Tag Archives: ddos-attacks

Carphone Warehouse hackers used DDoS attack as smokescreen

Hackers bombarded Carphone Warehouse with online traffic as a smokescreen while they stole the personal and banking details of 2.4 million people, according to sources with knowledge of the incident. The retailer revealed at the weekend that its security had been breached in a “sophisticated” attack. It is now thought that criminals used a cyber attack technique known as Distributed Denial of Service (DDoS) as a cover to help them infiltrate the retailer’s systems and perpetrate one of Britain’s biggest ever data thefts. To mount a DDoS attack, a global network of hijacked computers, known as a botnet, is used to bombard the target computers with traffic, overloading them and potentially forcing them offline. The ensuing technical problems can serve as a distraction for security staff, allowing hackers to exploit software vulnerabilities or stolen administrator credentials to break into systems and extract data undetected. A source with knowledge of the attack on Carphone said its online retail systems had come under bombardment before the major data theft was noticed on Wednesday last week. The millions affected are customers of OneStopPhoneShop.com , e2save.com and Mobiles.co.uk , as well as Carphone and its own mobile operator, iD Mobile. The systems broken into also held data for Talk Mobile and TalkTalk Mobile, the retailer said. Victims were advised to ask their bank to be on the lookout for suspicious activity, although on Monday there were no verified reports of fraud using the stolen data, sources said. Hackers who steal personal data often sell it in bulk on digital black markets to other criminals who seek to use it to commit fraud. According to internet security experts, criminals are increasingly using DDoS attacks to disguise their intrusions. In the most famous case, in 2011, Sony’s PlayStation Network, an online gaming service, was shut down for weeks after the personal and financial details of 77 million customers were stolen. The chief of the PlayStation division told the US Congress that a simultaneous bombardment of traffic against the network “may have made it more difficult to detect this intrusion quickly”. Subsequent examples of DDoS smokescreens include a 2012 attack on a bank during which card date was stolen and $9m drained from accounts via cash machines around the world. A warning that online bombardment can be a “diversionary tactic” for fraudsters is now part of official cyber security advice to US banks. Carphone Warehouse, which is contacting customers affected and co-operating with police and the Information Commissioner’s Office, declined to comment. Source: http://www.telegraph.co.uk/finance/newsbysector/epic/cpw/11794521/Carphone-Warehouse-hackers-used-traffic-bombardment-smokescreen.html

See the original post:
Carphone Warehouse hackers used DDoS attack as smokescreen

DDoS attacks rage on, primarily impacting U.S. and Chinese entities

Organizations in the U.S. and China should be especially aware of distributed denial-of-service (DDoS) attacks, as more than half of them in Q2 of this year were aimed at the two countries. Kaspersky Lab’s “DDoS Intelligence Report Q2 2015” found that from April until the end of June this year, DDoS attacks impacted 79 countries, with most, 77 percent, affecting only 10 countries. In addition to China and the U.S., South Korea, Canada, Russia and France accounted for a large portion of attacks. The cybersecurity company defined a single attack as an incident during which there was “no break in botnet activity lasting longer than 24 hours.” If the same entity was attacked by the same botnet but with a 24 hour gap in activity, the two incidents would be considered separat e. The longest attack recorded during this past quarter lasted 205 hours, or eight and a half days. The peak number of attacks clocked in at 1,960 on May 7, and the low, at 73 attacks, occurred on June 25. The popularity of these attacks stems from the ease with which they can be arranged, said Andrey Pozhogin, senior product marketing manager at Kaspersky Lab North America, in emailed comments to SCMagazine.com. “Today, it is much easier to launch a DDoS attack,” he wrote. “Suddenly, you don’t have to be an expert in the field – all the power and potential damage is available to you with a few clicks. It’s also relatively cheap to commission a DDoS attack.” He noted that some online services charge as little as $50 for an attack that can cause serious damage to a company’s reputation, as well as financial losses. An average DDoS attack can range in cost to a company, depending on its size, anywhere from $52,000 to $444,000, Pozhogin said. As far as days of the week to be attacked, Sunday was the most popular day, accounting for 16.6 percent of them, and Tuesday was the least popular with 12.1 percent. Even as companies attempt to beef up their protection, it’s nearly impossible to stay ahead of the attackers and their tools. “As long as a company continues to focus on its core business it will not be able to match the resources poured into bypassing outdated protection and staying ahead of the attackers,” Pozhogin said. That said, cybersecurity firms’ technology can assist in keeping attackers at bay and enterprises’ sites running, he reminded. Source: http://www.scmagazine.com/kaspersky-lab-releases-q2-ddos-report/article/431034/

View article:
DDoS attacks rage on, primarily impacting U.S. and Chinese entities

DDoS Attack Temporarily Shuts Down International ‘DOTA 2? Tournament

The International DOTA 2 tournament is underway, but a reported DDoS attack forced Valve to suspend the matches for several hours. The tournament has had several Internet-related problems since it began, but commentators confirmed that a DDoS attack was indeed to blame for today’s outage. It’s a funny thing that even an official Valve tournament, with all the top players in the world on the same stage, still needs to deal with all the same outage problems that average gamers have to deal with all the time. There is no LAN mode for DOTA 2. We’ve contacted Valve for comment and will respond with any update. The matches are up and running again. A DDoS is a rudimentary form of hack where people overwhelm a given server with a gigantic number of false requests, rendering it unable to respond. DDoS attacks and other Internet tomfoolery are a an unfortunate side effect of video games in general: virtual vandals have a habit of knocking down everything from smaller PC games to PSN and Xbox Live. Video games have an outsize presence amongst the young and internet-savvy, making them an ideal, if monumentally annoying, target for coordinated groups and lone actors alike. The international DOTA 2 tournament carries with it a record $18 million prize purse, raised through crowd-funding and in game purchases. It’s a landmark purse for eSports, carrying with it the sort of legitimacy that only outsize rewards for obsessive skill can provide. You can watch the proceedings below on the live Youtube stream, though Valve also provides a newcomers stream with explanation and commentary for people who don’t know the ins and outs of the game. It’s complicated, no doubt, but then again, so is football. Source: http://www.forbes.com/sites/davidthier/2015/08/04/ddos-attack-temporarily-shuts-down-international-dota-2-tournament/

Curriculum Protests: DDoS attacks launched on official, pan-blue Web sites

In what it said was support for the ongoing curriculum protests, hacker group Anonymous Asia yesterday launched a third wave of distributed denial of service (DDoS) attacks against the Web sites of two political parties and a government ministry. The Web sites of the New Party, Chinese Nationalist Party (KMT), the KMT Taipei branch office and the Ministry of Economic Affairs were attacked for more than an hour. According to reports by Storm Media Group, Anonymous launched its first wave of DDoS attacks under the name “Anonymous #Op Taiwan” on Friday last week by locking down the Presidential Office and Ministry of Education Web sites for five hours. A notice released by the group said: “We are everywhere and nowhere. Taiwan’s police are not exempt [from our attacks], and all police must take responsibility for this incident. We cannot permit the use of violence or pepper spray on peacefully demonstrating people. When you hurt the Taiwanese people, revenge will be sought. We cannot forget, support us and the corrupt officials will be afraid of us. Taiwan’s government, expect us.” On Sunday, the group launched a second wave of DDoS attacks against the Ministry of Education, the Ministry of National Defense, the National Academy of Educational Research and CtiTV, a television station generally sympathetic toward the KMT, the report said. In a Facebook post on Sunday, New Party Chairperson Yok Mu-ming (???) said the DDoS attacks were serious national security concerns. “Do we not see China as our enemy and try to prevent Beijing hacking our Web sites? What I’m seeing now is like the opening salvoes of a Taiwanese civil war,” Yok said. Yok called on the public to put pressure on the Presidential Office and National Security Bureau to look into the attacks and find out who was behind them. “We must know if the motives are against curriculum changes or if there are other ulterior motives,” he said. Shortly after Yok’s Facebook post the New Party Web site was hacked. Anonymous Asia said on Facebook: “Yok Mu-ming, are you looking for us? Here we come.” Anonymous Asia is a loose coalition of hackers and Internet activists. The group describes itself as “an internet gathering” with “a very loose and decentralized command structure that operates on ideas rather than directives” and has been known for high-profile public DDoS attacks on government, religious, and corporate Web sites. Source: http://www.taipeitimes.com/News/taiwan/archives/2015/08/04/2003624588

More here:
Curriculum Protests: DDoS attacks launched on official, pan-blue Web sites

DDoS Attacks Take Down RBS, Ulster Bank, and Natwest Online Systems

The Royal Bank of Scotland group of banks suffered nearly a fifty minute outage to their on-line banking systems today as a result of a Distributed Denial of Service Attack. The banks affected included, Royal Bank of Scotland (RBS), NatWest, and Ulster Bank. A spokesperson from NatWest said in a statement “The issues that some customers experienced accessing on-line banking this morning was due to a surge in internet traffic deliberately directed at the website. At no time was there any risk to customers. Customers experienced issues for around 50 minutes and this has now been resolved.” It is interesting to see this attack impact banks in the UK just days after an FBI agent in an interview with MarketWatch said that more than a 100 financial companies in the US received threats relating to DDoS attacks since April of this year. These threats were usually accompanied by an extortion demand looking for money to be paid, usually in the form of BitCoins, to prevent the attack from happening. There were no additional details given as to how many of those financial companies actually suffered the threatened DDoS attacks, paid the ransom and had no attacks, paid the ransom but still become victims of the DDoS attack, or indeed simply ignored the demand and had no further interaction with those behind the threats. In May of this year, the Swiss Governmental Computer Emergency Response Team (GovCERT.ch) issued a warning relating to an increase in DDoS extortion attacks attributed to a group called DDB4C. GovCERT.ch highlight that the gang had previously operated against targets in other regions but were now targeting organisations in Europe. GovCERT.ch explained that the attacks by these groups are typically amplification attacks abusing the NTP, SSDP or DNS protocols. The Akamai blog also has more details on this gang and how they conduct their attacks. The threat from DDoS extortion attacks have been around since companies started doing business on-line. But as can be seen from the attacks against RBS, NatWest, and Ulster Bank, and the warnings from GovCERT.ch and the FBI, these attacks are coming back into vogue again. So if your organisation is faced with a DDoS extortion threat what should you do? Here are some steps to consider; Do not ignore the threat. It is possible it may be a bluff but it may also be a genuine threat. So inform your Incident Response Team so they can prepare in the event the attack materialises. Make sure your anti-DDoS protection mechanisms are able to cope threatened load. If you do not have any anti-DDoS systems in place contact your ISP, hosting provider, or security services reseller to discuss your options with them. Contact your Data Centres and ISPs to make them aware of the threats and allow them to prepare for any possible attacks. It would also be wise to ensure your Incident Response Team has direct contact with those of your providers. Do report the threat to the appropriate law enforcement agency. While they may not be able to directly assist with the threat or any eventual attacks, the information you provide could help law enforcement build and share intelligence with other law enforcement groups with the goal to eventually arrest those behind the threats. It may be wise to examine your business continuity plan to determine if you can invoke this plan in the event an attack materialises so that you can continue to provide services to your clients. It is also incumbent on anyone of us responsible for hosting internet facing services that these services are configured securely so they don’t facilitate criminals to use them in amplification, or indeed any other, attacks against other companies. It is interesting to note that this is not the first time that RBS has been targeted by DDoS attacks. In December 2013 its on-line systems were unavailable for up to 12 hours as a result of a DDoS attack. This came after the RBS group of banks suffered a major outage to their payment systems in 2012 resulting in the banks being unable to process customer payments for a number of days and led to the group being fined STG£56 million by UK regulatory authorities for the “unacceptable” computer failure. Speaking in December 2013 about the 2012 outage the RBS CEO, Mr Ross McEwan, admitted there had been a significant under investment in IT in the bank. Mr McEwan, said “For decades, RBS failed to invest properly in its systems. We need to put our customers’ needs at the centre of all we do. It will take time, but we are investing heavily in building IT systems our customers can rely on.” After today it looks like RBS will need to ensure it continues to invest in the technology and people required to keep its systems and data secure. Source: http://www.itnews.com/security/95340/ddos-attacks-take-down-rbs-ulster-bank-and-natwest-online-systems?page=0,1

Read this article:
DDoS Attacks Take Down RBS, Ulster Bank, and Natwest Online Systems

FBI Warns of Increase in DDoS Extortion Scams

Online scammers constantly are looking for new ways to reach into the pockets of potential victims, and the FBI says it is seeing an increase in the number of companies being targeted by scammers threatening to launch DDoS attacks if they don’t pay a ransom. The scam is a variation on a theme, the familiar ploy of either holding a victim’s data for ransom or threatening some kind of attack if a ransom isn’t paid. Ransomware gangs have been running rampant in recent years, using various kinds of malware to encrypt victims’ data and then demand a payment, usually in Bitcoin, for the encryption key. The scam that the FBI is warning about isn’t as intrusive as that, but it can be just as damaging. The attackers in these cases are emailing people inside organizations and demanding that they pay a ransom or face a DDoS attack. “Victims that do not pay the ransom receive a subsequent threatening e-mail claiming that the ransom will significantly increase if the victim fails to pay within the time frame given. Some businesses reported implementing DDoS mitigation services as a precaution,” an alert from the FBI says. The FBI says that it believes there are several people involved in these scams and they anticipate that they will expand the number of industries that they’re targeting in the near future. Organizations that haven’t paid the ransom have in some cases been hit with the threatened DDoS attacks, but the FBI said they typically don’t last very long. “Businesses that experienced a DDoS attack reported the attacks consisted primarily of Simple Discovery Protocol (SSDP) and Network Time Protocol (NTP) reflection/amplification attacks, with an occasional SYN-flood and, more recently, WordPress XML-RPC reflection/amplification attack. The attacks typically lasted one to two hours, with 30 to 35 gigabytes as the physical limit,” the FBI alert says. There have been high-profile incidents like this in the recent past. Basecamp, a project management console, was hit with such an attack in 2014 when attackers tried to blackmail they company and then hit it with a DDoS attack. Source: https://threatpost.com/fbi-warns-of-increase-in-ddos-extortion-scams/114092#sthash.2CvEua2m.dpuf

See the original article here:
FBI Warns of Increase in DDoS Extortion Scams

Planned Parenthood websites downed in DDoS attack

Planned Parenthood websites have gone down and are, according to the main page, undergoing maintenance. In a statement emailed to SCMagazine.com on Thursday, Dawn Laguens, executive VP of Planned Parenthood, said that the Planned Parenthood websites were the target of a DDoS attack. “Today, the Planned Parenthood websites experienced a wide scale distributed denial-of-service (DDoS) attack, a hacker tactic to overwhelm websites with massive amounts of traffic to block any legitimate traffic from getting in,” Laguens said. The websites were back online shortly after the attack, but are scheduled to remain down throughout Thursday for security purposes, Laguens said, adding that during this time visitors are being redirected to the organization’s Facebook pages. Following reports that politically motivated attackers released website databases, Planned Parenthood announced on Monday that it is investigating possible unauthorized access to its systems. Source: http://www.scmagazine.com/planned-parenthood-websites-downed-in-ddos-attack/article/429563/

Taken from:
Planned Parenthood websites downed in DDoS attack

Anonymous says it hacked Canada’s security secrets in retaliation for police shooting of B.C. activist

Hackers with Anonymous say they breached supposedly secure Canadian government computers and accessed high-level, classified national security documents as retaliation for last week’s fatal shooting by the RCMP of a protester in British Columbia. To support their claim, members of Anonymous provided the National Post with a document that appears to be legitimate Treasury Board of Canada notes on federal cabinet funding to fix flaws in the foreign stations of the Canadian Security Intelligence Service (CSIS). The Post has not independently been able to verify the authenticity of the document, marked with a security classification of “Secret.” Anonymous activists say they will disseminate sensitive documents if the officer who shot James McIntyre in Dawson Creek, B.C., is not arrested by Monday at 5 p.m., Pacific time. That threat has also been made on social media and a government source confirms authorities are aware of the threat. Activists say McIntyre was a member of Anonymous. When he was shot he appeared to be wearing a Guy Fawkes mask, often worn by supporters of the global hacktivist collective. Anonymous says it has several secret files. “We do have other documents and files. We are not going to speak to quantity, date of their release, manner of their release, or their topic matter at this time,” a spokesperson for a coterie of Anonymous told the Post in an interview conducted through encrypted communications. “This will be an ongoing operation with expected surprise as a critical element.” Government computers were breached in stages, over several months, the Anonymous spokesperson said, including during the Distributed Denial of Service (DDoS) attacks last weekend, organized in protest of the shooting. (DDoS is when multiple hijacked computers tie up the resources of a web site so the public cannot access it.) After the DDoS attacks, Public Safety Minister Steven Blaney told reporters that no personal information or government secrets were compromised. Jeremy Laurin, a spokesman for the minister, could say little about the veracity of the document or its response to the threat by Friday evening. “We are monitoring the situation closely,” said Laurin. “Our government takes cyber security seriously and operates on the advice of security experts.” The government has promised $235 million funding for a cyber-security ?strategy designed to defend against electronic threats, hacking and cyber espionage, he said. On Wednesday the minister said $142 million of that is to enhance security at several agencies, including the RCMP and CSIS. A well-placed government source said, “There has not been a hack of CSIS,” but was unable to say if other departments could make the same claim. Anonymous says the minister is incorrect in his assessment of recent cyberattacks. “In fact, part of what we were doing at that point were final penetration tests, not just for the Canadian government, but also with how the media would respond to Anonymous attacks,” the Anon spokesperson said. This purported hack is far different and more serious than the previous stream of aggressive online activity over the shooting that targeted police web sites and British Columbia’s hydro electric industry, both considered soft targets. If the Anonymous claim is accurate, it suggests a deeper penetration of a higher echelon of government computer containing far more sensitive information. The document provided to the Post outlines a meeting dated Feb. 6, 2014, regarding progress in upgrading cyber security at CSIS, Canada’s spy agency, to be monitored by the Communications Security Establishment Canada, two of Canada’s most secretive organizations. The paper discusses cabinet approval of millions of dollars to “extend the Service’s (CSIS’s) secure corporate network environment to its foreign stations.” The project was over budget, the document says, “due largely to increased information security requirements to address recent unlawful disclosures of classified material (i.e. Delisle, Snowden).” Jeffrey Delisle is a former Canadian naval officer who sold military secrets to Russia until his arrest in 2012. Edward Snowden is a former U.S. National Security Agency analyst who leaked classified documents revealing large-scale global surveillance in 2013. The document from Anonymous says the current CSIS system uses “inefficient and labour intensive data-processing and analysis systems to process and report intelligence information obtained at it foreign stations … These outdated processes result in delays that impact the Service’s operational effectiveness and jeopardizes the security of its personnel.” The new system was tested at two foreign stations and is expanding to CSIS’s 25 foreign stations, the document says. The sample document was provided to the Post with some elements redacted because the hackers were unsure what the markings mean and are concerned it could identify which machine or machines may have been compromised, the Anon spokesperson said. Source: http://news.nationalpost.com/news/canada/anonymous-says-it-hacked-canadas-security-secrets-in-retaliation-for-police-shooting-of-b-c-activist

Follow this link:
Anonymous says it hacked Canada’s security secrets in retaliation for police shooting of B.C. activist

NJ Casino’s DDoS Attack Still Under Investigation

On July 2, a cyber attack was coordinated against several New Jersey-based gambling websites and continued throughout the July 4th holiday weekend. At least four online casinos were affected and experience downtime, and we placed on alert as the State Division of Gaming Enforcement commenced their investigation. Although this is the first time the country had seen an attack on online gaming websites, it isn’t the first time that hackers have targeted casinos. Back in 2014, Sands Casino in Las Vegas had experienced an IT catastrophe that led to the shutdown of PCS and servers, wiping many of their hard drives clean. Bloomberg Business writers Ben Elgin and Michael Riley explained that this wasn’t an Ocean’s Eleven heist; someone had a personal vendetta against the company, specifically CEO and majority owner Sheldon Adelson. Frank Cilluffo, director of George Washington University’s Center for Cyber and Homeland Security, later disclosed that they believe this digital conflict was perpetrated by Iran. Many feared that this was the beginning of a cyber war, as the nation’s enemies discovered a way to injure American companies to the point that it would incite a government response. Surprisingly, Sands had managed to keep most of the details of the incident under wraps for almost a year. At the time, it was the biggest strike on US corporate infrastructure, prior to the Sony Pictures Entertainment hack from last November. Fast forward to this year’s July 4th weekend, David Rebuck of the State Division of Gaming Enforcement Director confirms that there was a Distributed Denial of Service (DDOS) attack, where the 30-minute downtime occurred due to the hackers flooding the sites with data, rendering the them inoperative. Atlantic City’s Bill Hughes Jr., head of Cybersecurity of law firm Cooper Levenson, compares the attack to a traffic gridlock, where “the parkway becomes a parking lot.” The hackers threatened to launch a more powerful attack within 24 hours and revealed they would sustain this breach unless the casino operators paid a ransom to be paid in bitcoins, an internet currency that has proven popular with online criminals even though it does have its legitimate uses. Luckily, no further attacks were reported to the State Division of Gaming Enforcement. While gambling was legalized in Atlantic City in 1976 according to information portal Mayfair Casinos, online casinos had only been legal since 2013 which makes this strike rather sudden. Sudden, maybe, but not random. Rebuck tells NJ.com that they have an idea of who was behind this hacking incident, saying that this individual is a known actor and has a history of this types of attacks. Rebuck did not divulge any more details of the perpetrator, along with the websites impacted and amount paid in ransom. Despite the occurrences in the past year, University of Nevada’s Center for Gaming Research Director David Schwartz says that American online casinos are still not a major target for hackers, unlike gaming sites hosted on servers outside of the country which usually have a demand for ransom. Source: http://www.casinoscamreport.com/2015/07/22/nj-casinos-cyber-attack-still-under-investigation/

Read the original:
NJ Casino’s DDoS Attack Still Under Investigation

Bitcoin Extortion Campaigns Expanding DDoS Attacks to a Wider Array of Business Sectors

Recent FBI investigations and open source reporting reveal that extortion campaigns conducted via e-mails threatening Distributed Denial of Service (DDoS) attacks continue to expand targets from unregulated activities, such as illegal gaming activity, to now include legitimate business operations. The increase in scope has resulted in additional attacks with Bitcoin ransom amounts trending upwards as well. First identified approximately one year ago, Bitcoin extortion campaigns originally focused on targets unlikely to contact law enforcement for assistance. In early April 2015, the extortion campaigns began regularly contacting legitimate businesses operating in the private sector. In a typical scenario, a short-term DDoS attack is conducted on a victim’s web site lasting for approximately one hour. The DDoS is followed by an e-mail containing an extortion demand for payment via Bitcoin. If the victim has not paid the demanded payment, there is usually a second, more powerful DDoS attack within 24 hours, which lasts for an additional hour. This is followed by a second e-mail warning and extortion demand with an increased price. In most cases, victim companies have successfully mitigated the attack using third party DDoS mitigating services rather than paying the ransom. Technical Details The first DDoS attack is usually delivered prior to the sending of a ransom demand at 20-40 Gigabytes per second (Gbps) with a duration of approximately one hour. After the initial DDoS attack, an extortion e-mail is sent to the victim introducing the attacker, highlighting the initial demonstrative DDoS attack, and demanding payment in Bitcoin (ranging from 20-40) to ensure no further DDoS attacks are conducted against the business. If payment does not occur within 24 hours, a second demonstrative DDoS is generally conducted at a higher rate (40-50 Gbps) for an additional hour followed by an additional extortion e-mail. The types of DDoS attacks primarily consist of Simple Service Discovery Protocol (SSDP) and Network Time Protocol (NTP) reflection/amplification attacks with the occasional SYN-flood and, most recently, WordPress XML-RPC reflection/amplification attacks. Source: https://publicintelligence.net/fbi-bitcoin-extortion-campaigns/

Original post:
Bitcoin Extortion Campaigns Expanding DDoS Attacks to a Wider Array of Business Sectors