Tag Archives: ddos-defense

Cybersecurity is threatening America’s military supremacy

The sparsely populated Spratly Islands, a collection of hundreds of islands and reefs spread over roughly 165,000 square miles in the South China Sea, are very quickly becoming the center of one of the most contentious international disputes between world powers since the fall of the Soviet Union. Alarmingly, the use of cyber attacks in this dispute suggests we might already be in the midst of a new Cold War playing out in cyberspace — where America’s advantage is not as clear as it is with conventional armies and navies. The Spratly Islands are of economic and strategic importance. All of the countries in the region — including China, Vietnam and the Philippines — have made competing territorial claims to the region. In recent years, China has become increasingly aggressive in its claim, rapidly building artificial islands while also conducting military operations in the area. Beyond this conventional military build up, however, are complex and brazen cyber attacks by China that are leaving America and its allies increasingly concerned. A massive distributed denial of service (DDoS) attack knocked offline at least 68 Philippine government websites in July, apparently in response to an international court ruling that denied China’s territorial claims in the region. Just days later, Vietnam’s national airline and major airports were targeted in a series of attacks by the Chinese hacking group 1937CN. Those are just the latest examples of China’s years long cyber campaign related to the Spratly Islands. (In another attack, the website of the aforementioned international court was infected with malware and taken offline last year.) While these “nuisance” attacks — and continued cyber espionage by China — are serious, targeted Chinese cyber attacks designed to impact America’s physical military systems in the South China Sea are the most substantial evidence that we may be on the brink of a more tangible cyber threat to American military power. China appears to be moving forward with plans to use electronic attacks designed to either disrupt or take control of American drones. With reports that the Chinese attempted to interfere with U.S. military drones at least once in recent years, the country has shown a willingness to use GPS jamming to prevent U.S. aircraft from conducting surveillance missions in the Spratly Islands. That 2015 instance appears to fit China’s public posturing on the ways it says it could use electronic GPS jamming to disrupt U.S. drone networks. One 2013 report in the Chinese journal Aerospace Electronic Warfare notes in technical detail how its military can “use network warfare to attack and even control America’s network” by disrupting the connection between satellites and aircraft. This sort of GPS jamming could be the largest electronic threat to the U.S. drone program. In fact, it has been widely speculated that Iran used a similar GPS “spoofing” technique to take control of a U.S. surveillance drone in 2011. The American military says it is preparing for these sorts of attacks with its new cyber strategy released last year. In addition to outlining how cyber will be included in military planning, the report calls for a hardening of the military’s cyber defenses to prevent the theft of military technology or cyber attacks against military infrastructure and weaponry. The challenge, as any expert in the cybersecurity world would tell you, is that the capabilities and sophistication of the Chinese, Russians and other state-sponsored and non-state hackers are increasing exponentially. One only has to read the news to see nearly daily evidence of this (e.g. the recent suspected NSA breech, hacks targeting Democratic political organizations, the attack against the State Department’s email system or the theft of military intel in the OPM hack). The relatively inexpensive cyber options being employed today by both state and non-state hacking groups make it an incredibly efficient “leveler” of power. A small group of hackers using simple spear-phishing tactics, for example, can have massive impact on military installations, government operations, critical infrastructure and potentially even weapons systems. The unconventional battle playing out in the South China Sea — where cyber attacks are taking the place of conventional fighting and other forms of diplomacy — is a new model of warfare. The growing cyber threat from China may pose the most immediate threat to America and its allies because, while the U.S. continues to have a clear conventional military advantage, our advantage in cyber is not as clear. Source: https://techcrunch.com/2016/09/21/cybersecurity-is-threatening-americas-military-supremacy/

Link:
Cybersecurity is threatening America’s military supremacy

Blizzard’s Battle.net Servers Knocked Offline By Another DDoS Attack

Blizzard Entertainment became a victim of yet another distributed denial-of-service (DDoS) attack as its Battle.net servers were knocked down on Sunday, Sept. 18. The DDoS attack that rendered Battle.net’s servers offline was waged by hacking group PoodleCorp. Owing to the attack, Battle.net, which runs several popular games such as World of Warcraft , Hearthstone: Heroes of Warcraft and Overwatch to name a few, was left handicapped even as angry users took to social media to vent their ire. Gamers on PC, PlayStation 4 and Xbox One were all affected by the outage. Blizzard Entertainment acknowledged the situation on its official Twitter account. “We are currently monitoring a DDOS attack against network providers which is affecting latency/connections to our games,” wrote Blizzard in a tweet. The DDoS attack on Battle.net lasted for half an hour after PoodleCorp took to Twitter to state that it would halt the attack and restore the servers if the tweet below was retweeted 2,000 times. The blackmail (ransom note?) found favor with a majority of gamers as they were only too willing to retweet to have access again to the games they were playing. As promised, PoodleCorp stopped the attack once the 2,000 retweet milestone was reached. This is not the first time Blizzard Entertainment has come under the mercy of PoodleCorp. Earlier in August, we reported that it was hit with a PoodleCorp DDoS attack, which disrupted gameplay for users of Battle.net until network engineers addressed the issue. Back then however, the hacking group did not ask for retweets. Blizzard Entertainment has been the victim of a spate of DDoS attacks in the past few months. In June, an attack took down its servers as well. The outage was attributed to Lizard Squad member AppleJ4ck, who claimed responsibility and cautioned that the hack was a small part of some “preparations.” Aside from the DDoS attack, Blizzard has been having a terrible week anyway. On Sept. 14, 16 and 18, the company suffered from technical issues that prevented or delayed users from logging in and joining the game servers. However, for now, Blizzard Entertainment can breathe easy as the technical problems Battle.net was encountering owing to the DDoS attack from PoodleCorp have been resolved. Source: http://www.techtimes.com/articles/178300/20160919/blizzards-battle-net-servers-knocked-offline-by-another-ddos-attack.htm

Visit link:
Blizzard’s Battle.net Servers Knocked Offline By Another DDoS Attack

DDoS always knocks twice

If you were DDoSed once, you will be DDoSed again, that is for sure. A company is rarely attacked by a DDoS (distributed denial of service) just once. If it happens once, it will probably happen again, which is why constant preventive measures are required, if a company wants to keep their online services operational. These are the results of a new report by Kaspersky Lab. Entitled Corporate IT Security Risks 2016, it says that one in six companies were victims of DDoS attacks in the past 12 months. The majority of those attacks were aimed against construction, IT and telecommunications companies. Almost four out of five (79 per cent) reported more than one attack, and almost half reported being attacked four times, or more. The length of these attacks is also an issue. Just above a third (39 per cent) are considered ‘short-lived’, while more than a fifth (21 per cent) lasted ‘several days’ or even ‘weeks’. Companies are usually the last to know they’re being attacked, too, with 27 per cent being informed by their customers, and in 46 per cent of cases by their third-party audit organisation. Kaspersky Lab says this is not unusual, as cyber-attackers usually go for customer portals (40 per cent), communication services (40 per cent) and websites (39 per cent). “It’s dangerous to view DDoS attacks as some rare occurrence that a company may encounter once, by accident, and with minimal damage. As a rule, if an attack is successful, the criminals will use this tool against a company over and over again, blocking its resources for prolonged periods of time. Unfortunately, even a single attack can inflict large financial and reputational losses and, considering the likelihood of a repeat attack is almost 80 per cent, you can multiply these losses two, three or more times. For a modern company, an anti-DDoS solution is just as necessary as the basic protection against malware and phishing,” says Alexey Kiselev, Project Manager on the Kaspersky DDoS Protection team. Source: http://www.itproportal.com/news/ddos-always-knocks-twice/

More:
DDoS always knocks twice

911 Is Vulnerable To DDoS Attacks

A new report has found that America’s emergency helpline number, 911, is vulnerable to Distributed Denial of Service (DDoS) attacks. Interestingly, the threat of attack has previously been issued by Department of Homeland Security as well as the FBI. Mark James, Security Specialist at ESET commented below. “These days DDoS attacks are easy to accomplish and can be relatively low cost to put in place. As technology gets cheaper, and the ability for botnets to infect more users thus making themselves stronger, seems easier and easier. The art of causing problems through brute force is now more readily available than ever before. In this modern day of internet everywhere, we take for granted the ability to access websites as and when we want them. When a website gets a DDoS attack those services become unavailable, now it’s not such a big problem when it’s a news delivery site but when it’s a service it’s a very different kettle of fish, and even more of a problem if it disrupts emergency or medical services. If you’re unable to access services in an emergency the worst case scenario could be life threatening. An effective defence to DDoS can be as easy as utilising third party services but there may be consequences for data security or disruption to the smooth user experience. Effective security is only achieved through multi-layered protection.” Source: http://www.informationsecuritybuzz.com/hacker-news/911-vulnerable-ddos-attacks/

Link:
911 Is Vulnerable To DDoS Attacks

Attackers Launch DDoS Attacks And the Kitchen Sink

First off, full disclosure, I work for Akamai as my day job. I don’t want any illusion on the point as I discuss the latest State of the Internet report that I was fortunate enough to be a part of creating. That being said, it was an interesting quarter. Last quarter shed some light on some interesting developments with regards to Distributed Denial of Service (DDOS) as attackers tried their hand at various different approaches. We hear. time and again, about DDoSdistributed denial of service attacks and theis last most recent quarter gave rise to one of significant volume. This example was a rather significant attack that was a confirmed 363 Gbps of attack traffic against a media organization customer in Europe. Nothing to sneeze at to be certain. Is your organization in a position to sustain operations while weathering an attack of this magnitude? As we have seen more frequently of late, this was a multi vector attack. Tto put a fine point on it, this attack made use of multiple different vectors in the attacker’s futile attempt to take down their intended target. They made their attempt using the following vectors: SYN, UDP fragments, push, tcp, DNS and UDP floods. The only thing they forgot to throw in was the kitchen sink. Over the last few quarters Akamai has noticed an uptick in the number of attacks against sites that have DNSSEC configured domains. DNS open resolvers continue to rise and attackers are taking advantage of this by capitalizing on them to amplify their attack traffic. A great deal of this can be traced back to botnets that have been built out as the commoditization of DDoS continues to spread. Now, in addition to this type of attack, we also see that the criminal element has been leveraging tactics to obfuscate their origin and identity when launching web attacks to obfuscate their origin and identity. These attackers have been demonstrating an increased use of anonymization services to help to cover their digital footprints in the binary sand. Like with any criminal with a lick of ny sense about them, the last thing attackers they want is to get pinched by law enforcement. Subsequently we have seen an increased amount of use of attackers leveraging virtual private networks (VPNs) and proxies when launching web application attacks. When looking for resources on how to accomplish this online, we see all manner of webpage giving step by step instructions onthat steps through what an attacker would need to do. From blocking client side JavaScript to using a browser in Incognito mode and even leveraging Tor to launch attacks. All of these ideas have various levels of merit but, there are shortfalls wherein the attacker can be discovered. There are differences between the traditional VPN services and anonymizing ones. Traffic from between the client and the VPN service is encrypted and the IP address of the client is masqueraded. Pretty standard, but, when you look at an anonymization service they will promise any number of things, the most basic being like not storing any logging information on their customers. This is not always the case as one Lulzsec member discovered in September 2011 when his VPN provider was served with a court order to turn over logs, which they claimed they didn’t keep. Another thing that attackers have to contend with is the throttling of bandwidth over anonymization services. As a result, they leverage third party booted and stressor platforms to launch their attacks. These services would be paid for with Bitcoin in an effort to further obfuscate their identity and avoid detection. Be sure to check out the latest copy of the State of the Internet Report which is out today September 14, 2016. for more in-depth discussion on denial of service attacks and anonymization efforts of the attackers. Source: http://www.csoonline.com/article/3119675/security/attackers-launch-ddos-attacks-and-the-kitchen-sink.html

See original article:
Attackers Launch DDoS Attacks And the Kitchen Sink

Hack reveals the inner workings of shady DDoS service vDOS

A web service that helped customers carry out distributed denial-of-service (DDoS) attacks on unsuspecting victims has been hacked revealing data on the customers that availed of this clandestine service. According to security journalist Brian Krebs, vDos was hacked recently and he obtained a copy of the leaked data in July. Upon scrutinizing the database, he claims that vDOS is being run by two Israeli cybercriminals under the pseudonyms of P1st or P1st0 and AppleJ4ck, with associates in the United States. vDOS allegedly offered monthly subscriptions to DDoS attack services, paid in bitcoin or even through PayPal, with the prices based on how long the attack would last. These DDoS attacks would launch fake traffic at victim websites, overwhelming their servers and knocking the sites offline. A particularly strong DDoS attack could cripple a site for days. “And in just four months between April and July 2016, vDOS was responsible for launching more than 277 million seconds of attack time, or approximately 8.81 years’ worth of attack traffic,” Krebs said in his analysis. He added that he believes vDOS was handling hundreds or even thousands of concurrent attacks a day. Kreb’s analysis is based on data from April to July. Apparently all other attack data going back to the service’s founding in 2012 has been wiped away. Krebs’ source for info on the hack was allegedly able to exploit a hole in vDOS that allowed him to access its database and configuration files. It also allowed him to source the route of the service’s DDoS attacks to four servers in Bulgaria. Among the data dump were service complaint tickets where customers could file issues they had with the DDoS attacks they purchased. Interestingly the tickets show that the owners of vDOS declined to carry out attacks on Israeli sites to avoid drawing attention to themselves in their native land. The duo supposedly made $618,000 according to payments records dating back to 2014 in the data dump. “vDOS does not currently accept PayPal payments. But for several years until recently it did, and records show the proprietors of the attack service worked assiduously to launder payments for the service through a round-robin chain of PayPal accounts,” Krebs said. The operators of the DDoS service are believed to have enlisted the help of members from the message board Hackforums in laundering the money. Krebs warned that services like vDOS are worrisome because they make cybercrime tools available to pretty much anyone willing pay. In some cases, vDOS offered subscriptions as low as $19.99. These sorts of tools, also known as booter services, can be used ethically for testing how your site holds up against large swathes of traffic but in the wrong hands they can be abused and sold very easily. “The scale of vDOS is certainly stunning, but not its novelty or sophistication,” Ofer Gayer of security firm Imperva said but added that this new widespread attention on DDoS service might stall them for a while. Source: https://sports.yahoo.com/news/hack-reveals-inner-workings-shady-180952571.html

View article:
Hack reveals the inner workings of shady DDoS service vDOS

DDoS Extortionist Copycats Continue To Hound Victims

It has been a while sine I wrote about this subject (or about anything at all for that matter) but, it occurred to me to today that the distributed denial of service (DDoS) extortionist issue is a problem that needs to be talked about again. Over the last couple years there have been a lot of websites come under attack from miscreants armed with all manner of distributed denial of service platforms and tools. Often these attackers would first launch an attack and then contact the victim company to say “check your logs to see we’re for real”. Once their bonafides were established they would then demand a sum of money to be paid in bitcoin or suffer the “wrath” of their DDoS attack that was more often that naught was severely oversold. There have been examples of criminal outfits like DD4BC who were true to their word when they made a threat. They would in fact follow through on their threat of an attack. This came to an unceremonious end a year ago when one of the main ne’er do wells was arrested by Europol. More often than naught however, these extortion gangs turn out to be little more than confidence tricksters. One such example was the Armada Collective. This was a criminal outfit that did little more than threaten targets but, with one lone exception, never followed through on the threats they made. Mind you, they did end up making a tidy sum of money from their victims. What this did accomplish was to set a precedent that has given rise to the copycat attackers. A prime example of this was an in an email that I received from a friend. His organization was threatened by a copycat group that were masquerading as the Armada Collective. Basically using the name as a hex sign. A brand name that could be used to possibly intimidate an organization. Here is a redacted version of the email that he provided to me. From: Armada Collective Sent: Subject: ATTENTION: Ransom request!!! FORWARD THIS MAIL TO WHOEVER IS IMPORTANT IN YOUR COMPANY AND CAN MAKE DECISION! We are Armada Collective. All your servers will be DDoS-ed starting Wednesday (Jun 29 2016) if you don’t pay 5 Bitcoins @ [Bitcoin wallet address redacted] When we say all, we mean all – users will not be able to access sites host with you at all. If you don’t pay by Wednesday, attack will start, price to stop will increase by 5 BTC for every day of attack. If you report this to media and try to get some free publicity by using our name, instead of paying, attack will start permanently and will last for a long time. This is not a joke. Our attacks are extremely powerful – sometimes over 1 Tbps per second. So, no cheap protection will help. Prevent it all with just 5 BTC @ [Bitcoin wallet address redacted] Do not reply, we will probably not read. Pay and we will know its you. AND YOU WILL NEVER AGAIN HEAR FROM US! Bitcoin is anonymous, nobody will ever know you cooperated. While people might not be aware that an organization had in fact cooperated, as per their email, they would be setting a horrible example. The more that companies pay extortionists like this the more emboldened that the criminals would become. This could potentially become a lucrative endeavor for the criminals. At the time of this writing 1 bitcoin was valued at roughly $628 USD. At a bare minimum there would be 5 bitcoin per email above, they would be raking in at least $3000 USD for each successful attack. Not bad for the cost of an email. If you are the recipient of an email like this, seek help to protect your enterprise. Do not feel compelled to pay the attackers. You have no guarantees that they won’t return. Source: http://www.forbes.com/sites/davelewis/2016/09/08/ddos-extortionist-copycats-continues-to-hound-victims/#2c6d7a7b4d06

Read this article:
DDoS Extortionist Copycats Continue To Hound Victims

Group claiming to be the Armada Collective threatens DDoS attack

Cybercriminals claiming to be the Armada Collective have sent out extortion emails threatening independent and small businesses with DDoS attacks. A group of cybercriminals which claim to be the infamous Armada Collective are threatening independent and small business websites worldwide with a huge Distributed Denial of Service (DDoS) attack, should they fail to pay the bitcoin ransoms requested by email. It is still unclear if these cybercriminals are the real deal or are just pretending to be to scare possible victims into paying a ransom to prevent a DDoS attack that could threaten their businesses. The actual Armada Collective gained infamy last year after extorting money from a number of Swiss firms, several Thai banks and even ProtonMail which provides encrypted webmail. The emails sent out to businesses around the globe inform users that their security is poor and that the group will launch a DDoS attack on their networks using the Cerber ransomware and anywhere from 10-300 Gigabytes per second (Gbps) of attack power. However, anyone who received and email from the group can prevent the attack by paying one bitcoin which is equivalent to $606. If the ransom is not paid before they attack though, the price will go up significantly to 20 bitcoins to put an end to the DDoS attacks. The group has also been kind enough to provide users who are unfamiliar with bitcoin all the information necessary on how to download a personal bitcoin wallet such as Multibit or Xapo. They are also informed on how to set up a bitcoin wallet of their choosing online. It is quite possible that the group’s email demands could be fake and any user who received the email should contact their local authorities, but under no circumstance should they pay the ransom. Source: http://www.itproportal.com/news/group-claiming-to-be-the-armada-collective-threatens-ddos-attacks/

Taken from:
Group claiming to be the Armada Collective threatens DDoS attack

World Of Warcraft: Legion’ Goes Down As Blizzard Servers Hit With DDoS

To commemorate the launch of the latest World of Warcraft expansion, Legion , Blizzard’s servers were taken down by a DDoS (distributed denial of service) attack on Wednesday. This came a day late, as the expansion actually launched on Tuesday. But when it comes to ruining other peoples’ fun, better late than never. This lined up with a similar attack that brought down the Battlefield 1 open beta for most of the day yesterday, as EA’s servers were hit. The Blizzard attack began in Europe, then spread across the globe. It didn’t just take down Legion. Other games, like Overwatch , were also impacted. This was the second major DDoS attack against Blizzard in August. The last attack hit early in the month, and was apparently retaliation for Blizzard’s banning of cheaters. How classy. Part of a game developer’s job is to keep legit players around, and a big part of that in multiplayer games is protecting honest players from cheaters. Retaliating against a company for doing its job is absurd. As of now, Blizzard’s servers appear to be working again. Source: http://www.forbes.com/sites/erikkain/2016/09/01/world-of-warcraft-legion-goes-down-as-blizzard-servers-hit-with-ddos/#6bfb43ed3778

More:
World Of Warcraft: Legion’ Goes Down As Blizzard Servers Hit With DDoS

Rio 2016 Olympics Suffered Sustained 540Gbps DDoS Attacks

Arbor security claims Rio was a success in terms of mitigating powerful, prolonged DDoS attacks Public facing websites belonging to organisations affiliated with the 2016 Rio Olympics were targeted by sustained, sophisticated DDoS attacks reaching up to 540Gbps, according to Arbor Networks. Many of these attacks started months before the Olympic Games had begun, but the security company said that attackers increased their efforts significantly during the games, generating the longest-duration sustained 500Gbps+ DDoS attack Arbor has ever seen. “And nobody noticed,” boasted Arbor’s Security Engineering and Response Team (ASERT). Virtual battlegrounds Just like other public services like electricity and water, the ins and outs of keeping websites up and running should be hidden from the general public, allowing them to go about their business without knowing about the virtual warfare being engaged behind server lines. And in ASERT’s opinion, the Rio Olympic Games “set the bar for rapid, professional, effective DDoS attack mitigation under the most intense scrutiny of any major international event to date”. “Over the last several months, several organizations affiliated with the Olympics have come under large-scale volumetric DDoS attacks ranging from the tens of gigabits/sec up into the hundreds of gigabits/sec,” blogged ASERT. “A large proportion of the attack volume consisted of UDP reflection/amplification attack vectors such as DNS, chargen, ntp, and SSDP, along with direct UDP packet-flooding, SYN-flooding, and application-layer attacks targeting Web and DNS services. “The defenders of the Rio Olympics’ online presence knew they’d have their work cut out for them, and prepared accordingly. “A massive amount of work was performed prior to the start of the games; understanding all the various servers, services, applications, their network access policies, tuning anomaly-detection metrics in Arbor SP, selecting and configuring situationally-appropriate Arbor TMS DDoS countermeasures, coordinating with the Arbor Cloud team for overlay ‘cloud’ DDoS mitigation services, setting up virtual teams with the appropriate operational personnel from the relevant organisations, ensuring network infrastructure and DNS BCPs were properly implemented, defining communications channels and operational procedures. “And that’s why the 2016 DDoS Olympics were an unqualified success for the defenders! Most DDoS attacks succeed simply due to the unpreparedness of the defenders – and this most definitely wasn’t the case in Rio.” However, not all defence tactics worked surrounding the Olympic Games. The Brazilian arm of hacking collective Anonymous was successful in targeting websites that included the official website of the federal government for the 2016 games and the Brazilian Ministry of Sports. Anonymous was also able to leak personal and financial data belonging to Brazilian sports domains such as the Brazilian Confederation of Boxing and the Brazilian Triathlon Confederation. “Hello Rio de Janeiro. We know that many have realized how harmful it was (and still is) the Olympic Games in the city. The media sells the illusion that the whole city celebrates and commemorate the reception of tourists from all over the world, many of them attracted by the prostitution network and drugs at a bargain price. This false happiness hides the blood shed in the suburbs of the city, mainly in the favelas thanks to countless police raids and military under the pretext of a fake war,” stated Anonymous. “Therefore, we will continue with our operations to unmask the numerous arbitrary actions of those who are state and therefore its own population enemies.” Source: http://www.techweekeurope.co.uk/security/rio-olympics-ddos-attacks-196998

Excerpt from:
Rio 2016 Olympics Suffered Sustained 540Gbps DDoS Attacks