Tag Archives: ddos news

190 UK Universities Targeted with Hundreds of DDoS Attacks

A large number of security attacks have been targeting universities all over the UK. Over 850 DDoS attacks were analyzed across 190 universities. Security experts suspect students or staff to be behind the large-scale attacks. Over 850 DDoS attacks have taken place in the United Kingdom, that have targeted 190 universities in the 2017-2018 academic year. Security researchers from JISC studied all of the reported attacks and have found clear patterns that tie all of the attacks. JISC is responsible for providing internet connectivity to UK research and education institutions. After a thorough analysis of all attacks during the past academic year, their study reveals that the attackers are most likely staff or students who are associated with the academic cycle. JISC came to this conclusion because the DDoS activity sees noticeable drops during holidays at universities. More importantly, most of the attacks were centered around the university working hours of 9 am to 4 pm local time. Image Courtesy of JISC Head of JISC’s security operations center John Chapman revealed “We can only speculate on the reasons why students or staff attack their college or university – for the ‘fun’ of disruption and kudos among peers of launching an attack that stops internet access and causes chaos, or because they bear a grudge for a poor grade or failure to secure a pay rise”. One of the DDoS attacks lasted four days and was sourced to a university’s hall of residence. A larger dip in attacks was noticed this summer compared to the summer of 2017. With an international law enforcement operation going into effect against the number one DDoS-for-hire online market. The website being taken down led to a massive drop in the number of DDoS attacks globally, which indicates that the attacks on the UK universities were not done by professional hackers working with a personal agenda, but hired professionals. The motive behind these DDoS attacks is unknown, and it may serve as a cover for more sinister cybercriminal activity. Universities often store valuable intellectual property which makes them prime targets for many hackers. Source: https://www.technadu.com/190-uk-universities-targeted-hundreds-ddos-attacks/42816/

View article:
190 UK Universities Targeted with Hundreds of DDoS Attacks

Security breaches costing UK SMBs millions

Cybercriminals have moved on from large enterprises and are now targeting SMBs. While large organisations may offer a bigger payload, cybercriminals are increasingly targeting small and medium-sized businesses (SMBs) as they generally have smaller cybersecurity budgets and often lack a dedicated in-house security team to deal with cyberattacks. In its new Small and Mighty SMB Cybersecurity report, Cisco revealed that 53 per cent of SMBs have experienced a data breach. To compile its report, the company surveyed 1,816 respondents across 26 countries and also drew upon the results of its 2018 Security Capabilities Benchmark Study. According to Cisco, 29 per cent of SMBs will pay less than $100,000 after a data breach though 20 per cent said the same incident would cost them between $1m and $2.5m to resolve. The report also shed light on the fact that 40 per cent of SMBs will experience an average of eight hours or more of system downtime following a breach which is on par with their larger counterparts. Cisco explained how SMBs’ response differs from that of large enterprises in its report, noting: “The difference, though, is that larger organizations tend to be more resilient than small/midmarket businesses following an attack because they have more resources for response and recovery.” Of those surveyed, 39 per cent said at least half of their systems had been impacted as a result of a severe data breach in the last year. Regarding the biggest security challenges faced by SMBs, respondents reported targeted attacks, advanced persistent threats (APTs), ransomware and DDoS attacks as the most concerning. Source: https://www.itproportal.com/news/security-breaches-costing-uk-smbs-millions/

DDoS Attack on German Energy Company RWE

Protesters in Germany have been camping out at the Hambach Forest, where the German energy company RWE has plans to mine for coal. Meanwhile, it’s been reported that RWE’s website was under attack as police efforts to clear the protesters from the woods were underway. According to Deutsche Welle , unknown attackers launched a large-scale distributed denial-of-service (DDoS), which took down RWE’s website for virtually all of Tuesday. No other systems were attacked, but efforts to clear away the protesters have been ongoing for the better part of the month, and activists have reportedly made claims that they will be getting more aggressive in their tactics. Activists have occupied the forest in hopes of preventing RWE from moving forward with plans to expand its coal mining operations, which would effectively clear the forest. In addition to camping out in the forest, the protesters have reportedly taken to YouTube to spread their message. Reports claim that a clip was posted last week by Anonymous Deutsch that warned, “If you don’t immediately stop the clearing of the Hambach Forest, we will attack your servers and bring down your web pages, causing you economic damage that you will never recover from,” DW reported. “Together, we will bring RWE to its knees. This is our first and last warning,” the voice from the video reportedly added. DDoS attacks are intended to cripple websites, and the attack on RWE allowed the activists to make good on their threat, at least for one day. ““This is yet another example that illustrates the DDoS threat to [softer targets in] CNI [critical network infrastructure]. RWE is an operator of an essential service (energy) in Germany. The lights didn’t go out but their public-facing website was offline as a result of this attack,” said Andrew Llyod, president, Corero Network Security. In a recent DDoS report, Corero researchers found that “after facing one attack, one in five organizations will be targeted again within 24 hours.” Source: https://www.infosecurity-magazine.com/news/ddos-attack-on-german-energy/

See more here:
DDoS Attack on German Energy Company RWE

Don’t Look Away, Peekaboo Vulnerability May Allow Hackers to Play the Long Game

The newly named Peekaboo vulnerability is a zero-day flaw in China-based Nuuo’s video recorder technology.The flaw in NVRMini2, a network-attached storage device, has remained unfixed in the three months since the vendor was alerted. This vulnerability put internet-connected CCTV cameras at risk, a grave concern for organizations using the service to view and manage their connected CCTV cameras. NUUO both uses the technology in its own products and licenses it to third-party surveillance system makers and systems integration partners. Exposure from Peekaboo Vulnerability Tenable Research, which discovered the Peekaboo flaw, said it could potentially impact more than 100 CCTV brands and approximately 2,500 different camera models. Organizations in wide range of industries, including retail, transportation, banking, and government, install these cameras to improve security. NUUO was informed of the vulnerability on June 5, 2018. Patches are now available on their website. This is not the first time an IoT vulnerability has brought unexpected risk to organizations. The Mirai botnet attacks showed how hackers can use CCTVs, webcams, and other Internet-connected devices to launch massive distributed denial of service (DDoS) attacks to cause mass disruption. Many of us saw the impact of Mirai in October 2016, when they used the botnets to take down Dyn. Apparently the latest IoT-related risk comes from the Peekaboo vulnerability, opening organizations to risk from an unexpected vector. Multiple Vulnerabilities Add Risk The Tenable team found two vulnerabilities; the first was an unauthenticated stack buffer overflow. A buffer overflow attack is when a hacker sends more data than a computer is designed to receive, leading the computer to inadvertently store the leftover data as commands the computer will later run. Buffer overflow is a common code level issue that has been prevalent for years, which can be identified through static analysis. The second vulnerability was a backdoor in leftover debug code, so together the flaws allow hackers to explore the surveillance data and access login credentials, port usage, IP addresses, and other information on the camera equipment itself. These types of issue map directly to coding errors and the remediation exposure disciplines of software exposure. Let’s take a look, however, at what a patient hacker can do with this particular security camera hack. Here is a hypothetical example of how a hacker might use the Peekaboo vulnerability: Turn off cameras or delete recordings by executing the buffer overflow Allow individuals to access to the building Install additional software within the building for later use Execute that software well after initial camera hack, resulting in significant exploits against the compromised system Confuse experts trying to determine the cause of exploit due to the multi-step attack Think Like a Hacker As usual, the original hack itself is not the end game. Deleting data or controlling security cameras allows attackers to circumvent security systems to rob residences or businesses. However, my major concern is the potential for infrastructure terrorism on electrical grids, nuclear plants, or water supplies. Hackers play the long game, and we in the security field need to as well. The software industry must react quickly to vulnerabilities such as Peekaboo, either to provide a patch in our own software, or to apply it as soon as it’s available. Software runs most of the objects we know and use every day. It’s our responsibility to make it as safe and secure as possible. Source:https://securityboulevard.com/2018/09/dont-look-away-peekaboo-vulnerability-may-allow-hackers-to-play-the-long-game/

Follow this link:
Don’t Look Away, Peekaboo Vulnerability May Allow Hackers to Play the Long Game

Verizon Digital Media Services adds managed security services to its Cloud Security Solution

Verizon Digital Media Services announced it has added a managed cloud security offering as part of its global Cloud Security Solution. The managed cloud security component provides access to security professionals who monitor and take corrective action against the security threats, no matter the time of day. The addition of this offering complements features previously available within Verizon Digital Media Services’ Cloud Security Solution, including a dual web application firewall (WAF), distributed denial-of-service (DDoS) protection, … More ? The post Verizon Digital Media Services adds managed security services to its Cloud Security Solution appeared first on Help Net Security .

Some credential-stuffing botnets don’t care about being noticed any more

They just take a battering ram to the gates The bots spewing out malicious login attempts by the bucketload appear to have cranked it up a notch.…

Follow this link:
Some credential-stuffing botnets don’t care about being noticed any more

Mirai creators sentenced to probation after assisting FBI with cyber investigations

Three young men who developed and deployed the original Mirai IoT botnet malware were sentenced on Tuesday in an Alaskan federal court to five years probation – a lenient punishment earned through extensive cooperation with FBI on other cyber investigations. Paras Jha, 22, of Fanwood, N.J.; Josiah White, 21, of Washington, Penn.; and Dalton Norman, 22, of Metairie, La. were also each ordered to pay $127,000 in restitutions and serve 2,500 hours of community service that will require continued collaboration with law enforcement authorities and researchers on cybercrime and cybersecurity matters. A Sept. 18 Wired article citing additional court documents states the three men have already accumulated more than 1,000 hours of community service by lending their expertise to at least a dozen investigations. This reportedly includes efforts to reduce the impact of high-volume distributed denial of service (DDoS) attacks, counter a nation-state-backed APT group, and perhaps undercover work. “All three have made efforts at positive professional and educational development with varying degrees of success, and indeed it was their collective lack of success in those fields that provided some of the motive to engage in the criminal conduct” in the first place, stated a sentencing memorandum filed by U.S. prosecutors on Sept. 11. In recommending a lighter sentence to the court, the document cites “potential grounds for optimism regarding their prospects for rehabilitation and productive engagement in society after being sentenced in these cases. All three have significant employment and educational prospects should they choose to take advantage of them rather than continuing to engage in criminal activity.” Jha could still serve prison time for additional charges filed, in New Jersey, related to a 2016 Mirai-based DDoS attack he launched against Rutgers University, where he had been a student. The three men pleaded guilty in late 2017. White, Jha, and Norman created the botnet in the summer and fall of 2016, recruiting scores of compromised IoT devices – including wireless cameras, routers, and digital video recorders – and using them to flood targets with DDoS traffic. Jha later released Mirai’s source code to evade identification as an author. This action led to others individuals developing numerous versions of the malware, including one that impacted the Domain Name System provider Dyn and disabled many popular websites on Oct. 21, 2016. Other versions have focused focus from DDoS attacks to other illegal activities such as cryptomining. “Cybercrime is a worldwide epidemic that reaches many Alaskans,” said U.S. Attorney Bryan Schroder in a DOJ press release. “The perpetrators count on being technologically one step ahead of law enforcement officials. The plea agreement with the young offenders in this case was a unique opportunity for law enforcement officers, and will give FBI investigators the knowledge and tools they need to stay ahead of cyber criminals around the world.” “The sentences announced today would not have been possible without the cooperation of our partners in international law enforcement and the private sector,” Jeffery Peterson, Special Agent in Charge of FBI’s Anchorage field office, also said in the release. “The FBI is committed to strengthening those relationships and finding innovative ways to counter cybercrime. Cybercriminals often develop their technical skills at a young age. This case demonstrates our commitment to hold criminals accountable while encouraging offenders to choose a different path to apply their skills.” Source: https://www.scmagazine.com/home/news/mirai-creators-sentenced-to-probation-after-assisting-fbi-with-cyber-investigations/

Taken from:
Mirai creators sentenced to probation after assisting FBI with cyber investigations

3 Drivers Behind the Increasing Frequency of DDoS Attacks

What’s causing the uptick? Motivation, opportunity, and new capabilities. According to IDC Research’s recent US DDoS Prevention Survey, more than 50% of IT security decision makers said that their organization had been the victim of a distributed denial-of-service (DDoS) attack as many as 10 times in the past year. For those who experienced an attack, more than 40% lasted longer than 10 hours. This statistic correlates with our ATLAS findings, which show there were 7.5 million DDoS attacks in 2017 — a rate, says Cisco, that is increasing at roughly the same rate as Internet traffic. What’s behind the uptick? It boils down to three factors: motivation of the attackers; the opportunity presented by inexpensive, easy-to-use attack services; and the new capabilities that Internet of Things (IoT) botnets have. Political and Criminal Motivations In an increasingly politically and economically volatile landscape, DDoS attacks have become the new geopolitical tool for nation-states and political activists. Attacks on political websites and critical national infrastructure services are becoming more frequent, largely because of the desire and capabilities of attackers to affect real-world events, such as election processes, while staying undiscovered. In June, a DDoS attack was launched against the website opposing a Mexican presidential candidate during a debate. This attack demonstrated how a nation-state could affect events far beyond the boundaries of the digital realm. It threatened the stability of the election process by knocking a candidate’s website offline while the debate was ongoing. Coincidence? Perhaps. Or maybe an example of the phenomenon security experts call “cyber reflection,” when an incident in the digital realm is mirrored in the physical world. DDoS attacks carried out by criminal organizations for financial gain also demonstrate cyber reflection, particularly for global financial institutions and other supra-national entities whose power makes them prime targets, whether for state actors, disaffected activists, or cybercriminals. While extortion on the threat of DDoS continues to be a major threat to enterprises across all vertical sectors, cybercriminals also use DDoS as a smokescreen to draw attention away from other nefarious acts, such as data exfiltration and illegal transfers of money. Attacks Made Easy This past April, Webstresser.org — one of the largest DDoS-as-a-service (DaaS) providers in existence, which allowed criminals to buy the ability to launch attacks on businesses and responsible for millions of DDoS attacks around the globe — was taken down in a major international investigation. The site was used by a British suspect to attack a number of large retail banks last year, causing hundreds of thousands of pounds of damage. Six suspected members of the gang behind the site were arrested, with computers seized in the UK, Holland, and elsewhere. Unfortunately, as soon as Webstresser was shut down, various other similar services immediately popped up to take its place. DaaS services like Webstresser run rampant in the underground marketplace, and their services are often available at extremely low prices. This allows anyone with access to digital currency or other online payment processing service to launch a DDoS attack at a target of their choosing. The low cost and availability of these services provide a means of carrying out attacks both in the heat of the moment and after careful planning. The rage-fueled, irrational DDoS-based responses of gamers against other gamers is a good example of a spur-of-the-moment, emotional attack enabled by the availability of DaaS. In other cases, the DaaS platforms may be used in hacktivist operations to send a message or take down a website in opposition to someone’s viewpoint. The ease of accessibility to DaaS services enables virtually anyone to launch a cyberattack with relative anonymity. IoT Botnets IoT devices are quickly brought to market at the lowest cost possible, and securing them is often an afterthought for manufacturers. The result? Most consumer IoT devices are shipped with the most basic types of vulnerabilities, including hard code/default credentials, and susceptibility to buffer overflows and command injection. Moreover, when patches are released to address these issues, they are rarely applied. Typically, a consumer plugs in an IoT device and never contemplates the security aspect, or perhaps does not understand the necessity of applying regular security updates and patches. With nearly 27 billion connected devices in 2017, expected to rise to 125 billion by 2030 according to analysis from IHS Markit, they make extremely attractive targest for malware authors. In the latter half of 2016, a high-visibility DDoS attack against a DNS host/provider was observed, which affected a number of major online properties. The malware responsible for this attack, and many others, was Mirai. Once the source code for Mirai was published on September 30, 2016, it sparked the creation of a slew of other IoT-based botnets, which have continued to evolve significantly. Combined with the proliferation of IoT devices, and their inherent lack of security, we have witnessed a dramatic growth in both the number and size of botnets. These new botnets provide the opportunity for attackers and DaaS services to create new, more powerful, and more sophisticated attacks. Conclusion Today’s DDoS attacks are increasingly multivector and multilayered, employing a combination of large-scale volumetric assaults and stealth infiltration targeting the application layer. This is just the latest trend in an ever-changing landscape where attackers adapt their solutions and make use of new tools and capabilities in an attempt to evade and overcome existing defenses. Businesses need to maintain a constant vigilance on the techniques used to target them and continually evolve their defenses to industry best practices. Source: https://www.darkreading.com/attacks-breaches/3-drivers-behind-the-increasing-frequency-of-ddos-attacks/a/d-id/1332824

Excerpt from:
3 Drivers Behind the Increasing Frequency of DDoS Attacks

California Dem hit with DDoS attacks during failed primary bid: report

The campaign website of a Democratic congressional candidate in California was taken down by cyberattacks several times during the primary election season, according to cybersecurity experts. Rolling Stone reported on Thursday that cybersecurity experts who reviewed forensic server data and emails concluded that the website for Bryan Caforio, who finished third in the June primary, was hit with distributed denial of service (DDoS) attacks while he was campaigning. The attacks, which amount to artificially heavy website traffic that forces hosting companies to shut down or slow website services, were not advanced enough to access any data on the campaign site, but they succeeded in blocking access to bryancaforio.com four times before the primary, including during a crucial debate and in the week before the election. Caforio’s campaign didn’t blame his loss on the attacks, but noted that he failed to advance to a runoff against Rep. Steve Knight (R-Calif.) by coming up 1,497 votes short in his loss against fellow Democrat Katie Hill. Caforio’s campaign tried several tactics to deter malicious actors, including upgrading the website’s hosting service and adding specific DDoS protections, which in the end failed to deter the attacks. “As I saw firsthand, dealing with cyberattacks is the new normal when running for office, forcing candidates to spend time fending off those attacks when they should be out talking to voters,” Caforio told the magazine. A spokeswoman for the Department of Homeland Security (DHS) told Rolling Stone that it offered to help Caforio’s campaign investigate the four attacks but received no response. A DHS spokesperson did not immediately respond to a request for comment from The Hill. An aide to the Democratic Congressional Campaign Committee, the campaign arm for House Democrats, told Rolling Stone that it takes attacks such as the ones Caforio faced “very seriously.” “While we don’t have control over the operations of individual campaigns, we continue to work with and encourage candidates and their staffs to utilize the resources we have offered and adopt best security practices,” the aide said. Source: https://thehill.com/policy/cybersecurity/407608-california-democrat-hit-with-ddos-attacks-during-failed-primary-bid

Visit site:
California Dem hit with DDoS attacks during failed primary bid: report

IoT malware grew significantly during the first half of 2018

New research from Kaspersky Lab reveals how cybercriminals are targeting IoT devices. During the first half of 2018, malware designed specifically for Internet of Things (IoT) devices grew three-fold with over 120,000 modifications of malware according to new research from Kaspersky Lab. The security firm’s IoT report revealed that the growth of malware families for smart devices is snowballing and part of a dangerous trend that could leave consumer devices vulnerable to illegal activity including cryptocurrency mining, DDoS attacks or being used in large scale attacks by becoming part of a botnet. Kaspersky Lab is well aware of these threats and the company has set up its own decoy devices called honeypots to lure cybercriminals and analyse their activities online. According to the statistics, the most popular method of spreading IoT malware is still brute forcing passwords where hackers repetitively try various password combinations before eventually gaining access to a device. Brute forcing was used in 93 per cent of attacks while well-known exploits were used in the remaining cases. Kaspersky Lab’s honeypots were attacked most often by routers with 60 per cent of attacks coming from them. The remaining attacks were carried out by a variety of devices including DVRs and printers. Surprisingly, 33 attacks were carried out by connected washing machines. Why target IoT devices Cybercriminals may have different reasons for exploiting IoT devices but the most popular reason was to create botnets which would be used to facilitate DDoS attacks. Some of the malware modifications discovered by Kaspersky Lab were even tailored to disable competing malware. Principal Security Researcher at Kaspersky Lab, David Emm provided further insight on the firm’s report, saying: “For those people who think that IoT devices don’t seem powerful enough to attract the attention of cybercriminals, and that won’t become targets for malicious activities, this research should serve as a wake-up call. Some smart gadget manufacturers are still not paying enough attention to the security of their products, and it’s vital that this changes – and that security is implemented at the design stage, rather than considered as an afterthought. “At this point, even if vendors improve the security of devices currently on the market, it will be a while before old, vulnerable devices have been phased out of our homes. In addition, IoT malware families are rapidly being customised and developed, and while previously exploited breaches have not been fixed, criminals are constantly discovering new ones. IoT products have therefore become an easy target for cybercriminals, who can turn simple machines into powerful devices for illegal activity, such as spying, stealing, blackmailing and conducting Distributed Denial of Service (DDoS) attacks.” Source: https://www.techradar.com/news/iot-malware-grew-significantly-during-the-first-half-of-2018