Tag Archives: ddos-attacks

Bitcoin Value Plunges as DDoS Strikes Currency Exchanges Read

Russia and China are backing out of the Bitcoin business. Recent DDoS attacks on a number of major Bitcoin exchanges have caused them to suspend trade. Mt Gox, one of the most significant exchanges, blames hackers trying to create fraudulent transactions for the attack. The value of the cryptocurrency has dropped significantly, from a high of $926 on February 5th to $501.83 as of time of writing. Bitstamp, BTC-e and Mt Gox are all known to have been affected. Tokyo-based Mt Gox argues that the attackers are trying to create uncertainty, and exploiting that uncertainty to duplicate transactions. By intervening just after a transaction is initiated but before it completes and changing the transaction ID, the hacker can create the illusion that the transaction never completed. The hacker then claims a second payment, alleging that the first one wasn’t valid. “Whoever is doing this is not stealing coins, but is succeeding in preventing some transactions from confirming,” says Jinyoung Lee Englund of the Bitcoin Foundation. “It’s important to note that DDoS attacks do not affect people’s bitcoin wallets or funds.” The value of most other Bitcoin variants has fallen, dragged down by the drop in Bitcoin itself. The one exception so far is Dogecoin, whose value has risen markedly. It’s now the third most valuable cryptocurrency, after its value soared 27% in 24 hours. Meanwhile both Russia and China have started cracking down on Bitcoin. Last week the Central Bank of Russia made it illegal to use Bitcoin, alleging that it could be used for money laundering and criminal activity. Russia’s move came after China’s largest exchanges started banning Bitcoin sales earlier this year, as the government cracked down on the cryptocurrency. Alibaba Group, China’s biggest online marketplace, complied with the government’s demands “in the interest of consumer protection,” said a spokeswoman. In both instances it seems likely that, although there are legitimate concerns about criminal activity, the bigger issue is currency control. Though there are benefits – China’s investments in Africa have been made much easier with Bitcoin – neither China nor Russia really likes the idea of an electronic currency that avoids both government regulation and monitoring. “It is proposed to punish (with large fines and imprisonment) all anonymous ‘electronic’ money transfers through the border,” alleged an anonymous Russian Cryptocoins News source. “Since Bitcoin has no borders, it may be the problem.” The source argues that Russia’s political opposition has been funded via Bitcoin for some time, and this crackdown is an attempt to stifle that opposition, as well as a more general reaction against technology the government doesn’t understand. “To put things in perspective,” says Mt Gox as it explains the reasons behind its suspension of trade, “it’s important to remember that Bitcoin is a very new technology and still very much in its early stages. What Mt Gox and the Bitcoin community have experienced in the past year has been an incredible and exciting challenge, and there is still much to do to further improve.” Source: http://www.escapistmagazine.com/news/view/132215-Bitcoin-Value-Plunges-as-DDoS-Strikes-Currency-Exchanges?utm_source=rss&utm_medium=rss&utm_campaign=news

View article:
Bitcoin Value Plunges as DDoS Strikes Currency Exchanges Read

Largest ever DDoS attack

CloudFlare said that the attack was close to 400Gbps in size, making it bigger than last year’s DDoS attack against anti-spam outfit Spamhaus, which was measured at just over 300Gbps. Confidentiality stopped CloudFlare from revealing the identify of the customer under attack, and there were few details on how many other companies had been affected. The DDoS attack did, however, seem to pose a bigger threat on European networks, with French hosting outfit OVH later reporting that it had fended off a 350Gbps attack. It’s not known if the same attacker was responsible. Company CEO Matthew Prince responded to the news by saying on Twitter that “someone’s got a big, new cannon” and the attack was the “start of ugly things to come”. While the size of this attack is likely to draw the headlines, it’s worth noting that hackers carried out the DDoS attack by using NTP reflection and amplification techniques, which are increasing common for overwhelming target servers by sending more data packets than switches can support. The attack technique has been seen in relatively recent hacks against online gaming services like Steam, League of Legends and Battle and essentially aims to push big traffic to the target’s Network Timing Protocol (NTP) server. In this instance, attackers used NTP reflection to exploit a weakness in the UDP-based NTP, which connects to the Internet to synchronise clocks on machines. The hackers then spoofed the IP address of the target, and sent DNS queries to open DNS resolvers that will answer requests from anywhere. As a result, overwhelming levels of traffic were sent back to the NTP server. CloudFlare has a detailed blog post on NTP reflection attacks. Martin McKeay, senior security advocate at Akamai Technologies, told SCMagazineUK.com that this method of attack troubles unpatched DNS servers, and said that is attractive to attackers because it can reflect huge traffic back to the target. He added that it’s also favourable to the attacker because UTP is “easily spoofed” and because it’s hard for victims to see who is behind the intrusion. “The main reason for using NTP as an attack tool is that it increases traffic by 100 or 200 percent. It’s a great reflection index and makes for a very effective tool if you’re an attacker. “At 400Gbps, it’s conceivable that the attack is being run by a small botnet outputting 20Gbps to 30Gbps of traffic,” he added. McKeay, and other industry commentators, have advised IT administrators to patch and upgrade their NTP servers in light of this attack, although the Akamai exec admitted that some can assume that NTP servers are safe. “NTP servers are often stable and so haven’t often been looked at before. [IT departments] are having to now.” IT administrators are advised, in light of this attack, to patch and upgrade their NTP servers and to check management rights. Speaking recently to SCMagazineUK.com , Visiting Professor John Walker, of Nottingham Trent University, warned that DDoS attacks will continue to be a big threat in 2014, and added that, since company divisions struggle to get their heads around the issue, the firm itself struggles to establish an effective defence strategy. “Since they see the issue solely from their perspective, they cannot hope to develop an effective strategy to deal with this security problem,” he said at the time. A previously unknown division of the UK Government was recently accused of launching DDoS attacks against hactivisim groups such as Anonymous and LulzSec, while a report from the end of last year revealed that most UK companies ignore DDoS threats. Source: http://www.scmagazineuk.com/cloudflare-spots-largest-ever-ddos-attack/article/333480/

Follow this link:
Largest ever DDoS attack

The UK allegedly targeted Anonymous and LulzSec hacktivists via a DDOS attack, documents show

The UK allegedly created a spy unit that, other than mounting attacks on cyber enemies, also targeted hacktivists Anonymous and LulzSec, NBC News reports, citing documents taken from the US National Security Agency by whistleblower Edward Snowden. The Government Communications Headquarters Communications (GCHQ) — the UK’s intelligence service — launched a DDOS attack to scare away 80 percent of the users of Anonymous Internet chat rooms, according to the documents. NBC News notes that this makes the British government “the first Western government known to have conducted such an attack.” The British reportedly aimed the DDOS attack against IRC chat rooms where criminal hackers were believed to have been concentrated, after authorities were alarmed by a spate of hacking attacks in 2011, when online hackers wreaked havoc across the Internet, bringing down websites on a purported crusade of righteousness. The victims included the UK. A GCHQ spokesperson emphasized in a statement to NBC News that it carried out its work “in accordance with a strict legal and policy framework” and that its activities — which it didn’t elaborate on — were “authorized, necessary and proportionate.” Source: http://thenextweb.com/uk/2014/02/05/uk-allegedly-targeted-anonymous-lulzsec-hacktivists-via-ddos-attack-documents-show/#!uyXtM

More:
The UK allegedly targeted Anonymous and LulzSec hacktivists via a DDOS attack, documents show

The future of DDoS, and how to stay ahead of attacks

What’s new in the threat of DDoS attacks? This year there are a new kind of tactics, and I think we’ll see a rise in the new kinds of DDoS. The conventional understanding of DDos is one that involves volume and capacity. You’ll see massive waves of attackers coming at you. But what we’re starting to see is that while that’s still in play, there’s a much more sophisticated kind of attack starting to become more common – and that’s application layer attacks. You don’t need as much volume, and it’s very very hard to detect. DDoS attackers are now expending quite a lot of effort to spoof legitimate sessions. They’ll do a fair amount of reconnaissance on their target, identify where the weakness or vulnerabilities are – say, a login page. And they know that if they run 20, or 50 or maybe 100 concurrent sessions that login, it’ll lock up the backend database, rendering the site down. Ultimately that’s what the DDoS attacker wants to do. It’s a very crude intention, and in this way it’s relatively easy to do with a small amount of bandwidth. This method is much more sophisticated, it takes a lot more expertise, but you know how it is: once it becomes commonplace, it’ll be easy to access these tools and botnets, and these kinds of attacks will proliferate. Right now in the mitigation industry, a lot of companies are offering platforms that can deal with the traditional interpretation of DDoS, but I think the industry’s going to be challenged quite a bit to deal with the more sophisticated and more targeted kind of attacks. Why are some sites more vulnerable than others? Ultimately every website is designed differently. If you talk to designers, you’ll find each of your guys has their own style, which can lead to a number of vulnerabilities, depending on the code, and how the php code has been implemented in the background. If you look at some of the website designs, they start off with the baseline config, they build up over time and don’t change the baseline coding. Then all of a sudden it’s like a Jenga tower. You hit the one holding up the bottom, and it’s all going to fall over. For instance one of the most common problems is when the way you entire data into the database isn’t sanitised well enough, you can throw in a whole series of commands that literally lock up the database. It’s a much smarter way of doing this, and it’s much harder to track. So how are security companies going to deal with that? The strategy right now is less preventing an attack, and more: how quickly can you respond? You need to analyse, parse, and create a quick, customised ruleset that’s very granular and can be applied to specific parts of the website – an element, or a UI for instance. Are they managing to keep ahead of the threat? Well this is the problem: in any security initiative, be it DDoS, or the guys doing data theft, they have the upper hand. All they need is the one strike, and boom – the rest of the industry has to catch up. I think as a whole, the security industry is pretty good at catching up. But we’ll always be reacting. It’s easy to get into. DDoS is still the easiest way to cause havoc and attack an organisation. You can go and rent a botnet for a hundred bucks an hour or even less, now, and just fill a pipe as a crude way of trying to take a site down. It’s still effective, based on where the solution is hosted. It’s far easier than learning the skills necessary to pull off a data theft or something like that. Source: http://www.itproportal.com/2014/02/04/the-future-of-ddos-and-how-to-stay-ahead-of-attacks/

Visit link:
The future of DDoS, and how to stay ahead of attacks

Education sector is fastest growing for DDoS mitigation

The education sector is the fastest growing segment in taking up distributed denial of service (DDoS) mitigation, according to DDoS protection services firm DOSarrest. The firm’s CTO Jag Bains told Computing that many companies -not just e-commerce firms – are deploying DDoS protection. “If their website goes down as a result of an attack, they can lose their SEO ranking or it could have an effect on their brand, there is a lot at stake aside from revenues,” he said. And despite there not being a particular industry that looks at DDoS protection as a must, DOSarrest’s general manager, Mark Teolis claimed that the education sector is one area which has grown significantly. “Our fastest growing segment in the last six months is the education sector believe it or not,” he said. Teolis explained that the firm was getting business from “schools from the UK, the US and international universities” but said he couldn’t identify a specific reason as to why the sector has shown a sudden interest. Bains believes that it may be as a result of educational institutes guarding themselves against their own students. “Students have easy access to DDoS tools, so they may want to try it against their own [school or university]. They could be motivated because they’re failing in something, and there are enough smart kids around to access tools – it is easy to Google them anyway,” he said. But Teolis said that the tools have been available on the internet for a long time, so questioned why there was a sudden surge in interest from educational institutes. Bains suggested that it could be because the school and university websites have become an integral part of the education system. “We’ve been talking about e-commerce and gaming [as being key industries for DDoS protection], but web presence itself is very important and schools and universities need to make their websites accessible. They need a website to give out grades, information and schedules – five years ago they weren’t really using the web page apart from explaining where the school is located,” he said. But while the education sector may be taking a keen interest, Teolis claims that there is not one segment that is “taking up 30 per cent of the market”. He said that “10 or 15 per cent of the market is as good as it gets”. As for a particular industry that has not taken DDoS as seriously as others, Teolis believes many e-commerce firms haven’t contemplated being the victim of a DDoS attack. “There are still the odd e-commerce guys out there [who haven’t taken it as seriously]. Money is rolling in and they’re just focused on that; DDoS for them is somebody else’s problem. A lot of it is ‘my ISP will deal with it’, the fact of the matter is, it is difficult to stop all of the attacks,” he said. Source: http://www.computing.co.uk/ctg/news/2325009/education-sector-is-fastest-growing-for-ddos-mitigation-dosarrest

See the original article here:
Education sector is fastest growing for DDoS mitigation

Former hacker Mitchell Frost explains his motivation for launching a DDoS attack

In 2006, Mitchell Frost, then a 19-year-old college student at the University of Akron, used the school’s computer network to control the botnets he had created. Authorities say between August 2006 and March 2007, Frost launched a series of denial of service (DDOS) attacks against several conservative web sites, including Billoreilly.com, Anncoulter.com and Rudy Giuliani’s campaign site, Joinrudy2008.com. He is accused of taking down the O’Reilly site five times, as well as disrupting the University of Akron’s network during a DDOS attack Frost allegedly launched on a gaming server hosted by the university. Frost’s dorm room at the university was raided in March 2007. What followed, according to Frost, was a long, complicated legal battle that ultimately lead to him spending over two years behind bars and owing thousands of dollars in legal and restitution fees for his crimes. Frost was released from prison in 2012 and is now serving probation. Frost took the time to talk to CSO about his experience and delves into the reasons why he did it, his thoughts on the punishment he received and his plans for the future. Tell us about your background. How did you become so knowledgeable about computers and when did hacking become something that interested you? I started on computers around a young age and I have always had a mind that wants to keep exploring and learning. Hacking didn’t start overnight, it all started by networking really. First I wanted to be able to have music without paying for it, so I joined some chat rooms on IRC (Internet Relay Chat). IRC is not used much, it’s typically used only by smaller groups of hackers and gamers. When I was younger I would spend many hours in a row on the computer, and when I woke up or had free time, just continue on with what I was working on. You build skills and make connections with others and keep moving up until you have background in hacking. Let’s just say I built my way up over the years 2000-2007. What inspired you to do the kind of hacking you did in 2006 and 2007 to those conservative web sites? What were you hoping to accomplish by hacking those particular sites? How did you choose your targets and why? In 2006, I was young and, even at that age, I could see there was a lot of corruption and media propaganda going on in newspapers and on television. At that time, I had a rather large and complicated botnet. With the botnet, I was able to use the compromised computers for almost anything; key strokes, DDOS, servers, passwords, pranks. I had several botnets over the years from a few to thousands and didn’t do a whole lot of DDOS on servers because I had no need to. I decided that I had to do something about what I was seeing in the world around me, so I knocked a couple of websites offline at the time thinking it will prevent the hate and conflict and fear mongering from being seen by people. When it became clear you were going to face punishment for the attacks, did you think it would mean jail time? They raided me in March of 2007 right after spring break. They took some computer stuff and took my roommate’s stuff and had three agencies do the raid (FBI, Secret Service, Homeland Security) all with guns pointed right at my head. They brought me into a room and said “if you help yourself now it will be easier at sentencing.” I didn’t answer any questions. They released me and didn’t say much. I was scared shitless after that. I didn’t know what to do. I remember now going to a class after the raid to take a math test and was shaking so bad. About one day later, they expelled me from the school, even though I was not charged with anything yet. I moved back home and then contacted the Federal Public Defenders office in Cleveland and was assigned a lawyer. He said cases like mine take time and to stay out of trouble and he would get back to me. I moved back home and got a job working as a carpet-cleaning technician. From 2007 and on, I tried to live a normal life but had that fear that something was coming. I ended up meeting my wife. We fell in love and she got pregnant in December of 2009. Around May of 2010, my lawyer said I randomly received a judge and that it didn’t look good because of her previous sentencing history. I was hoping for maybe a small amount of time or probation, considering I did not get arrested at the time of the raid in March 2007 and had not yet. I was living in fear for almost 4 years, not going to friends or out to parties and all that. The judge ended up giving me 30 months and tried to place me under arrest right at the sentencing hearing. When she did this, it took the prosecutor and my lawyer to walk up to the bench and say I am not a flight risk with a newborn on the way and I knew about these potential charges for three years, so why couldn’t I self-report? She finally agreed to let me self-report so I can tie up some things with my family before my time. There was some debate after your sentencing about whether or not the penalty was too harsh. Do you think it was too extreme? Way too extreme. Who was the victim? Yes, a couple of people had their servers down for a small period of time, but the jacked-up estimates of the damages were over inflated. Example: they said it took $10,000 for them to press one button on one switch to get access back to the network. The reasoning for the sentence has to do with amount of money lost, etc. Bill O’Reilly said he needed to spend $300,000 to upgrade his systems. My lawyer did not fight or really look into their claims of money loss. I think they should of come to some plea with me within a year of the initial raid so I could of dealt with this problem and moved on with my life. Maybe do 3-4 months in some low-security prison and some intensive probation would have been the same. Now it will end up costing me about 10 years of my life — 2006 started it and by the time I’m off probation it will be 2016. All for taking some servers offline. You tell me: is that fair? What has this experience taught you? The experience is not over yet and is far from. I have learned to keep to myself when I see something unjust or unfair or unbalanced all I can do is stay clear of it and talk to people I know or influence and explain my point of view without any damages, physical or monetary. Last year, there was a lot of sadness and discussion around the suicide of Reddit co-founder Aaron Schwartz. As you know, Schwartz was facing a trial after being arrested on allegations of breaching a computer network to download millions of pages of documents kept at MIT. Many feel he was being too harshly prosecuted for the crime and it drove him to suicide. What are your thoughts on that, having faced a sentence yourself? I am very familar with Aaron Schwartz. Did you know he chose to take his case to trial because he was not guilty? He was murdered and it was made to look like a suicide. Who would ignore a plea deal with no jail time, wait for trial and then commit suicide? All he did was download some stuff from the MIT library — most of it was like 30 years old. He was prosecuted because of his ties to a grassroots movement for Internet freedom. What’s next for you? What are you plans for the future? I am rebuilding my life the best I can for having limited resources. I was released Election Day 2012. I was stuck living in a halfway house in the slums of Toledo, Ohio. Then I had to go up the chain of the BOP and the halfway house to get released to home detention. That took about 2.5 months. I started probation on March 8th, 2013. I work at a small store in a town where my wife’s parents let us live in a rental, so we pay them what we can. I pretty much cannot go to school because I owe so much to U of Akron and I have $50,000 in fines and restitution. They take a percentage of my pay each check to give to Bill O’Reilly. I guess when you’re worth $50 million, why not ruin some guy’s life and future and suck every check he makes? I guess my life is not going anywhere until I am off probation. I would like to be a wireless network security consultant, or a real news reporter for the independent media. I will continue to try and make my son and wife’s life the best I can for the position I am in. Source: http://www.computerworld.com/s/article/9245624/Why_I_did_it_Former_hacker_Mitchell_Frost_explains_his_motivation?source=rss_latest_content

View article:
Former hacker Mitchell Frost explains his motivation for launching a DDoS attack

E-toll site weathers denial of service (DDoS) attack

Sanral’s e-toll Web site suffered a denial of service (DoS) attack on Friday, according to the agency. “Some users complained of slow site performance, and our service provider traced the problem to a denial of service attack of international origin,” said Sanral spokesman Vusi Mona. No further details of the attack were available, but Alex van Niekerk, project manager for the Gauteng Freeway Improvement Project, said the site has come under repeated attack since going live, but suffered only minor performance degradation. DoS attacks, particularly distributed denial of service (DDoS) attacks, are a popular technique used to knock sites offline, overwhelming them with traffic until they are unable to service their clients. Activist group Anonymous frequently uses DDoS to attack targets, using its wide base of supporters to generate traffic. Botnets often launch DDoS attacks from their installed base of zombie PCs. And last year, anti-spam service Spamhaus suffered one of the largest DDoS attacks in history, with incoming traffic peaking at 300Gbps, launched by a Dutch Web host known for harbouring spammers. Sanral’s Web site has been the target of several attacks lately, including a hack which may have leaked personal information, a flaw which allowed motorists to be tracked in real-time, and a session fixation attack which allowed login sessions to be hijacked. Source: http://www.itweb.co.za/index.php?option=com_content&view=article&id=70192:e-toll-site-weathers-denial-of-service-attack

See more here:
E-toll site weathers denial of service (DDoS) attack

Could Cross-site scripting (XSS) be the chink in your website’s armour?

Sean Power, security operations manager for DOSarrest Internet Security , gives his advice on how businesses that rely heavily on their web presences can avoid (inadvertently) making their users susceptible to malicious attackers. Cross-site scripting, otherwise commonly known as XSS, is a popular attack vector and gets its fair share of the limelight in the press, but why is it such a problem and how is it caused? Essentially, XSS is a code vulnerability in a website that allows an attacker to inject malicious client-side scripts into a web page viewed by a visitor. When you visit a site that has been compromised by a XSS attack, you will be inadvertently executing the attacker’s program in addition to viewing the website. This code could be downloading malware, copying your personal information, or using your computer to perpetuate further attacks. Of course, most people don’t look at the scripting details on the website, but with popular wikis and web 2.0 content that is constantly updated and changed, it’s important to understand the ramifications from a security stand point. In order for modern websites to be interactive, they require a high degree of input from the user, this can be a place for attackers to inject content that will download malware to a visitor or enslave their computer, and therefore it is hard to monitor an ‘open’ area of the website and continually update and review their websites. XSS code can appear on the web page, in banner ads, even as part of the URL; and if it’s a site that is visited regularly, users will as good as submit themselves to the attacker. In addition, as XSS is code that runs on the client side, it has access to anything that the JavaScript has access to on the browser, such as cookies that store information about browsing history. One of the real concerns about XSS is that by downloading script on a client-side computer, that endpoint can become enslaved into a botnet, or group of computers that have been infected with malware in order to allow a third party to control them, and used to participate in denial of service attacks. Users might not even be aware that they are part of an attack. In a recent case, we identified how a popular denial of service engine called ‘JSLOIC’ was used as script in a popular website, making any visitor an unwitting participant in a denial of service attack against a third party for as long as that browser window remained open. The range of what can be accomplished is huge- malware can be inserted into a legitimate website, turning it into a watering hole that can infect a visitor’s computer; and this can impact anyone. Once the XSS is put into a website, then the user becomes a victim and the attacker has is all of information that the browser has. In terms of preventing it; firstly, the hole in the website that has been exploited has to be closed. The main tactic to prevent XSS code running on your website is to make sure you are ‘locking all the doors’ and reviewing your website code regularly to remove bugs and any vulnerabilities. If you are doing it properly, it should be a continual process. If a website has malware on it due to the owner not reviewing it regularly, then attackers will be able alter the malicious code to dominate the page and infect more visitors. You can limit the chances of getting malicious code on your website by routinely auditing the website for unintended JavaScript inclusions. But with XSS, especially non-persistent XSS, the best thing is to validate all data coming in, don’t include any supporting language and make sure what is coming in is sanitised, or checked for malicious code. This is especially true for parts of your website that get regular updates, like comment sections. It is not enough to just assume that because it clean before, new updates will also be also be clear. Even if you are following proper security coding and go through code reviews, websites are sometimes up for six months with no changes made, that is why vulnerability testing is important as new bugs come up. Remember, HTTP and HTML are full of potential vulnerabilities as the HTML protocol was written in the 1960s; it was never imagined it to be what it has become. So when writing website code, if you do not consider SQL Injection or XSS, then you will write a website full of holes. Top three tips: – Review your website and sanitise your code regularly to ensure there is no malicious code or holes where code can be inserted. – Consider not allowing comments to host external links, or even approve those links before they are published to prevent code from being inserted easily. – View your web traffic in and out of your website for signs of unusual behaviour. Source: http://www.information-age.com/technology/security/123457575/could-xss-be-the-chink-in-your-website-s-armour-

See original article:
Could Cross-site scripting (XSS) be the chink in your website’s armour?

NatWest hit by Distributed Denial of Service (DDoS) Attack

NatWest has been hit by a ‘cyber attack’, leaving customers unable to access online accounts. The bank’s online banking service was disrupted after it was deliberately bombarded with internet traffic. Twitter users tweeted to say they could not access their bank accounts to pay bills or transfer money. @TomGilchrist wrote: “Do other banks computer systems/services go down as much as NatWest? I assume not. Time to move banks I think.” @AleexReid tweeted: “Just joined Santander. Fed up with NatWest. Another computer failure tonight. #welldone.” A NatWest spokesperson said: “Due to a surge in internet traffic deliberately directed at the NatWest website, some of our customers experienced difficulties accessing our customer web sites this evening. “This deliberate surge of traffic is commonly known as a distributed denial of service (DDoS) attack. “We have taken the appropriate action to restore the affected web sites. At no time was there any risk to customers. We apologise for the inconvenience caused.” At the beginning of December all of RBS and NatWest’s systems went down for three hours on one of the busiest shopping days of the year. The group chief executive Ross McEwan described that glitch as “unacceptable” and added: “For decades, RBS failed to invest properly in its systems. “We need to put our customers’ needs at the centre of all we do. It will take time, but we are investing heavily in building IT systems our customers can rely on.” RBS and NatWest also came under fire in March after a “hardware fault” meant customers were unable to use their online accounts or withdraw cash for several hours. A major computer issue in June last year saw payments go awry, wages appear to go missing and home purchases and holidays interrupted for several weeks, costing the group £175m in compensation. This latest problem is the fourth time in 18 months RBS and NatWest customers have reported problems with the banks’ services. Source: http://news.sky.com/story/1187653/natwest-hit-by-fourth-online-banking-glitch

Continue Reading:
NatWest hit by Distributed Denial of Service (DDoS) Attack

New DDoS malware targets Linux and Windows systems

Attackers are compromising Linux and Windows systems to install a new malware program designed for launching distributed denial-of-service (DDoS) attacks, according to researchers from the Polish Computer Emergency Response Team (CERT Polska). Attackers are compromising Linux and Windows systems to install a new malware program designed for launching distributed denial-of-service (DDoS) attacks, according to researchers from the Polish Computer Emergency Response Team (CERT Polska). The malware was found by the Polish CERT at the beginning of December and the Linux version is being deployed following successful dictionary-based password guessing attacks against the SSH (Secure Shell) service. This means only systems that allow remote SSH access from the Internet and have accounts with weak passwords are at risk of being compromised by attackers distributing this malware. “We were able to obtain a 32-bit, statically linked, ELF file,” the Polish CERT researchers said Monday in a blog post. The executable runs in daemon mode and connects to a command-and-control (C&C) server using a hard-coded IP (Internet Protocol) address and port, they said. When first run, the malware sends operating system information — the output of the uname command — back to the C&C server and waits for instructions. “From the analysis we were able to determine that there are four types of attack possible, each of them a DDoS attack on the defined target,” the researchers said. “One of the possibilities is the DNS Amplification attack, in which a request, containing 256 random or previously defined queries, is sent to a DNS server. There are also other, unimplemented functions, which probably are meant to utilize the HTTP protocol in order to perform a DDoS attack.” While executing an attack, the malware provides information back to the C&C server about the running task, the CPU speed, system load and network connection speed. A variant of the DDoS malware also exists for Windows systems where it is installed as “C:Program FilesDbProtectSupportsvchost.exe” and is set up to run as a service on system start-up. Unlike the Linux version, the Windows variant connects to the C&C server using a domain name, not an IP address, and communicates on a different port, according to the Polish CERT analysis. However, the same C&C server was used by both the Linux and Windows variants, leading the Polish CERT researchers to conclude that they were created by the same group. Since this malware was designed almost exclusively for DDoS attacks, the attackers behind it are likely interested in compromising computers with significant network bandwidth at their disposal, like servers. “This also probably is the reason why there are two versions of the bot — Linux operating systems are a popular choice for server machines,” the researchers said. However, this is not the only malware program designed for Linux that was identified recently. A security researcher from the George Washington University, Andre DiMino, recently found and analyzed a malicious bot written in Perl after allowing attackers to compromise one of his honeypot Linux systems. The attackers were trying to exploit an old PHP vulnerability, so DiMino intentionally configured his system to be vulnerable so he could track their intentions. The vulnerability is known as CVE-2012-1823 and was patched in PHP 5.4.3 and PHP 5.3.13 in May 2012, suggesting the attack targeted neglected servers whose PHP installations haven’t been updated in a long time. After allowing his honeypot system to be compromised, DiMino saw attackers deploy malware written in Perl that connected to an Internet Relay Chat (IRC) server used by attackers for command and control. The bot then downloaded local privilege escalation exploits and a script used to perform Bitcoin and Primecoin mining — an operation that uses computing power to generate virtual currency. “Most servers that are injected with these various scripts are then used for a variety of tasks, including DDoS, vulnerability scanning, and exploiting,” DiMino said Tuesday in a blog post that provides a detailed analysis of the attack. “The mining of virtual currency is now often seen running in the background during the attacker’s ‘downtime’.” DiMino’s report comes after researchers from security vendor Symantec warned in November that the same PHP vulnerability was being exploited by a new Linux worm. The Symantec researchers found versions of the worm not only for x86 Linux PCs, but also for Linux systems with the ARM, PPC, MIPS and MIPSEL architectures. This led them to conclude that the attackers behind the worm were also targeting home routers, IP cameras, set-top boxes and other embedded systems with Linux-based firmware. Source: http://news.idg.no/cw/art.cfm?id=41695C7E-ED43-55A5-51306549A5A0A129