Tag Archives: ddos-attacks

Group claiming to be the Armada Collective threatens DDoS attack

Cybercriminals claiming to be the Armada Collective have sent out extortion emails threatening independent and small businesses with DDoS attacks. A group of cybercriminals which claim to be the infamous Armada Collective are threatening independent and small business websites worldwide with a huge Distributed Denial of Service (DDoS) attack, should they fail to pay the bitcoin ransoms requested by email. It is still unclear if these cybercriminals are the real deal or are just pretending to be to scare possible victims into paying a ransom to prevent a DDoS attack that could threaten their businesses. The actual Armada Collective gained infamy last year after extorting money from a number of Swiss firms, several Thai banks and even ProtonMail which provides encrypted webmail. The emails sent out to businesses around the globe inform users that their security is poor and that the group will launch a DDoS attack on their networks using the Cerber ransomware and anywhere from 10-300 Gigabytes per second (Gbps) of attack power. However, anyone who received and email from the group can prevent the attack by paying one bitcoin which is equivalent to $606. If the ransom is not paid before they attack though, the price will go up significantly to 20 bitcoins to put an end to the DDoS attacks. The group has also been kind enough to provide users who are unfamiliar with bitcoin all the information necessary on how to download a personal bitcoin wallet such as Multibit or Xapo. They are also informed on how to set up a bitcoin wallet of their choosing online. It is quite possible that the group’s email demands could be fake and any user who received the email should contact their local authorities, but under no circumstance should they pay the ransom. Source: http://www.itproportal.com/news/group-claiming-to-be-the-armada-collective-threatens-ddos-attacks/

Taken from:
Group claiming to be the Armada Collective threatens DDoS attack

“The amount of traffic, or bandwidth, that is able to be generated and used as a weapon is at an all-time high.,” said one expert.

The company measured threats faced by its customers during a roughly one-year time period, seeing a 211 percent year-over-year increase in attacks. More commonly known as DDoS attacks, they are designed to flood servers with artificial internet traffic that causes access interruption to websites or network systems. The firm largely attributed this apparent growth to the establishment of several botnet operations — which serve as a platform to automate and increase attack volume — and malicious actors’ ability to access greater bandwidth to help generate and use such weapons. Dark Web dealers are using these botnets, according to Imperva, to offer more effective cyber tools to would-be customers. “The amount of traffic, or bandwidth, that is able to be generated and used as a weapon is at an all-time high. This is likely the result of more compromised machines with higher bandwidth,” Imperva Vice President Tim Matthews told FedScoop. In short, hackers are able to launch denial of service attacks by manipulating a hosting provider to re-route IP addresses towards a preferred server. Those DDoS attacks recorded by Imperva — recorded between March 2015 and April 2016 — targeted a diverse range of clients. Even so, all of the attacks similarly aimed to disrupt each organization’s digital operations at one of two distinct levels: application or network. To be clear, an application-based DDoS effectively works to discontinue online access to a specific property, like a website or software service, rather than an entire network. Because app-based DDoS attacks are by nature less expansive, they typically leverage less traffic. In the past, DDoS-ing an entire network has presented a challenge for hackers due to the sheer artificial traffic required to pull it off. But Imperva’s new report suggests that botnets are significantly changing this dynamic; making it easier for individual operations to disrupt larger segments of the internet. Another worrisome trend in the DDoS arena, spotted by Imperva, is that when a target gets hit once, it should prepare for another wave. Data shows that 40 percent of affected targets were attacked more than once, while 16 percent were targeted more than five times. In the past, DDoS attacks have been used to distract an organization from a more malicious data breach, leading to the possible exfiltration of valuable data like customer finances and personal records. Here’s what a DDoS looks like via a data visualization by cybersecurity firm Norse : Source: http://fedscoop.com/ddos-attacks-up-211-percent-august-2016

Read the article:
“The amount of traffic, or bandwidth, that is able to be generated and used as a weapon is at an all-time high.,” said one expert.

Blizzard’s Battle.net servers hit by yet another DDoS attack

Gaming servers are a top target of DDoS assaults,’ Imperva security researcher Ofer Gayer told IBTimes UK. Developer Blizzard’s Battle.net servers were hit with yet another DDoS attack on Tuesday (23 August) resulting in latency and connection issues in some of its popular titles including Overwatch, World of Warcraft and Hearthstone. The company acknowledged the interruption on its Twitter support channels in both the US and Europe, indicating that it was not restricted to just one region. The company also said that its sites and forums were “experiencing issues” at the time in a separate tweet. The latest attack is the second such assault targeting the developer’s servers this month and the third since the launch of its popular hero-based shooter, Overwatch, in May. It also comes at the end of which ran from 2 August to 22 August in celebration of the Olympic Games in Rio. On 3 August, Blizzard’s Battle.net servers were crippled by another massive DDoS attack that caused connection, login and latency issues across some of its popular titles. The disruption also occurred on the same day Blizzard launched its Summer Games series. Hacking collective PoodleCorp claimed responsibility for the alleged attack. The same hacker group also claimed responsibility for taking down Pokémon Go’s servers in July. In June, Blizzard’s servers were hit with another alleged DDoS attack claimed by notorious hacker group Lizard Squad that prevented players from accessing their games. DDoS attacks, which are difficult to prevent and defend against, have continued to plague online companies’ networks in recent years, particularly those of major gaming companies’ servers. “Gaming servers are a top target of DDoS assaults,” Ofer Gayer, a senior security researcher at Imperva, told IBTimes UK. “They have been hit with some of the largest and longest attacks on recent record.” He added that mitigating DDoS attacks on game servers is a “particularly complex task”. “Since only gaming platforms are highly sensitive to latency and availability issues, they’re ideal DDoS attack targets,” Gayer said. “Gamers are very sensitive to the impact on latency, so what may be considered negligible for most services, can be very frustrating for the gaming community. This can be affected by multiple factors, most prominently the distribution of scrubbing locations and TTM (time to mitigate).” Imperva’s latest DDoS Threat Landscape Report found that DDoS attacks have increased by a massive 220% over the past year “with no signs of abating”. It also noted that the UK has become the second most popular target for DDoS attacks in the world. Blizzard’s official Customer Support Twitter account later confirmed that the “technical issues” they were experiencing earlier have been resolved. At the time of publication, no hacking group has claimed responsibility for the most recent alleged DDoS attack. Source: http://www.ibtimes.co.uk/blizzards-battle-net-servers-hit-by-yet-another-ddos-attack-1577793

More:
Blizzard’s Battle.net servers hit by yet another DDoS attack

Why smart companies don’t sweat the SSL stuff in DDoS defense

The average company suffers 15 DDoS attacks per year, with average attacks causing 17 hours of effective downtime, including slowdowns, denied customer access or crashes, according to a recent IDG Connect report based on a survey commissioned by A10 Networks. DDoS attacks have rapidly proliferated in terms of bandwidth (Gbps) and packets per second (pps). In the survey, 59% of organizations polled have experienced an attack over 40 Gbps. Average attack bandwidth are peaking at a staggering 30 to 40 Gbps and 77% of organizations expect multi-vector attacks, which include volumetric and application-layer attacks, to pose the greatest danger in the future. In recent years, multi-vector DDoS attacks have tunneled over encrypted SSL connections to evade cyber defenses. Some attacks have exploited the SSL protocol to cause denial of service by repeating ‘renegotiation’ in the same connection but stop short of creating a secure channel. Others flood SSL traffic over the created secure channel without being distinguished as a malicious connection. The reason is that while most organizations protect their websites and online services with SSL, many existing enterprise security products are either woefully blind to encrypted SSL traffic or debilitated when trying to decrypt and analyze it. From urgent threat to FYI notification Amid growing virtualization, cloud networking and mobility, SSL encryption requirements to protect data and secure commnuications will surge. In other words, organizations must rethink their SSL offload and SSL inspection strategies, especially in defending against DDoS attacks. The IDG Connect report shows that more than half of the organizations surveyed plan to increase DDoS prevention budgets in the next six months. “DDoS attacks are called ‘sudden death’ for good reason,” says Raj Jalan, CTO of A10 Networks. “If left unaddressed, the costs will include lost business, time-to-service restoration and a decline in customer satisfaction. The good news is our findings show that security teams are making DDoS prevention a top priority. With a better threat prevention system, they can turn an urgent business threat into an FYI-level notification.” To stop SSL at the data center perimeter, some organizations have deployed application delivery controllers (ADCs) equipped with crypto engines to help off-load SSL from servers and security appliances. Some ADCs also offer web application firewalls (WAFs) to inspect the traffic and detect attacks. To eliminate SSL blind spots in corporate defenses and enable security devices to regain their effectiveness, application networking and security leader A10 Networks introduced the Thunder SSL Insight (SSLi) standalone security product built on its SSL inspection technology and 64-bit ACOS Harmony platform. The Thunder SSLi appliances decrypt SSL traffic and offer comprehensive inspection of multiple ciphers that deliver up to 48 Gbps of SSL inspection throughput. Their high density 1 GbE, 10 GbE and 40 GbE port options fulfill the highest networking bandwidth demands. Clear and ever present security The appliances are also complemented by intelligence-driven protection policies. The A10 URL Classification Service monitors, blocks, or selectively bypasses specific websites to provide privacy for healthcare and financial Internet activity while the A10 Threat Intelligence Service blocks users from accessing known bad IP addresses. Well-known global manufacturer of consumer gadgets, Casio Computer Company, has seized the opportunity to enhance security by analyzing encrypted communications using A10 Networks’ SSL Insight technology. Having deployed the A10 Thunder ADCs to provide its employees smooth cloud access, Casio seeks the ability to differentiate between personal use and work-related cloud-bound traffic, according to Koji Kawade of Casio Information Systems Co Ltd’s User Support Group. A10 Networks’ ADCs are equipped with SSL acceleration hardware that provides near-parity performance to handle 4096-bit keys at high-quality production levels, providing highly scalable flow distribution and DDoS protection capabilities.. The A10 Thunder TPS Series, for example, leverages SSL security processors to detect and mitigate SSL-based attacks, such as the POODLE vulnerability, and offers a mitigation throughput capacity ranging from 10 Gbps to 1.2 Tbps (in a list synchronization cluster) to deal with the largest multi-vector DDoS attacks effectively. Clearly, A10 ADCs will continue ramping up L4 and L7 connections per second and SSL performance benchmarks to meet increasing performance and security needs against greater multi-vector DDoS attacks. Source: http://www.networksasia.net/article/why-smart-companies-dont-sweat-ssl-stuff-ddos-defense.1471880795

Continued here:
Why smart companies don’t sweat the SSL stuff in DDoS defense

DDoS attacks on the rise in Asia Pacific

The Asia Pacific region experienced 34,000 distributed denial of service (DDoS) attacks in the second quarter of 2016, according to Nexusguard’s Q2 2016 Threat Report – Asia-Pacific. The figure represents a 43 percent increase from the previous quarter. Even though Network Time Protocol (NTP) attacks dominated the type of attacks in the region (90 percent), such attacks were less common in other parts of the world (46 percent). The report also found that attack durations were longer in the Asia Pacific region as compared to global incidents, which is likely due to many scripted attack tools with set duration values. China remains as one of the top three target countries in the region. According to Nexusguard, a Chinese target was hit 41 times over the course of about a month of constant attacks. Nexusguard researchers attributed these attacks to the malware the victim had hosted over the last two years. The largest increase was observed in Hong Kong, accounting for a 57 percent rise in attacks. With hackers are experimenting with new attack methodologies, and events happening in the Asia Pacific region, Nexusguard researchers expect to see a spike in DDoS attacks in the third quarter of this year. “We expect the upward trend in the frequency of attacks to continue this year, especially with more attention on the Summer Olympics [in Brazil] and political dispute in the APAC region,” said Terrence Gareau, Chief Scientist at Nexusguard. “And as Pokémon Go gradually launches across the Asian market, Nexusguard analysts expect attack groups will launch more public attacks. This activity increases visibility and positioning as DDoS-for-hire services, the popularity of which we noted from the consistent time durations this quarter,” he added. Source: http://www.mis-asia.com/resource/security/ddos-attacks-on-the-rise-in-asia-pacific/

More:
DDoS attacks on the rise in Asia Pacific

Cybersecurity: Financial Institutions Fret over DDoS Attacks

Financial institutions, especially the banks, are getting more worried about the increasing rate of a new cyber attack called Distributed Denial of Service (DDoS), that has caused huge financial losses running into billions of naira to banks. Financial institutions expressed worries about further loss of funds to DDoS attacks at a security forum organised by MainOne and Radware in Lagos this week and called for technology solutions that would address the threat. During a panel session, Head, Infrastructure Services at Skye Bank, Mr. Tagbo Nnoli, said banks suffered major attacks last year from DDoS attacks on banks and that since then, the banks started seeking solutions to address the issue. Aside DDoS attacks, Nnoli said banks also suffered attacks from phishing and social engineering last year, resulting to huge financial losses. Head, Industry Security Services, Nigeria Inter-Bank Settlement System (NIBBS), Mr. Olufemi Fadairo, who confirmed that banks suffered huge financial losses to cyber attacks last year, however said the rate of losses due to online attacks, were beginning to reduce in 2016, following proactive measures taken by the Central Bank of Nigeria (CBN) and the NIBSS to address financial losses to cyber attacks. According to Fadairo, “NIBSS tries to protect organisations and in the past five years, there has been improvement on financial security. We do benchmarking to find out any disruption of a normal pattern of an organisation. By January 2016, we discussed about DDoS attacks on banks where 63 per cent of banks said such attacks would increase, if not mitigated on time.” Following the threat, we decided to focus on data companies like MainOne that provides data solution for the financial sector, Fadairo said. The Chief Information Security Officer at MainOne, Mr. Chidi Iwe, however raised the hopes of financial institutions at the forum, when he revealed that MainOne had partnered RadWare, a global security company to mitigate DDoS attacks in the country’s financial sector, by redirecting organisation’s traffic to the MainOne DDoS mitigation platform, from where it keeps organisation data fully protected at all times and maintaining the normal operations of organisations on-premises infrastructure. He said the service could detect and mitigate zero-day attack within 18 seconds. According to Iwe, over 50 per cent of enterprise companies globally, suffered DDoS attacks at the end of 2015, and Nigerian businesses are growing in recent yeas and the focus of attacks is gradually shifting to the Nigerian space. Although he said most attacks were not reported publicly in the past, but that there has been over 600 per cent growth in reporting attacks in Nigeria in recent times, based on CBN regulation. Two weeks ago, there was DDoS Attacks in Nigeria. Attacks have caused organisations over $500 billion in recent years, and DDoS attacks are predicted to be on the rise, Iwe said. He however assured financial institutions that the security solution service agreement it signed with Radware in 2016, would address insecurity issues with DDoS attacks. MainOne solution therefore monitors DDoS attacks and create alert for the company using the solution, he said, while listing the benefits of the solution to include online reporting, which allows customers to log online to find out what the trends are. The MainOne solution also offers training for customers in partnership with Radware to boost customer experience. He said capital expenditure CAPEX and operational expenditure OPEX, are completely eliminated by the solution. The Security Solution Architect at Radware, Mr. Eran Danino, while explaining how DDoS operates, said it first attacks firewalls, destroys it before replicating itself into other components. He said most organisations are not ready to mitigate DDoS attack because they either have saturated internet pipes, or they lack the security skills to detect and mitigate attacks. “What we do at Radware is to mitigate the attacks, just as the attackers change their attacking plans regularly,” Danino said. He explained that there was need for organisations to choose the best protection and draw up a checklist to find out the assets that must be protected first. He said Radware uses two approaches to mitigate DDoS attacks, through hybrid solution and full cloud service solution by protecting data from the cloud. Source: http://www.thisdaylive.com/index.php/2016/08/04/cybersecurity-financial-institutions-fret-over-ddos-attacks/

Read the original:
Cybersecurity: Financial Institutions Fret over DDoS Attacks

GTA 5 Outage: Why Grand Theft Auto V Was Not Working

PSN was also attacked Poodlecorp launched a Distributed Denial of Service (DDoS) attack on Rockstar Games’ GTA 5 servers to take the game down. This resulted in players being unable to play the online elements of the game with others. The attack lasted for a few hours before service was restored. The hack of GTA 5 resulted in online elements from every version of the game not working. Those that tried to play during this time were met with error messages. Poodlecorp took to social media to claim responsibility for the hack and said more was in store for gamers on Sony Corp (ADR)’s (NYSE: SNE ) PlayStation Network, reports Daily Star . Poodlecorp claimed it was able to cause small outages in the PlayStation Network for PS3 and PS4 users on Thursday morning. However, this doesn’t seem to be all it has planned. It claims that this was only a test before it launches a larger attack. Poodlecorp hasn’t announced plans for any other attacks outside of GTA 5 and the PlayStation Network. While the Grand Theft Auto V servers are back up, there’s a possibility they could go down again throughout the day. The same is also true for the PlayStation Network. One of Poodlecorp’s members recently claimed in an interview that its ranks includes previous members of hacker group Lizard Squad. The group also took responsibility for an attack on Nintendo Co., Ltd (ADR)’s (OTCMKTS: NTDOY ) Pokemon Go servers late last month, Express notes. Source: http://investorplace.com/2016/08/gta-5-outage-grand-theft-auto-v-rockstar-games-poodlecorp/#.V6OhaWWgPzI

Excerpt from:
GTA 5 Outage: Why Grand Theft Auto V Was Not Working

DDoS attacks increase by over 80 percent

In the second quarter of this year DDoS attacks increased by 83 percent to more than 182,900, according to the latest threat report from security solutions company Nexusguard. The report shows that Russia has become the number one victim country. Starlink — a Russian ISP supporting small, medium and large enterprises — received more than 40 percent of the DDoS attacks measured over a two-day period. This targeted DNS attack also pushed the mean average DDoS duration to hours instead of minutes, as measured in the previous quarter. Nexusguard’s researchers attributed this increase to nationalist hactivists organizing a targeted attack to take out Russian businesses, rather than outbreaks driven by popular DDoS-for-hire activity. As a result, they advise businesses to safeguard their infrastructures and check service provider security to ensure continuity for their web presence. The United States and China continue to hold spots in the top three target countries. Brazil remains in the top 10, as well, but saw its attacks decline by more than half. Nexusguard also recorded increases in other attack varieties, including routing information protocol (RIP) and multicast domain name system (mDNS) threats. Hackers are experimenting with new attack methodologies, and with the upcoming Olympics in Brazil and political tensions around the world, researchers predict these factors will contribute to a DDoS spike in Q3. “We were surprised to see an increase in DDoS attacks this quarter, especially as hackers experiment with ransomware, phishing schemes and other data-grabbing methods for monetary gain,” says Terrence Gareau, chief scientist at Nexusguard. “Organizations can expect cyberattacks to continue growing in frequency this year, especially with more attention on the Summer Olympics and the November election season in the US. The results from this quarter also show how important it is to not only protect your website, but also to plan for new payloads and attacks on your infrastructure”. Source: http://betanews.com/2016/07/27/ddos-attacks-increase-by-over-80-percent/

Docker Cloud under fire after DDoS attacks slam DNS, knacker websites

Container biz blames downtime on traffic flood Websites running on the Docker Cloud hosted container management and deployment service were taken down by an apparent DNS outage on Monday. Reg readers and Docker Cloud support forum members complained today that their services were down or suffering intermittent outages with little explanation from Docker. One angry user got in touch with us to lambast the San Francisco startup’s customer support. “The DNS service has now been intermittently online and offline for over a day. All this from a company supposedly worth millions,” he said. “We’ve got a thread ongoing in the forums but we’ve had limited response from Docker staff. For nearly three hours the status page said everything was fine.” On the message board, ziontech, with 20 sites running on Docker Cloud, wrote: “All my dockerapp.io endpoints have gone down, DNS resolution is failing, is there an issue with these right now?” Docker was criticized for relying on users to keep each other updated on its systems’ operations. Docker Cloud is the Docker hosting service from Tutum, which Docker bought in October 2015. The purchase price was not disclosed. The Reg has asked Docker for comment and will update this piece with any response. We note that the Docker system status page was updated to read: “We have identified an unusual high load on our DNS servers that is causing some lookups to fail. We are scaling up and investigating the source of the traffic.” ® Updated to add A spokesman for Docker has been in touch to say its DNS infrastructure was flooded offline with junk traffic, resulting in outages for customers: Docker Cloud did experience an outage yesterday due to two Distributed Denial of Service attacks on the DNS. Service was restored yesterday and things are completely back to normal. Docker provided updates via the forums within an hour after the outage was discovered, which was as soon as possible based on the information they had, and continued doing so throughout the day. They also continuously updated the status at status.docker.com. Docker has taken corrective measures to ensure this situation does not occur in the future, and, most importantly, has taken steps to ensure that user applications will not be affected in the event that Docker Cloud experiences another outage. Source: http://www.theregister.co.uk/2016/07/19/docker_cloud_dns_outage/

More here:
Docker Cloud under fire after DDoS attacks slam DNS, knacker websites

68 gov’t websites attacked

Several Philippine government websites have been subjected to various forms of cyberattacks following the release of the ruling on the arbitration case filed by the Philippines against China. The STAR learned yesterday that at least 68 websites have been subjected to attacks, which included attempts of hacking and defacement, slowdowns and distributed denial of service attacks. Among those at the receiving end were agencies such as the Department of National Defense, the Philippine Coast Guard, Department of Foreign Affairs, Department of Health, the Presidential Management Staff and the gov.ph domain registry website. The website of the Bangko Sentral ng Pilipinas was also subjected to a supposed hacking, although authorities were able to immediately foil it. The websites of these agencies were all accessible yesterday. The source of the attacks has yet to be determined, although initial investigation supposedly pointed to an entity supposedly operating from the Netherlands. The Permanent Court of Arbitration (PCA) that issued the ruling on the Philippine case is based in The Hague in the Netherlands. The Information and Communications Technology Office, the precursor of the newly created Department of Information and Communications Technology, has yet to respond to request for comment regarding the cyberattacks. The Department of Science and Technology earlier provided additional protection to Philippine government websites amid repeated incidents of defacements and denial of service attacks. PCA website hacking Earlier, a cyber-security company reported that the PCA website was infected with a malware by “someone from China” in July 2015. Citing information from ThreatConnect Inc., Bloomberg Business reported the attack happened in the midst of the week-long hearing on the jurisdiction of the arbitration case filed by Manila against Beijing over the territorial dispute in the South China Sea. Gaelle Chevalier, a case manager at the PCA, told Bloomberg that they “have no information about the cause of the problems.” Source: http://www.philstar.com/headlines/2016/07/16/1603250/68-govt-websites-attacked

Read the article:
68 gov’t websites attacked