Tag Archives: ddos-defense

Asia-Plus’s website hit with DDoS attack again

The website of the Media Holding Asia-Plus has been hit with distributed denial-of-service (DDoS) attack again. The Asia-Plus’s website was hit with the DDoS attack on April 14. Over the past ten days, it has already been the third attempt to make the website unavailable to its subscribers. The first DDoS attack o the Asia-Plus’s website was conducted on April 3 and it was conducted practically from all domestic Internet service providers. Restoration of a stable work of the web-resource took nearly three days. The reasons for these DDoS attacks are still unknown because it is not clear who is behind these DDoS attacks. However, it cannot be ruled out that a group of hackers has appeared who want to “test” steadiness of the site. In computing, a denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users. A DoS attack generally consists of efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. As clarification, distributed denial-of-service attacks are sent by two or more people, or bots, and denial-of-service attacks are sent by one person or system. As of 2014, the frequency of recognized DDoS attacks had reportedly reached an average rate of 28 per hour. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root name servers. Denial-of-service threats are also common in business, and are sometimes responsible for website attacks. This technique has now seen extensive use in certain games, used by server owners, or disgruntled competitors on games. Denial-of-service attacks are considered violations of the Internet Architecture Board’s Internet proper use policy, and also violate the acceptable use policies of virtually all Internet service providers. They also commonly constitute violations of the laws of individual nations. Source: news.tj/en/news/asia-plus-s-website-hit-ddos-attack-again

More:
Asia-Plus’s website hit with DDoS attack again

Belgian media company experiences DDoS attack

Rossel, a Belgian media group, experienced a distributed denial of service (DDoS) attack that stretched out for several hours Sunday. One of Belgium’s largest French-speaking newspapers, La Soir , along with others sites were affected and were temporarily shut down, according to report by Deutsche Welle . The attack occurred just days after pro-ISIS sympathizers launched a cyberattack against a French television network and Tunisian extremists took over a Belgian regional government website. Didier Hamann, director of Le Soir , tweeted that the perpetrator hadn’t yet been identified. Currently no evidence has been uncovered that links the attack to the one that crippled French TV station TV5 Monde. Hamann also noted that the station was regularly targeted by cyber threats, but “this time the firewall is not working as normal.” Source: http://www.scmagazine.com/ddos-attack-on-belgian-media-group-lasts-hours/article/408998/

See the original post:
Belgian media company experiences DDoS attack

Online gambling sites taken out by DDoS attacks

Customer of Betfair and PokerStars have been left enraged after the software of both gambling giants suffered from major connectivity issues over the weekend. Betfair’s sportsbook, betting exchange and websites were unavailable for more of April 13 after the firm’s servers came under attack from a Distributed Denial-of-Service (DDoS) attack . Betfair’s customer service team, manning the @BetfairHelpDesk Twitter account, confirmed to customers that a DDoS attack was the cause of the problems and reassured worried punters that their details and funds were safe. The attack seems to be either over or under control as I was able to log into all Betfair products on April 14. A DDoS attack is designed to temporarily or indefinitely interrupt or suspend the services offered by the targeted website. One way of achieving this is to bombard the site’s servers with so much bogus information and requests that it is overloaded and cannot respond to legitimate traffic requests. This appears to be what happened to Betfair on April 13. You may recall that partypoker was targeted by numerous DDoS attacks in October 2014 that resulted in some of its Pokerfest events being cancelled. The attacks at partypoker resurfaced in early December 2014 and saw the site effectively taken offline for several hours while its technicians and its Internet Service Provider (ISP) in Gibraltar combated the problem. Around the same time, 888poker was suffering similar connectivity problems – its servers are also in Gibraltar – but the London Stock Exchange (LSE) listed company refused to comment on whether or not it had been targeted by the same DDoS attacks that plagued partypoker. Poker sites are often reluctant to announce they are suffering from a hacker’s attempt to cause a DDoS because of the possible widespread panic the mention of a hacker could and would cause. Usually, the so-called hacker isn’t interested in attempting to obtain information – major online poker and gambling sites have these details secure under state-of-the-art systems – they are attempting to disrupt the targeted site’s business. Although neither confirmed or denied by its management team, rumours of PokerStars being under a DDoS attack have been doing the rounds on various forums, including Two Plus Two. Players have been reporting major lag (low response when clicking buttons etc) and connectivity problems when attempting to play at PokerStars since April 9. The problems seem to be global, although resident of Belgium seem to be more severely affected judging by tweets from various Belgians including Friend of PokerStars Pierre Neuville and PokerStars’ Belgian Twitter account on April 12, although a more recent update claims all problems Pokerstars.be were facing are now resolved. While PokerStars does appear to be on top of the problems now, its Network Status panel shows it has Very Good connection at five of the six listed hosts, although Manx Telecom, Isle of Man has 0% connection and all packets of data being sent to it are currently being lost. Source: http://uk.pokernews.com/news/2015/04/betfair-and-pokerstars-suffer-major-connectivity-problems-17360.htm?utm_medium=feed&utm_campaign=homefeed&utm_source=rss

See the article here:
Online gambling sites taken out by DDoS attacks

Betat Casino Suffers DDoS Attacks

Betat Casino, a popular international online gaming destination, has been subject to Distributed Denial of Service (DDoS) attacks by yet unidentified hackers, the specialty press reports. The hackers are apparently trying to extort the operator for Bitcoins. The website has made an announcement to its players complaining about their crippled service, in which they revealed the attack and the fact that the hackers wanted 10 bitcoins (currently about $2500) to stop the attack. “ This attack was vicious, massive and wide spread and hit our entire range of sub-nets, even our CDN has been compromised (Content Delivery Network) as well as our AWS (Amazon’s Cloud Service), ” a Betat spokesperson commented on the attack. “To say that 45Gbps of bandwidth is a lot is a gross understatement. These hackers have massive capacity and are highly organized. Luckily, we are well equipped to handle these kinds of attacked and while nothing of this magnitude has been recorded on both our front, nor on the service providers experience, we are highly confident that by end of the week we will have the situation under full control. That said, the next 5-7 days will be rough and our customers may experience times of inconsistent performance.” In computing, a denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users. A DoS attack generally consists of efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. Basically, it floods the targeted servers with huge loads of data, making them function much slower or not available at all to its users. According to the information available on the internet, these types of attacks are either initiated by groups of hackers with their own agenda, or they can be “ordered” through the dark web for as low as $150. Source: http://casinolocale.net/betat-casino-suffers-ddos-attacks/

More here:
Betat Casino Suffers DDoS Attacks

The “Great Cannon”: How China Turns Its Web-sites Into Cyberweapons

When anti-Chinese censorship services got hit with a crippling distributed-denial-of-service attack last month, researchers promptly pegged China as the culprit. Now, Citizen Lab has pinpointed the Chinese tool that produced this attack occur. They’re calling… When anti-Chinese censorship services got hit with a crippling distributed-denial-of-service attack last month, researchers promptly pegged China as the culprit. Now, Citizen Lab has pinpointed the Chinese tool that produced this attack occur. They’re calling it the Fantastic Cannon. Separate from but positioned within China’s Wonderful Firewall, this “Great Cannon” injects malicious code as a way to enforce state censorship, by working with cyberattacks to damage solutions that help folks inside China see banned content. The Excellent Cannon is not merely an extension of the Fantastic Firewall, but a distinct attack tool that hijacks website traffic to (or presumably from) person IP addresses, and can arbitrarily replace unencrypted content material as a man-in-the-middle. With this most recent DDoS attack, the Wonderful Cannon worked by weaponizing the internet site visitors of visitors to Baidu or any website that utilised Baidu’s comprehensive ad network. This suggests any one visiting a Baidu-affiliated from anyplace in the planet was vulnerable to obtaining their internet visitors hijacked and turned into a weapon to flood anti-censorship internet sites with too a lot targeted traffic. This distinct attack had a narrow target: Particular web sites recognized to circumvent Chinese censorship. But Citizen Lab thinks the Terrific Cannon could be utilised in a substantially broader way. Due to the fact it is capable of making a complete-blown man-in-the-middle attack, it could be made use of to intercept unencrypted emails, for example. The attack launched by the Good Cannon seems somewhat apparent and coarse: a denial-of-service attack on services objectionable to the Chinese government. However the attack itself indicates a far far more significant capability: an potential to “exploit by IP address”. This possibility, not yet observed but a function of its architecture, represents a potent cyberattack capability. As Citizen Lab’s researchers note, it’s fairly strange that China would show off this strong weapon by applying it in such a pointed attack. Conducting such a widespread attack clearly demonstrates the weaponization of the Chinese Online to co-opt arbitrary computer systems across the net and outside of China to obtain China’s policy ends. The only silver lining here is that this could prompt a far more urgent push to switch to HTTPS, given that the Good Cannon only operates on HTTP. This attack tends to make it painfully apparent that utilizing HTTPS isn’t just a smart safeguard— it is a required precaution against effective state-sponsored cyberattacks. Source: http://www.eaglecurrent.com/technology/the-quotgreat-cannonquot-how-china-turns-its-web-sites-into-cyberweapons-h4121.html

NH State Website Knocked Out

Company that hosts site dealing with “distributed denial of service” attack on its servers New Hampshire’s state government website was inaccessible to some users for several hours because the outside company that hosts it was dealing with another “distributed denial of service” attack on its servers. The governor’s office says the main state government website, nh.gov, and websites for at least several state agencies were disrupted Thursday morning. On March 23, the state’s tourism website, visitnh.gov, was briefly inaccessible for the same reason. State officials and others are working to determine more details about what caused the problem, but say no information was compromised. Source: http://www.necn.com/news/new-england/NH-State-Website-Knocked-Out–299194531.html

Originally posted here:
NH State Website Knocked Out

Israeli sites targeted by annual Anonymous ‘OpIsrael’ DDoS attacks

Israeli sites targeted by annual Anonymous ‘OpIsrael’ cyber attacks Hackers fail to bring down government websites, but successfully target sites belonging to musicians, organization for excellence in education and association of urologists. The “electronic Holocaust” promised by pro-Palestinian Anonymous hackers on Tuesday has yet to come, but it appears attempts to attack Israeli cyber targets continues. On Tuesday afternoon many Israelis received messages with Arabic text that says: “We’ll free the two holy mosques from the sons of the Jews.” Natalie Ben-Hemo from Lod received the message, which came from the number 007. “I imagined it must have something to do with the Anonymous attack and I checked on Google Translate what the message in Arabic means,” she said, saying her brother-in-law also received the message. Yavgeny Kogen from Kiryat Ata also received the message, “I realized they must’ve hacked one of the content providers of SMS messages and sent messages to everyone. Other than that, I haven’t come across other cyber attacks.” Overnight Monday, dozens of websites were brought down by pro-Palestinian hackers. Major government websites were targeted but were not brought down, including the sites for the Knesset, Education Ministry and the government portal. Most hacking attempts come in the form of a denial of service (DoS) attack, in which a website is inundated with requests for access, to the point that the site’s servers cannot cope and the site either functions extremely slowly or collapses altogether. Despite the largely failed attempt to bring down government websites, numerous private sites were brought down Tuesday, with many displaying the phrase “Hacked by Anonghost”. Among those hacked were the official sites for singers Shalom Hanoch and Ivri Lider, popular band Hadag Nachash, the Israeli Center for Excellence through Education, the Israeli Urological Association and others. In addition, hackers claimed to have also accessed a number of email accounts, and published the list of compromised sites and emails. They also claimed to have hacked the website of the court system, but that was working normally by Tuesday morning. The annual attack on Israeli websites, or “#OpIsrael”, is carried out by those identifying as Anonghost or Anonymous. The stated goal is to repay various groups and bodies in Israel for the country’s treatment of the Palestinians, by causing inconvenience and discomfort for Israeli citizens, which it says Israel does to the Palestinians. Every few months or so, hackers threaten to launch cyber attacks on Israeli sites. In many cases, hackers fail to carry out the attack, or cause minimal and temporary damage. In some cases, lists of Israeli user names and passwords for email and social media sites are distributed online, in order to scare Israeli internet users, but often they are old passwords. On April 7 last year, there was a small-scale cyber attack on Israel, but with no significant victims. Source: http://www.ynetnews.com/articles/0,7340,L-4644894,00.html “As we did many times, we will take down your servers, government websites, Israeli military websites, and Israeli institutions,” said a video message released recently, warning of the impending attacks. “We will erase you from cyberspace in our Electronic Holocaust.”

Microsoft, Sony, and Nintendo collaborating to stop DDoS attacks

Xbox boss Phil Spencer has been talking with his rivals to see how they can avoid a repeat of the Christmas Xbox Live and PSN downtime. It’s very rare for console manufacturers to work together on anything, but the DDoS attacks on Xbox Live and PSN over Christmas have been enough for Microsoft to initiate conversations with its two rivals. ‘I don’t think it’s great when PSN goes down,’ Spencer told Game Informer. ‘It doesn’t help me. All it does is put the fear and distrust from any gamer that’s out there, so I look at all of us together as this is our collective opportunity to share what we can about what we’re learning and how things are growing. Those conversations happen, which I think is great.’ He added that the Christmas attacks had been a ‘learning experience’ and that, ‘Our commitment to Xbox One customers is to make sure our service is robust and reliable’. Although Xbox Live seemed to recover more quickly from the attacks than Sony, and Nintendo weren’t affected at all, there is no easy defence against DDoS as they’re not really hacking (no data was stolen or accessed) and simply involve overloading a server with requests. As a result it’s not clear what defences Spencer was discussing with Sony and Nintendo, but it is good to know they’re at least talking. Source: http://metro.co.uk/2015/03/06/microsoft-sony-and-nintendo-collaborating-to-stop-ddos-attacks-5091159/

More:
Microsoft, Sony, and Nintendo collaborating to stop DDoS attacks

University servers not at risk for information breach during DDoS attacks

Last week, University servers were hit by a Distributed Denial of Service attack that led to the shutdown of Sakai and the Central Authentication system, rendering RUWireless inoperable for several days, as reported by The Daily Targum on Tuesday. During a DDoS, servers are flooded by requests from an external source. Bots, or hijacked computers, were programmed to inundate the University’s secure servers with requests for information. Many of these hijacked computers appeared to originate from outside of the United States. It is likely no University computers were co-opted into contributing to the attacks. A DDoS attack differs from a break-in in one key way –– a DDoS forces servers to shutdown, while a data breach is performed to steal or delete information. Notably, Sony has been broken into multiple times in the past few years, leading to theft of credit card and other private information. While some services, such as the Playstation Network in 2011, were disrupted, this was more of a byproduct caused by the hack. Stealing or deleting information was not a goal of the Rutgers attack. Hacking can be done by installing malware onto a server or by hunting down and exploiting weaknesses –– such as digital holes in a firewall. The methods of breaking into a system are different enough from those of a DDoS that they can be identified and dealt with. While both exploit vulnerabilities, the former does so subtly to gain access and control. A DDoS is less refined, and because of the nature of the Rutgers attacks, at no time was any private information vulnerable to theft. A series of emails sent by the Office of Information Technology and the Telecommunications Division explained that Sakai and CAS were taken offline to protect them and the University servers from the DDoS attacks, which continued through Sunday. These services were made available again to those using an on-campus network late Sunday, and to off-campus students again on Monday. Rutgers employs “DDoS mitigation” software that is designed to help detect and end attacks by noting how traffic patterns –– what computers request information –– change, including where traffic originates from. This notifies system administrators when an abnormally large number of atypical requests are being made. The Internet in general is structured so that information cannot easily be lost. Every tweet, picture, forum message, video and private piece of information remains online even if a user ostensibly deletes it. Rutgers has a vast, complicated network of servers, many different wireless networks and storage for all the information the University holds, both onsite and offsite, and backups for this data do exist in the unlikely event it is rendered unusable on one platform. The way the data is held also prevents changes being made to it once it is stored. Deleting this information would be difficult for a hacker and stealing it more so. Denying students the opportunity to study for exams, access their grades or contact their professors is much easier in comparison. While this denial caused, and can cause, a lot of harm in terms of productivity and even just keeping up with what’s happening at the University, it has less of an effect on any of the actual data stored here. Source: http://www.dailytargum.com/article/2015/04/u-servers-not-at-risk

Visit site:
University servers not at risk for information breach during DDoS attacks

Anonymous proxies now used in a fifth of DDOS attacks

The number of DDOS attacks using anonymous proxies has increased The number of distributed denial of service attacks using anonymous proxies has increased dramatically over the past year, according to a new research report, as attackers use these proxies to create an instant pseudo-botnet. Ofer Gayer, security researcher at Redwood Shores, CA-based Incapsula Inc., said he first spotted the trend about a year ago. Incapsula was working on creating a database of IP addresses spotted attempting malicious activity, and discovered that attackers were abusing anonymous proxies to turn a regular single-origin denial of service attack into a distributed denial of service attack with traffic flowing through thousands — or tens of thousands — different IP addresses. A year ago, fewer than 5 percent of DDOS attacks came through anonymous proxies. Today, the number is close to 20 percent, Gayer said. “The trend intensified over the past two months,” Gayer said. “Currently, 20 percent of all application-layer attacks are originating from these proxy servers.” Of those, nearly 45 percent came from the TOR network of anonymous routers, and, of those, 60 percent used the TOR Hammer DoS tool. On average, a single attacker would direct traffic from 1,800 different IP addresses, with 540,000 requests per instance. According to Incapsula product evangelist Igal Zeifman, what this means is that an attacker could be sitting at home, on a single computer, and route traffic to a list of anonymous proxies to create an instant botnet-style attack. All it takes is a proxy harvesting script and a publicly-available DOS toolkit. Anonymous proxies, or anonymizers, can serve a useful purpose, preventing identity theft, protecting search histories, avoiding geographical marketing and access restrictions, and allowing activists to bypass Internet censorship of repressive regimes. They also offer several benefits to DDOS attackers. First, they mask the source of an attack and help the attackers evade security measures based on access control lists. They also help the attacker avoid geo-blacklisting, since the attack can be spread among proxies in many different countries. Second, since each proxy is only passing along a small number of messages, it helps the attackers avoid counter-measures based on limiting the number of messages from a single source. Finally, proxies make slight changes to message headers. That helps the attackers avoid signature-based defenses. “You can Google to find several options to generate lists of these servers,” said Zeifman. “And these servers accept requests from anyone.” Each of the anonymous proxies can be used to forward a small amount of traffic, that, together, add up to enough to take down an application. “It’s like a thousand needles, stinging all at the same time,” said Zeifman. Since the attackers are going after application, not much traffic is required. “Very few server operators think about over-provisioning their CPUs,” he said. “Even a small overhead of 100 requests per second is enough to take down a dedicated server environment.” Source: http://www.csoonline.com/article/2903939/application-security/anonymous-proxies-now-used-in-a-fifth-of-ddos-attacks.html

Visit link:
Anonymous proxies now used in a fifth of DDOS attacks