Tag Archives: ddos-defense

Online Extortion Campaigns Target Users, Companies, Security Researchers

During the past week, there has been a sudden surge in online extortion campaigns, against regular users and security researchers alike. The most devious of these was a campaign detected by Forcepoint security researcher Roland Dela Paz, and which tried to trick users into thinking hackers had gotten their hands on sensitive or sexually explicit images. Attackers wanted payments of $320 to a Bitcoin address or they would have sent the compromising materials to the victim’s friends. Massive spam wave delivered fake threats This attempted blackmail message was the subject of a massive spam campaign that took place between August 11 and 18. Dela Paz says attackers sent out extortion emails to over 33,500 victims. Most of the targets were from Australia and France. The extortion campaign was particularly active in Australia, where it caught the eye of officials at the Australian National University, who issued a safety warning on the topic, alerting students of the emails. The extortion attempt was obviously fake, says Dela Paz. “The scale of this campaign suggests that the threat is ultimately empty,” the expert explained. “If the actors did indeed possess personal details of the recipients, it seems likely they would have included elements (e.g. name, address, or date of birth) in more targeted threat emails in order to increase their credibility.” Dela Paz warns that the campaign is still ongoing. Users can recognize the blackmail attempts by the following subject line formats: “Three random letters: [recipient email] date and time ??n??rning ?ur yest?rday’s ??nv?rs?tion” “Three random letters: [recipient email] date and time I hav? s?m?thing that can m??? y?ur lif? w?rse” “Three random letters: [recipient email] date and time I would not li?e t? start our kn?winga?qu?int?n?? with this” “Three random letters: [recipient email] date and time I’m not h?p?y with y?ur beh?vior lately” “Three random letters: [recipient email] date and time Dont y?u thin? th?t your devi?? w?r?s w?ird?” “Three random letters: [recipient email] date and time I think th?t it is not as funny for you as it is funny for m?” Hackers tried to blackmail Swiss security researcher In addition, during the past week, there were also extortion attempts sent to organizations. A hacker group calling itself ANX-Rans tried to extort a French company. Another group calling itself CyberTeam also tried to extract a ransom payment of 5 Bitcoin (~$20,000) from Abuse.ch, the website of a prominent Swiss security researcher. These DDoS threats in the hope of extracting Bitcoin payments are called DDoS-for-Bitcoin or RDoS (Ransom DDoS) attacks. RDoS attacks have been on the rise since mid-June after a South Korean hosting provider paid a ransom of nearly $1 million after web ransomware encrypted its customer servers. Ever since then, RDoS groups became extremely active hoping for a similar payday. We’ve already covered the active groups at the time in an article here. Group posing as Anonymous targeted US companies Since then, the most prominent RDoS campaign that took place was in mid-July when a group using the name of the Anonymous hacker collective tried to extort payments from US companies under the threat of DDoS attacks. At the time, Bleeping Computer obtained a copy of the ransom email from cyber-security firm Radware, who was investigating the threats. Radware said that despite posing as Anonymous hackers, this was the same group who tried to obtain ransoms of $315,000 from four South Korean banks (for these RDoS extortions the group posed as Armada Collective, another famous hacking crew). “This is not an isolated case. This is a coordinated large-scale RDoS spam campaign that appears to be shifting across regions of the world,” Radware security researcher Daniel Smith told Bleeping Computer via email at the time. “All ransom notes received have the same expiration date,” he added. “In RDoS spam campaigns like this one the actors threaten multiple victims with a 1Tbps attack on the same day.” Most RDoS extortion attempts are empty threats The group also claimed it was in control of a Mirai botnet made up of compromised IoT devices and was capable of launching DDoS attacks of 1 Tbps. No such attacks have been observed following the ransom demands on US companies. In research presented at the USENIX security conference last week, researchers from Cisco, Akamai, Google, and three US universities revealed that despite having a reputation of being able to take down some of the largest online companies around, the most variants of the Mirai botnet were mainly used to target online gaming servers. Most of these DDoS attacks on gaming servers were also relatively small as multiple botnets broke up IoT devices (DDoS resources) among them. In addition to the group posing as Anonymous, Radware also reported on multiple RDoS extortion attempts on gaming providers that also took place in July. “We suggest companies do not pay the ransom,” Smith said at the time, a recommendation still valid today, as this encourages more blackmailers to join in. Source: https://www.bleepingcomputer.com/news/security/online-extortion-campaigns-target-users-companies-security-researchers/

PlayStation Network was the Real Target of Mirai Botnet DDoS Attack Last Year

Last year in October Mirai Botnet, a malware strain that can take control of IoT (Internet of Things) devices and use them for large cyber attacks resulting in ‘distributed denial-of-service (DDoS) — rendering the target website/server unreachable to legitimate visitors. According to new study by researchers at Google, CloudFlare, Merit Networks, Akamai and other universities, the Mirai Botnet attack last October on DNS provider Dyn might actually be targeting the PlayStation Network (PSN). The research which was presented at the Usenix Security Symposium, Vancouver, has suggested that the DDoS attack conducted via the Mirai botnet was meant to disable PlayStation Network services as all the IP addresses targeted by the attack were name servers for the PSN. These name servers were used by Dyn to connect users to the correct IP address. The Verge reported that this Mirai botnet attack which was targeted towards bringing down PSN might be the handiwork of angry gamers. “Although the first several attacks in this period solely targeted Dyn’s DNS infrastructure, later attack commands simultaneously targeted Dyn and PlayStation infrastructure, potentially providing clues towards attacker motivation,” the researchers noted. According to the researchers, it’s not only the PlayStation Network that was being targeted by the botnet. They also detected that Xbox Live, Valve Steam, and other gaming servers were attacked during the same period too. “This pattern of behavior suggests that the Dyn attack on October 21, 2016, was not solely aimed at Dyn. The attacker was likely targeting gaming infrastructure that incidentally disrupted service to Dyn’s broader customer base,” the researchers added. The researchers also pointed out that worms like Mirai botnet prosper majorly due to the absence of apt security measures for IoT devices. This results in a ‘fragile environment ripe for abuse’. “As the IoT domain continues to expand and evolve, we hope Mirai serves as a call to arms for industrial, academic, and government stakeholders concerned about the security, privacy, and safety of an IoT-enabled world,” the researchers concluded. The attack conducted using Mirai botnet in October 2016 wasn’t a standalone one. Since after the Mirai worm code was made public, 15,194 attacks were perpetrated on 5,046 victims (4,730 individual IPs, 196 subnets, 120 domain names), across 85 countries. Source: http://www.guidingtech.com/71278/playstation-network-mirai-botnet-ddos/

View post:
PlayStation Network was the Real Target of Mirai Botnet DDoS Attack Last Year

What is Pulse Wave? Hackers devise new DDoS attack technique aimed at boosting scale of assaults

The new attack method allows hackers to shut down targets’ networks for longer periods while simultaneously conducting attacks on multiple targets. Hackers have begun launching a new kind of DDoS attack designed to boost the scale of attacks by targeting soft spots in traditional DDoS mitigation tactics. Dubbed “Pulse Wave”, the new attack technique allows hackers to shut down targeted organisations’ networks for prolonged periods while simultaneously conducting attacks on multiple targets. The new attacks may render traditional DDoS mitigation tactics useless, experts say. Some of the pulse wave DDoS attacks detected lasted for days and “scaled as high as 350 Gbps”, according to security researchers at Imperva, who first spotted the new threat. “Comprised of a series of short-lived pulses occurring in clockwork-like succession, pulse wave assaults accounted for some of the most ferocious DDoS attacks we mitigated in the second quarter of 2017,” Imperva researchers said in a report. The researchers said they believe that the pulse wave technique was “purposefully designed” by “skilled bad actors” to boost hackers’ attack scale and output by taking advantage of “soft spots in hybrid ‘appliance first, cloud second’ mitigation solutions.” Traditional DDoS attacks involve a continuous barrage of assaults against a targeted network, while pulse wave involves short bursts of attacks that have a “highly repetitive pattern, consisting of one or more pulses every 10 minutes”. The new attacks last for at least an hour and can extend to even days. A single pulse is large and powerful enough to completely congest a network. “The most distinguishable aspect of pulse wave assaults is the absence of a ramp-up period — all attack resources are committed at once, resulting in an event that, within the first few seconds, reaches a peak capacity that is maintained over its duration,” the Imperva researchers said. ulse wave takes advantage of appliance-first hybrid mitigation solutions by preying on the “Achilles’ heel of appliance-first mitigation solutions”, – the devices’ incapability of dealing with sudden powerful attack traffic surges. The Imperva researchers said the emergence of pulse wave DDoS attacks indicates a significant shift in the attack landscape. “While pulse wave attacks constitute a new attack method and have a distinct purpose, they haven’t emerged in a vacuum. Instead, they’re a product of the times and should be viewed in the context of a broader shift toward shorter-duration DDoS attacks,” researchers said. The Imperva researchers predicted that such attacks will continue, becoming more persistent and growing, boosted via botnets. Source: http://www.ibtimes.co.uk/what-pulse-wave-hackers-devise-new-ddos-attack-technique-aimed-boosting-scale-assaults-1635423

Read the original post:
What is Pulse Wave? Hackers devise new DDoS attack technique aimed at boosting scale of assaults

Why DDoS attacks show no signs of slowing down

Distributed Denial of Service (DDoS) attacks caused substantial damage to organisations across APAC and the world in the past year. According to Neustar’s recent ‘Worldwide DDoS Attacks and Cyber Insights Research Report’, 84 percent organisations surveyed globally were hit by a DDoS attack in the last 12 months, with 86 percent of those organisations were hit multiple times. The code used to cause these large outages was published openly, and soon after all sorts of attacks and variants of the original code were causing havoc around the world. Detection is too slow DDoS attacks are not only occurring more frequently but are also getting more difficult to detect. Within APAC, more than half of organisations on average are taking at least three hours to detect an attack and nearly as many took another three hours to respond once an attack was detected. Alarmingly, slow detection and response can lead to huge damages financially. Around half of all organisations stand to lose an average of $100,000 per hour of peak downtime during an attack. To exacerbate this, 40 percent of organisations hit were notified by their customers of the attacks. Investment is increasing The worrying figures above help explain why 90 percent of organisations are increasing their investments in DDoS defences, compared to the previous 12 months – up from 76 percent last year- despite the fact that 99 percent already have some form of protection in place. The threats faced today, and those anticipated in the future, are clearly forcing organisations to completely reconsider the ways they are currently protecting themselves. Mitigating against DDOS attacks Effectively mitigating DDoS attacks has become crucial for organisations that want to avoid damaging financial and reputational loss. In order to combat attacks, organisations need to adequately understand the threat, quantify the risk and then create a mitigation plan that corresponds to their needs. Whether it’s a large or small scale DDoS attack, to keep up with the growing threat, companies will need newer, adaptable, and scalable defences that include new technology and methodologies. Developing a mitigation plan Paying the cost for a DDoS mitigation that exceeds their requirements is like over insuring your car – you are paying a premium for a service that does not match your level of risk/potential loss. Similarly, implementing a DDoS mitigation that does not cover the risk will likely lead to additional costs, resulting from greater organisational impact and additional emergency response activities. Once the severity of the risk is understood, there are three key critical elements of producing a good mitigation plan that must be enacted: detection, response and rehearsal. Detecting an attack Fortunately, there are several technologies out there that can be used to monitor both the physical and cloud-based environment. An example is how organisations can use Netflow monitoring on border routers to detect a volumetric attack, or provide this data to a third-party for analysis and detection. They can also look at using appliances to conduct automatic detection and response, again managed internally or by a third-party. In a cloud environment, organisations can choose between a vast array of cloud monitoring tools that allow them to identify degradation and performance, CPU utilisation and latency, giving an indication as accurate as possible of when an attack occurs. Responding to an attack The response plan to the attack must be scaled to the organisation’s risk exposure and technology infrastructure. For instance, an organisation operating in the cloud with a moderate risk exposure might decide on a cloud based solution, pay-on-occurrence model. On the other hand, a financial services company that operates its own infrastructure will be exposed to more substantial financial and reputational risk. Such a company would ideally look for a hybrid solution that would provide the best time to mitigate, low latency and near immediate failover to cloud mitigation for large volumetric attacks. Rehearsal of your mitigation plan Regardless of the protection method being deployed, it’s good practice to rehearse it periodically. Periodic testing can not only eliminate gaps or issues in responding to a DDoS attack, but can also prepare the responsible owners to perform their required actions when an actual event occurs. In summary, DDoS attacks aren’t showing any signs of slowing down anytime soon. The threats associated with DDoS attacks cannot be understated or underestimated. Moreover, by quantifying the risk to the organisation and implementing a right-sized mitigation solution, organisations can effectively and efficiently mitigate the risk of DDoS attacks. Source: https://securitybrief.com.au/story/why-ddos-attacks-show-no-signs-slowing-down/

Link:
Why DDoS attacks show no signs of slowing down

World of Warcraft, Overwatch, Hearthstone and other games hit by DDoS

Games company Blizzard has reported on Twitter that: “We are currently monitoring a DDOS attack against network providers which is affecting latency/connections to our games.” World of Warcraft, Overwatch, Hearthstone and other game servers are believed to have been hit. At about 5pm last night Blizzard noticed Down Detector – which monitors online outages -logging a huge upsurge of problems and 2800+ reports for Overwatch, World of Warcraft and several other Blizzard gaming services. Commenting on the way that even failure to bring a service down completely has a severe impact on online games , Igal Zeifman, director at Imperva Incapsula said in an email to SC: “Competitive online games are an attractive target for any DDoS offender looking to create large-scale mayhem in hope of some Internet notoriety. Moreover, such gaming networks are also particularly vulnerable to denial of service assaults because, unlike many other targets, they don’t need to be taken offline to become unusable. “In the case of a real-time online game, even a small amount of latency–as a result of a technically “failed” attacks–is enough to cause major disruption to gamers looking for a completely responsive and immersive experience. This is exactly what is happening in this case. Even if some users are able to log in, the latency they experience still makes Overwatch unplayable.” Source: https://www.scmagazineuk.com/world-of-warcraft-overwatch-hearthstone-and-other-games-hit-by-ddos/article/681508/

View post:
World of Warcraft, Overwatch, Hearthstone and other games hit by DDoS

Former FCC security employee destroys agency’s claims of DDoS Attacks Following John Oliver Net Neutrality Segments

Bombshell story from Gizmodo underscores need for FCC to address serious issues with its public comment process before making any decision on net neutrality. 15,000+ people call on lawmakers to demand that FCC comply with transparency laws In a bombshell story from Gizmodo today, a former FCC security employee lays waste to the agency’s claims that a pair of DDoS attacks took down the FCC comment website at the exact moments when large amounts of pro net neutrality comments would have been flooding into the docket following viral segments from comedian John Oliver in 2014 and 2017. The agency’s inability to maintain a functional way for the public to comment on its net neutrality proceedings has become an issue of concern for members of Congress overseeing the agency, and raises questions about how it can or should move forward with its rulemaking process. The security expert who spoke to Gizmodo reveals that the FCC security team concluded that there had not been a malicious attack after the John Oliver segment in 2014. But until-recent FCC CIO David Bray told reporters that anyway, despite the fact there was no evidence of it, and he did not even have access to the types of logs and information that could have led him to that conclusion. The source also leaked a photo of the FCC’s server room to Gizmodo, revealing a mess of wires that would make any competent IT professional cringe. When pressed, Bray admitted to being the source of news reports about the made up “hacking” attack, but he never reported the incident to the Department of Homeland Security, who require that government agencies notify them of such attacks. With the backing of the FCC press office, Bray fed reporters that exact same story when the agency’s comment system collapsed again this year, preventing large numbers of people from making their voices heard in the agency’s proceeding. Evan Greer, campaign director of Fight for the Future, said: “These latest revelations are outrageous. A senior FCC official intentionally misled the public and invented cyber attacks to cover up the fact that the agency is failing at their responsibility to maintain a functioning system to receive feedback about an issue that affects every single person using the Internet. The FCC must address these serious issues with their comment process before moving forward, or it will be clear that this is a rogue agency that answers only to large telecom companies, and not to the American people.” The news comes after more than 15,000 people have signed a petition calling on their lawmakers to instruct the FCC to comply with transparency laws as the agency moves ahead with its unpopular plan to gut net neutrality protections that prevent ISPs from charging extra fees, throttling, or blocking content online. The agency is currently facing multiple lawsuits for refusing to release information related to the now-debunked DDoS claims, Chairman Ajit Pai’s discussions with telecom companies, large amounts of fake comments using real people’s names and addresses without their permission. “Members of Congress need to understand that this is not an issue they can ignore or hide from,” Greer added, “Voters from across the political spectrum overwhelmingly support the current net neutrality rules, and want their Senators and Representatives to do their job and speak out to ensure that the FCC is listening to the will of the public, not just to lobbyists from giant telecom companies. Lawmakers from both sides of the aisle need to exercise their oversight and demand that the FCC act transparently during this proceeding.” Fight for the Future has been working to inform the public about the serious issues surrounding the FCC’s comment process. The group organized a letter from dozens of people whose names and addresses were used to submit anti net neutrality comments without their permission, as well as several petitions garnering tens of thousands of signatures calling on the agency to come clean about the alleged DDoS attack that prevented concerned citizens from submitting comments. Fight for the Future was also one of the leading organizations behind the historic Internet-Wide Day of Action for Net Neutrality on July 12, which drove a record breaking 2 million+ comments to the FCC and Congress in a single day. Learn more at fightforthefuture.org Source: https://www.commondreams.org/newswire/2017/08/07/breaking-former-fcc-security-employee-destroys-agencys-claims-ddos-attacks

Journalist Sues FCC For Hiding Details About Its Alleged, Phantom DDoS Attack

You might recall that when John Oliver did his latest piece on net neutrality, the FCC’s comment system ground to a halt under the load of viewers pissed to realize that the FCC is trying to kill popular consumer protections protecting them from buffoonery by the likes of Comcast. But the FCC then did something odd: it claimed that a DDoS attack, not HBO’s hit show, resulted in the website’s issues. A statement issued by the FCC proclaimed that extensive “analysis” by the FCC had led the agency to conclude that it had suffered the attack at roughly the same time Oliver’s program had ended: “Beginning on Sunday night at midnight, our analysis reveals that the FCC was subject to multiple distributed denial-of-service attacks (DDoS). These were deliberate attempts by external actors to bombard the FCC’s comment system with a high amount of traffic to our commercial cloud host. These actors were not attempting to file comments themselves; rather they made it difficult for legitimate commenters to access and file with the FCC.” The problem: security experts saw no evidence that claim was true in publicly available logs, and saw none of the usual indicators preceding such an attack. And the FCC ever since has been bizarrely cagey, refusing to provide any evidence whatsoever supporting its claim. The FCC was subsequently prodded by several Senators as to the nature of the attack, but the FCC still refused to share any real data, despite agency boss Ajit Pai repeatedly, breathlessly insisting he would be a stalwart defender of transparency at the agency. And when Gizmodo recently filed a FOIA request for anything regarding the nature of the attack, the FCC first released seventeen pages of nonsense, before admitting it had no documented “analysis” proving an attack as previously claimed. When additional websites began to point out that the FCC’s behavior here was a little odd, the agency sent out a strangely-punchy press release lambasting news outlets for being “irresponsible.” So what’s really happening here? The unsubstantiated journalist guess du jour is that the FCC bizarrely made up a DDoS attack in a feeble attempt to downplay the “John Oliver effect” in the media. “We weren’t inundated by millions of people angry that we’re killing popular consumer protections solely to the benefit of Comcast,” this narrative suggests, “we were unfairly attacked!” The fact that there never actually was a DDoS attack would go a long way toward explaining the Trump FCC’s subsequent inability to provide any evidence supporting the claim, even under pressure from Congress. Hoping to flesh this theory out a bit, journalist Kevin Collier last week filed a lawsuit against the FCC (pdf) not only demanding more data on the agency’s supposed DDoS attack, but also urging the FCC to provide some insight on what it’s doing to address the wave of bogus, bot-produced anti-net neutrality comments flooding the agency’s website in recent months: “Collier said his records request was prompted by the FCC’s “weird and cagey” inclination to obscure details about the incident. “The fact that they gave Gizmodo such a runaround in its own request for internal ‘analysis’ of the attack just goes to show this,” he said. “I want to know the full story.” Sen. Ron Wyden, Democrat of Oregon, told Gizmodo last week the FCC’s actions raised “legitimate questions about whether the agency is being truthful when it claims a DDoS attack knocked its commenting system offline.” Again, the refusal to address fraudulent anti-net neutrality comments being made at the FCC website (like the one made in my name), combined with the FCC’s bizarre, phantom DDoS attack, has many believing the FCC is actively engaged in an intentional, amateurish attempt to downplay the massive backlash to their assault on net neutrality. And while it’s entirely possible the FCC is just being non-transparent and generically stupid here, if it can be proved the agency actively lied about a DDoS attack then covered it up simply to downplay the immense unpopularity of its policies, the inevitable lawsuits against the agency in the wake of its final vote to kill the rules could get very interesting. Source: https://www.techdirt.com/articles/20170803/13582337915/journalist-sues-fcc-hiding-details-about-alleged-phantom-ddos-attack.shtml

Chinese Telecom DDoS Attack Breaks Record

A distributed denial of service siege spanning more than 11 days broke a DDoS record for the year, according to a report from Kaspersky Lab. DDoS attackers launched a 277-hour attack against a Chinese telecom company in the second quarter of 2017, registering a 131% hourly increase compared to the longest attack recorded earlier this year, according to a report released this week by Kaspersky Lab. The 2017 DDoS Intelligence Report, which culls data from botnets detected and analyzed by Kaspersky Lab, says that the Chinese telecom siege that spanned more than 11 days is also, so far, a record for the year, demonstrating that long-lasting DDoS attacks have re-emerged. But pinpointing the reason for this rise is difficult. “There is no explanation why the length grew – such fluctuation happens from time to time,” says Oleg Kupreev, lead malware and anti-botnet analyst for Kaspersky Lab. The most powerful attack that the Kaspersky report notes occurred in the second quarter. It was 20GB per second, Kupreev says, adding that it lasted about an hour and used the connectionless User Datagram Protocol (UDP). Usually, most UDP flood attackers are not more than 4GB per second, he says. According to a Corero Network Security report, low-volume DDoS attacks still represent a majority of the sieges against networks. DDoS Attack Footprint Expands During the second quarter, the number of countries facing DDoS attacks jumped to 86 countries verses 72 in the first quarter, according to the report. The top 10 countries hit with attacks include the US, China, South Korea, Hong Kong, UK, Russia, Italy, France, Canada, and the Netherlands. “Online resources in one country can often be located on servers in another country – mostly in China, US, South Korea, and this is why these countries are always among the most targeted,” Kupreev says. Italy posted a 10-fold increase in DDoS attacks while the Netherlands experienced a 1.5x increase, which pushed Vietnam and Denmark off the top 10 list, according to the Kaspersky report. Ransom Without DDoS Attacks Rise A popular twist to ransom DDoS attack threats emerged in the second quarter, says Kupreev. Cybercrimminals would distribute their ransom threats to pay up or face a DDoS attack to a large group of companies, he says. But rather than send a short-term DDoS attack to show they mean business, no demo is sent with the hope that the company will pay the ransom on the threat alone, he explains. “Any fraudster who doesn’t even have the technical knowledge or skill to organize a full-scale DDoS attack can purchase a demonstrative attack for the purpose of extortion,” adds Kirill Ilganaev, head of Kaspersky DDoS Protection at Kaspersky Lab. “These people are mostly picking unsavvy companies that don’t protect their resources from DDoS in any way and therefore, can be easily convinced to pay ransom with a simple demonstration.” Despite a growing interest by cyberthieves to conduct a DDoS-less ransom scheme or a full-fledge DDoS Ransom attack, Kupreev says he does not expect this form of extortion to overtake normal DDoS attacks anytime soon. “The share of ‘normal’ DDoS attacks will always outnumber RDDoS, as there are many other reasons behind DDoS attacks in addition to money extortion: unfair competition, political struggle, hacktivism, smokescreening etc.,” Kupreev says. “Moreover, unavailability of online resources for many companies can be even more damaging than [the] amount of extortion.” Source: https://www.darkreading.com/attacks-breaches/chinese-telecom-ddos-attack-breaks-record-/d/d-id/1329518

See the article here:
Chinese Telecom DDoS Attack Breaks Record

Long-lasting DDoS attacks are back

Kaspersky report reveals the return of major DDoS threats, which are now also lasting longer than ever before. Long-lasting DDoS attacks are back, and they’re harder than ever, new research has claimed. According to a report from Kaspersky Lab, the second three months of 2017 saw a DDoS attack last more than 11 days – 277 hours straight. That’s a 131 per cent increase compared to Q1 2017, and a record for the year so far. The report also says that duration was not the only key feature of DDoS attacksthis quarter, identifying a ‘dramatic change’ in the geography of these threats. The top 10 most affected countries are China, South Korea, USA, Hong Kong, UK, Russia, Italy, the Netherlands, Canada and France — with Italy and the Netherlands replacing Vietnam and Denmark among the top targets in Q1. Al Jazeera, Le Monde and Figaro were the biggest targets, alongside Skype servers. Criminals also tried to manipulate cryptocurrency prices through DDoS. Bitfinex was attacked simultaneously with the launch of trading in a new cryptocurrency called IOTA token. “Nowadays, it’s not just experienced teams of hi-tech cybercriminals that can be Ransom DDoS-attackers. Any fraudster who doesn’t even have the technical knowledge or skill to organise a full-scale DDoS attack can purchase a demonstrative attack for the purpose of extortion. These people are mostly picking unsavvy companies that don’t protect their resources from DDoS in any way and therefore, can be easily convinced to pay ransom with a simple demonstration,” comments Kirill Ilganaev, head of Kaspersky DDoS protection at Kaspersky Lab. Source: http://www.itproportal.com/news/long-lasting-ddos-attacks-are-back/

Link:
Long-lasting DDoS attacks are back

DDoS Extortionist Who Posed as Anonymous Hacker Arrested in the US

On Friday, US authorities arrested a man on charges of launching DDoS attacks and making death and bomb threats against several targets including Leagle.com, the Sydney Morning Herald, the Canadian Broadcasting Corporation (CBC), Metro News Canada, the official website of the Canadian government, and others. The man’s name is Kamyar Jahanrakhshan, a man born in Iran, who later obtained US citizenship in 1991, and then a permanent residency in Canada in 1995. Following two criminal cases of theft in 2005 and fraud in 2011, Jahanrakhshan was deported from Canada to the US in 2014. Suspect wanted his criminal past erased from the Internet According to court documents obtained by Bleeping Computer, after his deportation, Jahanrakhshan started sending emails to online websites that had written articles or had copies of his past criminal record. The first organization that Jahanrakhshan targeted was Leagle.com, a website that offers copies of court opinions and decisions. In the beginning, Jahanrakhshan contacted the site’s team from his personal email address, asking them nicely to remove copies of past court decisions mentioning his name on the premise that it was tarnishing his reputation and violating his privacy. When the Leagle team refused, the suspect even offered to pay a $100 fee to have the documents removed. When Leagle refused again, Jahanrakhshan — who also used the name “Andrew Rakhshan” — sent them a threatening email saying he made friends with dangerous hackers and they should heed his final warning. Suspect poses as group of Anonymous hackers After Leagle had ignored him again, US authorities say Jahanrakhshan launched a DDoS attack on the site’s servers and sent an email from a Yahoo account posing as a member of the Anonymous hacker collective. Copy of the message the suspect sent Leagle US authorities say they found evidence linking Jahanrakhshan to this email account, but also to others emails linked to other DDoS extortions. Because they couldn’t handle the DDoS attack, Leagle eventually removed a decision that Jahanrakhshan had asked. The DDoS attacks stopped after. Initial success leads to more DDoS extortions The FBI says that after having forced Leagle to remove a damaging report on his past criminal record, Jahanrakhshan moved on to other targets. During 2015 and 2016, Jahanrakhshan would allegedly engage in a similar behavior and take aim at other online publications that had written articles on his past crimes, such as the Sydney Morning Herald, Canadian Broadcasting Corporation (CBC), Metro News Canada, and the official website of the Canadian government. To put extra pressure on his targets to remove damaging articles, authorities say he also launched DDoS attacks on the websites of customers advertising on CBC and Canada.com — Postmedia and the Inspiration Foundation. Seeing that all this failed and none of his targets removed the incriminating articles, Jahanrakhshan also moved on to sending bomb threats at the offices of targeted organizations and death threats on family members of employees working for the targeted organizations. He was arrested this week and arraigned in court on Friday. The suspect, if found guilty, could face up to five years in prison and a fine of up to $250,000. The damaging articles Jahanrakhshan was trying to take down described how he used fake credit cards to buy a fleet of luxury cars and a boat Source: https://www.bleepingcomputer.com/news/security/ddos-extortionist-who-posed-as-anonymous-hacker-arrested-in-the-us/

Taken from:
DDoS Extortionist Who Posed as Anonymous Hacker Arrested in the US