South Korea has taken the top spot as the largest origin point for DDoS attacks in 2016. Imperva documented DDoS attacks coming out of South Korea at a rate nearly triple that of Russia, which came in second. In fact, South Korea attained a proportion of global DDoS responsibility greater than the next three countries combined. DDoS attacks are one of the more popular tools in the hacker’s toolkit. DDoS, or distributed denial of service attacks, work by essentially flooding the target with traffic. Attackers will normally employ botnets to do this, making it seem as though millions of people are all visiting the same site at the exact same second. Though a favourite of hacktivists, the attack is also employed by cyber-criminals, often using it as a smokescreen to distract defenders while stealing information from the parts of networks that are left undefended. The blackmail group DD4BC, for example, would relentlessly DDoS websites until the unfortunate victims coughed up a couple of bitcoins. Ewan Lawson, a Royal United Services Institute fellow and expert in cyber-security, offered insight as to why South Korea might have reached this zenith. Lawson told SCMagazineUK.com , “It feels like it is in part a reflection of the networked nature of [South Korea] but there are other countries with similar degrees of penetration or greater.” South Korea has one of the highest internet penetration rates in the world and also enjoys one of the faster internet speeds, last year rated at an average of 23.6 Mbps. “It would therefore suggest”, said Lawson, “that there is some vulnerability in the gateways and/or servers that are being exploited by the DDoS enabling malware.” Igal Zeifman, senior manager at Imperva, told SC , “As a rule, botnets thrive either in regions with high Internet connectivity or in emerging Internet markets with a high prevalence of unsecured connected devices.” Zeifman added, “South Korea certainly fits the former scenario, with botnet shepherds benefiting from the organic evolution in connection speeds—something that also improves the attacking (upload) capabilities of compromised devices.” Botnets have been growing rapidly in South Korea over the past year. The South Korean DDoS activity primarily comes from two botnets – Nitol and PCRat – both of which offer remote control over the infected devices. Where they differ is their attack traffic signatures, Zeifman told SC. Nitol, for example, is a Chinese botnet and will probably send out attack disguised as search engine crawlers from Baidu, an immensely popular Chinese website. Jarno Limnell, professor of cyber-security at Aalto university in Finland, explained to SC that both of these botnets are Windows based: “A typical ‘member’ of a botnet is, therefore, a Windows PC. The easiest way to do it – non-updated (and possibly illegal) Windows with the appropriate vulnerability. I guess that in South Korea there a lot of these kind of PCs available to build botnets.” Russia and Ukraine came second and third respectively. Though beaten by South Korea, Zeifman told SC that the two countries owe much of their increased activity to “the emergence of new botnets built out of Windows OS devices compromised with the Generic!BT malware”. Zeifman added this may be indicative of poor security in those countries: “The fact that a known, and pretty outdated, type of malware is successfully being used points to inefficient security measures on the part of device owners.” Meanwhile, and perhaps unsurprisingly, the United States was the most DDoSed country in the world over the last quarter, far outpacing the combined total of the other nine most DDoSed countries. Some of the report’s other findings included the fact that DDoS attacks, are “upping their game” when it comes to botnets. Imperva’s report says this, “this was best exemplified by an increase in the number of DDoS bots with an ability to slip through standard security challenges, commonly used to filter out attack traffic.” Over the first quarter of this year, the number of these kinds of bots “mushroomed” from 6.1 percent to 36.6 percent, as a proportion of total bots. What makes them different is that some of these bots can hold cookies while others can spot javascript, making for a deadly combination. DDoS attackers are also narrowing their gazes. Imperva notes that while DDoS attacks may have once been brutish and crude, the company is seeing far more finesse in the deployment. Attackers have been experimenting with new methods and vectors, which the reports says suggests “that more perpetrators are now re-prioritising and crafting attacks to take down DDoS mitigation solutions, rather than just the target.” Source: http://www.scmagazineuk.com/south-korea-no-1-origin-point-for-ddos-attacks/article/491220/
Tag Archives: ddos-defense
Blizzard’s Battle.net Hit With Major DDoS Attack
When the waters finally calmed, Blizzard took to Twitter with the following message. That’s because some nefarious individuals launched a DDOS attack on the service. In fact, all of Blizzard’s U.S. servers were down for an extended period last night. Sony and Microsoft undergo similar attacks on a regular basis and are especially prone to such attacks during the holidays. GAMING SERVICES were hit with a distributed denial-of-service (DDoS) attack that forced users to eat Cheetos while not screaming at total strangers. This isn’t the first time the group has attacked a gaming company. Blizzard has suffered an attack on its servers that halted access to many of its games. By about 11:45 p.m., Blizzard sent out the above tweet giving gamers the all clear to jump back online. Given some of the realm stability issues caused by the service interruptions, there may be some log loss when loot is dropped or crafting occurs. A DDoS attack targeting game developer Blizzard’s servers has disrupted gamers from logging into popular games such as Diablo 3 and World of Warcraft. From the looks of it, a Blizzard employee’s Outlook account was hacked which lead to personal information and contact lists with information about other Blizzard employees being found. Maybe the hacking group felt their fellow gamers were being wronged (they weren’t) and this was their grand form of retaliation. They have teased that they have “more to come” without explaining what they plan to do next. Source: http://sacredheartspectrum.com/2016/04/blizzards-battle-net-hit-with-major-ddos-attack/
Originally posted here:
Blizzard’s Battle.net Hit With Major DDoS Attack
Anonymous Conducts Usual DDoS Attacks on Israel for #OpIsrael
“Anonymous” vows to carry on its annual assaults on Israeli infrastructure linked to its #OpIsrael campaign on April 7, 2015 — However, it seems more hype than harm The first attacks in connection with #OpIsrael occurred in 2013, wherein some divisions of the Anonymous hackers mutually launched multiple organized cyber-attacks against Israeli websites on the eve of the Holocaust Remembrance Day, on April 8. From 2013 onwards, the group carried out such attacks consistently same date every year, and in a recent video statement, it has pledged to continue these attacks in 2016. However, this year, Holocaust Remembrance Day is on May 4, but the attacks will still occur on April 7. Israel has planned a hackathon on ironically the same day: In recent years, these cyber attacks contained DDoS attacks, database leaks, website defacements, and social media account hijacking but aAfter the recent spasms against Ukraine’s electrical power grid, this year, the Israeli government has also arranged a hackathon with over 400 participants who will take on against the potential cyber-attack on the country’s power grid, transportation system, and government IT networks. This potential threat based hackathon is also scheduled for today. History of some high-profile cyber attacks against Israel: 1. In 2013, Israel’s major traffic tunnel was hit by a cyber-attack, causing huge financial damages. 2. In 2014, Izz al-Din al-Qassam Brigade of Hamas successfully hacked the ongoing transmission of famous Israeli Channel 10 and replaced it with images of wounded Palestinian families. 3. In April 2015, several computer networks belonging to the Israeli military were penetrated by Arabic-speaking hackers under a four-month spying campaign by using provocative images of IDF’s women soldiers. 4. In January 2016, Israeli power authority network was hit by a sophisticated ransomware. 5. In February 2016, pro-Hezbollah hackers took over country’s security camera systems. Data leak and DDoS attacks conducted by Anonymous and pro-Palestinian hackers: The hacktivists are already targeting Israeli government and civilian websites. In the latest attacks, hundreds of government-owned websites have been under DDoS attacks forcing them to stay offline. There are several tweets containing Pastebin links in which attackers are claiming to dump credit card data of several Israeli citizens. One hacktivist group going with the handle of RedCult has leaked a list of about 1000 alleged Facebook users from Israel containing emails and their clear-text passwords. The websites that have been taken offline include Israel Defense Forces, Israeli ministry of justice, Israeli Immigration, Israel Police Department, Israel Airport Authority, Israeli ministry of justice, rights and services for Holocaust survivors and other top government websites. Source: https://www.hackread.com/anonymous-cyber-attack-on-israel/
See original article:
Anonymous Conducts Usual DDoS Attacks on Israel for #OpIsrael
DDoS Attacks With BillGates Linux Malware Intensify
XOR botnet authors migrate to using BillGates malware Over the past six months, security researchers from Akamai’s SIRT team have observed a shift in the cyber-criminal underground to using botnets created via the BillGates malware to launch massive 100+ Gbps DDoS attacks. The BillGates malware is a relatively old malware family aimed at Linux machines running in server environments. Its primary purpose is to infect servers, link them together in a botnet controlled via a central C&C server, which instructs bots to launch DDoS attacks at their targets. The malware has been around for some years and due to its (irony-filled) name is probably one of the most well-known Linux-targeting malware families. Former XOR botnet operators reverted to using BillGates A BillGates botnet is capable of launching Layer 3, 4, and 7 DDoS attacks. More accurately it supports ICMP floods, TCP floods, UDP floods, SYN floods, HTTP floods and DNS reflection floods. According to Akamai’s Security Intelligence Research Team (SIRT), ever since the XOR DDoS botnet , also Linux-based, has been neutralized a few months back, hacking outfits have switched to the BillGates botnet for their attacks. While not as powerful as the XOR botnet, which was capable of launching 150+ Gbps attacks, BillGates attacks can go over 100 Gbps when needed. Moreover, as Akamai noticed, the hacking crew that deployed the XOR botnet has also switched to using BillGates malware, the CDN and cyber-security provider seeing DDoS attacks on the very same targets the XOR botnet crew was previously attacking. Most BillGates DDoS attacks targeted Asian online gaming servers DDoS attacks launched with this botnet have were seen targeting Asia-based companies and their digital properties, mostly located in online gaming. Besides the original XOR crew, the malware has been used to build different botnet by multiple gangs and has even been used as the base for other Linux-based DDoSing malware. The BillGates malware is available for purchase on underground hacking forums, and it comes in the form of a “malware builder” which allows each crew to generate its own strand, that can run on different C&C servers. Last June , Akamai observed a similar spike in DDoS attacks coming from botnets built with the BillGates malware. Source: http://news.softpedia.com/news/ddos-attacks-with-billgates-linux-malware-intensify-502697.shtml
See the original article here:
DDoS Attacks With BillGates Linux Malware Intensify
Hacker Faces 10 Years for DDoS Attacks and Sex Toy Pranks in DOJ Crackdown
A nonymous’s repeated attacks on Donald Trump since December of 2015 have made hacker harassment a part of everyday conversation. Today, the United States Department of Justice handed down a sentence to a member of the Electronik Tribulation Army (ETA) that shows just how severe the punishment for those types of hacks can be. Benjamin Earnest Nichols, a 37-year-old ETA member from Oklahoma City, pled guilty to intentionally causing damage with a distributed denial of service (DDoS) attack on mcgrewsecurity.com in 2010. Nichols hasn’t been sentenced yet, but faces a maximum of 10 years in federal prison and a $250,000 fine. It’s the DDoS attack that put Nichols in court, but the list of other things he admits to doing range from costly to downright dirty: causing $6,500 in losses to McGrew Security because of a downed website, making disparaging remarks and insulting McGrew (owner of the attacked website and security service), photoshopping images of McGrew, and sending sex toys to McGrew’s home. The exact type of sex toys were not mentioned in the U.S. Attorney’s Office press release. Regardless, it’s the type of behavior hacking groups have made a name doing. It’s also behavior that the U.S. DOJ plans on stopping. McGrew became a target of the ETA because of his role in the arrest of Jesse McGraw, the leader of the hacker group, back in 2009. McGraw was arrested after he installed malware and a remote-access program on dozens of computers at the North Central Medical Plaza in Dallas. He planned to use the medical computers for a DDoS attack on a rival hacker group, but was stopped before anything came of his tampering. He was sentenced to nine years in federal prison in 2011. It was one of the first major cybercrime sentences given, and the hacking community still mentions the decision’s importance. After McGraw’s arrest, Nichols and two other ETA members turned their eyes on McGrew. “They set up a website in my name to pose as me, and put up embarrassing content or things they though would embarrass me, including a call-to-action to buy sex toys, and fake pornographic images,” McGrew told Wired in 2010. “They harvest email addresses from the university I work at and emailed it out to those.” McGrew was a key witness against McGraw, so the FBI got involved. They raided Nichols’ home because his actions were “affecting a potential witness in an official proceeding,” the search warrant affidavit read. The search warrant lists Nichols as going by the names “thefixer25,” ”fixer,” “fix,” ”c0aX,” and “ballsdeep.” Witness intimidation is a federal crime. The ETA responded by posting the following on its website: “On the 23rd of June 2010 the Federal Bureau of Investigation issued search warrants on ETA members. All their computers and electronic devices have been taken for forensic investigation…. We are not terrorists, we are freedom fighters and cyber protesting is not illegal.” Back in 2009, when McGraw was arrested, ETA members were hyper aware of how they could be next. When Nichols was asked if he was still in the ETA in an email from another member, he responded: “Right now admissal (sic) of any kind like that is certainly what some douchebag prosecutor would like. I cannot give you that answer when you ask me outright, however.” Nichols also said that he wiped his computers. Turns out he didn’t wipe them well enough, and can look forward to big time for his hacking crimes. It’s a message from the DOJ to the hacking community that it surely won’t ignore. Source: https://www.inverse.com/article/13891-hacker-faces-10-years-for-ddos-attacks-and-sex-toy-pranks-in-doj-crack
Read the article:
Hacker Faces 10 Years for DDoS Attacks and Sex Toy Pranks in DOJ Crackdown
Over half of companies feel investment in DDoS protection is justified
A quarter of all companies risk their business-critical systems due to a lack of anti-DDoS protection according to new research by Kaspersky Lab. It’s the kind of absence that can cause enterprises massive financial loss and reputational damage and, according to the research, more than half of companies feel that investing in protection against DDoS attacks is justified. About the same number of survey respondents from telecoms (82 percent) and finance (78 percent) think anti-DDoS protection is an important cyber-security requirement for infrastructure. Just shy of a quarter (24 percent) of respondents don’t use DDoS protection or only use it part of the time (41 percent). Only 34 percent of companies are fully protected against the threat. A majority of companies with no anti-DDoS protection are the ones attacked the most often such as media (36 percent), healthcare and education (both 31 percent). A quarter of companies stated that the stability of business-critical systems is a priority for their organisation, however only 15 percent plan to implement anti-DDoS protection in the near future. “It’s important to take DDoS attacks seriously as they can be just as damaging to a business as any other cyber-crime, especially if used as part of a bigger targeted attack. Organisations must understand that protection of the IT infrastructure requires a comprehensive approach and continuous monitoring, regardless of the company’s size or sphere of activity,” said Russ Madley, head of B2B at Kaspersky Lab. Source: http://www.scmagazineuk.com/over-half-of-companies-feel-investment-in-ddos-protection-is-justified/article/487567/
Read More:
Over half of companies feel investment in DDoS protection is justified
Novosti-Armenia and ARKA news agencies come Tuesday under heavy DDoS-attacks
The websites of Novosti-Armenia (newsarmenia.am) and ARKA (arka.am) news agencies came Tuesday under heavy DDoS-attacks, hampering access to these resources for half an hour. An inquiry found that the attacks were carried out from Russian IP addresses, but this does not mean that the order came from that country. The administrations of both websites have managed to eliminate the problem. DDoS attack is short for Distributed Denial of Service Attack. DDoS is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. There are two general forms of DoS attacks: those that crash services and those that flood services. The most serious attacks are distributed and in many or most cases involve forging of IP sender addresses so that the location of the attacking machines cannot easily be identified, nor can filtering be done based on the source address. Source: http://arka.am/en/news/technology/novosti_armenia_and_arka_news_agencies_come_tuesday_under_heavy_dddos_attacks/
Link:
Novosti-Armenia and ARKA news agencies come Tuesday under heavy DDoS-attacks
Notorious pro-US hacker Jester diverts DoS attack towards Israeli spy service Mossad
A high-profile US hacker has turned an attack on his website into an assault against the Israeli intelligence service. ‘The Jester’ – or th3j35t3r – claims that he diverted an attempt to overload his website to assault Mossad’s online presence. Haaretz reported that Jester’s website – jesterscourt.cc – was the victim of a denial of service (DoS) attack on the night of 1 April. In a tweet, Jester announced that he had diverted the hacker’s attack by simply changing the IP address his website was registered on. When asked why he picked Mossad by one of his 74,400 Twitter followers, Jester replied “Because they can look after themselves perfectly well.” On his blog, Jester claims to have used this technique before. In a post called Offensive Counter Measures – Be Like Water, Jester details the steps he took to divert another DoS attack, which he alleges was carried out by Anonymous, towards websites linked with the Occupy movement. According to Haaratz, Israel’s Information and Communications Technology Authority said Mossad’s website had not seen any irregularities or disruptions of service. At the time of writing, Mossad’s website was working, but IBTimes UK could not confirm whether it had suffered any downtime. However, The Jester’s website was not working. Anti-ISIS, anti-Anonymous Jester is one of the hacking community’s most high-profile members. What is a DoS attack? During a denial of service (DoS) or a distributed denial of service (DoS) attack, hackers attempt to overload a website’s connections by sending in data requests from multiple sources. Most often hackers use a ‘botnet’ – internet-connected PCs that are compromised by malware – to send in the requests to visit the site, without the users’ knowledge. The huge number of requests, which can reach thousands per second, overload the ability of a website’s server to respond, eventually causing an error message to appear instead of the site’s pages. Making a DDoS is relatively simple. Botnets are available to hire on websites not reachable via search engines (deep web) or on encrypted websites (the dark web). Jester’s career as a vigilante hacker appears to have started in 2010, when he claimed to have been involved in an attack on the Wikileaks website. That year, the New York Times reported Jester was a a former military contractor who had worked with US special forces. Since then, Jester has developed a reputation as a pro-US hacker vigilante and cybersecurity expert. Through writing his own blog on cybersecurity, he gives talks on the subject through text chat to keep his identity a secret, and is known for attacking websites linked to Hamas and Islamic State (Isis). Jester has also attacked websites used by the Occupy movement and Anonymous – whom he described as “pathetic terrorist sympathizing buttholes”. He claims to have caused more than 180 websites to go offline since 2010. Jester was listed as one of Time magazine’s “most influential people on the internet” in March 2015. Source: http://www.ibtimes.co.uk/notorious-pro-us-hacker-jester-diverts-dos-attack-towards-israeli-spy-service-mossad-1552895
Link:
Notorious pro-US hacker Jester diverts DoS attack towards Israeli spy service Mossad
Coinkite Is Closing Down Its Web Wallet Citing Legal and DDoS Issues
Coinkite, the popular wallet and hardware payment network service provider, has announced it is closing down its web wallet to focus on other projects after legal issues and DDoS attacks have impeded the use of the wallet. Hardware products focus After a noticeable lack in posting on their blog after incredibly frequent posting over the last three years, Coinkite CT r: 24 has announced it is shutting down its web wallet service. Users of the service need not worry about the hardware aspect of Coinkite, as that will remain unaffected, and the team in fact hopes to expand it. “We are winding down the web wallet part of Coinkite so that our team can focus on a number of new products that are more decentralized and embodied as hardware products. We’re still big Bitcoin fans, supporters and Hodlrs, and although Coinkite has been great adventure in the SaaS business, we want to spend more time where our heart is, hardware products, software-”not-as-a-service”, and other exciting new possibilities.” Under DDoS since the first month Coinkite cited the legal issues associated with being a centralized Bitcoin CT r: 8 service, and hence the financial strain brought about by lawyers, and non-stop DDoS-ing since launch for the closing down of the service. “Being a centralized bitcoin service does attract attention from state actors and other well funded pains in the butt, and as a matter of fact, we’ve been under DDoS since the first month we launched—over three years–yay. Plus we have put real fiat dollars into our lawyers’ pockets, to defend our customers from their own governments. This is not what we love to do, which is coding and delivering awesome services.” Programmers-turned-businessmen an issue Part of the issue in the cryptocurrency industry is that many of those who are choosing to create businesses in this newly-fledged sector, are fundamentally programmers, and as such are ill-equipped to deal with the likes of lawyers and regulators. The simple solution to this problem is greater co-operation between the financial industry and the cryptocurrency industry. The financial sector has been around for far, far longer than the cryptocurrency industry. It has the infrastructure, processes, and people already in place to deal with a lot of the issues facing these programmers-turned-businessmen, and if more startups are to succeed, they are going to need to implement them. Source: http://cointelegraph.com/news/coinkite-is-closing-down-its-web-wallet-citing-legal-and-ddos-issues
See the article here:
Coinkite Is Closing Down Its Web Wallet Citing Legal and DDoS Issues
Bitcoin Startup Quits Operation Due to Never-Ending DDoS Attacks
Bitcoin’s Secure Wallet Service Coinkite Inc. Closing Down due to never-ending DDoS Attacks and Governmental Nagging Bitcoin exchanges around the world face cyber attacks every now and then, some owners give up while some fight back . In the case of Bitcoin startup Coinkite Inc., it is now officially announced that its secure wallet service, which started in 2012, will be closed within the next 30 days. It has also been made clear that customers must withdraw funds from their wallets by the end of this period. If any of the users fail to do so then their Bitcoin will be automatically credited to them. Prior to closing down all of the services, its TOR accessibility and application program interface of Coinkite will be closed for 14 days while their annual pre-paid plans’ prorated balances will continue to be refunded. The startup was under DDoS attacks for last three years The company now aims to focus upon hardware-oriented products such as the upcoming physical Bitcoin project Opendime. It will be a full-fledged standalone Bitcoin terminal or hardware wallet that will be equipped with a printer as well as QR scanner. Moreover, the company will be focusing upon hardware products for security optimization and authentication, all-purpose standalone Bitcoin solutions and services for hosting Bitcoin hot wallets. Since its inception, Coinkite was marketed as the most convenient and secure way to accept and exchange Bitcoin, the digital currency. The company claimed that it provided users the world’s “most advanced web wallet system.” It was considered a system that empowered customers and merchants to “BUY, SELL, ACCEPT and STORE Bitcoins and other cryptocurrencies, in both the online and physical worlds.” Why is Coinkite Closing the Secure Wallet Service NOW? The decision apparently is the outcome of the constant harassment that the online Bitcoin wallet service has been dealing with. In a blog post , it was revealed by the company that they had been receiving Distributed Denial of Service or DDoS attacks constantly over the past three years. They also have become tired of the attempts by governmental agencies for interrupting into their clients’ privacy. The CEO of the company Rodolfo Novak told CoinDesk that they wanted to shift their focus from software to hardware because their meager resources were being drained further by the “bullshit” that they have been experiencing. “We want to write software, not deal with lawyers and DDoSing…One of the main issues with SaaS is all the free users and need support and we want to provide good support. All these things have costs,” clarified Novak. Source: https://www.hackread.com/bitcoin-exchange-ddos-attacks/
View article:
Bitcoin Startup Quits Operation Due to Never-Ending DDoS Attacks