Code sharing site GitHub has been fending off large distributed denial of service (DDoS) attacks for two days now, with the site repeatedly taken offline. The attacks started at around 8pm yesterday, when a “large scale DDoS attack” hit. It didn’t last long as GitHub was back online less than an hour later. GitHub downed by DDoSers again But today problems emerged again. From 10.30am, another DDoS has taken GitHub down. “We’re doing everything we can to restore normal service as soon as possible,” a GitHub spokesperson told TechWeekEurope . GitHub has been keeping users updated on its status page. “We’re simultaneously working on deflecting the attack and restoring affected services,” read a post at 11.17am. “We’re working to re-establish connectivity after the attack disrupted our primary internet transit links,” another post from 11.48am read. The site was functioning at 12pm today, but there was no update on the status page. The site has been battered by DDoS attacks throughout this year. In August, a “very large” strike was reported and it was hit twice in two days in March. Source: http://www.techweekeurope.co.uk/news/github-ddos-attacks-128704
Tag Archives: copyright
WordPress Site Hacks Continue
WordPress installations sporting known vulnerabilities continue to be compromised by hackers and turned into distributed denial of service (DDoS) launch pads. That warning was sounded last week after IT professional Steven Veldkamp shared an intrusion prevention system (IPS) log with Hacker News , which found that a single 26-second DDoS attack against a site run by Veldkamp was launched from 569 different WordPress blogs. Those blogs appear to have been compromised by attackers, since they comprised everything from a “mercury science and policy” blog at the Massachusetts Institute of Technology (which as of press time remained offline) and a National Endowment for the Arts blog to WordPress sites run by Pennsylvania State University and Stevens Institute of Technology. “The key aspect to note here is the number of compromised WordPress servers,” said Stephen Gates, chief security evangelist at DDoS defense firm Corero Network Security, via email. “It’s a simple mathematical equation — attackers are looking to infect servers sitting in hosting environments with each server easily capable of generating 1 Gbps of attack traffic. It is quite easy to generate extremely high volumes and varieties of attack traffic by compromising just a few WordPress servers.” Once WordPress servers get compromised, attackers can use them for a variety of purposes, such as attacking U.S. financial institutions. “From volumetric attacks that melt down firewalls to the ‘low and slow attacks’ that sneak through firewalls undetected — the list is really endless,” Gates said. WordPress blogs, of course, are easy to provision and host. But that ease of installation — and use — means that such software is often run outside the purview of IT provisioning and oversight. Furthermore, many WordPress administrators fail to keep their software updated or follow security best practices, such as choosing unique usernames and strong passwords for WordPress admin accounts. As a result, numerous WordPress sites sporting known vulnerabilities — or “admin” as the admin account name — remain sitting ducks for automated attacks. Indeed, malware is often used to automatically find and exploit vulnerable WordPress installations. In August, Matthew Bing, an Arbor Security Engineering & Response Team (ASERT) research analyst, noted that the Fort Disco malware — first discovered in April 2013 — was being used to target known vulnerabilities in content management systems, backed by six command-and-control servers that were running a botnet comprised of more than 25,000 Windows PCs. “To date, over 6,000 Joomla, WordPress and Datalife Engine installations have been the victims of password guessing,” he said in a blog post. How widespread is the problem of exploitable WordPress software? According to a study conducted by EnableSecurity CEO Sandro Gauci, the list of the one million most trafficked websites — per the Alexa index — includes 40,000 WordPress sites. But 70% of those sites are running a version of WordPress with known vulnerabilities. Those statistics were relayed last week by WordPress security expert Robert Abela, who studied data that EnableSecurity’s Gauci compiled over a four-day period in the middle of September, immediately following the September 11 release of WordPress 3.6.1, which remains the latest version. In a blog post, Abela reported that of the 42,106 WordPress sites from the Alexa index identified, 19% had already been updated to the new version, while 31% of sites were still running the previous version (3.6). But the remaining 51% of cataloged WordPress sites ran one of 72 other versions, with 2% of all cataloged sites still running version 2.x, which dates from 2007 and earlier. Needless to say, many historical WordPress updates have included patches for exploitable vulnerabilities. For example, the latest version of WordPress — 3.6.1 — patched a known vulnerability in version 3.6 that would have allowed an attacker to remotely execute code. Previous versions of WordPress have also sported a number of known bugs, including version 3.5.1 (8 vulnerabilities), 3.4.2 (12 vulnerabilities) and 3.3.1 (24 vulnerabilities). All of this adds up to numerous WordPress sites that can be relatively easily hacked, based on a review of the top 10 most-seen versions of WordPress seen among the more than 40,000 counted by Gauci. “At least 30,823 WordPress websites out of 42,106 are vulnerable to exploitable vulnerabilities,” said Abela. “This means that 73.2% of the most popular WordPress installations are vulnerable to vulnerabilities which can be detected using free automated tools. Considering the number of vulnerable WordPress installations out there, and the popularity of such websites, we are still surprised … most of them haven’t been hacked yet.” Source: http://www.informationweek.com/security/attacks/wordpress-site-hacks-continue/240162060
Read More:
WordPress Site Hacks Continue
The latest on major DDoS and phishing attacks, and more
An analyst has confirmed that several, unnamed financial institutions have suffered losses in the “millions” owing to distributed denial-of-service (DDoS) attacks. According to Avivah Litan , VP and distinguished analyst at research firm Gartner , three U.S. banks were hit by short-lived DDoS attacks in recent months after fraudsters targeted a wire payment switch, a central wire system at banks, to transfer funds. » A phishing attack enabled hackers to modify the DNS records for several domains of media sites, including those run by The New York Times , Twitter and the Huffington Post U.K. Investigations revealed that the companies were not even the ones targeted by the attackers, who claimed to be the Syrian Electronic Army , a band of pro-Assad hacktivists responsible for a number of IT takedowns in recent months. In order to commandeer the major media sites, intruders compromised a reseller account that had access to the IT systems of Melbourne IT , an Australian registrar, and targeted an employee using an emailed spear phishing ruse. » The PCI Security Standards Council gave merchants a first look at changes to its credit card data and payment application security guidelines that could be introduced later this year. In mid-August, the council released the “3.0 Change Highlights” document, a preview to the updated PCI Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA DSS), which are set to be published Nov. 7. Expected changes in version 3.0 include a new requirement that merchants draw up a current diagram showing how cardholder data flows through organizations’ systems, and added guidance on protecting point-of-sale (POS) terminals from attacks, as well as educational explanations of why the 12 core security requirements have been included in the standard. » Saboteurs have introduced a rare breed of banking trojan capable of infecting Linux users. The malware, called Hand of Thief, is being sold on Russian underground forums and will soon offer a “full-blown” suite of malicious features, making it comparable to other major, commercially available financial malware, RSA researchers discovered. Hand of Thief’s price tag could reach $3,000 once criminals add a suite of web injections to its existing form grabber and backdoor infection vectors. » Around 14,000 former and present employees at the U.S. Department of Energy (DOE) had their personally identifiable information (PII) accessed by an unauthorized party who gained access to the agency’s network. The breach, which may have happened in late July, did not impact classified data, the DOE revealed. But, the incident could mean that sensitive data linkable to an individual was exposed. » In late August, the National Institute of Standards and Technology (NIST) released a preliminary draft framework in support of President Obama ‘s executive order, “Improving Critical Infrastructure Cybersecurity.” Earlier in August, NIST also released revisions to two of its security-related manuals, the first amendments since NIST released them in 2005, reflecting evolving malware threats and the trend of organizations using automated patch management. » Errata : Our apologies to Steve Lee , who we quoted in an insider threats story in August, for erroneously placing the office of his company, Steve Lee and Associates, in Texas, rather than Los Angeles. Source: http://www.scmagazine.com/news-briefs-the-latest-on-major-ddos-and-phishing-attacks-and-more/article/311635/
See more here:
The latest on major DDoS and phishing attacks, and more
Schoolboy arrested over Spamhaus DDoS, world’s biggest cyber attack
In March 2013, a distributed denial of service (DDoS) attack of unprecedented ferocity was launched against the servers of Spamhaus, an international non-profit dedicated to battling spam. A DDoS is an attack wherein the servers of a targeted online service are slowed to a crawl with loads of pointless email or file uploads that clog up their processing ability. The March Spamhaus attack peaked at 300 gigabits per second, Spamhaus CEO Steve Linford told the BBC at the time – the largest ever recorded, with enough force to cause worldwide disruption of the internet. In April, one suspect was arrested in Spain. Now, it’s come to light, another suspect was also secretly arrested in April – this one being a London schoolboy. The 16-year-old was arrested as part of an international dragnet against a suspected organised crime gang, reports the London Evening Standard. Detectives from the National Cyber Crime Unit detained the unnamed teenager at his home in southwest London. The newspaper quotes a briefing document on the British investigation, codenamed Operation Rashlike, about the arrest: The suspect was found with his computer systems open and logged on to various virtual systems and forums. The subject has a significant amount of money flowing through his bank account. Financial investigators are in the process of restraining monies. Officers seized his computers and mobile devices. The boy’s arrest, by detectives from the National Cyber Crime Unit, followed an international police operation against those suspected of carrying out the massive cyber attack, which slowed down the internet worldwide. The briefing document says that the DDoS affected services that included the London Internet Exchange. The boy has been released on bail until later this year, the London Evening Standard reports. The arrest follows close on the heels of two other London-based arrests resulting from international cyber-policing: Last week’s arrest of eight men in connection with a £1.3 million ($2.08 million) bank heist carried out with a remote-control device they had the brass to plug into a Barclays branch computer, and The arrest of 12 men in connection with a scheme to boobytrap computers at Santander, one of the UK’s largest banks, by rigging the same type of remote-control device found in Barclays – devices that enable remote bank robbery. Truly, the UK isn’t fooling around when it comes to cybercrime – a fact it’s making clear with the robust work of the National Cyber Crime Unit, which itself will soon be rolled into the even more cybercrime-comprehensive arms of the National Crime Agency. The National Crime Agency, due to launch 7 October, is going to comprise a number of distinct divisions: Organised Crime, Border Policing, Economic Crime, and the Child Exploitation and Online Protection Centre, on top of also housing the National Cyber Crime Unit. If the recent arrests are any indication, it would seem that the UK’s on the right track with cyber crime. May cyber crooks, both the seasoned and the schoolboys, take heed. Source: http://nakedsecurity.sophos.com/2013/09/27/schoolboy-arrested-over-spamhaus-ddos-worlds-biggest-cyber-attack/
See the article here:
Schoolboy arrested over Spamhaus DDoS, world’s biggest cyber attack
Distributed Denial-of-Service Attacks and Midsize Firms
A distributed denial-of-service (DDoS) attack occurs every two minutes, and the number of victims that suffered from more than one attack has risen substantially, according to a new report released by security firm NSFOCUS in SecurityWeek. These attacks are not just high profile any longer, and that is a wake-up call to midsize firms, which are a key target for hackers for many reasons. DDoS Too Often NSFOCUS’s research found that 1.29 DDoS attacks strike somewhere online every two minutes. More than 90 percent of the attacks last less than half an hour. NSFOCUS ascertained that attacks generally remained short and did not go past the rate of 50 Mbps. The number of victims suffering more than one DDoS attack went up 30 percent in just a year, rising to 70 percent. Victims who suffered from only one attack went down from 51 percent last year to 31 percent this year. Interestingly, the study found that hacktivism was the key driver behind more than 91 percent of attacks. Also, online gaming communities and financial services are often targets. What Fuels It The survey also found that a lack of sufficient security, including poor passwords, has fueled the success of DDoS attacks. IT professionals at midsize firms have DDoS attacks on their radar screens since reports in the past few years have shown that the attacks are not just for high-profile purposes. Easily executed attacks that can do the most damage are ideal for today’s cybercriminals; that means midsize firms are at risk. Midsize firms are constantly concerned about having sufficient resources, personnel, money and time to remain competitive, so security must be a top priority for IT professionals, and those who work with third-party data centers should inquire what kind of DDoS protection is provided. Those that manage their own data centers must take the right precautions against botnets and application-layer DDoS attacks on the premises of the network. Also, by working with trusted and experienced security vendors, midsize firms can bring their own security to the next level. When all is said and done, firewalls no longer provide enough protection. A Worthy Investment Distributed denial-of-service attacks are growing, and midsize companies are falling victim. Cybercriminals know that they can successfully hit a lot of growing firms at once and make easy money. They know that some midsize firms do not take security seriously because it might be too costly or time-consuming to consider. In the end, the unprepared midsize firm loses resources, time and money to the costly consequences of a DDoS attack. IT professionals must prioritize security to maintain their company’s competitive edge. Source: http://midsizeinsider.com/en-us/article/distributed-denial-of-service-attacks-an
Originally posted here:
Distributed Denial-of-Service Attacks and Midsize Firms
London schoolboy secretly arrested over ‘world’s biggest cyber attack’
A London schoolboy has been secretly arrested over the “world’s biggest cyber attack” as part of an international swoop against a suspected organised crime gang. The 16-year-old was detained by detectives at his home in south-west London after “significant sums of money” were found to be “flowing through his bank account”. He was also logged on to what officials say were “various virtual systems and forums” and had his computers and mobiles seized as officers worked through the night to secure potential evidence. The boy’s arrest, by detectives from the National Cyber Crime Unit, followed an international police operation against those suspected of carrying out a cyber attack so large that it slowed down the internet. The “distributed denial of service” or “DDoS” attack was directed at the Dutch anti-spam group Spamhaus which patrols the web to stop prolific spammers filling inboxes with adverts for counterfeit Viagra, bogus weight-loss pills and other illegal products. Details of the arrest, which happened in April, had been kept secret, but have been disclosed to the Evening Standard ahead of the formation of the Government’s new National Crime Agency. It will take over the National Cyber Crime Unit as part of a drive against offending carried out over the internet, now seen as one of the most serious crime-fighting challenges. More than half of the 4,000 officers who will form the new agency next month will be trained in combating cyber crime. The arrest of the London schoolboy, whose identity has not been disclosed, came during a series of coordinated raids with international police forces. Others detained included a 35-year-old Dutchman living in Spain. A briefing document seen by this newspaper on the British investigation, codenamed Operation Rashlike, states that the attack was the “largest DDoS attack ever seen” and that it had a “worldwide impact” on internet exchanges. The document says services affected included the London Internet Exchange and that although the impact was eventually “mitigated” it managed to cause “worldwide disruption of the functionality” of the internet. Giving details of the schoolboy’s alleged involvement, the briefing note states: “The suspect was found with his computer systems open and logged on to various virtual systems and forums. The subject has a significant amount of money flowing through his bank account. Financial investigators are in the process of restraining monies.” The boy has been released on bail until later this year. The disclosure of his arrest follows two cyber attacks on banks. Four men have appeared in court over the first, involving an alleged plot to take over Santander computers by fitting a device during maintenance work. Another eight were arrested over a £1.3?million theft by a gang who took control of a Barclays computer. Meanwhile, security minister James Brokenshire said the creation National Crime Agency would bolster efforts to combat organised criminals operating on the internet and ensure that “cyber gangsters” were left with no hiding place. “The new National Crime Agency’s Cyber Crime Unit will pursue the organised crime gangs behind the online crimes that blight people’s lives and cost the economy millions,” he added. Source: http://www.standard.co.uk/news/crime/london-schoolboy-secretly-arrested-over-worlds-biggest-cyber-attack-8840766.html
Continue reading here:
London schoolboy secretly arrested over ‘world’s biggest cyber attack’
Telstra to DNS-block botnet C&Cs with unknown blacklist
What could possibly go wrong other than a C&C net sharing your colo barn’s IP address? Telstra is preparing to get proactive with malware, announcing that it will be implementing a DNS-based blocker to prevent customer systems from contact known command-and-control servers.…
Taken from:
Telstra to DNS-block botnet C&Cs with unknown blacklist
DDoS: The Need for Updated Defenses Lessons Learned from a Year of Attacks Against Banks
In the wake of a year of attacks waged against banking institutions by Izz ad-Din al-Qassam Cyber Fighters, the FS-ISAC’s Bill Nelson and the ABA’s Doug Johnson say the need to regularly update DDoS preparedness is a critical lesson learned. As the one-year anniversary of the start of the hacktivists’ distributed-denial-of-service attacks against U.S. banks approaches, banks need to avoid complacency and leverage new mitigation tools to ensure protection against any DDoS attack from any group, the two experts say. By taking advantage of cyber-intelligence and DDoS mitigation toolkits provided by the Financial Services Information Sharing and Analysis Center and others, banking institutions of all sizes can help prevent online outages and mimimize risk for fraud , says Nelson, who heads the FS-ISAC in the U.S. FS-ISAC’s DDoS toolkit, which has been updated three times in the last year, is available to all institutions, not just FS-ISAC members. “We’ve worked to get this out to associations and third-party banking service providers, which really have a very important role as far as DDoS,” Nelson says in an interview with Information Security Media Group. “The Web hosting environment can impact numerous institutions.” A DDoS preparedness plan should address hardware security risks, ensure sufficient bandwidth and outline collaboration with third-party service providers, Nelson says. “Setting up in advance, not just waiting to see your name on a Pastebin post, is critical,” he says. Johnson, who oversees risk management for the American Bankers Association, says institutions have to band together to ensure they have the right plans in place. “It does take that village to ensure the institutions are asking the right questions,” he says. “The threat environment is substantially different than it was before these attacks.” Beyond al-Qassam On Sept. 18, 2012, Izz ad-Din al-Qassam Cyber Fighters announced the launch of its first wave of attacks against U.S. institutions to protest a movie trailer deemed offensive to Muslims. These attacks have forever changed the way the online world approaches DDoS, Nelson says. “When we realized this DDoS attack was different … we realized quickly that we needed to stand up and create an incident response team,” he says. “The reaction was really effective, and it proved how effective information sharing could be.” But Johnson says one lesson the industry has learned over the last year is that DDoS is not just about hacktivism, and banking institutions need to be concerned about attacks from any number of players. “It’s about the broad number of DDoS attacks that the industry is suffering [attacks] from a variety of parties,” he says. For community banks, the greatest concern is not online disruption, but the threat of DDoS attacks being waged to mask fraud, Johnson says. Source: http://www.bankinfosecurity.com/interviews/ddos-need-for-updated-defenses-i-2059
Read the original:
DDoS: The Need for Updated Defenses Lessons Learned from a Year of Attacks Against Banks
Threat of the Week: Sept. 11 Quiet But DDoS On The Rise (Again)
September 11 came, it went and despite the FBI warning to credit unions to be ready for a bump in hostile activities on that anniversary date, multiple experts said they saw absolutely no traffic increase. But they also had worrisome news: There has been a sharp rise in low-grade Distributed Denial of Service (DDoS) attacks aimed at financial institutions, often in association with attempted fraud, but sometimes apparently simply an angry act by a rejected loan applicant or a terminated employee. First, the 9/11 news: “Nothing unusual happened on September 11. The reason there is nothing to report is that the volume is the same as the day before,” said Ashley Stephenson, CEO of Corero, a Hudson, Mass.-based DDoS mitigation firm. “Every day there are attacks.” Chris Novak of the Verizon Risk Team said likewise: “We saw no spike in activity on 9/11.” Rich Bolstridge, a DDoS expert with Cambridge, Mass-based network traffic firm Akamai, made it three: “We saw no increase in activity on September 11. We had expected to see activity. But it was very quiet.” The big DDoS guns fired by al Qassam and other actors usually said to be connected to nation states in the Middle East may not have been out on 9/11, but the bad news is the jump in low-grade attacks that may be small compared to the giant attacks unleashed by al Qassam are plenty large enough to knock an unprepared credit union off line and, said the experts, most credit unions remain unprepared to adequately deflect DDoS assaults of just about any magnitude. “We are surprised how naive CUs are about DDoS,” said Kirk Drake, CEO of Hagerstown, Md.-based CUSO Ongoing Operations. “They don’t realize how easy it has become for just about anyone to aim DDoS at a target.” That is the rub, Terrence Gareau, principal research scientist for DDoS mitigation firm Prolexic in Hollywood, Fla., explained: “There is a very low barrier to entry for DDoS. We are talking $5 that will buy you 600 seconds of DDoS.” That may only be 10 minutes, but the plunger who can come up with $50 could put a credit union down for an afternoon. A chilling factoid via a report from Santa Clara, Calif.-based NSFOCUS, a DDoS mitigation firm: “Based on traffic analysis, there are 1.29 DDoS attacks occurring worldwide every two minutes, on average.” The company added, “Most attacks are short and small. The report found that 93.2% of DDoS attacks were less than 30 minutes in duration and 80.1% did not surpass a traffic rate of 50 Mbps.” By contrast, the data throughput in al Qassam attacks has sometimes exceeded 45 Gbps, meaning it is vastly larger. Van Abernethy, an NSFOCUS spokesperson, elaborated, “The main news – the press focuses on the big DDoS – but the reality is that unreported DDoS goes on all the time. There are a lot of small attacks.” And then it gets worse still: “Small attacks are often accompanied by data exfiltration attempts, especially at financial institutions,” said Abernethy. Verizon’s Novak agreed: “We are seeing where DDoS is used to distract a medium-size financial institution. While they are busy fighting off the DDoS. they don’t see that terabytes of data just walked out the door. That’s scary.” A similar warning was issued a few weeks ago by respected Gartner analyst Avivah Litan who said she knew of three instances where DDoS was used to distract financial institution security as fraud was committed. She declined to offer specific details. At CUNA Mutual, risk expert Ken Otsuka said that in the past year one loss associated with a DDoS attack had been filed. He also offered no specifics. Add it up, however, and the situation is grim. DDoS as a service – available for hire by those with a grudge or with criminal intent – is increasingly available, it is cheap, and at least some providers happily accept Bitcoin, the virtual currency with some anonymity built in. Importantly, just about no technical skill is required, just a few dollars and a willingness to name a target. On the credit union front, the sense among experts is that the largest institutions – perhaps the top 25 or 50 – may have credible DDoS mitigation tools in place. As for the many thousands of others, the collective opinion is that probably most are unprotected. That could paint an attractive bull’s-eye for crooks. “There’s a trend where we see attacks going down market,” said Novak, “where the criminals are attacking smaller financial institutions because they don’t have the same defenses as the big banks.” Source: http://www.cutimes.com/2013/09/13/threat-of-the-week-sept-11-quiet-but-ddos-on-the-r
Read the article:
Threat of the Week: Sept. 11 Quiet But DDoS On The Rise (Again)
9/11 DDoS Alert for Banks, Agencies
U.S. and Israeli government agencies and banking institutions should be on alert for a potential Sept. 11 wave of distributed-denial-of-service attacks launched by the same groups behind the unsuccessful Operation USA and Operation Israel attacks in May. That warning comes from cybersecurity experts and alerts issued by the Federal Bureau of Investigation and the Financial Services Information Sharing and Analysis Center. While OpUSA and OpIsrael, which were designed to take down websites operated by globally recognized brands and governmental agencies, were not successful, cybersecurity experts say the threat this time is genuine. The groups behind these attacks are now more organized, better equipped and trained, and more determined than they were the first time around, they say. The FBI, however, notes that the attacks are not expected to have a serious or significant impact. “It is thought that due to the fact that hackers will be relying on commercial tools to exploit known vulnerabilities, and not developing custom tools or exploits, that the skill levels are, at best rudimentary, and capable of causing only temporary disruptions of any of the targeted organizations,” the FBI alert states. Attack Alerts On Aug. 5, the FS-ISAC issued a warning to its membership about a new wave of DDoS attacks that could target U.S. banks. David Floreen, senior vice president of the Massachusetts Bankers Association , says the FBI, which issued a separate alert on Aug. 30, and the FS-ISAC asked banking associations to spread the word about the possibility of attacks. “The attacks are expected to occur in two phases,” notes the FBI alert. “Phase I will take place over a period of 10 days and target several commercial and government sites with DDoS attacks. … “Phase II is scheduled to take place on September 11, with a more widespread attack threatened, along with Web defacements.” The FBI recommends organizations: Implement data backup and recovery plans; Outline DDoS mitigation strategies; Scan and monitor e-mail attachments for malicious links or code; and Mirror and maintain images of critical systems files The FBI did not release its alert to the public, an FBI spokeswoman acknowledges. But in an effort to get the word out, the Massachusetts Bankers Association posted the FBI and FS-ISAC warnings on its site, Floreen says. The FS-ISAC alert names top-tier banks that are likely to be targeted during an upcoming attack. The list of potential attack targets includes the same 133 U.S. banking institutions named in the April 24 Anonymous post that appeared on Pastebin during the first OpUSA campaign, says financial fraud expert Al Pascual, an analyst with consultancy Javelin Strategy & Research. The FS-ISAC alert does not reference OpIsrael, but experts say OpUSA and OpIsrael are connected. Planning Attacks Gary Warner, a cyberthreat researcher at the University of Alabama at Birmingham who also works for the anti- phishing and anti- malware firm Malcovery, claims the hacktivist groups’ main focus, for now, is Israel. If attacks against Israeli targets are successful, then U.S. targets will be next, he warns. Since June, two hacktivist groups, AnonGhost and Mauritanian Attacker, have been building plans for OpIsrael Reborn, according to Warner’s research. So far, these groups have not been linked to new attacks planned for a sequel to OpUSA, Warner says. Both groups, however, were involved in OpIsrael and OpUSA, he notes. “As part of our process of watching the phishers who create counterfeit bank websites, we track where many of those criminals hang out and what sorts of things they are discussing,” he says. “We became aware of OpIsrael Reborn while reviewing posts made by criminals who have been phishing U.S. banks and Internet companies.” Announcements for the new campaign began Sept. 2. But more posts were added on Facebook and in underground forums within the last week to recruit additional attackers, he says. “AnonGhost and Mauritanian Attacker have taken the time to build a strong coalition of hackers,” Warner says. “In that June release, there were no dates, no members and no targets announced.” Since that time, attackers have honed their targets, and they claim to have already compromised several government and banking sites in Israel, he says. On Sept. 11, they plan to publish information they’ve compromised from during those attacks, Warner adds. “They claim [on YouTube ] they are going to begin publishing the internal government documents of Israel,” he says. “The video also makes reference to the recent FBI claim that they have dismantled Anonymous.” Attackers are uniting this time out of anger over those claims made by the FBI as well as recent attacks waged against Islamic businesses believed to be backed by an Israeli hacktivist group, Warner explains. So why is this wave of attacks being taken more seriously than the first OpIsrael? The sheer number of attackers, their tools and the way the hacktivist groups have been building momentum through social networking sites such as Facebook has raised serious concern, Warner says. “They’ve been gathering tools since June 9, and training attackers on how do SQL and DDoS attacks,” he says. “It’s a SANS-quality training for hackers, and they’re prepping for wiping Israel off the [online] map.” On Sept. 9, two Israeli government websites were successfully taken offline for a period of time, Warner adds. “We did not see that success in OpIsrael or OpUSA,” he says. “If they pull this thing off against Israel, they will keep hitting others,” he says. No Attack Link to Al-Qassam Experts, including Warner, say Izz ad-Din al-Qassam Cyber Fighters , the self-proclaimed hacktivist group that’s been targeting U.S. banks since September 2012, does not appear to be involved in these most recent campaigns. And although U.S. banking institutions have built up strong online defenses over the last year to mitigate cyber-threats such as DDoS attacks, other sectors are far less prepared, Javelin’s Pascual says. “The lack of success that Izz ad-Din al-Qassam achieved during the fourth round of DDoS attacks was indicative of how well fortified U.S. banks have become,” Pascual says. But Rodney Joffe , senior technologist at DDoS-mitigation provider Neustar, says security professionals should be concerned that other attackers have learned lessons from al-Qassam’s strikes. “I don’t believe there is any connection between OpUSA and AQCF [al-Qassam Cyber Fighters],” he says. “However, the reason I think it is more worrying this time is because, as I have said over and over, the underground learned a lot of groundbreaking lessons from AQCF. … And this time around, they may be more successful.” Source: http://www.bankinfosecurity.com/911-ddos-alert-for-banks-agencies-a-6054
See the article here:
9/11 DDoS Alert for Banks, Agencies