Tag Archives: ddos-defense

Valve Reveals Details About Christmas Issues, Personal Info Was Shown, DDoS Attack Involved

Christmas is usually a very busy time for Valve because of the major sales that the company has a habit of running on the Steam digital distribution system, and this year the company had to deal with a set of problems linked to the service and with the way the user base perceived them as an attack that had the potential to affect their personal data. In a new official site article, the studio delivers more information about what happened on December 25, saying that between 11:50 and 13:20 Pacific Standard Time store page requests for around 34,000 users, containing personal information, were seen by others. Valve admits, “The content of these requests varied by page, but some pages included a Steam user’s billing address, the last four digits of their Steam Guard phone number, their purchase history, the last two digits of their credit card number, and/or their email address. These cached requests did not include full credit card numbers, user passwords, or enough data to allow logging in as or completing a transaction as another user.” The company also delivers an apology to all those affected by the Christmas problem . Despite the fact that some sensitive information was shared with others, the company makes it clear that users have to take no further action because the Steam system does not allow for it. This means that even if there are plans to work with a third-party company and contact those affected once they have been identified, no action on their part is required to make sure that the accounts are safe. Valve also explains that the problem was created because of a DDoS attack that combined with increased Winter Sale traffic to affect the caching of pages and forced the company to take down the store and deal with the problem. The company makes it clear that such attacks have not managed to break its security and are routinely dealt with. Steam continues to dominate PC digital distribution Valve needs to maintain its services as secure as possible to keep it in the lead on the PC and to continue offering players a wide variety of video games and some spectacular price cuts on special occasions. The Winter Sale is running at the moment, with more than 10,000 video games offered at reduced prices each day and a set of special trading cards that gamers can earn and use to tweak their profile. In late 2015 Valve also introduced the Steam machines, created in collaboration with a wide variety of partners, and the special controller, which offers plenty of new options for PC gamers who want to stay away from their monitors or share a couch with friends. In 2016, the company is planning to also enter the virtual reality space with Vive, which is created in partnership with HTC and does not yet have an official launch date or an attached price. The device was expected to arrive before the end of 2015, but Valve decided to delay it because of a major tech-related breakthrough that’s supposed to improve the user experience once the headset is commercially available. Source: http://news.softpedia.com/news/valve-reveals-details-about-christmas-issues-personal-info-was-shown-ddos-attack-involved-498289.shtml

More:
Valve Reveals Details About Christmas Issues, Personal Info Was Shown, DDoS Attack Involved

BBC reports on BBC tweet about BBC websites DDoS

The BBC’s website and iPlayer service went down on Thursday morning following a cyber attack causing widespread panic on social media A BBC Technology journalist later posted an article on their website saying a “large web attack” had “knocked” their websites offline. Sources within the BBC said the sites were down “thanks to what is knows as a ‘distributed denial of service’ attack”. A National Crime Agency spokesperson said: “DDOS is a blunt form of attack which takes volume and not skill. It’s a very basic attack tool. One analogy is too many people trying to get through a revolving door at the same time so that the door gets stuck.” Social media reaction to the trouble was swift. Many urged the BBC to get the site back up quickly and lamented how long it was taking to fix the technical trouble. Among the Twitter users to pass comment was Stephen Fry. Professor Tim Watson, Director of Cyber Security at the University of Warwick, said: “The BBC site will expect lots of traffic and they are a high profile target so you would expect them to have all kind of protection against a DDos attack. “They will be used to having lots of visitors but usually people visit the site at different times and are not repeatedly asking for lots of information. “The way a DDos attack works is by having control of thousands or millions of computers on a ‘botnet’ – so as people get their computers compromised by visiting websites or clicking on malicious links in emails, they can be remotely controlled and then coordinated to all visit a website at the same time. “So you can have millions of computers all making repeated visits to the same page over and over again and that is how you flood a website to the point where legitimate users can’t get access.” Professor Watson said there are a number of ways big corporations can protect against these kind of attacks but they are expensive. One way of protecting a site is to have something called “fat pipes” – very large data cables capable of dealing with incredibly high amounts of traffic – combined with really fast computers which can filter out anything like DDos traffic and re-route legitimate traffic back to the main website. But Professor Watson asked: “Is it a good used of licence payers’ money to have fatter pipes just on the off chance that one day someone might want to take down the BBC website with a DDos attack?” Cyver security expert Professor Alan Woodward, from the University of Surrey, said an attack like this needs a “degree of coordination”. He said: “I would have thought this could have been so-called hacktivists. The bbc has a large and sophisticated structure themselves and I know they have systems in place to mitigate it so it might have been slightly more than the usual DDoS attack. I cant see why a cyber criminal would do this, they do this for money, the only people who do this to make a point are hacktivists. “You have these groups who are doing this to make a point. Nation states often have the capability to do it. The motives tend to be where you have some group like these active hacker squad, phantom squad and lizard squad who do it.” An official BBC spokesperson said the corporation “are not discussing the causes” of the shutdown “or going into any further detail”. The BBC’s main website is the 89th biggest in the world, according to web analytics firm Alexa, and is the seventh-ranked site in the UK. Twitter goes into meltdown As BBC technicians frantically attempted to work out how to get their website back up and running, Twitter users had a lot of fun as #BBCDown began trending. The corporation apologised for the inconvenience on a number of Twitter feeds, blaming the website and its iPlayer services going down for over an hour on a “technical issue”. It later emerged the corporation had suffered a DDoS – a distributed denial of service – attack. Source: http://www.telegraph.co.uk/news/bbc/12075679/BBC-website-crashes-and-Twitter-goes-into-meltdown.html

Excerpt from:
BBC reports on BBC tweet about BBC websites DDoS

Linode Hit by DDoS Attacks

Cloud hosting company Linode has suffered a series of service interruptions due to distributed denial-of-service (DDoS) attacks launched against its infrastructure over the past few days. The campaign started on December 26 when the company reported that DDoS attacks had disrupted the Linode Manager and its website. On the same day, the attackers also targeted Linode’s DNS infrastructure, and the company’s data centers in Dallas, Atlanta, London and Newark. It took roughly 2-3 hours for Linode’s systems and network engineering teams and the company’s upstream providers to mitigate the attacks. On December 27, DDoS attacks were reported at the data centers in Atlanta, Newark, and London. Linode’s service status page shows that it took the company nearly four hours to mitigate the attack against the London datacenter, while network connectivity was restored in one hour, respectively two hours, in Atlanta and Newark. The attacks against various components of Linode’s infrastructure continued on Monday and Tuesday. In the early hours of Wednesday, shortly after announcing that a DDoS attack affecting Linode’s website had been mitigated, the company reported seeing continued attacks disrupting access to its web services. The latest update indicates that the Dallas data center was again targeted recently, causing packet loss. Kaspersky Lab reported in November that in the third quarter of 2015, Linux-based botnets accounted for nearly half of the total number of DDoS attacks. The most notable was the XOR botnet, which malicious actors leveraged to launch attacks that peaked at more than 150 Gbps. A Kaspersky report released in December showed that almost half of the organizations hit by DDoS attacks actually claimed to know the identity of the attackers. The study is based on information from more than 5,500 companies across 26 countries. Source: http://www.securityweek.com/linode-hit-ddos-attacks

Visit site:
Linode Hit by DDoS Attacks

Rutgers University Suffers Sixth DDoS Attack This Year

Three cyber-security firms could not handle the attack Rutgers University’s IT department has managed to restore all services after a large-scale DDoS attack kept some of its systems down for four days between December 24 and December 28. This is not the first time Rutgers University has been hit with a DDoS attack, having already reported on a similar incident back at the end of September . Earlier this year, at the end of March and start of May, university staff also suffered four similar attacks, with the longest one lasting for five full days. Sixth time this year, nobody has claimed responsibility yet The first five attacks were claimed by a hacker that went by the name of Exfocus, who admitted in an interview that he was hired via an underground forum to carry out the DDoS bombardment, and later paid in Bitcoin. Unlike in the case of the first five attacks, Exfocus has not come forward to claim responsibility. The Rutgers IT staff said the attack targeted the sakai.rutgers.edu URL, the University’s Sakai portal. Sakai is an open source, self-hosted Java-based course learning environment used primarily by academic institutions. The DDoS attack did not affect student activities since students are away for Christmas break, which started on December 24 and will end on January 5. A $3 million investment in IT security systems did not help at all Last August, Rutgers management spent $3 million / €2.67 million on security measures to bolster their online platform. According to NJ.com, the University hired three cyber-security firms. The unplanned investment was motivated by the March and May attacks. Despite this, the University’s DDoS mitigation provider has failed to live up to its job, both in September and in this most recent four-day-long attack. In his interview, Exfocus said that he controlled a botnet of 85,000 machines, and was able to launch DDoS attacks of around 25 Gbps, which is considered to be of a medium scale. The proper law enforcement agencies have been notified of the attack. Softpedia has reached out to Exfocus on Twitter. We’ll update the article if we uncover any new information. Source: http://news.softpedia.com/news/rutgers-university-suffers-sixth-ddos-attack-this-year-498229.shtml

See more here:
Rutgers University Suffers Sixth DDoS Attack This Year

Massive DDoS Attacks of Over 1 Million Queries Per Second Threaten Root Servers That Support The Global Internet

Today, we share a blog post from Looking Glass’ Director of Product Management, Patrick Lynch, as he discusses distributed denial of service (DDoS) attacks on DNS root servers. On Nov 30 and again on Dec. 1, massive DDoS attacks against several Internet based DNS root servers with volumes of over 1 million queries per second threatened the global Internet. There is speculation that the attack was initiated by ISIS (here). Not only is this a risk to the Internet as a whole, but also impacts the Internet Service Providers (ISPs) that are the unfortunate middle link in the attack and whom the majority of Internet access depends on. Although the target was the DNS root servers, the intermediate ISPs probably were more severely impacted by the sudden spike in the traffic load due to the relationship between DNS authoritative and recursive servers. Verisign provided additional information showing why the source IPs were spoofed, and the root servers’ users group also published some information. Arstechnica also has a description of the event. There are a number of actions that are available to an ISP that mitigate both the attacks on the DNS root servers, and on the ISP itself: Ingress filtering by source IP address – Routers can enforce BCP38 that only allows traffic to originate with source IP addresses that are valid for that ISP. This will also prevent source and destination addresses from being the same. If Ingress filtering is not practical, then having a DNS firewall will provide similar capabilities to ingress filtering as well as additional capabilities such as: Only allow queries from allowed IP ranges Rate limit queries by source IP or destination IP to prevent volumetric attacks Rules that prevent DNS responses (as opposed to queries) going to the root servers When an upstream DNS server is busy (as in a DDOS attack), automatically generate a server unavailable error and do not add to the DDOS attack Securing DNS is challenging given the nature of the protocol and the fact that the DNS ports must be left open to ensure continuous delivery of DNS services to Internet attached devices. Source: https://lgscout.com/massive-ddos-attacks-of-over-1-million-queries-per-second-threaten-root-servers-that-support-the-global-internet/

Turkish banks & government sites under ‘intense’ DDoS attacks on Christmas holidays

Turkey is suffering from a wave of cyber-attacks on financial and government websites which intensified over Christmas, resulting in the temporary disruption of credit card transactions. A video released this week and attributed to Anonymous vowed retribution for Ankara’s alleged ties with ISIS. The attacks on Turkish servers have been persistent in recent weeks, but on Christmas day Turkish banks suffered a website outage and reportedly saw sporadic disruption to credit card transactions. Isbank, Garanti and Ziraat Bank were among the targets, local media reported. “It is hard to determine where these attacks are coming from, with detailed work it will be understood whether these attacks are carried out by hackers or by certain groups” said the Minister of Communications Binali Yildrim. The DDoS attacks on Turkey’s “.tr” domain, Yildrim said were “serious” as they include domains of ministries, banks, and the military. The ministry asked Ankara’s Middle East Technical University (ODTU), which operates the “.tr” domain to step up security measures. ODTU’s analysis said that the attacks are coming from “organized sources” outside Turkey. Turkish Telecom, in a statement to Hurriyet daily, said that they are now on “24/7 defense” as they acknowledged facing “thousands of attacks.” Most Turkish institutions use Turk Telekom as their service provider. “The attacks are serious,” a spokesman for internet provider Turk Telekom, Onur Oz, told Reuters. “But the target is not Turk Telekom. Instead, banks and public institutions are under heavy attack.” The banking sector is one of the fastest growing areas of online services in Turkey and equates roughly to 1.5-2 billion transactions daily, according to Hurriyet. More than 85 percent of daily banking transactions in Turkey are carried out on digital platforms. “These attacks began two weeks ago but have intensified over the past two days,” said Burak Atakani, a network specialist from Istanbul Technical University. Some Turkish media outlets have speculated that the cyber-attacks might have been launched by Russia in retaliation to the downing of a Russian bomber by a Turkish fighter jet late in November over Syrian airspace. Meanwhile in a video, released this week allegedly by hacktivist collective Anonymous, hackers promised to take on the Turkish government over its alleged shady deals with Islamic State (IS, formerly ISIS/ISIL) terrorist organization. Anonymous especially threatened to bombard the banking sector. “Turkey is supporting Daesh [the Arabic name for IS] by buying oil from them, and hospitalizing their fighters. We won’t accept that [Recep Tayyip] Erdogan, the leader of Turkey, will help [IS] any longer,” says a video message from the group. “We will continue attacking your internet, your root DNS, your banks and take your government sites down. After the root DNS, we will start to hit your airports, military assets and private state connections. We will destroy your critical banking infrastructure.” Special Cyber government security units within the Information and Communication Technologies Authority (ICTA) and the Telecommunications Directorate (TIB) have been deployed to stop the attacks. “Turkey is not in a position to be powerless in the face of these attacks,” said Customs and Trade Minister, Bulent Tufenkci. “I think that we’ll have necessary response.” Source: https://www.rt.com/news/327119-turkey-banks-cyber-attacks/

Anonymous Claims Responsibility For 40 Gbps DDoS Attack on Turkish Servers

The online hacktivist Anonymous has claimed the responsibility for a massive 40Gbps DDoS attack on Turkish DNS Servers under NIC.tr — The reason behind the attack is that Turkey is allegedly supporting and aiding the Daesh or ISIS/ISIL terrorist group. In a video uploaded by Anonymous, the hacktivists said that their attack on Turkish servers was part of their ongoing operation #OpISIS. According to the video message, “We won’t accept that Erdogan, the leader of Turkey, will help ISIS any longer. The news media has already stated that Turkey’s Internet has been the victim of massive DDOS attacks . This lead Turkey to shut down it’s internet borders and deny anybody outside the country to access Turkish websites.” The hacktivists also warned the government that if Turkey didn’t stop aiding Daesh or ISIS the attacks will continue and target airports, banks, government and military servers. “If you don’t stop supporting ISIS, we will continue attacking your internet, your root DNS, your banks and take your government sites down. After the root DNS we will start to hit your airports, military assets and private state connections. We will destroy your critical banking infrastructure. Stop this insanity now Turkey. Your fate is in your own hands,” said Anonymous. The cyber attack on Turkish root DNS servers took place last week which forced 40,000 .tr domains to go offline. Though the targeted domains were back online they same day however the accesses to those sites was kept limited. The state of Turkey has been accused of aiding and buying oil from the Daesh terrorist group. Some also accuse Turkey of being a safe passage for the groups recruitment in Syria. Source: https://www.hackread.com/anonymous-40-gbps-ddos-attack-on-turkish-servers/

More:
Anonymous Claims Responsibility For 40 Gbps DDoS Attack on Turkish Servers

Hacker squad plans DDoS attacks on PlayStation Network, Xbox Live this Christmas

Hacker group Phantom Squad plans to shut down Xbox Live and PlayStation Network on Christmas. Forget the Grinch, there’s someone else who wants to steal Christmas. Phantom Squad, an online hacker group, has threatened to shut down Xbox Live and the PlayStation Network this Christmas by unleashing a series of DDoS (distributed denial of service) attacks — coordinated barrages of falsified incoming server traffic that causes the system to crash. DATA BREACHES AND CYBERATTACKS IN 2015 “We are going to shut down Xbox Live and PSN this year on Christmas,” the hackers tweeted. “And we are going to keep them down for one week straight. #DramaAlert.” We are going to shut down Xbox live and PSN this year on christmas. And we are going to keep them down for one week straight #DramaAlert — Phantom Squad (@PhantomSqaud) December 9, 2015 This could cause a big problem, because a lot of people are expecting to receive new gaming consoles on Dec. 25. If Phantom Squad is successful, this would be the second year in a row that these gaming networks go offline. Last year, the infamous hacker group Lizard Squad took credit for shutting down Xbox Live and PSN for two days. The group demanded more retweets and Twitter followers in exchange for restoring the servers. Phantom Squad, which said it has no relation to Lizard Squad, claims they’ve previously performed smaller outages on the gaming community servers, as well as other website such as Reddit. The group also explained in a tweet why it is that they perform these attacks. “I get asked a lot on why we do this? Why do we take down PSN and Xbox Live?” the tweet reads. “Because cyber security does not exist.” Sony and Microsoft have both received a series of attacks over the past year, but it’s still unknown what tactics they’ve developed to try and avoid these issues. Kim Dotcom, the infamous Internet entrepreneur behind Megeupload, has warned Sony and Microsoft that the attack could be avoided if they update their servers. “Warning @Sony & @Microsoft. You had 1 year to upgrade your networks. If Lizard Squad takes down PSN & XBOX this Xmas, we’ll be pissed! RT!,” Dotcom tweeted. Dotcom, who is also a gamer, helped stop last year’s attack by promising the hackers 3,000 accounts on his encrypted upload service Mega. While Sony and Microsoft work on strengthening their servers, people who bought a console as a gift this Christmas can unbox it, plug it in, and download all the updates as soon as they buy it. This process will let them at least play games offline on Christmas. Otherwise, if the hackers release a DDoS attack, the console will be useless without being powered on and updated. Source: http://www.nydailynews.com/news/national/hackers-plan-ddos-attack-psn-xbox-live-christmas-article-1.2467876

Link:
Hacker squad plans DDoS attacks on PlayStation Network, Xbox Live this Christmas

Moonfruit takes down thousands of sites after a DDoS attack

Moonfruit, a free website builder, has taken thousands of business and personal websites offline following a distributed denial of service (DDoS) attack. The company’s users are disappointed by the slow pace at which it has communicated the problem, and the way it’s being handled. The company said it had been threatened with a cyber-attack and had decided to make its customers’ websites unavailable for “up to 12 hours” to make infrastructure changes. In a statement on the Moonfruit website it was said that the company was actually attacked by a hacker group called the Armada Collective, which DDoSed the site for about 45 mintes. One business owner told the BBC it was “very bad timing”. Film-maker Reece de Ville said: “They have been slow to communicate via their website what is going on.” “I’m going to have hundreds of people finding my site today but not being able to access it. I could be losing out on a lot of money from potential clients, and they may not come back if they think the company has gone. It’s incredibly bad timing, especially for businesses selling Christmas cards and gifts on their website.” In an email to its customers, the company apologised for giving them “short notice” that their websites would be offline. “We have been working with law enforcement agencies regarding this matter and have spared no time or expense in ensuring we complete the work as quickly as possible,” the company’s director, Matt Casey, said in the official statement. Industry reaction Ron Symons, regional director at cyber security specialist A10 Networks said: “Moonfruit has responded in the best possible way to this threat by taking its services offline. As the attack it suffered last week shows, distributed denial of service (DDoS) is extremely difficult to prevent. More worryingly, DDoS attacks frequently act as smokescreens hiding more invasive attacks as hackers exploit unguarded system backdoors to steal sensitive data. “By making this bold decision to pre-empt another incident, Moonfruit stands a much better chance of protecting its clients’ private data. The shutdown may be inconvenient now, but by ensuring its infrastructure is equipped to deal with today’s increasingly powerful cyber attacks Moonfruit is acting in the best interests of those using its services.” SEE ALSO: Throwback Thursday: Why Apple is called Apple Dave Larson, Chief Operating Officer at Corero Network Security said: “Unfortunately, the sheer size and scale of hosting or data center operator network infrastructures and their massive customer base presents an incredibly attractive attack surface due to the multiple entry points and significant aggregate bandwidth that acts as a conduit for a damaging and disruptive DDoS attack. “As enterprises of all sizes increasingly rely on hosted critical infrastructure or services, they are placing themselves at even greater risk from these devastating DDoS attacks – even as an indirect target.” Source: http://www.itproportal.com/2015/12/14/moonfruit-takes-down-thousands-of-sites-after-a-ddos-attack/#ixzz3uLEOSJCP

Visit site:
Moonfruit takes down thousands of sites after a DDoS attack

Cyber criminals not to blame for all DDoS attacks, study shows

There is a real concern that many companies are being affected by the DDoS attacks commissioned by competitors, according to Kaspersky Lab Distributed denial of service (DDoS) attacks are associated with criminal activity, but not all those behind DDoS attacks are cyber criminals, research has revealed. Nearly half of more than 5,500 companies polled in 26 countries claimed to know the identity and motivation behind recent DDoS attacks, and 12% named competitors as the most likely culprits. This suspicion increases in the business services industry, with 38% of respondents in this sector believing their competitors were behind a DDoS attack, according to a survey by Kaspersky Lab and B2B International. However, 18% attributed recent DDoS attacks to criminals seeking to disrupt or distract while another attack took place; 17% to criminals seeking to disrupt their services for a ransom; 11% to political activists; and 5% to state-sponsored activities. The most popular motivation for the attacks is believed to be a ransom, cited by 27% of respondents in the manufacturing and telecoms sectors. “DDoS attacks are no longer just about cyber criminals seeking to halt a company’s operations,” said Evgeny Vigovsky, head of DDoS protection at Kaspersky Lab. “Businesses are becoming suspicious of each other, and there is a real concern that many companies – including small and medium ones – are being affected by the underhanded tactics of their competitors, which are commissioning DDoS attacks directly against them, damaging their operations and reputation,” he said. In the light of this trend, Vigovsky said all businesses should remain vigilant and fully understand the repercussions of a DDoS attack in terms of the potential financial and reputational damage. “It is wise not to pay a ransom, or to fall victim to cyber criminals or competitors. Ensure that you have the appropriate security measures in place to help manage the increased risk posed to your business from DDoS attacks,” he said. Looking ahead to 2016, security firms expect to see an increase in the tactic of using DDoS attacks to distract companies from other, more damaging malicious activity on their networks, such as data theft. The use of DDoS, or the threat of DDoS attacks, as a way of extorting money is also expected to continue and increase in the coming year. According to the study, 20% of companies with 50 employees or more reported that they have been the victim of at least one DDoS attack, with companies in the telecoms, financial services and IT sectors the most likely to be targeted. The study also revealed that 50% of DDoS attacks led to a noticeable disruption of services; 26% led to the loss of sensitive data; 24% led to services being completely unavailable; and 74% led to a noticeable disruption of service, which coincided with a different type of security incident, such as a malware attack, network intrusion or other type of attack. According to Kaspersky Lab, the average cost for recovering from a DDoS attack for companies of more than 1,500 employees is $417,000, and $53,000 for small and medium businesses (SMBs). Yet 56% of those polled thought that spending money to prevent or mitigate DDoS attacks in future would be worth the investment, 53% said their organisation knew how to mitigate or prevent DDoS attacks, and only 52% felt well-informed about DDoS attacks. Despite the cost and complexity of dealing with DDoS attacks, the Kaspersky Lab research said the average financial damage of a DDoS attack is significant, especially for SMBs, and is definitely higher than the cost of a service designed to reduce the effect of such attacks. “DDoS prevention is almost always a third-party service, and outsourcing this trouble to experts not only reduces the damage but also frees up IT personnel to deal with a probable complementary attack on a company infrastructure, which will have much worse consequences,” the report said. Source: http://www.computerweekly.com/news/4500260544/Cyber-criminals-not-to-blame-for-all-DDoS-attacks-study-shows

Taken from:
Cyber criminals not to blame for all DDoS attacks, study shows