Tag Archives: china

FBI disrupts Chinese botnet used for targeting US critical infrastructure

The FBI has disrupted the KV botnet, used by People’s Republic of China (PRC) state-sponsored hackers (aka “Volt Typhoon”) to target US-based critical infrastructure organizations. A botnet for probing critical infrastructure organizations The threat actors used the KV botnet malware to hijack hundreds of US-based, privately-owned small office/home office (SOHO) routers and to hide their hacking activity towards “US and other foreign victims”. “The Volt Typhoon malware enabled China to hide, among other things, pre-operational … More ? The post FBI disrupts Chinese botnet used for targeting US critical infrastructure appeared first on Help Net Security .

More here:
FBI disrupts Chinese botnet used for targeting US critical infrastructure

Splunk spots malware targeting Windows Server on AWS to mine Monero

RDP-enabled instances attacked, perhaps via Iran and China, then use Telegram desktop client for command and control Data analysis firm Splunk says it’s found a resurgence of the Crypto botnet – malware that attacks virtual servers running Windows Server inside Amazon Web Services.…

More:
Splunk spots malware targeting Windows Server on AWS to mine Monero

Now it is F5’s turn to reveal critical security bugs – and the Feds were quick to sound the alarm on these BIG-IP flaws

Remote code execution, denial of service, API abuse possible. Meanwhile, FBI pegs China for Exchange hacks Security and automation vendor F5 has warned of seven patch-ASAP-grade vulnerabilities in its Big-IP network security and traffic-grooming products, plus another 14 vulns worth fixing.…

More:
Now it is F5’s turn to reveal critical security bugs – and the Feds were quick to sound the alarm on these BIG-IP flaws

Get rekt: Two years in clink for game-busting DDoS brat DerpTrolling

It’s all lulz until someone goes to prison Austin Thompson, aka DerpTrolling, who came to prominence in 2013 by launching Distributed Denial of Service (DDoS) attacks against major video game companies, has been sentenced to 27 months in prison by a federal court .…

Read more here:
Get rekt: Two years in clink for game-busting DDoS brat DerpTrolling

Blame the US, not China, for the recent surge in massive cyberattacks

The internet’s new scourge is hugely damaging global attacks that harness armies of routers, cameras, and other connected gadgets—the so-called Internet of Things (IoT)—to direct floods of traffic that can take down swaths of the network. The blame so far has largely fallen on the Chinese manufacturers who churn out devices with shoddy security on the cheap. But all those devices have to be plugged in somewhere for them to used maliciously. And American consumers are increasingly the ones plugging them in. Nearly a quarter of the internet addresses behind these distributed denial-of-service, or DDoS, attacks are located in the United States, newresearch from network services firm Akamai has found. Some 180,000 US IP addresses took part in DDoS attacks in the last quarter of 2016, it found—more than four times as many as addresses originating in China. Akamai’s findings are particularly notable because the armies of hacked devices that carry out DDoS attacks—such as those controlled by the Mirai malware—don’t bother covering their tracks. That means the IP addresses are far more likely to genuinely correspond to a location within a certain country, the report’s authors write. The findings also end an era of Chinese dominance in DDoS attacks. Over the previous year, China has accounted for the highest proportion of IP addresses taking part in such attacks globally. Now the US is the clear leader, accounting for 24% of such addresses. The UK and Germany are a distant second and third. (To be clear, though, wherever the attacking devices’ IP addresses are, the person controlling them could be located anywhere.) The huge number of devices taking part in DDoS attacks in the US means regulation there, and in Europe, could stem the flood of damaging traffic. Of course, IoT regulation is a thorny issue—essentially, no US federal agency really wants to take the problem on—and there remain technical questions over how to actually go about blocking the attacks. Still, it’s a lot clearer now that simply pointing the finger at China isn’t enough. Source: https://qz.com/912419/akamai-akam-report-a-quarter-of-ddos-ip-addresses-are-now-from-the-us/

View article:
Blame the US, not China, for the recent surge in massive cyberattacks

Hong Kong securities brokers hit by cyber attacks, may face more: regulator

HONG KONG (Reuters) – Hong Kong’s securities regulator said brokers in the city had suffered cyber attacks and warned of possible further incidents across the industry. Regulators in Hong Kong have been stepping up efforts over the past year to combat the growing menace of cyber attacks on companies. A survey in November showed the average number of such attacks detected by firms in mainland China and Hong Kong grew a whopping 969 percent between 2014 and 2016. [nL4N1DU35T] In a circular to licensed firms late on Thursday, the Securities and Futures Commission (SFC) said it had been informed by the Hong Kong police that brokers had encountered so-called “distributed denial of service” (DDoS) attacks targeting their websites and received blackmails from criminals. “The DDoS attacks have caused service disruption to the brokers for a short period. It is possible that similar cyber security incidents would be observed across the securities industry,” the SFC said in the notice. Distributed denial of service (DDoS) attacks, among the most common on the Internet, involve cyber criminals using hijacked and virus-infected computers to target websites with data requests, until they are overwhelmed and unable to function. The SFC urged firms in the financial center to implement protective measures, including reviews of the IT systems and DDoS mitigation plans. Source: https://www.yahoo.com/tech/hong-kong-securities-brokers-hit-cyber-attacks-may-043353386–sector.html

See more here:
Hong Kong securities brokers hit by cyber attacks, may face more: regulator

DDOS attacks intensify in EMEA

Distributed denial-of-service (DDOS) attacks in the Europe, Middle East and Africa (EMEA) region witnessed an uptick in the last quarter and are set to intensify in 2017. This is according to a report issued by F5 Networks, which revealed data from its Security Operations Centre (SOC), highlighting the growing scale and intensity of cyber attacks in the region. DDOS attacks have been around since at least 2000. These attacks refer to a situation in which many compromised machines flood a target with requests for information. The target can’t handle the onslaught of requests, so it crashes. Consultancy firm Deloitte also expects cyber attacks to enter the terabit era in 2017, with DDOS attacks becoming larger in scale, harder to mitigate and more frequent. F5 Networks points out that in 2016 to date, it has handled and mitigated 8 536 DDOS instances. The company notes that one of the attacks featured among the largest globally – a 448Gbps user datagram protocol (UDM) and Internet control message protocol (ICMP) fragmentation flood using over 100 000 IP addresses emanating from multiple regions. It explains the incident highlights a growing trend for global co-ordination to achieve maximum impact, with IP attack traffic stemming largely from Vietnam (28%), Russia (22%), China (21%), Brazil (15%) and the US (14%). “The EMEA Security Operations Centre has been experiencing rapid growth since launching in September last year, and it is entirely driven by the explosion of attacks across the region, as well as businesses realising they need to prepare for the worst,” says Martin Walshaw, senior engineer at F5 Networks. In Q1 (October – December), the SOC experienced a 100% increase in DDOS customers, compared to the same period last year. F5 Networks says UDP fragmentations were the most commonly observed type of DDOS attack in Q1 (23% of total), followed by domain name system reflections, UDP floods (both 15%), syn floods (13%) and NTP reflections (8%). “Given the rise and variety of new DDOS techniques, it is often unclear if a business is being targeted,” Walshaw says. “This is why it is more important than ever to ensure traffic is being constantly monitored for irregularities and that organisations have the measures in place to react rapidly. “The best way forward is to deploy a multi-layered DDOS strategy that can defend applications, data and networks. This allows detection of attacks and automatic action, shifting scrubbing duties from on-premises to cloud and back when business disruption from local or external sources is imminent at both the application and network layer.” Source: http://www.itweb.co.za/index.php?option=com_content&view=article&id=158643

Read More:
DDOS attacks intensify in EMEA

2017 predictions: US isolationism, DDoS, data sharing

Without a doubt, 2016 was the year of the DDoS. The year came to a close with a major DDoS attack on DNS provider Dyn, which took down several major internet sites on the Eastern US seaboard. This attack was different – not so much in terms of its volume or its technique, but in the fact that instead of being directed at its intended target, it was targeted at network infrastructure used by the target. I think we are likely to see more DDoS attacks in 2017, both leveraging amplification attacks and direct traffic generated by the Internet of Things. However, we will also see a growing number of incidents in which not just the target experiences outages, but also the networks hosting the sources of the DDoS, as they also need to support significant outbound traffic volumes. This is likely to lead to increasing instability – until such a time as network operators start seeing DDoS as an issue they need to respond to. In this sense, the issue of DDoS is likely to increasingly self-correct over time. The other main trends and developments that I foresee for the year ahead are as follows: ? I think we are likely to see the first few cases where attribution of nation states accountable for attacks starts to backfire. Over the past few years, corporations and nation states have published a lot of theories on espionage campaigns. One issue with these incidents is the fact that often, contrary to human intelligence, the malware and tools that are used in these attacks leave the intent of the attack open to interpretation.  Was the goal to spy on the development of a country and its international relations?  Was it to steal information for economic gain?  Or was the attack intended to result in sabotage?  Those are the all-important questions that are not always easy to answer. The risk of one country inadvertently misunderstanding an attack, and taking negative action in response, is increasing. When a nation’s critical infrastructure suddenly fails, after the country has been publicly implicated in an attack, was it a counterattack or a simple failure? ? In the new policy environment being introduced by President-elect Donald Trump, there is some risk that the United States may start to withdraw from the international policy engagement that has become the norm in cyber security. This would be unfortunate. Cyber security is not purely a domestic issue for any country, and that includes the United States. Examples of great cyber security ideas hail from across the world. For instance, recent capture-the-flag competitions show that some of the best offensive cyber security talent hails from Taiwan, China and Korea. In addition, some tools such as Cyber Green, which tracks overall cyber health and makes international security measurable, originate in Japan rather than the United States. Withdrawing from international cooperation on cyber security will have a number of negative implications.  At a strategic level it is likely to lead to less trust between countries, and reduce our ability to maintain a good channel of communications when major breaches are uncovered and attributed.  At a tactical level it is likely to result in less effective technical solutions and less sharing around attacks. ? Meanwhile, across the pond, Presidential elections in France, a Federal election in Germany, and perhaps a new president taking power in Iran will all lead to more changes in the geopolitical arena. In the past, events of major importance such as these have typically brought an increase in targeted attack campaigns gathering intelligence (as widespread phishing) and exploiting these news stories to steal user credentials and distribute malware. ? Companies will become more selective about what data they decide to store on their users. Historically, the more data that was stored, the more opportunities there were for future monetisation. However, major data breaches such as we have seen at Yahoo! and OPM have highlighted that storing data can lead to costs that are quite unpredictable. Having significant data can result in your government requesting access through warrants and the equivalent of national security letters. It can also mean that you become the target of determined adversaries and nation states. We have started seeing smaller companies and services, such as Whisper Systems, move towards a model where little data is retained. Over time, my expectation is that larger online services will at least become a little bit more selective in the data they store, and their customers will increasingly expect it of them. ? We will see significant progress in the deployment of TLS in 2017. Let’s Encrypt, the free Certificate Authority, now enables anyone to enable TLS for their website at little cost. In addition, Google’s support for Certificate Transparency will make TLS significantly more secure and robust. With this increased use of encryption, though, will come additional scrutiny by governments, the academic cryptography community, and security researchers. We will see more TLS-related vulnerabilities appear throughout the year, but overall, they will get fixed and the internet will become a safer place as a result. ? I expect that 2017 will also be the year when the security community comes to terms with the fact that machine learning is now a crucial part of our toolkit. Machine learning approaches have already been a critical part of how we deal with spam and malicious software, but they have always been treated with some suspicion in the industry. This year it will become widely accepted that machine learning is a core component of most security tools and implementations. However, there is a risk here as well. As the scale of its use continues to grow, we will have less and less direct insight into the decisions our security algorithms and protocols make. As these new machine learning systems need to learn, rather than be reconfigured, we will see more false positives. This will motivate protocol implementers to “get things right” early and stay close to the specifications to avoid detection by overzealous anomaly detection tools. Source: http://www.itproportal.com/features/2017-predictions-us-isolationism-ddos-data-sharing/

Taken from:
2017 predictions: US isolationism, DDoS, data sharing

Trump must focus on cyber security

When Donald Trump takes the oath of office on Jan. 20, he’ll face an urgent and growing threat: America’s vulnerability to cyberattack. Some progress has been made in fortifying the nation’s digital defenses. But the U.S. is still alarmingly exposed as it leaps into the digital age. If the 45th president wants to make America great again, he needs to address this growing insecurity. Three areas — energy, telecommunications and finance — are especially vital and vulnerable. The government must commit itself to defending them. And it must recognize that the risks posed to all three are increasing as more and more parts of our lives are connected to the Internet. Start with energy. There is already malware prepositioned in our national power grid that could be used to create serious disruptions. It must be cleaned up. Last December, three of Ukraine’s regional power-distribution centers were hit by cyberattacks that caused blackouts affecting at least 250,000 citizens. The U.S. is just as vulnerable, because the malware used in that attack is widespread and well placed here. It would be a federal emergency if any region or city were to lose power for an extended period, and it could easily happen — taking down much of our critical infrastructure in the process. The government historically has taken steps to ensure the availability of communications in an emergency (for instance, the 911 system). It should do the same for power. In particular, Trump should direct the Federal Emergency Management Agency to use the Homeland Security Grant Program to improve cyber resilience at state and local power facilities. These efforts must be focused on removing malware and fielding better defenses, beginning with the highest-risk facilities crucial to the centers of our economic and political power. Next, protect telecommunications. The integrity our telecommunications system is essential for the free flow of goods, services, data and capital. Yet the U.S. is home to highest number of “botnets,” command-and-control servers and computers infected by ransomware in the world. Compromised computers are being used to launch paralyzing distributed denial of service (or DDoS) attacks against a wide range of companies. In October, such an attack knocked numerous popular services offline, including PayPal, Twitter, the New York Times, Spotify and Airbnb. Thousands of citizens and businesses were affected. To address this problem, the next president should start a national campaign to reduce the number of compromised computers plaguing our systems. This campaign should be managed like the Y2K program — the largely successful effort, led by the White House in tandem with the private sector, to fix a widespread computer flaw in advance of the millennium. With the same sense of urgency, the government should require that internet service providers give early warning of new infections and help their customers find and fix vulnerabilities. Just as water suppliers use chlorine to kill bacteria and add fluoride to make our teeth stronger, ISPs should be the front line of defense. Third, the U.S. must work with other countries to protect the global financial system. In recent years, financial institutions have experienced a wide range of malicious activity, ranging from DDoS attacks to breaches of their core networks, resulting in the loss of both money and personal information. In the past year, a number of breaches at major banks were caused by security weaknesses in the interbank messaging system known as SWIFT. The entire financial system is at risk until every connected institution uses better security, including tools to detect suspicious activities and hunt for the malicious software that enables our money to be silently stolen. The U.S. should work with China and Germany — the current and future leaders of the G-20 — to deploy better cyberdefenses, use payment-pattern controls to identify suspicious behavior and introduce certification requirements for third-party vendors to limit illicit activity. The Treasury Department should work with its global partners and U.S. financial institutions to set metrics and measure progress toward improving the trustworthiness and security of the financial ecosystem. All these problems, finally, may be exacerbated by the rise of the Internet of Things. As more and more devices are connected to the internet, it isn’t always clear who’s responsible for keeping them secure. Without better oversight, the Internet of Things will generate more botnets, command-and-control servers, and computers susceptible to ransomware. Flawed products will disrupt businesses, damage property and jeopardize lives. When medical devices can be subject to serious e-security flaws, and when vulnerable software in security cameras can be exploited to knock businesses off-line, government intervention is required. Manufacturers, retailers and others selling services and products with embedded digital technology must be held legally accountable for the security flaws of their wares. We need to put an end to the “patch Tuesday” approach of fixing devices after they’re widely dispersed. A better approach is an Internet Underwriters Laboratory, akin to the product-testing and certification system used for electrical appliances. Such a system could help ensure that internet-connected devices meet a minimum level of security before they’re released into the marketplace. Trump should make it clear in his first budget proposal that these four steps are vital priorities. The digital timer on our national security is ticking. Source: http://www.postandcourier.com/opinion/commentary/trump-must-focus-on-cyber-security/article_0bc1d57c-c88f-11e6-840b-13562fd923b9.html

Continued here:
Trump must focus on cyber security