Tag Archives: copyright

WordPress USED AS ZOMBIE in DDoS attacks

Tens of thousands of vulnerable WordPress sites have been co-opted into a server-based botnet being used to run DDoS attacks. More than 160,000 legitimate WordPress sites were abused to run a large HTTP-based (layer 7) distributed flood attack against a target, which called in cloud security firm Sucuri for help. Security experts discovered that the attack traffic was coming from WordPress sites with pingbacks enabled on blog posts, which is on by default. Pingbacks allow automatic backlinks to be created when other websites link to a page on a WordPress blog. The problem can be fixed by installing a simple plugin, as explained by Sucuri CTO and OSSEC Founder Daniel Cid in a blog post. “Any WordPress site with Pingback enabled (which is on by default) can be used in DDOS attacks against other sites,” Cid explains. “Note that XML-RPC is used for pingbacks, trackbacks, remote access via mobile devices and many other features you’re likely very fond of. But, it can also be heavily misused.” Sean Power, security operations manager for DOSarrest, a DDoS mitigation technology services firm, said the attack relied on exploiting vulnerabilities in old versions of WordPress. This type of issue has been known about since 2007 and the specific problem abused in the latest run of attacks was fixed more than a year ago in a WordPress core release in January 2013. “Attackers exploited a vulnerability in the core WordPress application and therefore it could be used for malicious purposes in DDoS attacks,” Power explained. “The fix for this feature was actually released in the 3.5.1 version of WordPress in January 2013 and would be picked up by most good vulnerability scanners. “This is a prime example of how users aren’t regularly performing updates to their websites, because if they were, we wouldn’t still be seeing DDoS attacks being carried out by websites taking advantage of this old flaw,” Power added. WordPress is an open source blogging platform and content management system (CMS) that’s used by millions of websites across the interwebs. Source: http://www.theregister.co.uk/2014/03/12/wordpress_vuln_creates_botnet_army/

View the original here:
WordPress USED AS ZOMBIE in DDoS attacks

MUM’s WordPress recipe blog USED AS ZOMBIE in DDoS attacks

Well, it’s statistically reasonably likely. Just update to 3.8.1, OK? Tens of thousands of vulnerable WordPress sites have been co-opted into a server-based botnet being used to run DDoS attacks.…

View post:
MUM’s WordPress recipe blog USED AS ZOMBIE in DDoS attacks

DDoS Attacks Still a Significant Threat

It’s an attack vector that’s been around ever since the Internet became a valuable business tool. Distributed Denial of Service, of DDoS, attacks are still one of the most prevalent threats facing businesses today. There are reports suggesting that DDoS attacks are on the rise and that the Internet’s DNS infrastructure – critical for the operation of the Internet – remains vulnerable and a significant target. Jag Bains, the CTO at DOSarrest Internet Security, spoke to us about DDoS attacks and what can be done to mitigate their impact. When we spoke with Michael McKinnon from AVG at the Tech Leaders forum in Queensland earlier this year, he said “So much damage is being done, for example, through spoof traffic. If most major network providers were responsible enough to stop traffic from leaving their networks that they knew were coming from IP addresses they weren’t responsible for then we would have spoof traffic on the Internet and cut down networks responsible for this kind of damage”. I asked Bains what could be done to prevent DDoS attacks from being a viable attack vector and whether there was a benefit for network operators to not block the attacks. “They’re not doing it from a revenue opportunity. One guy’s server is compromised for a few days and it flips out a huge bill. But, it’s too much of a headache [for telcos] to make it a revenue stream’” said Bains. “The big guns behind some of these attacks are occurring out of data centres that have compromised servers or hosting networks with compromised servers,” he added. Although it is possible to block spoof packets coming from a network, this would not be as straightforward as it sounds. Bains suggested that there would be significant cost. “It comes at a CPU cost to your routers. You’re dealing with high traffic volumes that might create a different type of bottleneck,” said Bains. I challenged Bains on this, noting that Moore’s Law will take this year’s bottleneck and make it insignificant in a short time. In fact, if we’d taken action like this against DDoS attacks a decade ago there would be little need to suffer these attacks. “Let’s say we did that and it might help to stem these tidal wave attacks. But that doesn’t mean DDoS would have been thwarted. One of the most interesting things in the DDoS arena is the rise of application attacks coming from legitimate sources,” he said. As well as their use to cripple companies and use as a form of ransomware – it’s not unknown for gambling operators in unregulated markets to use DDoS attacks to either cripple or ransom their competition – they can be used to manipulate financial markets. According to Bains the recent Mount Gox attack, that resulted in losses of hundreds of millions of dollars of Bitcoin, was at least partly a DDoS attack. “Hammering the exchange affected stability. Prices lowered and couldn’t come back up and they were using it to influence the peaks and troughs,” he said. “It’s a tool that’s crude in its intentions but highly effective”. Bains’ company, DOSarrest claims to have a solution. Their software can shift the traffic from a DDoS attack to a server environment that is specifically designed to deal with the attack. “All users have to do is change their DNS record to point to one of our IPs. We’re able to take the DOS attack out of hosting the network, bring it to a topology or infrastructure that is groomed specifically for that only”. What’s clear is that DDoS attacks are here to stay and that there is no silver bullet that will prevent their occurrence. However, it is possible to mitigate the damage they can do. Source: http://www.cso.com.au/article/540163/ddos_attacks_still_significant_threat/?fp=4&fpid=959105

View the original here:
DDoS Attacks Still a Significant Threat

Over 160,000 legitimate WordPress sites used for DDoS attack

Distributed Denial of Service (DDoS) attacks aren’t new and 2013 was one of the worst years when it comes to such attacks that too through the use of large botnets and / or specialised DDoS tools; however, use of legitimate WordPress blogs and sites to carry out such attacks is something that isn’t widespread, but is becoming a trend lately. According to Sucuri Research over 162,000 legitimate WordPress blogs and sites were a part of huge DDoS attacks on one of its client’s website. The attacker(s) used WordPress websites as indirect amplification vectors through a simple one line command. “Any WordPress site with XML-RPC enabled (which is on by default) can be used in DDOS attacks against other sites”, notes Sucuri CTO and OSSEC Founder Daniel Cid in a blog post. Cid explained that the DDoS attack was a large layer 7 HTTP-based distributed flood attack through which the perpetrators forced legit WordPress sites to send out thousands of requests per second to the victim’s servers. All the GET requests being sent to victim’s servers had a random value that bypassed their caching mechanism thereby forcing to load the whole page on every request, which killed the server quickly. “One attacker can use thousands of popular and clean WordPress sites to perform their DDOS attack, while being hidden in the shadows, and that all happens with a simple ping back request to the XML-RPC file” revealed Cid. Cid provides a couple of workarounds to ensure that your WordPress site isn’t DDoSing someone else’s site. First is to disable the XML-RPC (pingback) functionality from your site. This can be done by removing the xmlrpc.php or disabling the notifications in your blog’s settings. However, the thing is as soon as you upgrade your WordPress, the file come right back. Another solution is that users use some cloud based security solution or proxy site that will ensure that such misuse is prohibited. “This is a well known issue within WordPress and the core team is aware of it, it’s not something that will be patched though. In many cases this same issue is categorized as a feature, one that many plugins use, so in there lies the dilemma”, concludes Cid. Source: http://www.techienews.co.uk/977737/160000-legitimate-wordpress-sites-used-ddos/

Read this article:
Over 160,000 legitimate WordPress sites used for DDoS attack

Mt. Gox hit by massive DDoS attacks

Mt. Gox K.K., the collapsed trading platform for the bitcoin digital currency, came under so-called distributed denial of service (DDoS) attacks aimed at shutting its servers by overloading them with massive volumes of data in early February, it has been learned. Also between February and earlier this month, bitcoin exchanges in Canada and Slovenia were hit by similar attacks, indicating such cyber-attacks have been launched on a global scale. According to sources, the Tokyo-based Mt. Gox was struck by cyber-attacks aimed at stealing bitcoins beginning Feb. 7 by exploiting security shortfalls in its system. Separately, it came under major DDoS attacks, with the system accessed 150,000 times per second. The attacks mostly from servers in the United States and Europe continued for several days. The company suspended bitcoin withdrawals on Feb. 10. DDoS attacks often hijack a large number of computers with viruses. According to the sources, perpetrators often launch such attacks to steal data when a company tries to mend defects in its system. Although the DDoS attacks failed to shut down Mt. Gox’s system, subsequent attacks targeted flaws in its system, stealing a massive amount of bitcoins. In mid-February, a Slovenian bitcoin exchange temporarily suspended trading due to a system glitch caused by cyber-attacks. A Canadian bitcoin exchange announced that it has lost 896 bitcoins, the equivalent of ¥60 million, due to cyber-attacks, while another exchange reported that more than 12 percent of its bitcoin holdings was stolen. “[The attacks] are probably launched by multiple hackers who want to boast they broke into the bitcoin systems,” said Tetsutaro Uehara, a professor of information security at Ritsumeikan University. “DDoS attacks can be done without high-level hacking techniques. It is possible that copycats turned their eyes on other exchanges after weaknesses in Mt. Gox’s system were found.” One week after Mt. Gox filed for bankruptcy protection, the bitcoin community is still puzzled over what exactly caused the company to go under. What are believed to be in-house documents of Mt. Gox, including a draft detailing the purported theft, are circulating on the Internet. Around Feb. 25, before the company suspended business, English documents titled “Crisis Strategy Draft” reporting 744,408 bitcoins had been stolen were posted on the Internet. The damage was almost the same as the figure cited by the company when it collapsed. Earlier this month, a self-proclaimed Russian hacker posted audio recordings of alleged conversations between Mt. Gox Chief Executive Officer Mark Karpeles and a Japanese megabank official, who urged him to close the company’s account in the bank. According to sources, the recordings are believed to be genuine. The “Russian hacker” also posted the design chart of the Mt. Gox computer system. A ‘genuine geek’ Source: http://the-japan-news.com/news/article/0001103726

More:
Mt. Gox hit by massive DDoS attacks

26-year-old hacker responsible for massive DDoS-attacks sentenced in Russia

A man was sentenced to probation after being convicted for Distributed Denial of Service (DDoS) attacks as a result of Group-IB and the The Ministry of the Interior (MVD) collaboration work. Group-IB assisted in the investigation, collection, preservation and identification of digital evidence. The criminal business owner turned out to be a 26-year-old resident of the Sayansk-city, Irkutsk region. The reason for the investigation was an attack on a large financial corporation, which owns several banks. Since the recourse to the Group-IB up to the moment of the attacker arrest there were record-breaking short terms – all of the work was done within a month. The criminal used underground hacking forums to find clients by posting advertisements for DDoS services. Russians, citizens of  the CIS, Britons and many others ordered his services regularly. Group-IB’s evidence said a man used the Dragon botnet to launch the attacks. In autumn 2012, authorities had arrested the suspect in Sayansk, Ziminsk district. During the investigation, the accused pleaded guilty and showed detailed process of launching cyber-attacks. Group-IB computer forensic experts proved the guilt of the arrested in committing a series of cybercrimes.  A Sayansk city court judge rendered a guilty verdict against 26-year-old man for unauthorized access to computer information and was condemned to two years of conditional sentence. The Group-IB experienced experts explained that such attacks are common now as a result of unfair competition between companies. “Commercial organizations should think about DDoS protection,” said Dmitry Volkov, Head of the Group-IB Investigation Department. “However, if the incident has already occurred, the Group-IB is ready to conduct a full and independent investigation and find the attacker using forensic methods and tools.” Source: http://www.digitaljournal.com/pr/1776830#ixzz2vCwNMKJi

Continued here:
26-year-old hacker responsible for massive DDoS-attacks sentenced in Russia

Cisco patches enterprise wireless vulns

Everything from DoS to device access Cisco has issued patches and mitigation instructions for 16 of its wireless products, to take care of a number of denial of service vulnerabilities and one unauthorised access vulnerability.…

See the original article here:
Cisco patches enterprise wireless vulns

DDoS cyber attacks get bigger, smarter, more damaging

Crashing websites and overwhelming data centers, a new generation of cyber attacks is costing millions and straining the structure of the Internet. While some attackers are diehard activists, criminal gangs or nation states looking for a covert way to hit enemies, others are just teenage hackers looking for kicks. Distributed Denial of Service (DDoS) attacks have always been among the most common on the Internet, using hijacked and virus-infected computers to target websites until they can no longer cope with the scale of data requested, but recent weeks have seen a string of particularly serious attacks. On February 10, internet security firm Cloudflare says it protected one of its customers from what might be the largest DDoS documented so far. At its height, the near 400 gigabyte per second (gbps) assault was about 30 percent larger than the largest attack documented in 2013, an attempt to knock down antispam website Spamhaus, which is also protected by Cloudflare. The following day, a DDoS attack on virtual currency Bitcoin briefly took down its ability to process payments. [ID:nL2N0LG1Y8] On February 20, Internet registration firm Namecheap said it was temporarily overwhelmed by a simultaneous attack on 300 of the websites it registers, and bit.ly, which creates shortened addresses for websites like Twitter, says it was also knocked out briefly in February. In a dramatic case of extortion, social networking site Meetup.com said on Monday it was fighting a sustained battle against hackers who brought down the site for several days and were demanding $300 to stop. It would not pay, Meetup CEO Scott Heiferman told Reuters. DDoS attacks were at the heart of attacks blamed on Russian hackers against Estonia in 2007 and Georgia during its brief war with Russia in 2008. It is unclear if they played a role in the current stand-off between Moscow and Ukraine in which communications were disrupted and at least one major government website knocked out for up to 72 hours. A report this month by security firm Prolexic said attacks were up 32 percent in 2013, and a December study by the cyber-security-focused Ponemon Institute showed them now responsible for 18 percent of outages at U.S.-based data centers from just 2 percent in 2010. The average cost of a single outage was $630,000, it said. “It’s really a game of cat and mouse,” said Jag Bains, chief technology officer of Seattle-based DOSarrest, a firm that helps government and private-sector clients protect their sites. “I’d like to say we are ahead, but I just don’t think it’s true.” As well as growing in volume, he said attacks were becoming much more sophisticated in targeting the most vulnerable parts of websites, making even a small attack much more effective. The aims of attackers include extortion, political activism, providing distraction from data theft and, for “hobbyist” hackers, just testing and showcasing their skills, security experts say. Other victims in recent months have included the Federal Bureau of Investigation, Royal Bank of Scotland and several major U.S. banks, which analysts believe were targeted by Iran in response to sanctions. Iran denies the charge. HIJACKING PRINTERS, SMARTPHONES Many attacks, however, appear to be homegrown. The most popular point of origin for DDoS attacks in the last three months of 2013, Prolexic said, appeared to be the United States, followed by China, Thailand, Britain and South Korea. As well as hijacking computers, Prolexic said attackers are increasingly targeting smartphones, particularly those using Google’s Android operating system, which by the third quarter of 2013 accounted for more than 80 percent of new phones. Even wireless printers, experts say, have sometimes been co-opted into attacks, packed together in botnet groups. That, they warn, can put previously unprecedented cyber firepower in the hands of relatively unskilled hackers, who increasingly include teenagers. Last year, British police arrested a 16-year-old as part of their investigations into the attack on Spamhaus, while German police arrested an 18-year-old after a DDoS attack paralyzed the Saxony government website. DDoSarrest says some of the most recent attacks it has dealt with were on U.S. universities and largely blamed on students showing off or protesting against high tuition fees. The sheer volume of attacks means many perpetrators are never traced, and some computer security experts complain law-enforcement authorities remain reluctant to prosecute the youngest offenders. Until recently, DDoS attacks were seen less of a threat than attempts to steal customer data or intellectual property. That, however, is changing fast. SLOWING THE INTERNET Last year’s Spamhaus attack was described by some as slowing the entire global Internet, and most experts agree the largest attacks can slow access across entire regions. Cloudflare says there were anecdotal reports of slowness in Europe during the latest attack. Crashing data centers can wreak havoc with other services based there, including phone systems and vital industrial facilities. The Ponemon report showed DDoS attacks are now the third largest cause of outages after power system failure and human error, outstripping traditional causes such as weather events. Even if attacks do not succeed, the cost of mitigating them is rising fast, providing many millions of dollars of business for firms such as Cloudflare and Prolexic, taken over last month by Akamai Technologies for about $370 million. Namecheap, which aims to offer cut-price hosting for websites, said it had already spread its data centers across five countries and three continents to better handle constant attacks but was still overwhelmed by the roughly 100 Gbps incident. Attacks on that scale, Prolexic says, now occur several times a month and are now frequently so complex and fast moving that automated systems can no longer tackle them. Prolexic itself runs a permanently manned operation centre at its headquarters in Florida, allowing it to keep one step ahead and instantly move material between data centers. “It’s very hard to know what to do,” said Alexander Klimburg, a cyber security expert at the Austrian Institute for International Affairs currently on exchange at Harvard Kennedy School of Government. “The tools to do this can be purchased online incredibly cheaply, while the damage they can do and the cost of mitigating it is exponentially higher.” Source: http://www.reuters.com/article/2014/03/05/us-cyber-ddos-idUSBREA240XZ20140305

Visit link:
DDoS cyber attacks get bigger, smarter, more damaging

Why is Meetup Site Down? Hacker Attempts to Extort $300 From CEO Scott Heiferman

The Meetup site is down after a hacker attempted to extort $300 from the site’s CEO Scott Heiferman. The social networking site was the victim of a DDoS attack that was allegedly paid for by one of Meetup’s competitors. The attack began on Thursday when CEO Scott Heiferman received an email that reads: Date: Thu, Feb 27, 2014 at 10:26 AM Subject: DDoS attack, warning A competitor asked me to perform a DDoS attack on your website. I can stop the attack for $300 USD. Let me know if you are interested in my offer. As soon as Heiferman received the email, the attack began and overwhelmed Meetup’s servers. The site went down and stayed that way for nearly 24 hours. The success of the site being back up was short-lived as Meetup was hit again and again with numerous DDoS attacks over the course of the weekend. Why is Meetup Site Down? Hacker Attempts to Extort $300 From CEO Scott Heiferman – photo from Twitter Stating his reasons for not paying the hacker behind the attack, Heiferman wrote on Meetup’s blog: We chose not to pay because: 1. We made a decision not to negotiate with criminals. 2. The extortion dollar amount suggests this to be the work of amateurs, but the attack is sophisticated. We believe this lowball amount is a trick to see if we are the kind of target who would pay.  We believe if we pay, the criminals would simply demand much more. 3. Payment could make us (and all well-meaning organizations like us) a target for further extortion demands as word spreads in the criminal world. 4. We are confident we can protect Meetup from this aggressive attack, even if it will take time. As of right now, the site is still down as the Meetup team continues to secure its servers. When users attempt to log onto the site, they are met with the following error message: Over the past several days, Meetup has suffered a prolonged denial of service (DDoS) attack, resulting in intermittent service outages for our website and apps. We’re working urgently to bring Meetup back and restore full functionality. We appreciate your patience. Heiferman encourages all Meetup users to stay informed by receiving updates via Twitter, Facebook or the company’s blog. Why is Meetup Site Down? Hacker Attempts to Extort $300 From CEO Scott Heiferman. Source: http://americanlivewire.com/2014-03-03-meetup-site-down/

Taken from:
Why is Meetup Site Down? Hacker Attempts to Extort $300 From CEO Scott Heiferman