Tag Archives: ddos-defense

Oh Oh Oh, Tis the season for DDoS attacks

It’s that time of the year where some websites become extremely high valued targets. It happens every year around this time, this year has proven to be no exception. DOSarrest have seen in the past where some online merchants were completely devastated by DDoS attacks that can sometimes force them out of business. These unlucky merchants were down due to attacks that lasted for several days and all of their customers had made their urgent Christmas purchases on other sites. These are lost sales that will never return and to make things worse, the online merchant gets stuck with excess inventory that they can’t sell. Why does this happen at this time of the year ? The answer is simple its most likely your competition. What better way to punish your competitor, then to shut their doors during the busiest shopping time of the year. The importance of DDoS protection can save your business. You can’t afford it ? Think of the alternative, being down for 24-48 hours sometime between November 27 to December 15th. Could your business survive this ? These are all questions to ask yourself. Approximately 30% of DOSarrests’ customers use the service as a back-up, should they experience a DDoS attack they use the service, when there is no attack they run directly off of their own server(s). Today one of their customers had an attack and contacted DOSarrest letting us know they needed help. Everything was already setup on DOSarrests’ side, fully customized and previously tested for them. Their 24/7 support team guided them through the steps to take and the customer was down for only 45 minutes. 45 minutes is a lot but it could of been 6 hours or longer if they didn’t have something already setup in advance. This particular customer already had a plan in place, he knew what he had to do and what not to do and was thrilled to not suffer some protracted outage. Some of the higher end online merchants will be ringing up $400,000/day in sales at this time of the year. Down or crippled for 6 hours would really hurt. Ask Santa for a DDoS protection plan this Holiday season, just in case the Grinch visits. Mark Teolis General Manager for DOSarrest Internet Security.

Originally posted here:
Oh Oh Oh, Tis the season for DDoS attacks

Sony Pictures Entertainment Disabled by Cyber Attack

The company’s corporate networks and email were taken offline following the attack. Variety reports that all Sony Pictures Entertainment employees were advised on Monday, November 24, 2014, not to connect to corporate email or corporate networks following a breach by hackers calling themselves “Guardians of Peace,” or #GOP. Deadline.com reports that Sony Pictures’ computers were still down worldwide as of the following day, November 25, 2014. According to The Verge, company computers were defaced with a message stating, “Hacked By #GOP.” “Warning: We’ve already warned you, and this is just a beginning,” the message adds. “We continue till our request be met. We’ve obtained all your internal data including your secrets and top secrets. If you don’t obey us, we’ll release data shown below to the world.” Below the message was a list of five links to zip files allegedly containing stolen data. A Reddit post examining the zip files reports that they contain several files named “private key,” along with Excel files named “passwords” and PDF files named “Diaz, Cameron – Passport.pdf” and “Angelina Jolie passport.pdf.” Another poster found what appears to be weekly Excel files backups of a 1Password database. In an email sent to The Verge, a GOP hacker claimed they were assisted by insiders at Sony, stating, “Sony doesn’t lock their doors, physically, so we worked with other staff with similar interests to get in,” the hacker added. HyTrust vice president Michele Borovac told eSecurity Planet by email that this appears to be yet another example of a massive insider breach. “While it’s possible that the statements made by the attacker are just bluster, the reality is that privileged user credentials can give a hacker the keys to the kingdom,” she said. “Organizations must take steps to gain control and maintain visibility over these administrative ‘super user’ accounts if they want to prevent — or at least contain — these types of attacks,” Borovac added. A Courion survey recently found that IT managers are overconfident about their ability to prevent insider breaches, while a SpectorSoft survey found that 61 percent of IT professionals say they’re unable to deter insider threats. A recent eSecurity Planet article offered advice on how to defend against such threats. Incapsula security researcher Ofer Gayer told eSecurity Planet that the Sony attack is a hard blow for the company, particularly coming so soon after Sony’s networks were taken offline by a DDoS attack in August 2014. “As we’ve seen, these attacks can have a devastating effect on a company, its employees and its clients,” Gayer said. “Releasing private data (dubbed ‘d0xing’ in internet slang) or losing it all completely takes a dangerous step forward from plain old data theft, and as these types of attacks gain popularity, CISOs will be under heavier pressure to prevent them.” Source: http://www.esecurityplanet.com/network-security/sony-pictures-entertainment-disabled-by-cyber-attack.html

More:
Sony Pictures Entertainment Disabled by Cyber Attack

Cleveland city website shutdown due to DDoS Attack

In retaliation for the police killing of a twelve-year-old boy in Cleveland and the fact that the names of the Police officers who shot him have not been released yet, the hacker group Anonymous claimed responsibility for shutting down the Cleveland city website early on Monday, reports VICE News. Anonymous is a loosely associated international network of activist and hacktivist entities. Anonymous is made up of individuals who hack into computer systems without permission and take data such as communications records, names, addresses, phone numbers, and credit cards. The group has become known for a series of well-publicized publicity stunts and distributed denial-of-service (DDoS) attacks on government, religious, and corporate websites. The hacker group claimed responsibility for shutting down the Cleveland city website after the boy in Cleveland died due to injuries sustained in the police shooting. The boy was shot by police after he displayed a replica gun at a Cleveland recreation center. The Cleveland Police Department said in a statement that the child had not complied with orders to raise his hands. Instead, he apparently reached towards his waist band for the replica gun. The child had reportedly been pointing the toy weapon at members of the public outside the Cudell Recreation Center, prompting a 911 call, reports Reuters. The boy was taken to Metro Health Hospital for surgery on Saturday and remained in critical condition until his death early Sunday. The two officers involved in the incident were placed on administrative leave. One of them was treated at Fairview Hospital for an ankle injury, reports Reuters. According to a report on Cleveland.com that cited the deputy chief of police, Rice did not confront the officer verbally or physically. His father, Gregory Henderson, has questioned the use of lethal force saying, “Why not taze him? You shot him twice, not once, and at the end of the day you all don’t shoot for the legs, you shoot for the upper body,” as reported VICE News. The Department’s Use of Deadly Force Investigation Team is currently investigating the incident. Source: http://sputniknews.com/us/20141125/1015137543.html

DDoS attacks: Will Black Friday see upturn in web site attacks?

With Black Friday, Cyber Monday and the busiest online shopping season heading into full swing, it’s a favourite time for cybercriminals hoping to cash in on the holiday hoopla. “The amount of breaches and stolen identities went up drastically in October, November and December of last year,” said Alexander Rau, national information security strategist with Symantec Canada. “There’s more online shopping going on. People are crazy about Black Friday (Nov. 28, the day after the American Thanksgiving) and Cyber Monday, people want to get the best deal in the fastest time. “If there’s a lot of traffic, that’s where the attackers and the hackers go to try to steal information if they can.” It’s not only about stealing credit card credentials — that aspect of online chicanery, while still prevalent, is only a small part of cybercrime. On the consumer side, more important to criminals now is the ability to compile entire dossiers on their victims, so when the stolen credit card data is no longer usable they still have enough personal data to carry out sophisticated identity theft scams, which can include buying cars, taking out mortgages in their victims’ names and other fraud. Companies are under increasing attacks for all manner of gain. In the hectic shopping season, keeping transactions secure is only one part of the challenge. Distributed denial of service, or DDoS, attacks can take down websites by overloading them with bogus traffic. While DDoS attacks are common in games such as Minecraft, in which competitors use them to gain an edge, or in business or for political protest, unscrupulous website operators can also use them to take a retail competitor offline during the busiest online shopping days of the year. “A distributed denial of service attack basically means that someone, in that case the attacker, is flooding a service like a web server with just garbage traffic,” said Candid Wueest, a security researcher with Symantec Security Response and author of a recent report on the evolution of DDoS attacks. “You can compare it in real life to heavy rain, and your flood drains can’t cope with all the water coming in. Now someone opens the floodgates and sends a lot of water toward you. So you’re going to be underwater and not responding to any requests, even the one from the shopper that you actually want to.” Wueest said 2014 has seen an increase of 183 per cent of just one type of attack. “They are getting stronger but sometimes also shorter,” he said. “We know sometimes to take down an online service, often it’s enough to take it down for a few minutes or a few hours, and then the word will spread and people will start shopping at a different location. It’s not uncommon that we see it during seasons like the Black Friday shopping weekend.” In the lead up to Black Friday and Cyber Monday, Wueest said already some sites are being targeted by extortionists. In the digital world, protection money is demanded as the price of leaving a website online. “What they’ll do is inform the companies, the online shops, previous to the weekend, they’ll tell them, ‘Look, you’re either going to pay us $800 … and if you don’t do it we’re going to take down your business for a few hours.’ “In the end, it’s a classical extortion, which you obviously shouldn’t respond to but it’s hard because in the online world, it can damage your brand and obviously your sales if you’re not available during the peak hours.” Where is the computing power coming from to launch these attacks? If your computer is infected with a virus, it could be what is referred to as a bot, assembled into a botnet army under the command and control of the attacker. You don’t have to be a computer genius to launch an attack. Now for the price of a Starbucks eggnog latte you can get a website taken down for an hour. “There are services which offer it for as little as $5 for one hour, meaning you pay $5 through any online currency like bitcoin or something else and they will make sure that your competitor, your enemy for online gaming, or maybe a newspaper that you didn’t like is taken off for one hour, one day or even one week,” Wueest said. For consumers, there are other things to worry about besides whether or not their favourite online shopping site is available. Identity theft is becoming more and more sophisticated and data breaches — in which companies such as Target and many others have lost personal and financial information on their customers — can leave a ticking time bomb. Long after your credit card is cancelled and you’ve let the credit-monitoring service expire, the personal data about you could be assembled in new ways to make money. “There’s a number of things that people can do to protect themselves from a lot of these different kinds of scams that are going to take place during the holidays. They do every year. This year nobody expects it to be any different” said Bob Hansmann, director of product security for Websense, a computer security company. “Essentially you want to keep your eye out for deals that look too good to be true — they typically are. Any links inside an email or even some web pages — you’re going to want to be a little wary of it. “Make sure your anti-virus software is up to date. If you’re using a Windows machine, make sure it’s patched. Make sure you’re following the normal be-careful kinds of maintenance things, and that can eliminate a lot of these kinds of risks.” Source: http://blogs.vancouversun.com/2014/11/24/ddos-as-a-service-will-black-friday-see-upturn-in-web-site-attacks/

Original post:
DDoS attacks: Will Black Friday see upturn in web site attacks?

‘DerpTrolling’ hacker group responsible for DDoS attack on Warcraft servers

According to a CNET report, a hacker group which calls itself ‘DerpTrolling’ has recently claimed responsibility for a series of distributed denial of service (DDoS) attacks on game servers for Blizzard Entertainment’s World of Warcraft online RPG. The DDoS attack which the DerpTrolling hacker group launched on the Warcraft servers crippled the servers during the launch weekend of the Warlords of Draenor game. Claiming responsibility for the attack, DerpTrolling hackers have disclosed that they had managed to seize a massive amount of user data. According to the hacking group, the user data which has been seized as a result of the attack on Warcraft servers includes login details, password, email, and credit card information from PlayStation Network accounts as well as 2K accounts. In an elaboration of user data to which it has gained access, the DerpTrolling hacker group said in a statement to CNET: “We have 800,000 from 2K and 500,000 credit card data.” The group further declared that it has approximately “2 million Comcast accounts, 620,000 Twitter accounts, 1.2 million credentials belonging to the CIA domain, 200,000 Windows Live accounts, 3 million Facebook, 1.7 million EA origins accounts, etc.” Asserting that it has altogether seized nearly 7 million usernames and passwords from its raids, the hacker group has somewhat substantiated its claim by releasing a partial list of the hacked accounts as evidence. Source: http://uncovermichigan.com/content/22039-derptrolling-hacker-group-responsible-ddos-attack-warcraft-servers

More:
‘DerpTrolling’ hacker group responsible for DDoS attack on Warcraft servers

Toronto Police Service website down after DDoS attack

The Toronto Police Service website went down on Sunday evening after a Twitter user threatened to hack it. According to police, the site was the subject of a Distributed Denial of Service (DDoS) attack. Twitter user @AerithTOR claimed responsibility for the attack on the social networking site. A DDoS attack floods a website with several requests and if the website’s server cannot handle the volume of requests, the website crashes. @AerithTOR also suggested that they would be targeting the Conservative Party of Canada and Parliament of Canada websites. Both sites were online Sunday night. The Ottawa Police Service and Supreme Court of Canada websites went down on Saturday evening. The Ottawa police website was still down as of Sunday night. The City of Ottawa website was hacked Friday evening and replaced with a black screen and a dancing banana, along with a message attributed to @AerithXOR. @AerithTOR claimed this was his former account and said it had been suspended. The message the hacker left on Ottawa’s police website contained the name of an area police officer. The officer was involved with the investigation of an Ottawa teen who is alleged to have made calls reporting fake emergencies to emergency services agencies across North America. Toronto police were unavailable for further comment. The Toronto Police Services website remained offline on Sunday night. Source: http://www.thestar.com/news/crime/2014/11/24/toronto_police_service_website_down_after_ddos_attack.html

More:
Toronto Police Service website down after DDoS attack

Anonymous pledges more attacks in Canada

The Anonymous hacker group that carried out Friday’s cyber attack on Ottawa’s City Hall has pledged attacks on eight more targets, including Ottawa Police and the Supreme Court. The group has taken responsibility for hacking Ottawa.ca, hijacking the site with a taunting image of a dancing banana, and naming an Ottawa police officer with the ominous message “You know what we want…” Anonymous launched the hacking campaign Operation Soaring Eagle two weeks ago, and claims they have already penetrated the Ottawa police server. The group taunted police to find a “digital footprint” left behind as proof of their capabilities, and threatened to deface the Ottawa police website, as well as publishing e-mail exchanges between officers and the home addresses of investigators. “For every one technical (expert) you think you have, we have 20.. 50.. 100.. Do you believe us now?” the group posted following Friday’s hack. “Are we serious enough? This is just the start, Operation Soaring Eagle will continue, until we see fit that it is completed. We will be taking over all ottawa police networks, shutdown communications on the internet, hijack domains, servers, and soo much more (sic). It all starts today (Friday).” Both Chief Charles Bordeleau and Supt. Tyrus Cameron were dismissive of Anonymous’ threats. “We’re investigating,” Cameron said Saturday, adding he doubts the hackers have infiltrated the Ottawa Police e-mail server and are prepared to post names and addresses of officers. “Police operations and systems continue to function normally.” Later, Anonymous carried through by posting the phone number and home address of the Ottawa police officer named during Friday’s cyber attack. The officer is one of the investigators in a massive joint investigation with the FBI that netted 60 charges against a Barrhaven teen in May. The teen is accused of “swatting,” which is a trend of making prank calls reporting fake bomb threats, hostage situations and active shootings, while impersonating another person, commonly an online gaming rival. Emergency personnel will then respond to the call in vast numbers ? often in SWAT teams ? only to discover the ruse on arrival. “(The officer) knows exactly why he forced this to happen,” Anonymous said Saturday. It is believed the group carried out the attack when new evidence that supposedly exonerates the Barrhaven teen ? and alleges another man in New Jersey is actually behind the swatting frame-up ? was ignored by investigators, as Anonymous alleges. Bordeleau would not comment on Anonymous’ claims. The family’s lawyer, Joshua Clarke, said his client has maintained his innocence “from the very beginning.” “While we don’t condone the actions and are in no way affiliated with Anonymous, we understand that this group exists and have chosen to assist my client,” Clarke said. A Twitter user under the handle Aerith, speaking on behalf of Anonymous, said the group offered information to Ottawa police that would prove the innocence of the teen. “Enough is enough. We offered to give (police) information on (the) real swatter… in exchange let (the Barrhaven suspect) go, they laughed… They questioned our skills… That young lad is innocent, this is just pure bull—-.” QMI Agency could not reach the New Jersey man named by Anonymous. Aerith said he was “happily going through every single (police) e-mail, and operation discussed in their e-mails, and preparing a press release.” The group also said it was planning on replacing the police home page with “a dancing hitler banana with ISIS logo just to piss off (Stephen) Harper.” In a lengthy anti-police and anti-establishment rant on Nov. 12, Anonymous warned that the hacker collective would be carrying out “DDoS attacks” targeting the servers of nine websites, notably Ottawa.ca, Ottawa Police and the Supreme Court. The group lists several other targets, including Guelph Hydro, the City of Waterloo, Telus, WindMobile, Koodo Mobile and Fido, though it is not immediately clear why those companies and institutions are targeted. On Saturday, after that first cyber-attack was verified, the group posted another message warning, “This is just the start… We will not rest.” The group signed off by warning of another attack coming on Monday, pledging, “We have a shocker planned.” Source: http://www.torontosun.com/2014/11/22/anonymous-pledges-more-attacks-in-canada

Continued here:
Anonymous pledges more attacks in Canada

Bahrain newspaper’s website brought down by DDoS attack

The website of Bahrain’s leading Arabic newspaper was brought down in a massive malicious attack yesterday (Saturday), the day the country went to the polls. And though the Akhbar Al Khaleej website was put back on line and accessible throughout the region and the rest of the world, it was still inaccessible in parts of Bahrain as of this evening. The website www.akhbar-alkhaleej.com was the target of a DDoS (distributed denial of service) attack, under which a malicious software or system generated thousands of requests every few seconds to the site, causing it to collapse under the weight of the traffic and become unavailable to users. “The US-based Peer1, which is one of the world’s leading hosting providers, informed us that the website was under attack, after which our engineers managed to restore services by changing the site’s IP address,” said a spokesman for Bahrain’s North Star Technologies, which manages the newspaper’s site. He continued: “However, it was still inaccessible from some parts of Bahrain as Batelco’s DNS server grappled to route traffic to the site’s new IP address.” Batelco has acknowledged it has issues with its sever and was working hard to resolve the matter, he said, adding that the telecommunications operator was endeavouring to restore full access to the site “before the end of the day”. The oldest and most respected Arabic daily newspaper in Bahrain, Akhbar Al Khaleej has been forthright in condemning the political unrest that has gripped Bahrain since 2011 and was previously targeted by hackers. Yesterday’s elections for 40 seats at the Council of Representatives, parliament’s lower house, attracted a voter turnout of 51.5 per cent. Bahrianis also voted to elect Municipal Councillors and the turn out was 53.7 per cent. Elections are held every four years. Source: http://www.tradearabia.com/news/MISC_270100.html

Read this article:
Bahrain newspaper’s website brought down by DDoS attack

Drupal Patches Denial of Service Vulnerability

Details on a patched denial of service vulnerability in the open source Drupal content management system have been disclosed. The vulnerability, patched yesterday, could be abused to crash a website running on the CMS. Researchers Michael Cullum, Javier Nieto and Andres Rojas Guerrero reported the bug to Drupal and urge site owners and Drupal admins to upgrade Drupal 6.x to Drupal core 6.34 or 7.x to Drupal core 7.34. The vulnerability exposes user names in addition to threatening the availability of a Drupal site. The researchers said they were able to guess a valid Drupal user name by exploiting the bug by entering an overly long password; they give an example of a million-character password. They explain that Drupal only calculates a password hash for valid user names; by measuring the time it takes to get a response from the system with a long password, they can infer that the user name they tried is valid. “In Drupal, the way of calculating the password hash (SHA512 with a salt) by using phpass results in the CPU and memory resources being affected when really long passwords are provided,” the researchers wrote. “If we perform several log-in attempts by using a valid username at the same time with long passwords, that causes a denial of service in the server.” Depending on the server configuration—in this case Drupal 7.32 running on Apache with a MySQL default installation—the attack crashes the entire server. The researchers said this happens because the RAM and CPU limits are reached. It can also crash the database, they said. “If the Apache configuration is optimized and tuned to the hardware resources, we are able to reach all sessions available quickly and handle them for 30 seconds which performs a DOS without crashing the server or database,” the researchers said, adding that 30 seconds is the longest a script can run before it is terminated by a parser. “This helps prevent poorly written scripts from tying up the server.” The researchers said they will publish a proof of concept attack at a later time. This vulnerability was rated moderately critical by Drupal, unlike a much more serious SQL injection flaw that became public on Oct. 15. The flaw was found in a Drupal module designed to defend against SQL injection attacks. Attackers quickly wrote automated exploits targeting the vulnerability; the attacks worked without the need for a Drupal account and left no trace. Drupal quickly released an advisory urging site admins to proceed as if every Drupal 7 site that was not patched within hours of the announcement were compromised. “Attackers may have created access points for themselves (sometimes called ‘backdoors’) in the database, code, files directory and other locations. Attackers could compromise other services on the server or escalate their access. Removing a compromised website’s backdoors is difficult because it is not possible to be certain all backdoors have been found,” Drupal said in a statement. The patch was made available on Oct. 15; the vulnerability was found in a database abstraction API that sanitized queries to prevent SQL injection. Source: http://threatpost.com/drupal-patches-denial-of-service-vulnerability-details-disclosed/109502

Original post:
Drupal Patches Denial of Service Vulnerability

Fasthosts outage blamed on DDoS attack

Fasthosts’ five-hour collapse today has been blamed on a Distributed Denial of Service attack and a security flaw spotted on its Windows 2003 shared web server kit. The company explained the torrid morning it had suffered in an emailed statement to The Register . Earlier today, after we reported that Fasthosts had gone titsup, Reg reader x2uk suggested that the firm had been targeted by hackers. “Some of our customers’ domains seem to have been shifted onto their DNS overnight which may mean something nefarious is afoot,” he told us. Fasthosts finally responded to our questions just as it was telling its biz customers on Twitter that the service was coming back to life. It said: As a result of a denial-of-service attack, Fasthosts shared hosting customers experienced a loss of DNS performance, and as a result, periods of website downtime. In accordance with its procedures, Fasthosts acted swiftly to resolve the root cause, and has now implemented measures to return the majority of its hosting customers back to full performance. We apologise for any disruption incurred by our customers this morning as a result of this issue. If any customer has outstanding issues, we ask that they contact our technical support team who will assist them. Incredibly, the company’s strife didn’t end there: it has also been battling a serious security hole in its Microsoft servers. Fasthosts said: As a result of our routine and extensive security monitoring, Fasthosts today identified a vulnerability specific to part of its Windows 2003 shared web server platform. The small affected proportion of our large hosting platform was immediately isolated, and work is being undertaken to investigate and fix the issue as swiftly as possible. As a precautionary measure, some shared hosting servers on this specific platform have been taken offline, resulting in a small proportion of our hosting customers experiencing downtime. All efforts are being focused on returning this platform to service. Fasthosts added that “the security of our customer data remains of paramount importance to us.” It claimed to have “excellent levels of security monitoring, systems and resources to keep our customers’ data safe from threats.” However, the company made no mention of compensation for businesses affected by Monday morning’s outage. “We apologise unreservedly for the inconvenience caused to those customers affected today, and we remain committed to providing the highest possible standards of service,” Fasthosts said. Source: http://www.theregister.co.uk/2014/11/17/fasthosts_outage_blamed_on_ddos_hack_attack_and_windows_2003_vuln/

Follow this link:
Fasthosts outage blamed on DDoS attack