “However, if your business is dependent on its Web site to service customers, you should have protocols in place to defend against an attack, should it happen.” O’Reilly states that some businesses are more vulnerable, or more likely to be a target, than others, which is largely industry dependent. Retail, financial services and gaming sites are popular targets. “Businesses should establish the likelihood of attack, or if they have already been a target, what sort of volume of attacks they have experienced. If they have experienced attacks, were these prolonged, or particularly strong? These questions can help a business select a suitable level of DDoS protection,” he says. He adds that businesses that find themselves regular targets, and which have a high dependency on their Web sites for business, should consider a level of protection that comes with high service level agreements. “They should select a DDoS mitigation provider that can have a site back up almost instantaneously, and guarantee uptime. However, this is not a cheap exercise.” There are other, less expensive, options too, according to O’Reilly, which come with a choice of protection levels, guaranteeing protection up to a certain level. “This sort of protection is suitable for businesses that experience low level, less lengthy attacks. However, should an attack happen that is above the protection level the company has paid for, they would be on their own,” O’Reilly says. He says smaller businesses which haven’t yet been hit by a DDoS attack can also follow several steps to better prepare themselves in the event of an attack, adding that companies which use dedicated servers have the option of setting up a backup connection, called an out-of-band (OOB) connection, which is essentially a backup path in case of network communication failure. “In the event of the usual network becoming inaccessible, the businesses can use the OOB connection to access the server instead. A hosting provider can add an OOB connection, and at a price that won’t break the bank.” O’Reilly says network monitoring can also be a big help. “A network monitoring system that can pick up anomalous behaviour, such as sudden spikes, can act as an early warning system for a DDoS attack.” Additionally, he advises companies to be aware of where they are most vulnerable, in order to keep an eye on those points, and strengthen them wherever possible. “Add alerts for your weak points, and put plans in place to upgrade the security on these points,” he concludes. Source: http://www.itweb.co.za/index.php?option=com_content&view=article&id=69922:DDoS-attacks-costly-for-online-companies&catid=69

View article:
DDoS attacks costly for online companies

DDoS Attacks: What They Are, and How to Defend Against Them

You may have heard of a DDoS (distributed denial-of-service) attack in the news as a method used by malicious hackers to attack a website. It’s possible you’ve even experienced the effects of a DDoS attack yourself. If you host a website or other online service, being aware of the dangers of a DDoS attack can help you prevent one, or mitigate the damage they can incur. Here’s a brief explanation of what a DDoS attack is, what it accomplishes and how to avoid one. How does a DDoS attack work? Denial of service through server flooding can be thought of as simply filling up a pipe with enough material to prevent anything else from getting through. Denial of service may occur unintentionally if a server receives more traffic than it was designed to handle. This happens frequently, such as when a low-trafficked website suddenly becomes popular. In this case, the server is still functioning, and is not damaged, but is unreachable from the Internet. It’s been effectively knocked offline, and will be until the DDoS attack either stops or is outgunned by more servers being brought online. Malicious denial of service involves deliberately flooding a server with traffic. The easiest way to do so is to distribute the attacking computers among hundreds, even thousands of computers, which simultaneously bombard the target server with (often useless) requests for information. Think of multiple pipes from various locations eventually connecting into one large pipe, and massive volumes of material eventually colliding from the origin points into the main pipe. While the electronic connections that make up the Internet are not technically “pipes,” there is a limit to the amount of data that can be transferred through any given network.  Put enough in there, and a server’s pipes will be clogged. Cybercriminals use large systems of “zombie” computers, or computers infected with malware that allow a central controller to use them, in DDoS attacks. Hacktivist groups like Anonymous, on the other hand, recruit volunteers who install software on their own machines to take part in DDoS attacks. Anonymous has used DDoS attacks against the websites of credit-card companies, dictatorial foreign governments and even the CIA, FBI and U.S. Department of Justice. What does a DDoS attack accomplish? Unlike other forms of malicious computer activity, there is usually no immediate or direct gain for the attacker. The primary goal of a DDoS attack is simply to disrupt a service. A DDoS attack will not in itself allow hackers to access any secure information on its own. There is no network penetration or database breach involved. A DDoS attack can result in a loss of income for a company that does business online. Most of the large online retailers and social networks have hardened their servers to resist DDoS attacks. DDoS attacks by Anonymous and other hacktivist groups are often intended to be a form of protest. In January 2012, attacks on several government agencies and recording labels were staged by hacktivist groups as a form of protest against the Stop Online Piracy Act (SOPA) and the seizure of the file-sharing site MegaUpload by the FBI. Over the past decade, hundreds of DDos attacks have been performed by independent activists, political groups and even government agencies. How can you avoid or mitigate a DDoS attack? Unfortunately, there is little that can be done to avoid becoming the victim of a DDoS attack. Unlike other attacks, it is a brute-force strike that uses a public utility — the Internet itself — to overwhelm a system. Anti-virus software and filtering tools such as firewalls will not stop the effectiveness of the attack. The primary method of dealing with these attacks from the perspective of a host is to increase the capability of the system. Load-balancing tools can distribute requests among many servers scattered across a wide geographical area, and as the system grows to handle more requests, the attackers will need to use a stronger attack to overwhelm it. Methods to limit the amount of traffic allowed to and from the server can be enabled in some routers and switches, and some responsive systems can disconnect a network from the Internet before the attack brings the entire system down. The latter method will still result in the network being inaccessible from the Internet, but will generally result in a faster return to service. Source: http://www.tomsguide.com/us/ddos-attack-definition,news-18079.html

Read More:
DDoS Attacks: What They Are, and How to Defend Against Them

Steam, Blizzard and EA hit by DDoS attacks

There’s something about the new year that gets hackers all excited as the DDoS attacks continue. The last major attack was on 31 December with DERP unleashing their DDoS on World of Tanks, EA, Blizzard, League of Legends and DOTA 2.It looks like the hangovers have worn off as once again they hit EA and Battlefield 4 servers. EA hopped on the case with a response. In what may have been a response to that, we have no idea what’s behind their thinking with all this, another group decided Steam should be the target. We are still seeing reports that Steam is still having issues despite the attack apparently having stopped. And then it was on to BattleNet… All this is being done for shits and giggles but really achieves nothing other than annoy gamers and cause some temporary headaches for server admins. The novelty will probably wear off in a few days but as the individuals involved are being encouraged by Twitter followers expect more outages. Source: http://www.incgamers.com/2014/01/steam-blizzard-ea-hit-ddos-attacks

Continue Reading:
Steam, Blizzard and EA hit by DDoS attacks

Attackers Wage Network Time Protocol-Based DDoS Attacks

Attackers have begun exploiting an oft-forgotten network protocol in a new spin on distributed denial-of-service (DDoS) attacks, as researchers spotted a spike in so-called NTP reflection attacks this month. The Network Time Protocol, or NTP, syncs time between machines on the network, and runs over port 123 UDP. It’s typically configured once by network administrators and often is not updated, according to Symantec, which discovered a major jump in attacks via the protocol over the past few weeks. “NTP is one of those set-it-and-forget-it protocols that is configured once and most network administrators don’t worry about it after that. Unfortunately, that means it is also not a service that is upgraded often, leaving it vulnerable to these reflection attacks,” says Allan Liska, a Symantec researcher in blog post last week. Attackers appear to be employing NTP for DDoSing similar to the way DNS is being abused in such attacks. They transmit small spoofed packets requesting a large amount of data sent to the DDoS target’s IP address. According to Symantec, it’s all about abusing the so-called “monlist” command in an older version of NTP. Monlist returns a list of the last 600 hosts that have connected to the server. “For attackers the monlist query is a great reconnaissance tool. For a localized NTP server it can help to build a network profile. However, as a DDoS tool, it is even better because a small query can redirect megabytes worth of traffic,” Liska explains in the post. Monlist modules can be found in NMAP as well as in Metasploit, for example. Metasploit includes monlist DDoS exploit module. The spike in NTP reflection attacks occurred mainly in mid-December, with close to 15,000 IPs affected, and dropped off significantly after December 23, according to Symantec’s data,. Symantec recommends that organizations update their NTP implementations to version 4.2.7, which does not use the monlist command. Another option is to disable access to monlist in older versions of NTP. “By disabling monlist, or upgrading so the command is no longer there, not only are you protecting your network from unwanted reconnaissance, but you are also protecting your network from inadvertently being used in a DDoS attack,” Liska says. Source: http://www.darkreading.com/attacks-breaches/attackers-wage-network-time-protocol-bas/240165063

Read the article:
Attackers Wage Network Time Protocol-Based DDoS Attacks

NatWest hit by Distributed Denial of Service (DDoS) Attack

NatWest has been hit by a ‘cyber attack’, leaving customers unable to access online accounts. The bank’s online banking service was disrupted after it was deliberately bombarded with internet traffic. Twitter users tweeted to say they could not access their bank accounts to pay bills or transfer money. @TomGilchrist wrote: “Do other banks computer systems/services go down as much as NatWest? I assume not. Time to move banks I think.” @AleexReid tweeted: “Just joined Santander. Fed up with NatWest. Another computer failure tonight. #welldone.” A NatWest spokesperson said: “Due to a surge in internet traffic deliberately directed at the NatWest website, some of our customers experienced difficulties accessing our customer web sites this evening. “This deliberate surge of traffic is commonly known as a distributed denial of service (DDoS) attack. “We have taken the appropriate action to restore the affected web sites. At no time was there any risk to customers. We apologise for the inconvenience caused.” At the beginning of December  all of RBS and NatWest’s systems went down for three hours on one of the busiest shopping days of the year. The group chief executive Ross McEwan described that glitch as “unacceptable” and added: “For decades, RBS failed to invest properly in its systems. “We need to put our customers’ needs at the centre of all we do. It will take time, but we are investing heavily in building IT systems our customers can rely on.” RBS and NatWest also came under fire in March after a “hardware fault” meant customers were unable to use their online accounts or withdraw cash for several hours. A major computer issue in June last year saw payments go awry, wages appear to go missing and home purchases and holidays interrupted for several weeks, costing the group £175m in compensation. This latest problem is the fourth time in 18 months RBS and NatWest customers have reported problems with the banks’ services. Source: http://news.sky.com/story/1187653/natwest-hit-by-fourth-online-banking-glitch

Continue Reading:
NatWest hit by Distributed Denial of Service (DDoS) Attack

Lessons From 5 Advanced Attacks Of 2013

Distributed denial-of-service attacks targeted application and business-logic weaknesses to take down systems; fraudsters used encryption to scramble victims’ data until they paid a ransom; and, attackers increasingly targeted providers as a weak link in the chain of the digital security protecting businesses. In 2013, there were no major revolutions in the way that attackers compromised, cut off, or just plain inconvenienced their victim’s systems, but their techniques and tactics evolved. From more pernicious encryption in ransomware to massive DDoS attacked fueled by reflection, attackers showed that they still had options available in their bag of tricks. “As the criminals have become more savvy and more technically knowledgable and understand the victims’ environments better, they are able to see opportunities that they might otherwise overlook,” says Jeff Williams, director of security strategy for the counter threat unit at Dell SecureWorks, a managed security provider. Based on interviews with experts, here are five advanced attacks from 2013 and the lessons for businesses from those events. 1. Cryptolocker and the evolution of ransomware While many attackers create botnets to steal data or use victim’s machines as launching points for further attacks, a specialized group of attackers have used strong-arm tactics to extort money from victims. In the past, most of these types of attacks, referred to as ransomware, have been bluffs, but Cryptolocker, which started spreading in late summer, uses asymmetric encryption to lock important files. The group behind Cryptolocker has likely infected between 200,000 and 250,000 computers in the first hundred days, according to researchers at Dell SecureWorks. Based on the number of payments made using Bitcoin, the company conservatively estimated that 0.4 percent of victims paid the attackers, but it is likely many times more than minimum take of $240,000, the company stated in an analysis. “What sets it apart is not just the size and the professional ability of the people behind it, but that–unlike most ransomware, which is a bluff–this one actually destroys your files, and if you don’t pay them, you lose the data,” says Keith Jarvis, senior security researcher with Dell SecureWorks. Companies should expect ransomware to adopt the asymmetric-key encryption strategy employed by the Cryptolocker gang. 2. New York Times “hack” and supplier insecurity The August attack on The New York Times and other media outlets by the Syrian Electronic Army highlighted the vulnerability posed by service providers and technology suppliers. Rather than directly breach the New York Times’ systems, the attackers instead fooled the company’s domain registrar to transfer the ownership of the nytimes.com and other media firms’ domains to the SEA. The attack demonstrated the importance of working with any suppliers that could be a “critical cog” in a company’s security strategy, says Carl Herberger, vice president of security solutions for Radware, a network security firm. “You need to have real-time, critical knowledge from your service providers to determine whether they are being attacked and whether you are the intended victim of that attack,” says Herberger. 3. Bit9 and attacks on security providers In February, security firm Bit9 revealed that its systems had been breached to gain access to a digital code-signing certificate. By using such a certificate, attackers can create malware that would be considered “trusted” by Bit9?s systems. The attack, along with the breach of security company RSA, underscore that the firms whose job is to protect other companies are not immune to attack themselves. In addition, companies need to have additional layers of security and not rely on any one security vendor, says Vikram Thakur, a researcher with Symantec’s security response group. “The onus resides with the security firm to prevent successful attacks from happening, but when they fail, a victim should have a plan to bolster their defense,” Thakur says. 4. DDoS attacks get bigger, more subtle A number of denial-of-service attacks got digital ink this year. In March, anti-spam group Spamhaus suffered a massive denial-of-service attack, after it unilaterally blocked a number of online providers connected–in some cases tenuously–to spam. The Izz ad-Din al-Qassam Cyberfighters continued their attacks on U.S. financial institutions, causing scattered outages during the year. As part of those attacks and other digital floods, attackers put a greater emphasis on using techniques designed to overwhelm applications. Such application-layer attacks doubled in frequency in the third quarter 2013, compared to the same quarter a year before, according to denial-of-service mitigation firm Prolexic. Reflection attacks, where attackers use incorrectly configured servers to amplify attacks, grew 265 percent in the same period, according to the firm. The attack against Spamhaus, which reportedly topped a collective 300 Gbps, used reflection attacks via open DNS resolvers to generate the massive flood of traffic. “This technique is still an available option for attackers,” says Radware’s Herberger. “Because there are 28 million vulnerable resolvers, and every resolver needs to be fixed, this problem is not going away any time soon.” 5. South Korea and destructive attacks Companies in both the Middle East and South Korea suffered destructive attacks designed to wipe data from computers. In 2012, Saudi Aramco and other companies in the Middle East were targeted with a malicious attack that erased data from machines, causing them to become unrecoverable. This year, South Korean firms were attacked in a similar manner in a multi-vector attack whose finale was the deletion of master boot records on infected computers. While such attacks have happened in the past, they seem to be more frequent, says Dell SecureWorks’ Williams. “The impact of these attacks have been pretty impressive–30,000 machines needed to be rebuilt in the Saudi Aramco case,” he says. Source: http://www.darkreading.com/advanced-threats/lessons-from-five-advanced-attacks-of-20/240165028

View the original here:
Lessons From 5 Advanced Attacks Of 2013

The Changing Trends of DDoS Attacks

Distributed denial-of-service (DDoS) attacks certainly aren’t new. I’ve been talking about them for years. However, they have been changing. The traditional style of attack, the flood-the-target type that crashes a website, is still going strong. But now we are seeing an increase in application-layer attacks that have the same goal: Systems go down, resources are unavailable and the victim is scrambling to fix everything. Recently, Vann Abernethy, senior product manager for NSFOCUS, talked to me about the changing DDoS landscape. Something he has noticed is how DDoS attacks are being used as smokescreens to cover up other criminal activity. He said: In fact, the FBI warned of one such attack type back in November of 2011, which relies upon the insertion of some form of malware. When the attacker is ready to activate the malware, a DDoS attack is launched to occupy defenders. In this case, the DDoS attack is really nothing more than a smokescreen used to confuse the defenses and allow the real attack to go unnoticed – at least initially.  Considering that most malware goes undetected for long periods of time, even a small DDoS attack should be a huge red flag that something else may be going on. Abernethy adds that another trend he’s seeing is that the DDoS attack itself may be a bit more sinister. For example, a DDoS attack could be masking a simultaneous attack that is probing for vulnerabilities. He said: It’s like a recon team sent to look at an enemy’s position while they’re under some sort of long-range barrage. In general, basic probing will likely be caught if the victim has even modest security protections. But while under the duress of a DDoS attack, the very systems charged with either blocking or alerting suspicious activity might be under too much strain. Abernethy provides several solutions to protect against these emerging DDoS attack styles. One way is to have multiple teams set up to respond to DDoS attacks. One team would work on the DDoS attacks themselves; another team would be responsible for searching for other possible, hidden attacks. For the trend that involves probing, IT and security departments may want to deploy application security testing, and all applications used by the company should be subjected to the testing. DDoS attacks can be devastating to a company , interrupting vital customer interactions and ruining company reputations. The more we know about them, the better chance we have at protecting the company from any serious damage, if not preventing them altogether. Source: http://www.itbusinessedge.com/blogs/data-security/the-changing-trends-of-ddos-attacks.html

Read More:
The Changing Trends of DDoS Attacks

DDoS trojan ferrets SMB data

A new distributed-denial-of-service (DDoS) bot has been discovered targeting real estate companies and other small and medium-sized businesses. Arbor Networks researcher Dennis Schwarz found the malware after receiving a tip-off from a Twitter user. A relatively small number of unique samples and command and control servers were uncovered, making it difficult to judge just how dangerous the new threat could be. These samples are written in the Delphi programming language but most likely originate from Russia, said Schwarz, who added that the bot’s self-preservation tools include UPX packing, string obfuscation, anti-virtual machine, anti-bugging measures, self-modifying code and process hollowing. Command and control is done over HTTP. The analyst firm has a ‘fairly complete picture’ of what the bot represents, but admitted concerns on how Trojan.Ferret is being distributed. “Trojan.Ferret is a new Russian DDoS bot.  It stood out to me due to the silly ferret theme and that we have a fairly complete picture of it,” said Schwarz, adding that the company had tracked a sample of bot, the C&C panel view and live C&C traffic. “It is a traditional DDoS bot focusing on the ‘core’ set of DDoS attacks, such as HTTP, UDP and TCP. It lacks the common application layer attacks such as Slowloris, Apache Killer, and RUDY. “A major missing component that we’re unsure of is how this particular Trojan is being distributed–whether by exploit kit, malware-laced spam, or via one of the many ‘dropper/downloader’ networks.” Schwarz said that the Trojan is targeting the UK, the US, Germany, Russia and the Netherlands, as well as Kazakhstan, and said that attacks have hit property companies, an electronics shop, a wedding dress shop and even a politician in Panama. Malwarebytes malware intelligence analyst Adam Kujawa said the information security industry is still coming to grips with the threat posed by the new DDoS bot. “It is likely of Russian origin, uses an array of specialised malware tricks to hide it from detection and of course is used as a DDOS bot,” said Kujawa.  “Ferret will infect as many systems as it can to recruit them into the Botnet and then use each of those systems to attack a single server at the same time,” he added, commenting, “A single system cannot perform a successful DDOS attack but a botnet of thousands can.” Source: http://www.scmagazine.com.au/News/368168,ddos-trojan-ferrets-smb-data.aspx

Continue Reading:
DDoS trojan ferrets SMB data