Tag Archives: ddos news

There are DDoS attacks, then there’s this 809 million packet-per-second tsunami Akamai says it just caught

Bank on the receiving end of massive 418Gbps traffic barrage Akamai reckons it blocked what may be the largest distributed denial-of-service attack ever, in terms of packets per second.…

View article:
There are DDoS attacks, then there’s this 809 million packet-per-second tsunami Akamai says it just caught

Kinda goes without saying, but shore up your admin passwords or be borged by this brute-forcing botnet

Publishing platforms, hosts being targeted by Stealthworker malware Servers are being targeted with a malware attack that uses its infected hosts to brute-force other machines.…

More here:
Kinda goes without saying, but shore up your admin passwords or be borged by this brute-forcing botnet

Huge Cyberattacks Attempt To Silence Black Rights Movement With DDoS Attacks

After the death of George Floyd and the subsequent protests across the U.S., cyberattacks on advocacy groups spiked by an astonishing 1,120 times. It’s unclear who is behind the attacks, but they included attempts to neuter anti-racist organizations’ freedom of speech. The data comes from Cloudflare, a Silicon Valley company that protects a vast number of websites from distributed denial of service (DDoS) attacks, where servers are flooded with traffic to make them inaccessible. As its tech is used by a number of advocacy groups—including Black Lives Matter—Cloudflare saw what was happening around the time of Floyd’s death, caused by a police officer—former Minneapolis police officer Derek Chauvin—kneeling on Mr. Floyd’s neck till the life drained out of him. Fighting prejudice online And organizations whose purpose is to fight prejudice went from seeing almost no attacks on their sites to significant attempts to knock them offline. They included nearly 140 million likely malicious requests to load their websites. DDoS attacks see sites swamped with such requests, which mimic a massive number of people trying to get on a site at the same time, clogging up traffic to the page and making it inaccessible. “Those groups went from having almost no attacks at all in April to attacks peaking at 20,000 requests per second on a single site,” the company’s CEO, Matthew Prince, and its chief technology officer, John Graham-Cumming, wrote in a blog post. “One particular attacker, likely using a hacked server in France, was especially persistent and kept up an attack hitting an advocacy group continuously for over a day. We blocked those malicious HTTP requests and kept the site online.” In May, attacks on government, police and emergency services websites were up 1.8 times and 3.8 times on military websites, compared to the figures in April. Last week, the Minneapolis Police Department website was down after a reported DDoS attack. “We have been listening carefully to those who have taken to the streets in protest to demand justice and an end to structural racism, and believe that their powerful stories can serve as catalysts for real change. But that requires them to be heard,” the Cloudflare chiefs wrote in the post. “Unfortunately, if recent history is any guide, those who speak out against oppression will continue to face cyberattacks that attempt to silence them.” Source: https://www.forbes.com/sites/thomasbrewster/2020/06/03/huge-cyber-attacks-attempt-to-silence-black-rights-movement-with-ddos-attacks/#3460b946742b

Original post:
Huge Cyberattacks Attempt To Silence Black Rights Movement With DDoS Attacks

Oh cool, tech service prices are plummeting. And by tech services, we mean botnet rentals and stolen credit cards

Supply and demand in action Crime has never been cheaper to pull off, so long as you’re not particular about quality.…

Excerpt from:
Oh cool, tech service prices are plummeting. And by tech services, we mean botnet rentals and stolen credit cards

DDoS in the Time of COVID-19: Attacks and Raids

There is no escaping it. COVID-19 is dominating headlines and has impacted virtually every corner of the world. Like most people at this point, I’m 30 days into isolation and trying everything in my power to ignore the elephant in the room and the politics that go along with it. Unfortunately, or fortunately, cyber security is an essential business. As a result, those working in the field are not getting to experience any downtime during a quarantine. Many of us have been working around the clock, fighting off waves of attacks and helping other essential businesses adjust to a remote work force as the global environments change. Waves of Attacks Along the way we have learned a few things about how a modern society deals with a pandemic. Obviously, a global Shelter-in-Place resulted in an unanticipated surge in traffic. As lockdowns began in China and worked their way west, we began to see massive spikes in streaming and gaming services. These unanticipated surges in traffic required digital content providers to throttle or downgrade streaming services across Europe, to prevent networks from overloading. The COVID-19 pandemic also highlights the importance of service availability during a global crisis. Due to the forced digitalization of the work force and a global Shelter-in-Place, the world became heavily dependent on a number of digital services during isolation. Degradation or an outage impacting these services during the pandemic could quickly spark speculation and/or panic. For example, as COVID-19 began to take a toll on Australia’s economy, there became a rush of suddenly unemployed citizens needing to register for welfare services on MyGov, Australia’s government service portal. This natural spike in traffic ended up causing an outage on the morning of March 23 rd , requiring Government Services Minister Stuart Roberts to walk back his initial claims that the portal had suffered from a DDoS attack, naturally causing panic and speculation among those desperately seeking government assistance. In France, Assistance Publique – Hôpitaux de Paris, the university hospital trust managing 39 public hospitals in the area, found itself a victim of a DDoS attack on March 22 nd , just as France begin to deal with a surge in COVID-19 related cases. The attack was reported to have only lasted an hour and did not cause any significant damage. The problem was, upon further review, in order to deal with the attack, there was a reduction in internet access. Typically, during any other day, this reduction would not have had an impact, but due to the pandemic and a remote, non-essential work force, employees outside of the hospital’s network were blocked from external access during this attack, resulting in the inability to access email, Skype or remote application. In addition to this attack, the Brno University Hospital in the Czech Republic was hit a week earlier with a cyber-attack that force the hospital to shut down their entire network, resulting in the cancellation of surgeries. And if that wasn’t enough, a food delivery service in Germany experienced a DDoS attack from an extortionist. Lieferando.de, also known as takeaway.com, is a takeaway food service that delivers from more than 15,000 restaurants in Germany.  During this global pandemic, citizens of the world have become very dependent on take away food services as part of the effort to help flatten the curve. Unfortunately, an extortionist attempted to capitalize on this by launching a Ransom Denial of Service (RDoS) attack on Takeaway, demanding 2 BTC ($11,000) to stop the attack. As a result, some orders were able to be accepted but were never delivered, forcing Germans to find another option for the night. Taking Down Cyber Criminals It should come as no surprise that law enforcement agencies around the world are particularly interested in taking down those looking to profit from COVID-19. They are also interested in kicking down doors of those who are conducting DDoS attacks during the pandemic. On April 10 th , a 19-year-old from Breda, Netherlands, was arrested for conducting a DDoS attack on March 19 th against MijnOverheid.nl and Overhied.nl. Both of these websites are government-related and were providing Dutch citizens with important government information related to the pandemic. It’s truly unfortunate to see teenagers in the middle of a pandemic targeting critical infrastructure, preventing access to emergency regulations and advisories, but what did we expected? A cease-fire? In order to prevent additional DDoS attacks, a week prior to the Breda arrest, Dutch police shut down 15 stresser services. While these services were not listed, I can tell you, the raid was largely unnoticeable. Part of the problem can be found between the words of Jeroen Niessen, Dutch Police: “With preventive actions, we want to protect people as much as possible against DDoS attacks. By taking booters and their domain names offline, we make it difficult for cyber criminals. We have now put quite a few on black. If they pop up elsewhere, we will immediately work on it again. Our goal is to seize more and more booters…” If they pop up elsewhere, we will immediately work on it again…. But Are These Efforts Futile? In my opinion, it sounds like the police finally understand that raids are a losing battle without total commitment. If there’s one thing we learned from the 2019 raid of KV solution, a bulletproof hosting provider, it was that when one criminal falls, dozens are willing to replace them. For example, in 2018 the Department of Justice took down 15 stresser services as part of an effort to prevent DDoS attacks. The domain seized are listed below: anonsecurityteam.com booter.ninja bullstresser.net critical-boot.com defcon.pro defianceprotocol.com downthem.org layer7-stresser.xyz netstress.org quantumstress.net ragebooter.com request.rip str3ssed.me torsecurityteam.org vbooter.org The problem is, taking down a stresser service is pointless when there are so many criminals using public services and corporations to mask their identities. Until there is cooperation and commitment to removing the DDoS threat completely, it will always linger, rearing its nasty head in the worst moments. Due to the lack of commitment between the global law enforcement community and the security community, we are unable to see a meaningful impact in the DDoS landscape. It’s really not that difficult to find a stresser service today. In fact, you can find these criminals openly advertising their services on major search engines–no Tor browser or Darknet Market required. While search engines could simply de-index these services, they choose not to. Instead, they elect to profit from your misfortune. Below are a handful of sites found on popular search engine using the terms ‘booter’ or ‘stresser’: powerstresser.pro, freeboot.to, instant-stresser.to, meteor-security.to, layer7-security.to, stressthem.to, stress.to, stress.gg, booter.vip, bootstresser.com, bootyou.net, defconpro.net, str3ssed.co, ts3booter.net, vdos-s.co, webstresser.biz, hardstresser.com, havoc-security.pw, synstresser.to, dosninja.com, stresser.wtf, thunderstresser.me, ripstresser.rip, astrostress.com, botstress.to, dotn3t.org, nightmarestresser.to, silentstress.wtf, torstress.com, xyzbooter.net, databooter.to.   A Temporary Solution After reviewing the list, Officer Jeroen Niessen’s statement becomes clearer. Whether or not these current websites are associated with the original criminal groups or cloned, multiple stressers with notorious names have been reappearing. In general, I think it’s fair to say that while raids are disrupting criminals, they have hardly put a dent in the overall activity or economy of the DDoS-as-a-Service industry. Takedowns only represent a temporary solution, and this has become clear during the pandemic. Unfortunately, the threat landscape continues to evolve during a pandemic. Criminals are clearly not taking time off. Worst of all, not only is the public cloud fully in scope for cybercriminals looking to compromise enterprise equipment, but due to the ongoing pandemic and the remote digitalization of the work force, remote software and digital services have come under fire from opportunist criminals. I think during this time of chaos and uncertainty we really need to reflect on our impact and ability to secure the digital workforce and ask ourselves, are we protecting criminals due to privacy concerns or is there more we could do to remove and eliminate the DDoS threat? Source: https://securityboulevard.com/2020/04/ddos-in-the-time-of-covid-19-attacks-and-raids/

Taken from:
DDoS in the Time of COVID-19: Attacks and Raids

Average bandwidth of DDoS attacks increasing, APIs and applications under attack

The volume and complexity of attacks continued to grow in the first quarter of 2020, according to Link11. There has been an increasing number of high-volume attacks in Q1 2020, with 51 attacks over 50 Gbps. The average bandwidth of attacks also rose, reaching 5,0 Gbps versus 4,3 Gbps in the same quarter in 2019. Key findings Maximum bandwidth nearly doubles: In Q1 2020, the maximum bandwidth nearly doubled in comparison to the previous year; … More ? The post Average bandwidth of DDoS attacks increasing, APIs and applications under attack appeared first on Help Net Security .

View post:
Average bandwidth of DDoS attacks increasing, APIs and applications under attack

You’re a botnet, you;ve got a zero-day, so where do you go? After fiber, because that’s where the bandwidth is

Two-step attack seen on core systems Researchers are warning owners of fiber routers to keep a close eye on their gear and check for firmware updates following the discovery an in-the-wild zero-day attack.…

See original article:
You’re a botnet, you;ve got a zero-day, so where do you go? After fiber, because that’s where the bandwidth is

Dutch Police Shut Down 15 DDoS-for-Hire Services

Dutch law enforcement has shut down 15 DDoS-for-hire services that were used to run cyberattacks aimed at knocking websites and networks offline. Although they did not reveal the names of the DDoS-for-hire booters that they stopped, Police in The Netherlands were able to arrest a 19-year-old man from The Netherlands, who is suspected of orchestrating a DDoS attack against two websites that provide information on the coronavirus. The affected websites, MijnOverheid.nl and Overheid.nl, were unavailable for several hours on March 19 after being bombarded with traffic, according to the Dutch police. “We want to protect people and companies and make it increasingly difficult for cyber criminals to carry out a DDoS attack,” the head of the cyber crime team of the Central Netherlands police, Jeroen Niessen, said in a statement on the takedown. Dutch citizens may have found the interruptions to Overhead.nl particularly exasperating because the site is used as a “digital letterbox” to receive communications, including information about the pandemic, from the government. “The availability of this site to citizens is crucial for the country, especially during these times,” the Dutch police said. “By flattening a website like this, you are denying citizens access to their personal data and important government information. We take this very [seriously], especially now that the corona[virus] crisis is causing additional uncertainty and a great need for information for many people,” Niessen added. Dutch police have been pushing in recent years to stop Distributed Denial of Service attacks, which can overload computers with so much traffic that they become inaccessible. Last year, for example, Dutch police took down a hosting company that helped cybercriminals propagate hundreds of thousands of DDoS attacks. The year prior, the U.S. Department of Justice, in concert with the Dutch police and the U.K.’s National Crime Agency, knocked down 15 internet domains used to launch DDoS attacks. The Dutch police will continue to tackle new services, companies, and individuals involved in making DDoS attacks easier to operate moving forward, according to Niessen. “If they pop up elsewhere, we will immediately work on it again,” Niessen said. “Our goal is to seize more and more booters.” In the meantime, the Dutch police advised victims against paying cybercriminals behind DDoS attacks in the hopes that they call the police to investigate and hold them accountable instead. “Don’t give the cyber criminals money, as this may seem like a quick fix to get your site back up and running, you run the risk of getting rid of them,” the police advised. Source: https://www.cyberscoop.com/dutch-police-ddos-shutdown/

See more here:
Dutch Police Shut Down 15 DDoS-for-Hire Services

Cyber Warfare Doesn’t Take a Break During Coronavirus Season

US Health Agencies Are Fending off DDoS Attacks and Disinformation Campaigns in the Midst of a Pandemic Unfettered by social distancing measures or economic concerns, cyber threat actors are taking full advantage of opportunities created by the coronavirus pandemic. United States health agencies are being tested by distributed denial of service (DDoS) attacks and social media disinformation campaigns as they scramble to respond to an unprecedented viral outbreak, and these attacks are thought to be backed by a hostile foreign government. Federal health agency hit with DDoS attack A large-scale DDoS attack was directed at the U.S. Health and Human Services Department sometime around March 15. A spokesperson for the National Security Council stated that the attack did not do any substantial damage and that the networks are being “continuously monitored” to mitigate any future attempts. The DDoS attack involved millions of requests on the health agency’s servers over a period of several hours. A Health and Human Services spokesperson indicated that the government does not know who was behind the attack, but suspects a foreign government. The DDoS attack did not involve any network compromise, nor did it significantly slow down operations. The spokesperson indicated that the agency has put unspecified “extra protections” in place going forward. Fake texts and tweets part of organized disinformation campaign In addition to the DDoS attack, the National Security Council indicated that there is an ongoing disinformation campaign intended to sow fear and confusion in the American public that focuses on the health agencies. This is also believed to be backed by a foreign government. The agency warns about fake text messages that claim a mandatory national quarantine or lockdown is imminent. This disinformation campaign is also circulating widely on social media platforms such as Twitter and Facebook, and usually involves someone claiming they heard about imminent National Guard mobilization for a lockdown from some sort of friend or family member with inside information. The most damaging aspect of the disinformation campaign was a hack that managed to penetrate emergency MMS and SMS text-messaging systems used in a number of different cities in the US, which occurred just after Italy opted to lock down the entire country. The attackers sent out a bogus “warning” message claiming that public and emergency services were about to be shut down due to the coronavirus. These messages did not initially get out to the general public on a large scale, but did make their way to various emergency services personnel in a number of major cities including Boston, Washington DC and New York City. There is no indication at present that a national quarantine or lockdown is being considered. Such a move would be logistically difficult and extremely unpopular politically. While President Trump has mentioned that the possibility has been discussed, he has also signaled a desire to avoid action of this sort by the federal government on several occasions. During his March 21 briefing, Trump indicated that the government is focusing on action in coronavirus “hot zones” and that a national shutdown was not being seriously considered at the time. Perpetrators, motives and methods The assumption that a foreign government is behind these cyber incidents is primarily based on the lack of any sort of profit motive behind shutting down health agency servers or spreading false rumors on social media. While the rumors could potentially be used to manipulate stock prices in an indirect way, it seems more likely that this is a coordinated effort given that the DDoS attack and the disinformation campaign emerged at about the same time. Anonymous officials told ABC News that they believe Russia or China are the most likely perpetrators. This would not at all be a surprising move by either of these American adversaries, but particularly not for Russia. Russian “troll farms” that use fake social media accounts to pose as Americans and stir up dissent and division have been making the news since the widespread interference in the 2016 election, but have likely been working for over a decade now. This sort of disinformation campaign is precisely their MO. Any state-sponsored threat actor is capable of using a botnet, but DDoS attacks against other countries have been the hallmark of two particular hacking groups in recent years: APT 28, aka Russia’s infamous “Fancy Bear” group, and APT 33 (Elfin Team) out of Iran. Greg Wendt, Executive Director of Appsian, points out that though these health agencies have been successfully able to mitigate DDoS attacks they may be ripe for more targeted and sophisticated breach attempts: ” … government institutions such as the HHS are key targets for cyberattacks, and given that the government has many applications and systems that were written and developed 35-40 years ago, the process to modernize and transform the critical nature of data is a lengthy one and not a process that can be successfully done overnight.” New challenges for both government and private industry The cyber challenges posed by the coronavirus outbreak are not limited to health agencies. Private industry and individuals can also expect online predators to attempt to take advantage of the situation. Thomas Hatch, CTO and Co-Founder at SaltStack, a Lehi, Utah-based provider of intelligent IT automation software, foresees an inevitable increase in attacks on certain business sectors: “Petty thieves will assume that classical attacks are going to be more effective because cyber defense staffing is likely distracted right now dealing with the influx of issues that come from a demand shift for specific services. Organized groups are likely empowered by the situation and will want to take advantage of it. They can attack specific services, particularly financial institutions because of the overall distracted nature of the defenders.” Leading security firm Crowdstrike is reporting a significant increase in activity in phishing campaigns concurrent with global implementation of coronavirus restrictions. Early examples that have been spotted in the wild have promised free vaccines or offers of charity relief. Some targeted attacks on health care organizations have claimed to be related to shipments of ventilators or personal protective equipment. Hackers are also commonly attempting to pose as a legitimate health agency such as the WHO or CDC. In addition to targeted cyber attacks, everyone should be on heightened alert for messages tied to disinformation campaigns being spread throughout all sorts of public forums online. Source: https://www.cpomagazine.com/cyber-security/cyber-warfare-doesnt-take-a-break-during-coronavirus-season-us-health-agencies-are-fending-off-ddos-attacks-and-disinformation-campaigns-in-the-midst-of-a-pandemic/

Read the original post:
Cyber Warfare Doesn’t Take a Break During Coronavirus Season