Tag Archives: ddos-defense

15-Year-Old Brit Charged with DDoS Attacks, Bomb Threats

British police have arrested and charged a 15-year-old teenager from Plympton, Plymouth. The boy was taken into custody at his parents’ house on Monday, November 16. According to police reports, the teen hacker launched several DDoS attacks from his home against companies and servers in Africa, Asia, Europe, and North America. Additionally, the hacker also made several bomb threats against North American airlines. He used social media to deliver his warnings. Because he’s a minor, the Devon & Cornwall Police did not reveal his name, but the youngster was freed on bail by his parents and will face a judge before Plymouth Youth Court on Friday, December 18. Official charges have been brought against the teenager under the Section 51 of the Criminal Law Act (two offenses for the bomb threats) and Section 3 of the Computer Misuse Act (three offenses for the DDoS attacks). Previously, UK police had arrested several teens in connection with the high-profile TalkTalk data breach . This is an unrelated case but still raises questions about the UK youth’s predilection to cyber-crime. With so many hacking tools available online, many teens find it extremely easy to launch large-scale attacks on “anyone who annoys them.” Things may have been made worse yesterday, when, in an attempt to increase attacks on ISIS members, the Anonymous hacktivism group published a noob’s guide to hacking . Source: http://news.softpedia.com/news/15-year-old-brit-charged-for-ddos-attacks-bomb-threats-496420.shtml

More:
15-Year-Old Brit Charged with DDoS Attacks, Bomb Threats

Hacktivists claim ISIS terrorists linked to Paris attacks had bitcoin funding

Anti-ISIS hackers claimed to have detected indicators of an impending attack on Paris as well bitcoin funding, a wallet with over $3 million, used by ISIS militants. During Dateline coverage after the terrorist attacks on Paris, Lestor Holt asked, “Does this change the game in terms of intelligence?” Andrea Mitchell replied, “It does,” before discussing how intelligence missed any type of communication regarding the coordinated attacks. She added, “There’s such good surveillance on cell phones and there’s such good communications ability by the intelligence gathering in Europe, especially in France, especially in Great Britain and in the United States. So they may have been communicating via social media or through codes. And that’s the kind of thing that is very concerning to U.S. intelligence.” After the Charlie Hebdo massacre, France passed an “intrusive” surveillance bill, granting the government the power “to wiretap communications, install secret surveillance cameras and sweep up metadata.” That didn’t stop the horrific attacks on Paris, aka “Paris’ 9/11,” and more ubiquitous and invasive surveillance is not the answer. Matthew Williams, a researcher of computational criminology at Cardiff University in Wales, told Mic that “picking out singular acts of crime or terror from an indiscriminate pile of civilian noise is all but impossible.” Ghost Security Group detected indicators of attack on Paris Even with all the surveillance, intelligence groups again missed indicators of a credible terrorist attack. Yet in an interview with NewsBTC, a member of the hacktivist group “Ghost Security Group” claims it “did detect several indicators of an attack impending and are currently in the process of collecting valuable evidence for United States government officials.” ISIS and bitcoin funding DW (Deutsche Welle) previously reported that the Islamic State is experimenting with currency, specifically gold and bitcoin. One bitcoin wallet received around $23 million in a month; anti-ISIS hackers from GhostSec followed a chain of transactions to another wallet with over $3 million in bitcoins. Ghost Security Group confirmed to NewsBTC that ISIS is “extensively using bitcoin for funding their operations” and that the group has “managed to uncover several bitcoin addresses used by them.” Furthermore, bitcoin is “their prime form of cryptocurrency.” No evidence was given, such as the bitcoin wallet address, as the hackers “cannot go into more detail at the moment on current investigations.” GhostSec Background GhostSec (Ghost Security), a hacktivist group which is an offshoot of Anonymous, has been attacking thousands of ISIS social media accounts and public websites since early this year. The group is not alone; in February, Anonymous and the Redcult Team called ISIS a virus that it planned to cure during Operation ISIS (#OpISIS). A GhostSec spokesperson claimed that ISIS, ironically, has been using Google and Amazon Web Service to avoid U.S. and international intelligence agencies and to shield itself and its websites from being hacked by Ghost Security Group; the latter has been credited with stopping terrorist attacks. DigitaShadow, executive director of the Ghost Security Group, told IBTimes UK, that the group discovered terrorist threats against Tunisia in July, and also uncovered evidence that foiled a terrorist attack in New York on July 4. The hacktivist group has also been credited with discovering and reporting other credible extremist threats. GhostSec keeps a running tally of Twitter IDs reported, server IPs reported to host extremist content, Facebook, Tumblr, YouTube and other common sites as well as “uncommon sites” that have been reported as being dedicated to extremist causes and “could/should be targeted and brought down.” It also has a way to submit potential terrorism-related content and other tools. The hacking group has targeted and bypassed CloudFlare “to determine the actual website that they need to attack to takedown the actual website.” Ghost Security Group Ghost Security reportedly formed earlier this year after the terrorist attacks against Charlie Hebdo offices in Paris. Earlier this month, Ghost Security Group split (pdf) from “Ghost Security.” Ghost Security Group is a counter terrorism network that combats extremism on the digital front lines of today utilizing the internet and social media as a weapon. Our cyber operations consist of collecting actionable threat data, advanced analytics, offensive strategies, surveillance and providing situational awareness through relentless cyber terrain vigilance. The newly formed Ghost Security Group (GSG) said (pdf) it “needed to address some misapprehensions concerning our group. Much of that stemmed from our uses of menacing graphics which resemble logos used by illicit cyber networks. Perceptions matter and all of that was undermining our abilities to cultivate relationships with officials who now recognize our capabilities to add value to counter terrorism initiatives.” The new group has a new website that has a more corporate-like appearance, while Ghost Security uses the older .org website. Ghost Security Group added (pdf): The group’s new trademarked look discards the hoodies and Guy Fawkes masks so often associated with publicity stunts and distributed denial-of-service (DDoS) attacks on government, religious, and corporate websites in favor of pristine, white graphics devoid of any reference to illegal activities. Part of the transition has included discarding their old brand and website, www.GhostSec.org , which are now used by former group members who have a different philosophy and approach to combating ISIS online. Ghost Security Group has 12 core members, some of whom work “16 hours a day … and 7 days a week nonstop” to identify surface-level and hidden Deep Web sites that are suspected to be related to the Islamic State; the group receives tips from volunteers and part-time helpers. Foreign Policy reported the group receives 500 tips every day. Data-mining, identity stitching, email monitoring, predictive analysis, social media surveillance, terrorism financing and social engineering are but some of the things listed among GSG’s counter surveillance capabilities. Some members of the small group of terrorist hunters have “ex-military or cybersecurity backgrounds.” GSG said it “monitors over 200 known violent extremist websites for actionable threat data and analysis;” it has “identified and terminated over 100,000 extremist social media accounts that were used primarily for recruitment purposes and transmission of threats against life and property.” It is GSG that claims to have detected indicators of the attack on France. Can you believe that? Michael Smith, co-founder of Kronos Advisory and an advisor to U.S. Congress, forwards about 90% of GhostSec’s leads to the FBI. Even retired Gen. David Petraeus, formerly head of the CIA, told Foreign Policy, “[Smith] has shared with me some of the open source data he has provided to various U.S. agency officials, and I can see how that data would be of considerable value to those engaged in counter-terrorism initiatives.” Regarding ISIS and bitcoin funding, one unnamed GSG hacker said, “Most of the Bitcoin funding sites utilized by the Islamic State are on the deep web and we have managed to uncover several and successfully shut them down in order to limit the funding extremists receive through the use of cryptocurrencies.” The feds claim encryption is a terrorist’s tool, so hopefully the horrible attacks on Paris won’t add fuel to their encryption-is-evil claims. In the same way that all encryption is not bad, bitcoin is not used exclusively by terrorists; hopefully the ISIS-bitcoin-funding issue won’t take a twist and lead to the bashing of cryptocurrencies or a push for more surveillance laws. If you like the idea of cyber vigilantes going after ISIS instead of the government, and if you want to help stop ISIS and other extremist groups, GSG said to report “suspicious activities.” Tips go through a “rigorous review process before a website is cleared for termination.” Every potential “target is reviewed by five members – often including a native Arabic speaker – and ranked by level of threat.” When “asked if their destruction of Islamic State websites sets a bad precedent for freedom of speech online,” GSG’s @DigitaShadow answered: “No. Free speech isn’t murder.” Source: http://www.networkworld.com/article/3005308/security/hacktivists-claim-isis-terrorists-linked-to-paris-attacks-had-bitcoin-funding.html

Continue Reading:
Hacktivists claim ISIS terrorists linked to Paris attacks had bitcoin funding

Security blogger Graham Cluley’s website suffers DDoS attack

A distributed denial-of-service attack (DDoS) is a cheap but effective way to take out your target’s website by flooding it with so much traffic that the web server becomes overwhelmed and the website crashes. There are those who use DDoS attacks as a kind of online protest, such as hacktivist groups like Anonymous. Then there are those who do it to “amuse” themselves, like the Lizard Squad who took out Playstation and Xbox servers on Christmas Day last year. And then there are other DDoS attacks that come from cybercriminals who don’t care about politics or hijinks – they just want money. Recently a cybergang calling itself the Armada Collective has been attempting to extort money from victims by threatening DDoS attacks unless a ransom is paid in bitcoins. One Swiss company, the encrypted webmail provider ProtonMail, recently paid $6000 in bitcoins after receiving a ransom from the Armada Collective, it said. The site was still DDoSed. And now, the latest site to fall victim to a DDoS attack is that of former Naked Security writer Graham Cluley. We don’t know why Graham was targeted, but on Twitter he noted that he didn’t receive a ransom demand, so it must have been “personal.” Unfortunately, it doesn’t take much skill to launch this kind of attack. Anybody with a little bit of money and the will to wreak havoc can launch DDoS attacks with simple DDoS-for-hire web tools that harness armies of zombified computers to bombard your website with thousands or millions of illegitimate web requests. DDoS attacks are simple but destructive – if your website goes down for any period of time, your customers can’t get through and you end up losing new sales, losing customers, or missing out on ad revenue, depending on what your website’s purpose is. In Graham’s article about how ProtonMail initially caved to the extortion demands, but then had a change of heart, Graham wrote something very sensible about how we should treat extortionists, blackmailers and ransom-takers: No-one should ever pay internet extortionists. For those who receive a ransom demand, it might seem like a few thousand dollars is a fair price to pay when your customers are complaining they can’t access your services, and your business is hurting. But if we pay the extortionists’ demands, that will only give them more reason to do it again. Source: http://www.mysec.hu/magazin/kuelfoeldi-hirek/20413-security-blogger-graham-cluley-s-website-suffers-ddos-attack

Continue reading here:
Security blogger Graham Cluley’s website suffers DDoS attack

ProtonMail comes back online, shores up DDoS defenses

ProtonMail, the Switzerland-based encrypted email service, has found its footing again after a wild ride over the past week. The free service has said it was hit by two different groups using distributed denial-of-service attacks (DDoS) that took it offline. Now it has partnered with Radware, which offered its DDoS mitigation service for a “reasonable price,” allowing service to resume, ProtonMail wrote in a blog post on Tuesday. “The attackers hoped to destroy our community, but this attack has only served to bring us all together, united by a common cause and vision for the future,” the company wrote. The first group of attackers, which call themselves the Armada Collective, asked ProtonMail for a ransom in bitcoin before launching attacks early on Nov. 4. The Swiss Governmental Computer Emergency Response Team warned in September about blackmail attempts by the Armada Collective. They tend to launch a demo attack while demanding 10 or 20 bitcoins, and larger attacks follow if the ransom isn’t paid. Controversially, ProtonMail paid the ransom. The company wrote in a blog post that it was under pressure from other companies to pay it in order to stop the attacks. However, ProtonMail later edited the blog post, writing that paying “was clearly a wrong decision so let us be clear to all future attackers – ProtonMail will never pay another ransom.” The second group’s attack on ProtonMail had wide-ranging effects on its service providers and other companies, which also were knocked offline. The 100Gbps-attack brought down ProtonMail’s ISP, including the ISP’s routers and data center. ProtonMail suspected that the second group might be state-sponsored hackers because of the severe damage inflicted. Bizarrely, the Armada Collective told ProtonMail it wasn’t responsible for the second set of attacks. By Sunday, ProtonMail began recovering. An ISP, IP-Max, set up a direct link from ProtonMail’s data center to a major Internet connection point in Zurich in less than a day, it wrote. Level 3 Communications lent a hand with IP transit. An appeal for donations to put in better protections against DDoS has netted $50,000 so far as well. ProtonMail’s service is free, but eventually it plans to introduce paid-for premium options. ProtonMail is now using Radware’s DefensePipe, a cloud-based service. Other companies, ProtonMail said, offered their services but “attempted to charge us exorbitant amounts.” ProtonMail offers a full, end-to-end encrypted email service and has more than 500,000 users. Although it has been possible to encrypt email for decades, interest has increased since documents leaked by former U.S. National Security Agency contractor Edward Snowden showed massive data-collection operations by western spy agencies. Source: http://www.pcworld.com/article/3004157/protonmail-comes-back-online-shores-up-ddos-defenses.html

See original article:
ProtonMail comes back online, shores up DDoS defenses

IPv6 And The Growing DDoS Danger

IPv6 and the Internet of Things have arrived — and with them an enormous potential expansion for distributed denial-of-service (DDoS) attacks. The number of connected devices is growing exponentially, with one billion new IoT devices expected to ship this year alone. As such, IPv4 addresses have been exhausted, but IPv6 is on deck to address this concern. The new system allows for 2^128 IP addresses (in comparison, IPv4 only carried 2^32 possible IP addresses). So everything is fine, right? Sadly, no. While IPv6 will certainly aid in accommodating the growth of new connected phenomena, such as the Internet of Things (IoT), adoption at the moment is slow. And because IPv6 occupies such a relatively small space, Internet security implementations that take it into full consideration are also lagging. This leaves a lot of networks vulnerable to distributed denial of service (DDoS) attacks. DDoS attacks occur when Internet hackers use infected hosts to control connected devices remotely and make unwilling devices (bots) send malicious traffic to their target of choice. The target organizations are flooded with traffic, thus restricting or disabling service for legitimate traffic, or crashing the victim network. The most recent Verizon Data Breach Investigations Report noted: “Distributed denial-of-service attacks got worse again this year with our reporting partners logging double the number of incidents from last year…We saw a significant jump in…attacks [that] rely on improperly secured services, such as Network Time Protocol (NTP), Domain Name System (DNS), and Simple Service Discovery Protocol (SSDP), which make it possible for attackers to spoof source IP addresses, send out a bazillion tiny request packets, and have the services inundate an unwitting target with the equivalent number of much larger payload replies.” While most DDoS attacks do not, at present, involve IPv6, both the number and size of these attacks are rising, and IPv6 brings with it particular vulnerabilities. According to a recent CNET article: “First, with the relatively immature network infrastructure, many network operators don’t have the ability to scrutinize network traffic well enough to distinguish DDoS attacks from benign traffic. Second, gateways that link IPv4 and IPv6 must store lots of ‘state’ information about the network traffic they handle, and that essentially makes them more brittle.” The Internet of Things is also adding to the threat, according to an InfoSec Institute report “Internet of Things: How Much are We Exposed to Cyber Threats? The report, published earlier this year, cited the possibility of cyber criminals stealing sensitive information by hacking or compromising IoT devices to run cyberattacks against third-party entities using routers, SOHO devices or SmartTVs. “IoT devices manage a huge quantity of information, they are capillary distributed in every industry,” the report noted, “and, unfortunately, their current level of security is still low.” And therein lies the nightmare scenario. We now have IPv6, accompanied by immature visibility tools; gateways between IPv4 and IPv6 that are brittle and precarious; and the unprecedented proliferation of relatively unsecure IoT devices, replete with those brand-spanking-new IPv6 vulnerabilities, all creating ubiquitous potential fuel for botnets. The reality is precisely as desperate as it sounds. The best course of action to prepare for an onslaught of DDoS attacks exploiting IoT and IPv6 adoption is to ensure that your enterprise network security system can support the many connections from so many more connected devices. Also ensure the IPv6 support is on par with the IPv4-based feature set. Most attacks are carried out over IPv4, and by shifting over to IPv6, the attacker could bypass the defenses that only inspect IPv4 traffic. Meanwhile, IPv6-specific attack vectors have been reported IPv6 and the IoT have arrived, and with them comes an enormous expansion in DDoS attack potential. Source: http://www.darkreading.com/attacks-breaches/ipv6-and-the-growing-ddos-danger/a/d-id/1322942

Visit site:
IPv6 And The Growing DDoS Danger

Hackers infect MySQL servers with malware for DDoS attacks

Hackers are exploiting SQL injection flaws to infect MySQL database servers with a malware program that’s used to launch distributed denial-of-service (DDoS) attacks. Security researchers from Symantec found MySQL servers in different countries infected with a malware program dubbed Chikdos that has variants for both Windows and Linux. Don’t count on your ‘plain vanilla’ resume to get you noticed – your resume needs a personal flavor to This Trojan is not new and was first documented in 2013 by incident responders from the Polish Computer Emergency Response Team (CERT.PL). At that time the malware was being installed on servers after using brute-force dictionary attacks to guess SSH (Secure Shell) login credentials. However, the new attacks observed by Symantec abuse the user-defined function (UDF) capability of the MySQL database engine. UDF allows developers to extend the functionality of MySQL with compiled code. Symantec believes that attackers exploit SQL injection vulnerabilities in order to inject malicious UDF code in databases. They then use the DUMP SQL command to save the injected code as a library file that is later executed by the MySQL process. The malicious UDF code downloads and installs the Chikdos Trojan, which allows attackers to abuse the server’s bandwidth for DDoS attacks. The Symantec researchers found MySQL servers infected with Chikdos in many countries, including India, China, Brazil, Netherlands, the U.S., South Korea, Mexico, Canada, Italy, Malaysia, Nigeria and Turkey. The largest concentrations were in India and China, 25 and 15 percent respectively. During their analysis the researchers saw the servers being used to launch DDoS attacks against a U.S. hosting provider and a Chinese IP address. The reason for targeting MySQL servers is likely because their bandwidth is considerably larger than that of regular PCs, making them more suitable for large DDoS campaigns, the Symantec researchers said in a blog post. To prevent such attacks, website owners should avoid running SQL servers with administrative privileges and should follow best programming practices for mitigating SQL injection vulnerabilities, they said. Source: http://social-media-news.com/link/907984_hackers-infect-mysql-servers-with-malware-for-ddos-attacks

Read this article:
Hackers infect MySQL servers with malware for DDoS attacks

TalkTalk DDoS Attack: Website hit by ‘significant’ breach

Police are investigating a “significant and sustained cyber-attack” on the TalkTalk website, the UK company says. The phone and broadband provider, which has over four million UK customers, said banking details and personal information could have been accessed. TalkTalk said potentially all customers could be affected but it was too early to know what data had been stolen. The Metropolitan Police said no-one had been arrested over Wednesday’s attack but enquiries were ongoing. TalkTalk said in a statement that a criminal investigation had been launched on Thursday. It said there was a chance that some of the following customer data, not all of which was encrypted, had been accessed: Names and addresses Dates of birth Email addresses Telephone numbers TalkTalk account information Credit card and bank details In the wake of the news, the company’s share price dropped by 10% in the first few hours after the London stock exchange opened at 08:00 BST. Cyber security consultant and former Scotland Yard detective Adrian Culley told BBC Radio 4’s Today programme that a Russian Islamist group had posted online to claim responsibility for the attacks. He said hackers claiming to be a cyber-jihadi group had posted data which appeared to be TalkTalk customers’ private information – although he stressed their claim was yet to be verified or investigated. Dido Harding, chief executive of the TalkTalk group, told BBC News the authorities were investigating and she could not comment on the claims. Cyber-attacks on consumer companies happen with mounting frequency, but TalkTalk’s speedy decision to warn all of its customers that their vital data is at risk suggests that this one is very serious indeed. We are being told that this was what’s called a DDoS – a distributed denial of service attack – where a website is hit by waves of traffic so intense that it cannot cope. What is not clear is why this would result in the loss of data rather than just the site going down. One suggestion is that the DDoS was a means of distracting TalkTalk’s defence team while the criminals went about their work. I’m assured that TalkTalk customers’ details, including banking information, were all being held in the UK rather than in some overseas data centre. What is less clear is the extent to which that data was encrypted. For TalkTalk, the cost to its reputation is likely to be very serious. Now it is going to have to reassure its customers that its security practices are robust enough to regain their trust. The TalkTalk website was now secure again and TV, broadband, mobile and phone services had not been affected by the attack, she added. The sales website and the “My account” services are still down but the company hopes to restore them on Friday. Ms Harding added: “It’s too early to know exactly what data has been attacked and what has been stolen,” she said. “Potentially it could affect all of our customers, which is why we are contacting them all by email and we will also write to them as well.” However, customers have expressed their frustration with what is the third cyber-attack to affect TalkTalk over the past 12 months. Sara Jones, from East Sussex, said she found out about the breach in the news. “I have not received a single piece of correspondence. The level of information is lacking. And to think this is Get Safe Online Week! “TalkTalk’s online advice is not proportionate to what has happened. Telling customers to “keep an eye on accounts” just does not cut it in terms of advice.” Daniel Musgrove, from Powys, said he had been unable to get through to TalkTalk customer services. “They may not get a payment for my next bill if they don’t get this sorted,” he added. In August, the company revealed its mobile sales site had been targeted and personal data breached. And in February, TalkTalk customers were warned about scammers who had managed to steal thousands of account numbers and names. The biggest risk is that customers’ details have been stolen and criminals try to impersonate them Dido Harding, TalkTalk group chief executive Ms Harding said: “Unfortunately cybercrime is the crime of our generation. Can our defences be stronger? Absolutely. Can every company’s defences be stronger? “I’m a customer myself of Talk Talk, I’ve been a victim of this attack.” What should you do if you think you’re at risk? Report any unusual activity on your accounts to your bank and the UK’s national fraud and internet crime reporting centre Action Fraud on 0300 123 2040 or www.actionfraud.police.uk TalkTalk is advising customers to change their account password as soon as its website is back up and running – expected to be later on Friday – and any other accounts for which you use the same password Beware of scams: TalkTalk will not call or email customers asking for bank details or for you to download software to your computer, or send emails asking for you to provide your password TalkTalk said it had contacted the major banks asking them to look out for any suspicious activity on customers’ accounts. It added that every customer would be getting a year’s free credit monitoring. Ms Harding said: “The biggest risk is that customers’ details have been stolen and criminals try to impersonate them.” Professor Peter Sommer, an expert an cyber security, said TalkTalk’s rapid growth could be to blame for the breaches. “They are acquiring more customers and each of those customers wants to do more things and so they have to increase their capacity… but that’s an expensive exercise,” he told the BBC. Source: http://www.bbc.com/news/uk-34611857

See the original post:
TalkTalk DDoS Attack: Website hit by ‘significant’ breach

UK e-tailers hit by suspected DDoS barrage

Scan Computers, Novatech and Aria Technology all encountered website disruption yesterday, with the latter confirming a Bitcoin-based DDoS attack was to blame. Aria Taheri, Aria’s eponymous boss, told CRN the firm’s website went down yesterday afternoon for a couple of hours as hackers sent an email demanding the payment of 16.66 Bitcoins (£2,871.43), otherwise they would try to bring the site down for the whole of Wednesday. Fellow e-tailers Novatech and Scan also took to Twitter to inform their customers that there had been problems with their sites, while CCL is another thought to have encountered issues. Scan Computers, Novatech and Aria Technology all encountered website disruption yesterday, with the latter confirming a Bitcoin-based DDoS attack was to blame. Aria Taheri, Aria’s eponymous boss, told CRN the firm’s website went down yesterday afternoon for a couple of hours as hackers sent an email demanding the payment of 16.66 Bitcoins (£2,871.43), otherwise they would try to bring the site down for the whole of Wednesday. Fellow e-tailers Novatech and Scan also took to Twitter to inform their customers that there had been problems with their sites, while CCL is another thought to have encountered issues. Novatech and CCL were unavailable for comment at the time of publication. Elan Raja III, Scan’s director, said: “Scan are aware there has been some disruption in traffic and is investigating the cause.” Taheri said he understood that the website disruption suffered by his competitors was caused by the same DDoS attack and believes other companies in his industry have also received ransoms for Bitcoins this week. Aria’s website was hit in a hack in February 2013 but caught the perpetrators last year after putting up a reward. Taheri is adopting the same tactic on this occasion, posting a £15,000 bounty ( pictured above ) for anyone who provides information to help police catch the hackers. He said the reward is much higher than the Bitcoin ransom because he wants to send a message to the hackers and due to the “principle” of the attack. He said he is not going to pay the ransom demanded as it would send out the wrong message. “These kinds of attacks are only designed to affect our website and make it inaccessible. However, [our customers’] information is 100 per cent secure as we are PCI DSS compliant which is quite a strict web-security protocol. Also, the website unavailability will last for only a short period – a matter of hours – so the customers can always come back at a later time. “We are not going to encourage more of these hackers by giving them Bitcoins, because that would only encourage others to come to us and blackmail us more. The message to the hackers is that I will spend a significant amount of money to bring them to justice. Our track record shows that we have done that before, and based on that track record I am fairly confident we can do that [again].” The attack the cybercriminals have threatened to carry out on Aria’s website tomorrow coincides with a “prime day” on which low prices are offered to customers, Taheri added. On the rise There has been a rise in the number of DDOS attacks demanding Bitcoin ransoms in recent months, with Bloomberg reporting that a cybercriminal group called DDoS for Bitcoin (Distributed Denial of Service for Bitcoin) – or DD4BC – blackmailed financial institutions by threatening to disrupt websites last month unless they paid Bitcoin ransoms. Taheri said the internet datacentre informed him that these kinds of attacks are “on the increase, and the frequency of it is going up at an alarming rate”. One source, who wished to remain anonymous, said the attack is similar to those launched by DD4BC, and could be from a group which is trying to emulate DD4BC. Source: http://www.channelweb.co.uk/crn-uk/news/2431257/uk-e-tailers-hit-by-ddos-barrage

Follow this link:
UK e-tailers hit by suspected DDoS barrage

Rossiya Segodnya Information Agency Suffers Major DDoS Attack

There was a major distributed-denial-of-service (DDoS) attack on Rossiya Segodnya International Information Agency resources, including the Sputnik website and newswire, the company’s IT department said Saturday. The attack restricted access to desktop and mobile versions of the Sputnik website. IT specialists managed to ensure the timely release of news pieces to the newswire clients. The agency’s press service said that IT specialists were working to establish the details of the attack that restricted access to desktop and mobile versions of the Sputnik website. “Rossiya Segodnya websites and mailing services were unavailable to users for two hours starting at 7:00 p.m. Moscow time [16:00 GMT],” the press service said. DDoS attacks are caused by a large number of Internet users or software simultaneously sending requests to a website until it exceeds its capacity to handle Internet traffic. The Sputnik site was unavailable for almost two hours. Source: http://sputniknews.com/art_living/20151017/1028682238/sputnik-ddos-attack.html

More:
Rossiya Segodnya Information Agency Suffers Major DDoS Attack

Android Devices Affected By LTE Security Flaw, Could Result in DDoS Attacks

Android users running AT&T and Verizon networks may be susceptible to distributed denial of service (DDoS) attacks. The alert comes from a new advisory posted by Carnegie Mellon University CERT database, which shows that the vulnerability allows hackers to target LTE networks and users. The reason for this vulnerability is primarily due to the way LTE works. Unlike conventional data transfer methods of circuit switching, LTE uses packet switching. The research says that this new method allows hackers to use the SIP protocol to enable a new set of attack vectors via wireless networks. If this loophole is exploited, denial of service attacks can be carried out on these networks and data exploitation along with ‘silent calls’ can be executed, allowing for unlimited phone calls and use of large amounts of data without any records of them in bills. According to the researchers, every Android OS version released to date could be affected by this vulnerability. Google has already been notified about this massive flaw, and has been advised to escalate its permissions on Android. Apple on the other hand has said that its phones aren’t affected by this LTE security flaw. Google itself is likely to release a security update very quickly for its supported Nexus devices to take counter-measurements against the issue. If you have a carrier-provided phone from LG, Samsung, or other brands however, chances are you’ll have to wait a while. Carriers are notorious for releasing updates on snail-like pace. Source: http://techfrag.com/2015/10/17/android-devices-affected-by-lte-security-flaw-could-result-in-ddos-attacks/