Tag Archives: 6folds-marketing

5 DDoS defence strategies every company should know

If there is any one fact that remains consistent when it comes to distributed denial of service (DDoS) attacks, it is this: whatever mitigation solution your security engineers implement today, hackers will find a way to defeat it within the next two years. The pain of re-engineering a security program every 24 months is dwarfed by the potential pain of DDoS-provoked outages. In 2011, these attacks cost businesses more than a billion dollars, according to the Yankee Group. So how can companies defend themselves against attacks that are growing larger in scale, more complex in nature and more damaging to corporate reputations? Start with these five strategies: 1. Get educated, and be prepared Attackers are highly educated and highly motivated. Whether they shut sites down for financial gain or idealistic causes, the hackers who may target you today will do so with complex attacks at the application layer, Layer 7, where they can deplete your server resources by imitating legitimate users. They are likely to attack websites that rely on SSL by exploiting a Web server’s limited ability to handle large amounts of HTTPS sessions. These are not the straightforward DNS reflection attacks or TCP SYN floods of yesterday 2. Learn which attacks can be defeated with which solutions In order to combat increasingly sophisticated DDoS attacks, your company needs to learn what methods attackers are embracing today and continually research the most effective tools and services for addressing them. For example, you can defeat the OSI model, and Layer 3 and 4 attacks at the network and service layers with access control lists (ACLs), policies and commercially available DDoS mitigation solutions. On the other hand, you’ll need inspection by proxy to identify and fight Layer 7 attacks. 3. Ignore attacker inquiries It’s not unusual for a hacker to contact a company as he is assaulting its websites. You might receive demands if the motive behind the attack is pure financial extortion. If the attacker views himself as more of an activist, he might contact you simply to taunt the company during the outage. The best reaction to these communications is no reaction. Ignore them. Doing so generally lowers the probability that the attack will occur, if it hasn’t already, or that it will continue, if it’s already in progress. 4. Build secure networks Let start with the basics: avoid firewalls. This old security standby maintains the connection state which can be quickly filled by an attacker, rending the system useless and making it easier to take the server offline. This makes even the largest firewalls vulnerable to even the smallest attacks. Look for a hosting provider that can manage and secure your servers or build proxies using load balancers. Load balancers such as nginx or haproxy enable your host to dampen the effect of low-and-slow Layer 7 attacks, which is particularly critical if you are on a Windows Server. Finally, it’s worth it to upgrade your networks to modern equipment. Make sure your service contracts are up to date and purchase products that have a reputation for withstanding prolonged attacks. 5. Have a contingency plan Because hackers are constantly learning and DDoS attacks are constantly changing, you could make all the right decisions and still find your company under fire. That’s why a holistic approach is important. Your business should have secure network and system architecture, onsite packet filters, additional mitigation capacity with a third-party service, and skilled security staff. If you don’t have an in-house security expert, it is all the more essential that you have a DDoS mitigation service on call. Such a partner should be available on short notice and dedicated to helping you during a worst-case-scenario attack. Effective DDoS mitigation doesn’t come down to one solution, one partner or one vendor. Defending your company against attacks requires that you stay educated, stay prepared and stay vigilant. A hosting service with the right DDoS partner can be a valuable asset in your company’s business continuity plan (BCP). Whether you decide to manage your security on-site or outsource it, make sure that you build a DDoS mitigation strategy that accounts for your company’s specific needs, as well as the ever-evolving nature of attack scenarios. Source: http://www.itproportal.com/2013/12/03/5-ddos-defence-strategies-every-company-should-know/

Popular Bitcoin forum targeted in DNS and DDoS attack

Roughly 175,000 members registered on bitcointalk.org are being discouraged from logging into their accounts following attacks against the popular Bitcoin forum, according to an advisory on the top of the main page. “If you used your password to login between 06:00 Dec 1 UTC and 20:00 Dec 2 UTC, then your password may have been captured in a man-in-the-middle attack, and you should change your password here and wherever else you used it,” according to the advisory. On Monday, a bitcointalk.org administrator named ‘theymos’ wrote that what likely happened is an attacker took advantage of a vulnerability in the forum’s registrar, Anonymous Speech, to redirect the domain name system (DNS) to a different point. Bitcointalk.org was promptly transferred to a different registrar as a result, theymos explained, but the administrator added that those types of changes take time and that users should avoid logging into the website for about 20 hours. “Because the HTTPS protocol is pretty terrible [on the forum], this alone could have allowed the attacker to intercept and modify encrypted forum transmissions, allowing them to see passwords sent during login, authentication cookies, PMs, etc.,” theymos wrote. “Your password only could have been intercepted if you actually entered it while the forum was affected.” The administrator added, “I invalidated all security codes, so you’re not at risk of having your account stolen if you logged in using the “remember me” feature without actually entering your password.” Meanwhile, the Bitcoin forum is concurrently the target of a massive distributed denial-of-service (DDoS) attack, theymos wrote, adding that while the two events are probably linked, it is unclear why the attacker is doing both at once. Source: http://www.scmagazine.com/popular-bitcoin-forum-targeted-in-dns-and-ddos-attack/article/323311/

Ukrainian Interior Ministry Website Reportedly Hit By DDoS Attack

The website Ukraine’s Interior Ministry is currently inaccessible, having apparently fallen foul of a distributed denial-of-service (DDoS) attack by hackers, local media said Sunday. Ukraine’s IT specialists claimed that they were behind the outage, which came after police violently dispersed a pro-EU rally in downtown Kiev Saturday, and promised to take down other Ukrainian government websites, pravda.com.ua reported. “Unfortunately, not each Ukrainian can come to Mykhailivska Square in Kiev or other local squares… That’s why I suggest an efficient way that everyone can show their protest in the Internet… I mean DDoS attack on the sites of our enemies in the government,” IT specialists said in a statement. The report said the Ukrainian government portal, www.kmu.gov.ua, also went out of service Sunday after suspected hacking. Some 35 people were injured after riot police cracked down on protesters camping out in the Independence Square in the capital Kiev Saturday, doctors said. Seven people still remain in hospital. A total of 35 people were briefly detained by police. Protesters regrouped Saturday near a monastery at Mykhailivska Square in downtown Kiev, which became the new place for continuing pro-EU rallies. Activists spent a night there and said they would form a national resistance task force to prepare a nationwide strike. Source: http://en.ria.ru/world/20131201/185186195/Ukrainian-Interior-Ministry-Website-Reportedly-Hit-By-Hackers.html

See the original post:
Ukrainian Interior Ministry Website Reportedly Hit By DDoS Attack

Google Nexus 5 vulnerable to DDoS attack

Google Nexus smartphones including the latest Google Nexus 5 running Android 4.4 KitKat are vulnerable to denial-of-service attack via Flash SMS messages; it has been revealed on Friday during DefCamp security conference in Bucharest, Romania. Bogdan Alecu, a system administrator working with Levi9 – an IT services company, performed a live test during the conference on a Nexus 4 phone running Android 4.3. Alecu showed through the test that after receiving 30 odd Flash messages, the smartphone became unresponsive. During this state the phone neither responded to screen taps nor was it able to receive any phone calls and had to be rebooted manually to get it in functional order. Flash messages are Class 0 SMS that gets displayed on phones’ screen directly without getting stored on the device. Users have the option to saving the message or dismissing it. According to Alecu, there have been instances during this tests that the phone behaves in a different manner at times and loses mobile network connectivity temporarily. The connectivity is restored in a short while with ability to place and receive phone calls, but internet connectivity is lost up until the phone is manually restarted. There are instances when the messaging app crashes and the Nexus smartphone reboots. The issue has been discovered over a year ago revealed Alecu and has been tested on all Google Galaxy Nexus smartphones running Android 4.x including the recently released Nexus 5. Alecu revealed that he has contacted Google multiple times just to receive automated response. Some one did respond that the issue will be resolved in Android 4.3, but unfortunately it still persists and has been passed onto Android 4.4 KitKat. There is no official fix for the vulnerability and till then the only workaround is an app named Class0Firewall (https://play.google.com/store/apps/details?id=com.silentservices.class0firewall&hl=en) developed by Michael Mueller, an IT security consultant from Germany in collaboration with Alecu. Source: http://www.techienews.co.uk/973439/google-nexus-5-vulnerable-denial-service-attack/

More:
Google Nexus 5 vulnerable to DDoS attack

Anonymous DDoS attack snowballs, affects several Microsoft services

Hacktivist collective Anonymous has taken credit for an attack that unintentionally affected a number of Microsoft services last week. On Monday, members of the loose-knit hacker group posted on Pastebin about how a distributed denial-of-service (DDoS) attack targeting Japanese Microsoft websites and servers had gone awry – resulting in several of the technology giant’s services going down. “A couple days ago a DDoS attack was launched at Japanese Microsoft (Domain) Websites and Servers,” according to the Anonymous post. “We are sorry to report that the Japanese Microsoft Websites and Servers did not go down as planned. Although something did go down. We took the pretty much the entire Microsoft domains down.” It appears the hackers had a motive. “The DDoS attack was launched in response to Taiji…Operation Killing Bay OR #OpKillingBay,” according to the post. Operation Killing Bay is an initiative protesting the slaughter of dolphins in the village of Taiji in Japan – a controversial topic that has gained a lot of coverage in recent years. “It’s the thought that counts right?” the hacktivists wrote, insinuating that they would strike against Taiji again. The claim explains why several people were reporting outages and disruptions of Microsoft services, including microsoft.com, outlook.com, msn.com, office365.com, Microsoft Developer Network, TechNet, SkyDrive, the Windows Store, sites hosted on Windows Azure, xbox.com and Xbox Live. Most of Microsoft’s affected services were restored quickly. Source: http://www.scmagazine.com/anonymous-ddos-attack-snowballs-affects-several-microsoft-services/article/322945/

See the original post:
Anonymous DDoS attack snowballs, affects several Microsoft services

DDos Is Hot, Planning Is Not

Distributed denial-of-service (DDoS) attacks continue to plague major corporations today, but half of organizations don’t have a plan or defense against DDoS attacks, a new survey found. Nearly 45 percent of organizations surveyed by Corero have no DDoS response plan, while some 21 percent don’t have a response team set up in the case of a DDoS attack targeting their networks. Around 60 percent say they don’t have a designated DDoS response team, and 40 percent say they don’t have a point of contact within their organizations when a DDoS hits, according to the survey of some 100 respondents. “Half of them aren’t really doing anything about DDoS. They’re just hoping nothing will happen to them, or they [will just be] putting up with inconvenience it’s causing in the meantime,” says Ashley Stephenson, CEO of Corero, which will release full data from the survey next month. Stephenson says he has seen cases where corporations had no idea that their own computing resources were being used in DDoS attacks against them. “A lot of people are not really paying attention to what’s going on, and that’s facilitating the malicious activity going on out there,” he says. More than 54 percent of the organizations surveyed say they have either an out-of-date network diagram of their infrastructures or no diagram at all. Some 66 percent don’t have statistics on network traffic patterns and traffic volume baselines to help identify when a DDoS is brewing. One of the reasons DDoS attacks have become so popular is that they are relatively inexpensive to pull off. “It’s a cheap resource being used to launch the attacks,” Stephenson says. “And the more we invest in good Internet [technology], the greater power is available for third parties to leverage it and do these attacks … [The attackers] are just cataloging all of these vulnerabilities and exploitable resources and calling on them when necessary to affect the attack.” Compromised desktop machines traditionally have been the most popular weapons for DDoSing a target, but, increasingly, attackers are deploying servers for more firepower. “That takes fewer bots but much more powerful [ones],” Stephenson says. A recent report by Dell SecureWorks revealed just how much DDoS-for-hire services cost in the cyberunderground. Those services cost only $3 to $5 per hour and $90 to $100 per day, Dell SecureWorks found. And a weeklong attack goes for $400 to $600. Source: http://www.darkreading.com/attacks-breaches/survey-ddos-is-hot-planning-is-not/240164306?utm_source=twitterfeed&utm_medium=twitter

Read this article:
DDos Is Hot, Planning Is Not

Want Cheaper Bitcoins? Hit Someone With a DDoS Attack

Two months ago, BTC-China was growing fast. It was on a blazing trajectory that would soon see it become the world’s largest Bitcoin exchange. With Bitcoin, the world’s most popular digital currency, in the midst of an tremendous upswing of its own, BTC was on the verge of hitting it very, very big. But before that, there would be the double-barreled rite of passage. First came the extortion attempt, and then the non-stop computer attacks, known as distributed denial of service (DDoS) attacks. The extortionists contacted BTC-China in mid-September. Over instant-message chats, they first said they wanted just a few hundred dollars — paid out in bitcoins, naturally — but the demands soon escalated. BTC-China CEO Bobby Lee doesn’t want to get into specifics, but he says that they claimed to have been hired by one of his competitors. He doesn’t believe this, but he thinks that other Bitcoin companies should be concerned. “The DDoS attackers are hitting more and more of us, and it’s going to be a widespread problem,” he says. Since, September, there have been dozens of these attacks on BTC-China. According to Lee, one of them used up a remarkable 100 G/bits per second in bandwidth. “They’re throwing big-time resources into these attacks,” says Marc Gaffan, co-founder of Incapsula, the company that Lee hired to protect his exchange from the criminals. “The attack on BTC-China was one of the largest ever.” Incapsula has about two-dozen clients that are involved in Bitcoin businesses, Gaffin says. A year ago, it had none. CloudFlare, another provider of DDoS protection services has seen a big jump in attacks over the past three months, says Matthew Prince, the company’s CEO. “We’re seeing daily attacks targeting Bitcoin related sites on our network, most of which are relatively small but some get to very high volumes.” Some attacks have even exceeded the 100 G/bits per second volume that hit BTC-China, he says. Yesterday, European payment processor BIPS said it had been hit with a DDoS attack, and then hacked to the tune of nearly 1,300 bitcoins, or $1 million. Last week, Bitstamp, another major Bitcoin Exchange, went offline temporarily. The company has not responded to requests for comment, but it blamed the outage on software and networking issues, not a DDoS. On most websites, hackers can steal credit card numbers or personal information, but these have to be sold somehow. When you break into a Bitcoin business and get access to digital wallets, as was the case with BIPS and an Australian company, Inputs.io, which was hit last month, you’re stealing money itself. “If a Bitcoin wallet can get compromised, then the hackers can actually steal real money and there’s no way to refund the money,” Lee says. In April, Mt. Gox got clobbered via DDoS. The point, the company speculated, was to destabilize Bitcoin, and fuel panic-selling. “?Attackers wait until the price of bitcoins reaches a certain value, sell, destabilize the exchange, wait for everybody to panic-sell their bitcoins, wait for the price to drop to a certain amount, then stop the attack and start buying as much as they can,” Mt. Gox wrote on its website. Gaffan and Lee agree that, in addition to extortion, market manipulation is likely a motive with the recent DDoS attacks too. “It’s about trying to influence the market,” Gaffan says. “We see more Bitcoin exchanges going under attack.” Source: http://www.wired.com/wiredenterprise/2013/11/ddos_bitcoin/

Read the original:
Want Cheaper Bitcoins? Hit Someone With a DDoS Attack

Bitcoin Payment Processor BIPS under DDoS Attack, Over $1m Stolen

Europe’s primary bitcoin payment processor for merchants and free online wallet service, BIPS, was the target of a major DDoS attack and subsequent theft in the past few days that saw 1,295 BTC (just over $1m on CoinDesk’s BPI) stolen. Kris Henriksen, BIPS’ CEO, said most of the missing funds were “from the company’s own holdings”. BIPS uses an algorithm, based on supply and demand, to work out the amount of bitcoins it needs to keep it in a ‘hot wallet’. The heist, however, was apparently not due to any vulnerability in the code itself. He also said merchants who had chosen to instantly convert their bitcoin to fiat currency bank accounts were not affected. Theft The Copenhagen, Denmark-based company was targeted on 15th November by a massive DDoS attack. Then on 17th November, it was followed up by a subsequent attack that disabled the site and “overloaded our managed switches and disconnected the iSCSI connection to the SAN on BIPS servers”. “Regrettably, despite several layers of protection, the attack caused vulnerability to the system, which has then enabled the attacker/s to gain access and compromise several wallets,” the company said in a written statement. BIPS believes the two attacks were connected, and at least the initial DDoS attack was “found to originate from Russia and neighboring countries”. The company moved fast to restore full merchant payment and transfer services by 19th November, but disabled all wallet functions in order to complete a full forensic analysis. Its help desk also went down for a few days, but was restored on 22nd November. Investigation Under BIPS’ privacy policy, it is not allowed to disclose users’ information to anyone, even the authorities. They will now set up a system for affected wallet users to voluntarily sign the required permission documents, to engage in a more thorough investigation with law enforcement to track down the culprits. Henriksen stressed that merchant processing “was restored very quickly, and if you had auto-convert on, there is nothing to worry about”. BIPS’ official statement on its site read: To protect the successful merchant processing business, BIPS has decided to temporarily close down its consumer wallet initiative. BIPS has been a target of a coordinated attack and subsequent security breached. Several consumer wallets have been compromised and BIPS will be contacting the affected users. As a consequence BIPS will temporarily close down the wallet initiative to focus on real-time merchant processing business which does not include storing of bitcoins. Subsequently BIPS will consider to reintroduce the wallet initiative with a re-architected security model. The consumer wallet initiative has not been BIPS’ core business and, as such, regrettably affecting several users has not affected BIPS merchant acquiring. All existing users will be asked to transfer bitcoins to other wallet solutions, and users affected by the security breach will be contacted. Restoration of merchant services did little to comfort individual wallet owners, though. On the Bitcoin Talk forum, several users voiced anger at the prospect of losing their funds, and what they saw as unclear statements from BIPS about exactly what had been stolen, from whom, and how much. One member even created a ‘bips.me potential lawsuit signup form’ for users to input their contact details and number of bitcoins missing, in an effort to prompt a negotiated solution. Though the attack and theft highlights problems that some online wallet services have faced with security, it is significant given BIPS’ comparatively large user base and prominence in the market. As well as online accounts, BIPS had also offered a paper wallet function for those wishing for a safer long-term storage solution. Source: http://www.coindesk.com/bitcoin-payment-processor-bips-attacked-1m-stolen/

Read the original:
Bitcoin Payment Processor BIPS under DDoS Attack, Over $1m Stolen

Bitstamp Suffers Banking Software Issue and DDoS Attack

Bitstamp’s website has been experiencing a number of difficulties over the past couple of days. Yesterday, the Slovenia-based company experienced problems with the banking software it uses. A statement on the company’s blog and Facebook page reads: Dear Bitstamp clients, We are currently experiencing some problems with our banking software. As a result, deposits and withdrawals may be delayed. We expect this issue to be solved be resolved tomorrow or the next day. We kindly ask our customers with pending transfers to remain patient and refrain from submitting additional support tickets on the matter. We will announce as soon as this issue gets resolved. Thank you for your understanding. Best regards, The Bitstamp team With a tweet 19 hours ago stating: Bitstamp CEO Nejc Kodri? said the issue related to the company’s transaction log: “We were missing bank transaction log from Friday. Also sending transfers out was disrupted, but it now works.” This afternoon, the site suffered a DDoS attack. The last time CoinDesk was successfully able to access price data from Bitstamp was 14:05 (GMT). The site is still experiencing problems. Kodri? said his team is “still working on this” issue. Kodri? said the site hasn’t experienced any difficulties because of increased user traffic over the past couple of days, during which the bitcoin price has increased sharply. In fact, the entrepreneur said the site experienced a record number of visits yesterday with no problems. Source: http://www.coindesk.com/bitstamp-suffers-banking-software-issue-ddos-attack/

See the article here:
Bitstamp Suffers Banking Software Issue and DDoS Attack

Radio Free Europe/Radio Liberty (RFE/RL) Targeted for DDoS attack

Radio Free Europe/Radio Liberty has been targeted in an Internet attack known as a distributed denial of service (DDoS). The attack has disrupted RFE/RL’s global multimedia news and information services intermittently since November 14. Nonetheless, its computer network was working on November 18 and broadcasts have continued normally. The attack has not prevented the public from accessing RFE/RL’s web pages. But it has slowed the ability of RFE/RL’s broadcasting services to upload fresh news stories, photographs, and video to the Internet. RFE/RL President Kevin Klose said information is still being gathered about the attack, but he confirmed that it is believed to be “targeted.” Klose said a decision was taken on November 18 to report on the attack in response to the needs of the broadcasters’ audiences, “who rely on RFE/RL reporting, and who themselves contend with countless obstacles to connect with us every day.” RFE/RL’s content-management system also supports Voice of America, Middle East Broadcasting, and the Office of Cuba Broadcasting. Those U.S. international media networks also have been adversely affected by the attacks but continue to operate. Klose described the attack as “stark evidence of the challenges that confront the free dissemination and exchange of information in this age.” A DDoS attack floods the target with fake requests that come from thousands or even millions of computers that have been compromised or infected with viruses or malware. RFE/RL experienced a more limited DDoS attack against its Belarusian language service in 2008. RFE/RL Director of Technology Luke Springer said the latest attack was discovered on November 14 when hardware for the international media organization’s computer network began receiving many times more requests than normal. At the peak of the attack, the RFE/RL network was receiving requests for data from hundreds of thousands of computers every second. Springer said that means there are probably more than 1 million malware-infected computers being directed by the attackers — most likely without the knowledge of the computer owners. Technical investigations show that nearly 80 percent of the computers sending out requests for data as part of the DDoS attack are in China and nearly 20 percent are in Russia. But Springer said those findings do not indicate who is responsible for the attack. Attempts to make technical changes that counter the attack have temporarily alleviated the problem. But Springer said the attackers also have been changing their methods, allowing them to continue disrupting services intermittently. Springer said the DDoS attack has not damaged RFE/RL’s network equipment. But he says that “filling up the Internet pipeline with so many bogus requests has caused a traffic jam.” RFE/RL is a private, nonprofit organization funded by a grant from the U.S. Congress.

Read the article:
Radio Free Europe/Radio Liberty (RFE/RL) Targeted for DDoS attack