Tag Archives: ddos-defense

DDoS attack temporarily blocks seattletimes.com

A denial-of-service attack, in which perpetrators flood a targeted website with requests that overwhelm the site’s servers, is believed to have caused Monday morning’s outage. A cyberattack took down The Seattle Times website for about 90 minutes Monday morning. Seattletimes.com was unavailable from about 8 a.m. to 9:30 a.m. as a result of a denial-of-service attack, company spokeswoman Jill Mackie said. “The Seattle Times website experienced technical problems Monday morning due to an external attack that appears to have targeted other sites,” Mackie said in a statement. “We continue to monitor the situation and apologize for any inconvenience this caused readers.” Denial-of-service attacks are designed to flood a website with requests, essentially overwhelming the site’s servers and preventing it from responding to other users. The result is a site that grinds to a halt or runs so slowly that it becomes unusable. Such attacks on their own aren’t designed to damage a target’s computer systems or steal files. The attacks, a fixture of Internet security threats for decades, have been blamed on culprits ranging from political operatives to young, tech-savvy hackers connected by social media. The ease with which such attacks could be orchestrated was illustrated in 2000 when a 15-year-old Canadian boy, working under the alias “Mafiaboy,” was able to temporarily bring down the websites of Yahoo, CNN and Amazon.com, among others. Mackie said The Seattle Times’ information technology staff believes Monday’s attack on the website was carried out by a cyberattack group that calls itself Vikingdom2015. The group is said to have targeted several government and media websites, including those of the Indiana state government and the Bangor (Maine) Daily News, with denial-of-service attacks. IBM security researchers said the group was formed from former members of the Team Cyber Poison hacker group, and began attacking websites this month. Source: http://www.seattletimes.com/business/technology/cyberattack-temporarily-blocks-seattletimescom/

View original post here:
DDoS attack temporarily blocks seattletimes.com

Rutgers Suffers Foreign DDoS Attack

On Monday morning, Rutgers University was still trying to recover from a distributed denial of service (DDoS ) attack that had been launched against it over the weekend, according to media reports. The attack, which began on Friday afternoon, interrupted Internet service for Rutgers students, faculty and staff, although no confidential information appears to have been leaked. The university’s Office of Information Technology (OIT) had managed to restore Internet service on campus as of Monday, although some services remained unavailable for users trying to access the systems from off-campus. On Sunday, Don Smith, Rutgers’ vice president of Information Technology, alerted students to the attack via e-mail. Attack Originated from Ukraine, China “The Rutgers University network has been under an extended distributed denial of service (DDOS) attack since Friday, Mar. 27,” the university wrote in a security briefing on its computing services Web site on Sunday. “Since the initial attack, there have been multiple follow-up attacks. OIT has been working to maintain access to the network and IT services around the clock since the attacks began, but as fast as one service is fixed another is targeted.” The FBI is investigating the attack, which is believed to have originated from China and the Ukraine, according to a report by the local New York NBC affiliate, citing a source at the university. The local Rutgers University police are also investigating the attack. In addition to causing Internet service to slow down or become completely unavailable, the attack also managed to take down the Rutgers homepage for 15 minutes over the weekend. The university’s Sakai platform, which is an online tool used by both students and faculty, was also unavailable for off-campus users as of Sunday afternoon. “Unfortunately, we have no ETA at this time for a permanent restoration of all affected services,” the university said on its Web site. “Normal service will be restored as soon as OIT is confident that the attacks are over.” Rutgers No Stranger to DDoS The attack is not the first the university has suffered. As recently as November, it experienced a similar DDoS attack that seemed to be timed to coincide with the period during which new students were registering for classes. During last year’s attack, the Rutgers network was shut down when a hacker flooded it with external communications requests. Like the most recent attack, the November attack is thought to have originated in Eastern Europe and China, according to a report on the Daily Targum, the university’s official student newspaper. Last year’s attack lasted only about 24 hours, however, unlike the current attack from which the school is still recovering. The day before the attack the school announced that it had been awarded $1.95 million by the federal government to develop a training program for the study of issues related to homeland security. Source: http://www.toptechnews.com/article/index.php?story_id=1320044NONV0

GitHub recovering from massive DDoS attacks

The attacks were aimed at two GitHub-hosted projects fighting Chinese censorship Software development platform GitHub said Sunday it was still experiencing intermittent outages from the largest cyberattack in its history but had halted most of the attack traffic. Starting on Thursday, GitHub was hit by distributed denial-of-service (DDoS) attacks that sent large volumes of Web traffic to the site, particularly toward two Chinese anti-censorship projects hosted there. Over the next few days, the attackers changed their DDoS tactics as GitHub defended the site, but as of Sunday, it appears the site was mostly working. A GitHub service called Gists, which lets people post bits of code, was still affected, it said. On Twitter, GitHub said it continued to adapt its defenses. The attacks appeared to focus specifically on two projects hosted on GitHub, according to a blogger who goes by the nickname of Anthr@X on a Chinese- and English-language computer security forum. One project mirrors the content of The New York Times for Chinese users, and the other is run by Greatfire.org, a group that monitors websites censored by the Chinese government and develops ways for Chinese users to access banned services. China exerts strict control over Internet access through its “Great Firewall,” a sophisticated ring of networking equipment and filtering software. The country blocks thousands of websites, including ones such as Facebook and Twitter and media outlets such as The Wall Street Journal, The New York Times and Bloomberg. Anthr@X wrote that it appeared advertising and tracking code used by many Chinese websites appeared to have been modified in order to attack the GitHub pages of the two software projects. The tracking code was written by Baidu, but it did not appear the search engine — the largest in China — had anything to do with it. Instead, Anthr@X wrote that some device on the border of China’s inner network was hijacking HTTP connections to websites within the country. The Baidu tracking code had been replaced with malicious JavaScript that would load the two GitHub pages every two seconds. In essence, it means the attackers had roped in regular Internet users into their attacks without them knowing. “In other words, even people outside China are being weaponized to target things the Chinese government does not like, for example, freedom of speech,” Anthr@X wrote. GitHub has not laid blame for the attacks, writing on Saturday that “based on reports we’ve received, we believe the intent of this attack is to convince us to remove a specific class of content.” The attackers used a wide variety of methods and tactics, including new techniques “that use the web browsers of unsuspecting, uninvolved people to flood github.com with high levels of traffic,” GitHub said. In late December, China cut off all access to Google’s Gmail service, after blocking Facebook’s Instagram app, and the phone messaging app Line. A month prior, it appeared many non-political sites supported by the U.S. content delivery network EdgeCast Network were blocked. EdgeCast may have been a casualty because its cloud services are often used to host mirror sites for ones that have been banned. Source: http://www.computerworld.com/article/2903318/github-recovering-from-massive-ddos-attacks.html

Originally posted here:
GitHub recovering from massive DDoS attacks

GitHub Still Battling DDoS Attack

San Francisco-based GitHub was taken out with a denial of service attack Wednesday. Scripts from the Beijing-based Baidu sent traffic coming to a page operated by GreatFire and a page with Chinese-translations of The New York Times. As is the focus of DDoS attacks, GitHub’s availability was knocked out as a result of the traffic caused. In morning tweets during the attack, GitHub informed followers that the attack was still going and getting worse, but that they were on top of dealing with it. As of two hours ago GitHub states that the DDoS attack is still being worked on. Meanwhile Baidu has said that it had nothing to do with the attack intentionally. The Chinese search engine titan also says that it is working security specialists to find out the cause of things. The company made certain to state that its security hadn’t been compromised during the attack on GitHub. Speculation in tech and security circles say that the attack was a means of strengthening China’s methods of web censorship by taking out sites that could allow for users to get around it. Baidu was simply used as a means of amplifying the attack due to how sizable it is and the amount of traffic it can produce. Source: http://kabirnews.com/github-still-battling-ddos-attack/8495/

See more here:
GitHub Still Battling DDoS Attack

Police website target of repeated DDoS attacks

A denial of service attack on Thursday morning to the Finnish Police website was the third attack of its kind this week. The website of the Finnish Police has been the target of repeated denial of service attacks this week, with the latest service disruption on Thursday downing the website for several hours. It marked the third such attack to the poliisi.fi webpage in the last few days. The first attack took place on Tuesday, and downed the website from late morning to 7 pm. Wednesday marked a smaller attack of the same nature. Tomi Moilanen, Chief Information Security Officer with the National Police Board, says the attacks have not led the police to implement any extraordinary measures quite yet. The attacks have also not detrimentally affected the various online services available on the site. The police have filed an investigation request with the National Bureau of Investigation in order to get to the bottom of the cyber attacks. Source: http://yle.fi/uutiset/police_website_target_of_repeated_denial_of_service_attacks/7891226

Read the article:
Police website target of repeated DDoS attacks

Maine, NH Websites Taken Down by Spam DDoS Attack

A spam attack temporarily took down websites for the states of Maine and New Hampshire on Monday. A hacker group claimed responsibility on Twitter for taking down maine.gov and visitnh.gov. Both sites were back up and running within about an hour. Maine Secretary of State Matt Dunlap said maine.gov was shut down by a spam attack, but it was not hacked. He said there was no info breach. The Secretary of State’s Office posted a message to its Facebook page saying that maine.gov was experiencing a “denial of service” event, and that the IP addresses that were overwhelming the website with requests were being blocked. “We’re on it,” said Adrienne Bennett, Maine Gov. Paul LePage’s press secretary. “We understand the details of it.” William Hinkle, New Hampshire Gov. Maggie Hassan’s communications director, said the third party that hosts visitnh.gov experienced a “distributed denial of service” attack against its servers at one of its datacenters around 8:57 a.m. Monday. That site and several others hosted by that datacenter were inaccessible until about 9:41 a.m. “The Division of Travel and Tourism, the Department of Information and Technology and its service providers are working together to determine more details about the root cause of the issue,” he said. “At this time, our service provider reports that they have no evidence suggesting that visitnh.gov was the specific target.” Source: http://www.necn.com/news/new-england/Maine-NH-Websites-Taken-Down-by-Spam-Attack-297255971.html

Continue Reading:
Maine, NH Websites Taken Down by Spam DDoS Attack

Tengrinews experiences largest DDoS attack in Kazakhstan

Tengrinews news website has experienced an DDoS-attack today, a correspondent of the portal reports. “Today, starting from 9 a.m. Tengrinews.kz website was under a massive DDoS-attack (Distributed Denial of Service) aimed at causing a failure of its server. The log analysis showed that during the attack most of the traffic to the Tengrinews.kz servers were coming from infected computers and servers from around the world, including from Israel, and Western European countries: France, Germany, Italy and Spain. The attack was carried out from infected computers from more than 30 countries around the world. The technical department together with Kazakhtelecom information systems directorate limited access to the site to Kazakhstan IPs only for the duration of the attack,” the technical department of Tengrinews said. DDoS is a type of attack aimed to make an online service unavailable by overwhelming it with traffic from multiple sources, often infected with a Trojan virus. It is virtually impossible to stop such an attack by blocking a single IP address. IT-service of the news website said that the DDoS-attack was carried out from around 700 different IP-addresses simultaneously. “The volume of malicious traffic exceeded 3 gigabits per second,” the department said. After the attack ceased the access to the website was fully restored and the limitations were removed. The website is now operating normally. This is the biggest DDoS-attack on a news resources of Kazakhstan so far. Source: http://en.tengrinews.kz/internet/Tengrinews-experiences-largest-DDoS-attack-in-Kazakhstan-259509/

See original article:
Tengrinews experiences largest DDoS attack in Kazakhstan

Bitcoin Mining Pools Targeted in Wave of DDOS Attacks

AntPool, BW.com , NiceHash, CKPool and GHash.io are among a number of bitcoin mining pools and operations that have been hit by distributed denial-of-service (DDoS) attacks in recent days. The incidents appear to have begun in the first week of March. For example, on 11th March, AntPool owner Bitmain sent an email to customers disclosing the DDoS attacks and advising external pool users to set up failsafe pools in the event of an outage. According to many of the companies affected by the incidents, those behind the attacks demanded payment in bitcoin in return for stopping the attacks. BW.com alerted customers via its official blog to possible service disruptions owing to oattacks, but did not say whether or not a ransom notice had been sent. Other pools took to Bitcoin Talk to warn users about the DDOS attacks. GHash.io operator CEX.io suggested that affected pools are seeing escalating DDoS threats, and said that the source of recent attacks on its pool came with increasing ransom demands. A spokesperson for CEX.io told CoinDesk: “The attack has been conducted by a hacker who has already DDoSed CEX.IO in October, 2014. Previously, he demanded 2 BTC for stopping the attack. This time, the payment has been raised to 5 to 10 BTC.” At least one other mining pool, NiceHash, also reported sustained DDOS attacks last fall. The alleged source of the DDOS attacks, operating under the name DD4BC, is believed to be behind a number of attacks on digital currency websites and services in the past year. Incidents tied to DD4BC include an attack last year on the digital currency exchange Bitalo that resulted in the posting of a 100 BTC bounty. Following the recent DDOS threats, Bitmain contributed an additional to the bounty. Disruptions likely to continue Affected pools say they have moved to boost in-house defense mechanisms in light of the attacks, but some have warned that future outages may likely occur. Bitmain said that its other services, including the cloud mining platform HashNest, may also be affected in the coming days. Operators that responded to press queries say they have refused to pay the ransoms and will continue keeping their pools open despite the risk of future DDoS attacks. Some of the pools have conceded that resolving the situation will be difficult owing to the capabilities believed to be possessed by the source of the attacks. Bitmain’s Yoshi Goto noted that the attacks appear to be systematic and acknowledged that it remains unclear when the situation will be completely resolved. “It is a cat and mouse game now but we will do our best,” he said. CoinDesk will continue monitoring the developments and post updates as they become available. Source: http://www.coindesk.com/bitcoin-mining-pools-ddos-attacks/

See more here:
Bitcoin Mining Pools Targeted in Wave of DDOS Attacks

China online gambling bust; Korean site orders DDoS attacks on competitor

Authorities in China have broken up an international online gambling operation based in Hunan province. China’s official press agency Xinhua quoted Chinese police saying they’d detained 19 individuals following a two-month investigation. A further eight individuals have been targeted for arrest over their roles in the operation of the Shenbo Sun City website, whose servers were based outside the country. Police said the operation earned a profit of RMB 1.4b (US $$223m) between May 2013 and Oct 2014. Police have frozen approximately 1,000 bank accounts across China containing around RMB 200m. This marks China’s second major bust of 2015, having taken down a similarly large operation in Shandong province in January. Over in South Korea , authorities have arrested two ‘cyber security experts’ accused of targeting an online gambling site with distributed denial of service (DDOS) attacks. Intriguingly, the hackers were hired by another illegal online gambling operator intent on eliminating his competition. The Korea Times quoted the National Police Agency saying a man named Yang, the owner of an online security company, was paid a hefty KRW 1b (US $911k) since May 2014 to target the online gambling operator’s competitor on multiple occasions. Neither site operator was publicly identified by police. On Sept. 25, Yang reportedly hacked into 12k computers and commanded them to spam the targeted site with messages in order to crash its servers. Yang told police he’d agreed to don the black hat because his legal sources of income were “unstable.” Police are continuing to investigate to determine what other DDOS attacks Yang and his henchman might have launched. Source: http://calvinayre.com/2015/03/03/business/korean-gambling-site-ddos-attack-on-competitor/

Continue reading here:
China online gambling bust; Korean site orders DDoS attacks on competitor

DDoS attacks enabled via vulnerable Google Maps plugin

An industry warning has been issued to businesses and Software-as-a-Service providers advising that attackers are currently exploiting a vulnerable Google Maps plugin installed on Joomla servers to launch distributed denial of service (DDoS) attacks. “Vulnerabilities in web applications hosted by Software-as-a-Service providers continue to provide ammunition for criminal entrepreneurs. Now they are preying on a vulnerable Joomla plugin for which they’ve invented a new DDoS attack and DDoS-for-hire tools,” said Stuart Scholly, senior vice president and general manager at the Security Business Unit, Akamai Technologies. “This is one more web application vulnerability in a sea of vulnerabilities.” The vulnerability found in the Google Maps plugin for Joomla allows the platform to act as a proxy, enabling attackers to process fake requests and return the proxy results to a targeted user in the form of a DDoS attack. The source of the attack remains anonymous as the hack-related traffic appears to come from the Joomla servers. Figures released in February 2014 showed that Joomla, the second most frequently used online content management system after WordPress, had been downloaded over 50 million times. Working with Phishlab R.A.I.D, Akamai’s Prolexic Security Engineering and Research Team (PLXsert) were able to match the DDoS signature traffic coming from a number of Joomla sites, suggesting that the vulnerable plugins are currently being used to execute a large amount of reflected GET flood DDoS attacks. The research has also found that the attack vector is being advertised over popular DDoS-for-hire websites. PLXsert identified over 15,000 supposed Joomla reflectors online. Despite many of the vulnerable plugins having been patched, removed or reconfigures, many of the servers remain open to attack. Reflection techniques to conduct DDoS attacks are extremely common, with 39% of all DDoS traffic employing reflection to bounce malware off third-party servers and to hide the attackers’ identity. Source: http://thestack.com/ddos-attacks-vulnerable-google-maps-plugin-020315

Read this article:
DDoS attacks enabled via vulnerable Google Maps plugin