Tag Archives: ddos news

FCC blames DDoS for weekend web lockout

Not down to people trying to file comments on issues rhyming with wetsuit balloty, it insists Vid   Problems faced by consumers hoping to submit comments to the Federal Communications Commission over the weekend were caused by a denial of service attack, the US government agency admits.…

More:
FCC blames DDoS for weekend web lockout

FCC: Commission Hit By DDoS Attacks

Amidst reports that John Oliver’s segment on Title II on Sunday night’s Last Week Tonight on HBO had created a flood of comments that brought down the FCC’s comment site, the FCC released a statement saying it had been hit by a denial-of-service attack. The statement came from chief information officer Dr. David Bray about delays experienced by “consumers” trying to file comments. He did not specify the net neutrality docket. “Beginning on Sunday night at midnight [Last Week Tonight aired at 11 p.m.], our analysis reveals that the FCC was subject to multiple distributed denial-of-service attacks (DDoS). These were deliberate attempts by external actors to bombard the FCC’s comment system with a high amount of traffic to our commercial cloud host.” He said the attacks were not attempts to file comments themselves but “rather they made it difficult for legitimate commenters to access and file with the FCC. While the comment system remained up and running the entire time, these DDoS events tied up the servers and prevented them from responding to people attempting to submit comments. We have worked with our commercial partners to address this situation and will continue to monitor developments going forward.” Source: http://www.broadcastingcable.com/news/washington/fcc-commission-hit-ddos-attacks/165609

Read this article:
FCC: Commission Hit By DDoS Attacks

DDoS Attack On Gaming, Gambling Sites In Hong Kong Believed To Be Extortion Attempt

In the first two weeks of April, sudden spikes of traffic started hitting gaming and gambling sites in Hong Kong. The increased rush weren’t anxious gamers looking to place bets, but a DDoS attack designed to take the sites offline. The unusual activity hounding sites in Hong Kong was caught by Security Engineering and Response Team at Arbor Networks, a cyber security firm based in the U.S. A massive influx of traffic from China starting pouring into the territory on April 6, and carried out in blasts through April 13. During that time frame, Hong Kong was the top destination for targeted attacks, topping the U.S., which routinely receives the highest percentage of DDoS attacks. It’s uncommon for Hong Kong to attract such attention from a DDoS, or Distributed Denial of Service attack. The types of attacks use coordinated machines to direct an overwhelming amount of traffic at a single target. These attacks—often carried out by massive networks of compromised internet-connected devices coordinated as part of a botnet—can often force a service offline. DDoS attacks are difficult to mitigate because they cannot be stopped by simply blocking one source. Because the traffic comes from anywhere from dozens to thousands of individual locations, it can also prove next to impossible to distinguish legitimate traffic from attack traffic or determine the origin of the attack. That anomalous activity detected by Arbor Networks—during which Hong Kong received 28 and 39 percent of all attacks greater than 10 Gbps in size in the two respective weeks—caught the eye of Kirk Soluk, the manager of the company’s Threat Intelligence and Response team. According to Soluk’s analysis, the attack was likely an attempted extortion attack, designed to knock a target offline until they are willing to pay to make the attack stop. “Gambling sites and gaming sites that have a financial component are a particularly attractive target,” Soluk told International Business Times, “due to the money the sites stand to lose if they are not available.” Extortion attempts have been on the rise in recent years, in part because of the wider availability of tools used to perform such attacks and in part because businesses and individuals are more reliant on digital services—trusting digital systems with sensitive data and financial information. According to a recent report by Symantec, ransomware attacks, which attempt to extort money from individual users and businesses by encrypting their files and demanding payment to decrypt them, rose by 36 percent in 2016—and the average ransom cost increased by 266 percent from the previous year. DDoS attacks are often used to hit larger organizations rather than single users or small networks like ransomware, but it can have an impact on others beyond the intended target. Soluk warned that DDoS attacks could potentially compromise users of an attacked site and in some cases even put them at physical risk, like in a November 2016 attack in Finland that damaged the heating systems of residential properties in the dead of winter. “Fortunately, we haven’t seen a large-scale critical infrastructure outage directly attributed to a DDoS attack but it’s certainly not out of the realm of possibility,” Soluk said. “More notable are outages that result in financial losses for organizations whose Internet presence is taken offline as well as inconveniences for end users wishing to purchase goods or even play games.” There is collateral in any attack of such magnitude, and the bombardment of Hong Kong gaming sites was no exception. While those sites took the brunt of the traffic, a number of other sites also got hit, including two domains belonging to hospitals. Given that 29 total online gambling and gaming sites were hit in the same surge of traffic, it seems obvious those were the true targets. What is less clear is who carried out the attack. The vast majority of the traffic came from China, and in some cases such a direct stream directed at domains of one territory can be indicative of cyber warfare between states. DDoS attacks have become tools of war, and have been seen in attacks like the one launched against the former Soviet Republic of Estonia. Much of the nation was taken offline by a DDoS attack that hit government and private sector servers after Estonian government decided to move the Bronze Warrior, a Soviet World War II memorial, and angered Russian leadership. It’s also noteworthy that Hong Kong itself has been hit by DDoS attacks before. Those came in 2014 following a growing pro-democracy movement that was angered in part by China’s influence in the territory’s elections. Despite the history, and the onslaught of traffic driven from China, there isn’t much indication that the attack on Hong Kong gaming sites was in any way a politically motivated attack. “Geography has to be taken in proper context, particularly when considering the source of an attack,” Soluk explained. “It is easy for an attacker sitting anywhere in the world to launch a DDoS attack from anywhere else in world.” Because of the targets of the attack, Soluk concluded the hit on Hong Kong gaming sites was more likely to be financially motivated than part of an ongoing geopolitical battle between two territories. The attacks have ceased and the dust has cleared from the torrential traffic, but it’s not clear if that means the targets are in the clear. The attacks came out of nowhere, spiking with little indication and disappearing back into the ether. That type of uncertainty can’t be planned for, but Soluk said it can be mitigated to some degree with preparedness. He advised sites and online services to follow best current practices for architecting and protecting network infrastructure, including having trained staff that regularly conduct DDoS war games to test the system and utilizing an Intelligent DDoS Mitigation System (IDMS) to help counteract an attack. Source: http://www.ibtimes.com/ddos-attack-gaming-gambling-sites-hong-kong-believed-be-extortion-attempt-2535523

Read More:
DDoS Attack On Gaming, Gambling Sites In Hong Kong Believed To Be Extortion Attempt

Netflix Incident A Sign Of Increase In Cyber Extortion Campaigns

Attackers using threats of data exposure and DDoS disruptions to try and extort ransoms from organizations The recent leak of 10 unaired episodes from Season 5 of Netflix’ hit series “Orange Is The New Black” shows that ransomware is not the only form of online extortion for which organizations need to be prepared. Increasingly, cyber criminals have begun attempting to extort money from organizations by threatening to leak corporate and customer data, trade secrets, and intellectual property. Instead of encrypting data and seeking a ransom for decrypting it, criminals have begun using doxing as a leverage to try and quietly extort bigger sums from enterprises. “Targeted attacks are the new cybersecurity threat and are on the rise,” says Nir Gaist, CEO and co-founder of security vendor Nyotron. “Organizations, regardless of industry or size, can be targeted with cyber extortion or espionage as the hackers’ goal.” The reason why there isn’t more noise over such incidents is that victims often like to keep quiet about them, he says. “Unless the company is regulated to report the attack, they will keep it quiet to keep brand and reputation intact,” Gaist says. Even in the case of the Netflix leak, for instance, it was the hackers themselves who announced the attack. “There was no monetary loss due to the early release of the ‘Orange is the New Black’ episodes, but there was reputation loss and brand damage,” he says. A malicious hacker or hacking group calling itself TheDarkOverload earlier this week claimed responsibility for publicly posting several episodes of the Netflix series after apparently stealing them from Larson Studio, a small post-production company, back in December. The hackers first tried to extort money from Larson Studio before going after Netflix directly. When Netflix refused to acquiesce to the extortion demand, the hackers released the unaired episodes. The hackers claimed to have stolen several more unaired episodes of TV programs from Netflix, Fox, and National Geographic and have threatened to release them as well. It is not clear if the hackers have made any extortion demands from the various studios. The Netflix incident is an example of the growing threat to organizations from extortion scams, says Moty Cristal the CEO of NEST Negotiation Strategies, a firm that specializes in helping organizations negotiate with online extortionists. Cyber extortion can include the threat of DDoS attacks and data exposure. The goal of attackers is to find a way to threaten targets with the most damage, either financial or from a brand reputation standpoint, Cristal explains. Any decision on whether to pay or not to pay should be based on an assessment of the potential damage, both real and perceived, that the attacker could wreak, and the company’s ability to withstand such damage, Cristal says. In the Netflix incident, the fact that the attackers demanded just around 50 bitcoin for the stolen episodes suggests they were likely motivated more by the need to be recognized and professionally acknowledged than by financial gain, Cristal adds. Surprisingly, targeted extortion attacks do not always have to be sophisticated to be successful, although sometimes they can very sophisticated Gaist says. “In a targeted attack, the hacker will attempt to find a simple vulnerability to get in,” he says. “Unfortunately for most companies, basic security hygiene is simply not attended to properly – leaving them completely vulnerable to a targeted attack.” While attacks that result in potential exposure of customer and corporate data can be scary, there are a couple of good reasons not to pay, security analysts say. One of course is that paying off a ransom or extortion is only likely to inspire more attempts. An organization that shows its willingness to pay to get data back or to prevent something bad from happening will almost certainly be attacked again. The other reason is that not all extortion scams are real. In fact, a lot of times attackers will attempt to scare money out of an organization with false threats. Last year for instance, a malicious hacking group calling itself the Armada Collective sent extortion letters to some 100 companies threatening them with massive distributed denial of service attacks if they did not pay a specific ransom amount. Security vendor CloudFlare, which analyzed the Armada Collective’s activities, estimated that the group netted hundreds of thousands of dollars in ransom payments from victims, without carrying out a single attack. Meg Grady-Troia, web security product marketing manager at Akamai, says paying a ransom doesn’t necessarily guarantee a chosen outcome. “So doing separate analysis of the request for payment and the real threat is critical for any organization.” Akamai’s customers have seen a lot of extortion letters, threatening a DDoS attack if a specified amount of bitcoin is not deposited to an identified wallet by a certain time, she says. These letters have come from a number of groups, including DD4BC, Armada Collective, Lizard Squad, XMR Squad, and others. Often though, there is very little follow-through. “Some of these DDoS extortion letters are merely profit-making schemes, while some are serious operations with the resources to damage a business,” says Grady-Troia. Paying a ransom is no guarantee that your data still won’t be leaked, she says. “Once data has been exfiltrated from your system, the blackmail may or may not continue after the requested payment, or it may still be leaked.” What organizations need to be focusing on is DDoS attack resilience and the operational agility of their systems, particularly access controls, backup procedures, and digital supply chain. “The importance of online extortion depends immensely on the nature of the threat and the enterprise’s risk tolerance,” Grady-Troia says. “Businesses should have a security event or incident response process that can be invoked in the case of any attack, and that process should include subject matter experts for systems and tools, procedures for all kinds of hazards.” Source: http://www.darkreading.com/attacks-breaches/netflix-incident-a-sign-of-increase-in-cyber-extortion-campaigns/d/d-id/1328794

Read the article:
Netflix Incident A Sign Of Increase In Cyber Extortion Campaigns

DDoS attack size doubles, but 40% are still reported by customers

While the headline record breaking attack size goes up every year, the long tail of average attack size has also doubled in the past year to reach 50 Gps according to Neustar’s fourth annual Worldwide DDoS Attacks and Cyber Insights Research Report. However, the increased average is partly put down multiple 500 Gbps+ attacks from IoT botnets, one of which exceeded 680 Gbps peak size. The report records that nearly half (45 percent) of DDoS attacks were more than 10 Gbps and 15 percent of attacks were at least 50 Gbps, showing that volumetric attacks are getting larger. And the average cost of DDoS attacks has also gone up, now costing an organisation almost £2 million (£1.9 million) in revenue. Neustar’s report is based on responses from 1,010 CISOs, CSOs, CTOs security directors and managers. Out of 1010 organisations, 849 were attacked – with no particular industry spared. Eighty-six percent (727) of those attacked were hit more than once. Forty percent of respondents reported receiving attack alerts from customers, up from 29 percent in 2016, demonstrating just how unprepared we are when dealing with this threat. An average revenue loss of at least US$250,000 (£190,000) per hour was reported by 43 percent of organisations, with 51 percent taking at least three hours to detect an attack and 40 percent taking at least that amount of time to respond. Instances of ransomware increased 53 percent since 2016. Half of the attacks involved some sort of loss or theft with a 38 percent increase year over year in customer data, financial and intellectual property thefts. Nearly all (99 percent) organisations have some sort of DDoS protection in place, but 90 percent are investing more than they did a year ago. More than a third (36 percent) think they should be investing even more. Showing that the year is off to a fast start, the research is already seeing significant increases in average attack size and variety of attack vectors even though Q1 is generally considered “pre-season” with most attacks traditionally happening in the shopping season in the run up to Christmas. The new hot attack trends for 2017 include Generic Routing Encapsulation (GRE) based flood attacks and Connectionless Lightweight Directory Access Protocol (CLDAP). The report explains how CLDAP Reflection attacks come from botnets that target exposed public facing LDAP servers by exploiting UDP’s inherent stateless nature. These attacks originate from port 389 (LDAP’s UDP port), however they are not always concentrated on attacking a specific source port. Although LDAP is more prevalent on internal networks, attackers have been increasingly using this form of attack across the internet and have now increased to what the Neustar describes as a point of significance. The largest CLDAP attack mitigated this year by Neustar Security Operations had a peak size of 20.9 Gbps/2.1 Mpps, targeted 9 different ports, used UDP protocols and lasted 14 minutes. Growth in these attacks is attributed to the near eradication of SSDP attacks, thus attackers looking for quick ramping volumetric menaces have gravitated to CLDAP. Also attackers may launch LDAP-based attacks using brute force to saturate and neutralise authentication systems and security infrastructure components. GRE-based attacks target private connections and are used many times to disrupt a DDoS target’s connection to its protection provider explains the report. GRE tunnels are typically used to connect infrastructures and facilitate contaminated traffic flows into DDoS mitigation clouds. Attackers tend to understand this and thus, these types of attacks are increasingly being seen and mitigated. Neustar points out that typically stopping a GRE flood without completely shutting down legitimate traffic requires surgical rate limiting (specific packet size ranges, source and destinations, etc.) or specific white/black lists. Attackers continue to launch more sophisticated attacks to penetrate organisation’s defences as multi-vector attacks have become the nearly universal experience for Neustar mitigation operations, with DDoS often a distraction for the main attack. “Distributed Denial of Service (DDoS) attacks are the zeitgeist of today’s internet,” said Barrett Lyon, head of research and development at Neustar Security Solutions in a news release. “The question organisations must ask now is how they are prepared to manage these highly disruptive events. Are they prepared for the bad day where their customers call and ask why the website is down?” “We have to have confidence that our website infrastructure can stand up to DDoS attacks and attacks on our DNS infrastructure, which is unfortunately a constant threat,” said Chris Matthews, head of operations at Experian Data Quality in a release. Neustar has expanded its network capacity to 3 Tbps, and is increasing it to 10 Tbps enabling it to absorb more attacks and stop more complex versions of attack combinations. Neustar’s advice to companies in its report is: assess, plan, test, and communicate within the organisation because the attacks are going to keep coming. Invest wisely to right size your DDoS defences. Not all DDoS defences are made equally. Some of the experienced gained by attackers last year was an operational understanding of DDoS defence business models. With long, large attacks come big expenses for targeted organisations and in several extreme cases, removal from protective cover. Attackers are figuring out the economics of DDoS defence and using it to their advantage. This is an important consideration when evaluating security investments. Source: https://www.scmagazineuk.com/ddos-attack-size-doubles-but-40-are-still-reported-by-customers/article/654480/

Read the article:
DDoS attack size doubles, but 40% are still reported by customers

The average DDoS attack cost for businesses rises to over $2.5m

Neustar says that the enterprise is finding it more difficult than ever to stem the financial cost of DDoS campaigns. DDoS campaigns are on the rise and the enterprise can now expect a bill of at least $2.5 million every time they become a victim. The mere threat of a distributed denial-of-service (DDoS) attack can cause businesses to sweat, and in some cases, cybercriminals earn big moneyjust by threatening a company with a future attack unless they pay protection fees. However, while some threat actors may just pretend, others use DDoS attacks to disrupt businesses by flooding a domain with illegitimate traffic. This kind of attack may also be used make a political statement or as a means of censorship. Whatever the reason, DDoS attack rates are increasing and businesses are being forced to pay out for damage control and repair, as they are losing more revenue through online service disruption than ever before. According to web analytics firm Neustar’s latest DDoS attack trends report, in addition to a survey conducted by Neustar and Harris Interactive of over 1,000 executives from enterprise firms, while the first quarter of the year is generally considered “pre-season” for these attacks, the company is already seeing “significant increases in average attack size and variety of attack vectors.” To date this year, 849 out of 1,010 enterprise companies — 84 percent — included in the research have experienced at least one DDoS attack in the last 12 months, up from 73 percent in 2016. In total, 86 percent of these businesses were struck with multiple DDoS attacks over the past 12 months, of which 63 percent said the loss of revenue at peak times caused by DDoS disruption can sometimes reach beyond $100,000 an hour. This is a significant increase from 50 percent of companies which said so much revenue was at stake in 2016, but to make matters worse, 43 percent of respondents admitted the financial loss per hour is closer to $250,000. Neustar says that the respondents to the survey have collectively lost over $2.2 billion dollars during the past 12 months, which is a minimum of $2.5 million each on average across 849 organizations. According to Neustar’s internal security data, 45 percent of DDoS attacks were of an attack strength of over 10 Gbps per second, and 15 percent of attacks reached at least 50 Gbps which is almost double the rate reported in 2016. Threat actors are utilizing a number of new techniques to disrupt businesses, including Generic Routing Encapsulation (GRE) based flood attacks and Connectionless Lightweight Directory Access Protocol (CLDAP) reflection techniques. The matter is made worse by the increased use of Internet of Things (IoT) connected devices in the enterprise, which when left unsecured, can act as pathways to penetrate business network defenses as well as become slave nodes themselves which are included in the DDoS traffic stream. Mitigating DDoS attacks is not just a challenge for businesses, but public figures and speakers, too. Back in 2016, prominent security researcher Brian Krebs found himself to be the target of a massive DDoS attack — powered by the Mirai botnet — which was close to disrupting service to his website. Web provider Akamai was able to fend off the attack, but due to the size and cost, was unable to protect him again. As a result, Google’s Project Shield, a free DDoS protection service, offered to shelter the websiteagainst future attacks. Alongside the report’s release, Neustar has revealed plans to increase the firm’s global DDoS mitigation service capacity to 3 Tbps and hopes to extend this capacity to 10 Tbps by early 2018. Source: http://www.zdnet.com/article/the-average-ddos-attack-cost-for-businesses-rises-to-over-2-5m/

See the article here:
The average DDoS attack cost for businesses rises to over $2.5m

Cybercriminals Breached Over a Billion Accounts Last Year

Cybercriminals had a very good year in 2016 — and we all paid the price. These digital bandits became more ambitious and more creative and that resulted in a year marked by “extraordinary attacks,” according to the 2017 Internet Security Threat Report from Symantec. “Cyber crime hit the big time in 2016, with higher-profile victims and bigger-than-ever financial rewards,” the report concluded. The bad guys made a lot of money last year,” said Kevin Haley, director of Symantec Security Response. “They keep getting better and more efficient at what they do; they managed to fool us in new and different ways.” Some of the damage done last year: Data breaches that exposed 1.1 billion identities, up from 564 million in 2015 More ransomware attacks with higher extortion demands Some of the biggest distributed denial of service (DDoS) attacks on record, causing “unprecedented levels of disruption” to internet traffic. Cyber thieves have traditionally made their money by stealing a little bit from a lot of people. They’ve focused on raiding individual bank accounts or snagging credit card numbers. But that’s starting to change, as criminal gangs are going after the banks themselves, the reported noted. “It takes a lot of sophistication and a lot of patience — you really need to understand what you’re doing — but if you can break into the bank, you can steal millions of dollars at once,” Haley told NBC News. “It’s like those big heist movies we see. Cybercriminals are now pulling off these big heists with specialists, sophisticated tools and some great imagination in what they do.” Email Is Back as the Favorite Way to Attack Malicious email is now “the weapon of choice” for a wide range of cyber attacks by both criminals and state-sponsored cyber espionage groups. Symantec found that one in 131 emails was malicious last year, up dramatically from 2015, and the highest rate in five years. Email attacks are back because they work, the report noted: “It’s a proven attack channel. It doesn’t rely on vulnerabilities, but instead uses simple deception to lure victims into opening attachments, following links, or disclosing their credentials.” Remember: It was a simple spear-phishing attack — a spoofed email with instructions to reset an email password — that was used to attack the Democrats in the run-up to the 2016 presidential election. “People are comfortable with email. They read it,” Haley said. “Even when people are suspicious, the bad guys know how to fool us.” Most malicious email is disguised as a notification — most commonly an invoice or delivery notice from a well-known company. In many cases, the malicious attachment is a simple Word document. Most people don’t think of a Word file as dangerous or malicious. And for the most part, they’re not. But these clever crooks have a “social engineering” trick to get you to do what they want. The information on the malicious document is deliberately unreadable, which is unsettling. A note tells the intended target to click a button that will make it possible to read the message. Do that, and you’ve turned on the macros that allow the malware to download onto your computer. Just like that, they’ve got you. Ransomware: Everyone Is at Risk Ransomware attacks have grown more prevalent and destructive, which is why Symantec called them “the most dangerous cyber crime threat facing consumers and businesses in 2016.” The number of ransomware infections detected by Symantec grew by 36 percent last year, skyrocketing from 340,000 in 2015 to 463,000 in 2016. And it’s expected to remain a major global threat this year. This devious malware locks up computers, encrypts the data and demands payment for the unique decryption key. In the blink of an eye, entire computer systems can become useless. Ransomware is most often hidden in innocuous-looking email, such as a bogus delivery notice or invoice. For-hire spam botnets make it easy for the crooks to send hundreds of thousands of malicious emails a day for very little cost. It’s a lucrative crime. The average ransomware demand shot up from $294 in 2015 to $1,077 last year. Research by Symantec’s Norton Cyber Security Insight team found that 34 percent of the victims worldwide pay the ransom. In the U.S. that jumps to 64 percent. This willingness to pay could explain why America remains their prime target, with more than one-third of all ransomware attacks. New Targets: The Cloud, Internet of Things and Mobile Devices From security cameras and baby monitors to thermostats and door locks, our households are now filled with devices connected to the internet. Weak security makes the Internet of Things (IoT) an easy target for all sorts of malicious activity. Most of these devices have simple and common default passwords, such as “admin” or “123456,” that can’t be changed or are rarely changed. Last year, cybercriminals harnessed the power of these connected devices to do some serious damage. Tens of thousands of infected IoT devices, such as security cameras and routers, became a powerful botnet that launched high-profile (DDoS) attacks that successfully shut down websites. The DDoS attack in October against Dyn, a cloud-based hosting service, disrupted many of the world’s leading websites, including Netflix, Twitter and PayPal. Cloud attacks have become a reality and Symantec predicts they will increase this year. “A growing reliance on cloud services should be an area of concern for enterprises, as they present a security blind spot,” the report cautioned. Symantec said it saw a two-fold increase in attempted attacks on IoT devices over the course of last year. Cyber criminals are also targeting mobile devices. Most of the attacks are focused on the Android operating system, which has the largest share of the mobile market. Attacks on iOS devices remain relatively rare. Improvements in Android’s security architecture have made it increasingly difficult to infect mobile phones or to capitalize on successful infections, the report noted. But the volume of malicious Android apps continues to increase, growing by 105 percent last year. The 2017 Internet Security Threat report can be downloaded from Symantec’s website. Want to fight back? Norton has a list of tips on how to protect yourself and your devices on its website. Source: http://www.nbcnews.com/tech/tech-news/cybercriminals-breached-over-billion-accounts-last-year-n753131

Visit site:
Cybercriminals Breached Over a Billion Accounts Last Year

Discovery of 8,800 servers sends warning to Asian cybercriminals

In one of the more curious cybercrime announcements of recent times, Interpol’s Asian centre says it has “identified” 8,800 servers used as command & control (C2) for all sorts of bad things including DDoS attacks and distributing ransomware and spam. You read that correctly. Interpol hasn’t disrupted these servers, merely passed information on their whereabouts and malevolent purpose to police forces in eight countries, including Malaysia, Myanmar, Philippines, Singapore, Thailand and Vietnam. The operation isolated the C2 by working back from 270 websites infected with malware, assisted by intelligence and know-how from a number of cybersecurity companies. Added Interpol: Among them were several government websites which may have contained personal data of their citizens. Individual criminals were also identified in Nigeria and Indonesia, which hints that arrests might be forthcoming. It sounds like a modest achievement until you remember that Asia is a favoured geography for malware hosting infrastructure (including servers used to attack other parts of the globe) but, historically, underwhelming levels of cross-border co-operation. If action at national level in the countries affected eventually sees the servers disappear forever, it’s not something to be sniffed at. The bigger picture is that Interpol’s Global Complex for Innovation (IGCI), opened in Singapore in 2015, is signalling that it’s up and running and able to make a difference – however emblematic. Cybercrime can be mitigated by technology, of course, but few doubt importance of going after it at the roots, both the servers and the people who run and profit from them. It’s a massive challenge because these people can base themselves anywhere in the world, and introducing legal hazard into their lives requires the sort of co-operation police forces and governments aren’t used to. Founded as long ago as 1923 as the International Criminal Police Commission (ICPC), Interpol is turning out to be a useful tool in the battle against cybercrime. Cybersecurity companies like it because its regional centres act as an independent broker that allows them to put aside commercial considerations. Police forces value it because it means they can have a relationship with one centre instead of possibly dozens of national operations. But its biggest significance is it gets the private and public sectors to work together, the former with intel and the latter with legal authority. Recent Interpol cybercrime operations have included disrupting the Avalanche botnet late last year, and the takedown of the Simda botnet two years ago. Between times were the arrests of individuals accused of being behind the infamous DD4BC DDoS extortion racket, and a global operation across Interpol’s divisions to rid the world of the one-million strong Dorkbot botnet. Only days ago, Europol’s European Cybercrime Centre (EC3) announced it had coordinated an operation between UK and Spanish police that saw the arrest of five people accused of distributing Remote Access Trojans (RATs) and keyloggers. We should interpret the identification of 8,800 C2 servers as good PR for Interpol but also, to quote Interpol’s chief superintendent Chan, “a blueprint for future operations”. Source: https://nakedsecurity.sophos.com/2017/04/27/discovery-of-8800-c2-servers-sends-warning-to-asian-cybercriminals/

View article:
Discovery of 8,800 servers sends warning to Asian cybercriminals

DDoS still the mainstay of Aussie cyber crime

New study finds denial of service still king despite ransomware rise. Distributed Denial of Service (DDoS) attacks are still the tool of choice for cybercriminals targeting Australian organisations despite the recent influx of ransomware. The study from NTT Group found that 22 per cent of all attacks targeting Australia were related to denial of service. This was only topped by service specific attacks at 23 per cent and was above website application attacks at 20 per cent. Locally, three industries were targeted in 81 per cent of all attacks, finance at 34 per cent, retail at 27 per cent and followed by business and professional services at 20 per cent. The study found that more than 93 per cent of malware detected in the country was some form of Trojan. Ransomware falls into the Trojan family and is the most prevalent form of malware attack in Australia. The country is also experiencing a change in attacks on applications according to the report with over 70 per cent of application attacks against local companies attempting remote code execution. The study analysed data collected from NTT Group’s operating companies, including NTT Security, Dimension Data, NTT Communications and NTT Data, and data from the Global Threat Intelligence Center (formerly known as SERT), between 1 October 2015 and 31 September 2016. The combined entities have a view of more than 40 per cent of global internet traffic. The report backed up findings from similar studies which showed ransomware is now the most prevalent form of cybercrime. Further, the study found that 77 per cent of ransomware analysed was targeting one of four market sectors. These Included: business and professional services (28 per cent); government (19 per cent), health care (15 per cent) and retail (15 per cent). The report also found that despite attention being paid to attacks on newer vulnerabilities, many cyber criminals rely on less technical means to achieve their objectives. The phishing email is still by far the dominant method for malware delivery, responsible for 73 per cent of all malware delivered to organisations, with government (65 per cent) and business and professional services (25 per cent) as the industry sectors most likely to be attacked at a global level. In terms of phishing attacks by country, the US leads the pack at 41 per cent, closely followed by The Netherlands with 38 per cent. France was in third place well behind the top two with 5 per cent. For industry specific attacks, finance was the most commonly attacked industry globally, subject to 14 per cent of all attacks. The finance sector was the only sector to appear in the top three across all geographic regions analysed, while manufacturing appeared in the top three in five of the six regions. Government (14 per cent) and manufacturing (13 per cent ) were the next two most commonly attacked industry sectors. “Our end goal is not to create fear, uncertainty and doubt or to over-complicate the current state of the threat landscape, but to make cybersecurity interesting and inclusive for anyone facing the challenges of security attacks, not just security professionals,” NTT Security Vice President Threat Intelligence & Incident Response, Steven Bullitt, said. “We want to ensure everyone is educated about these issues and understands that they have a personal responsibility when it comes to the protection of their organisation, and that the organisation has an obligation to help them do so,” he said. Source: https://www.arnnet.com.au/article/618243/ddos-still-mainstay-aussie-cyber-crime/

Link:
DDoS still the mainstay of Aussie cyber crime

8 DDoS Attacks That Made Enterprises Rethink IoT Security

Distributed Denial of Service Disasters The overall frequency of distributed denial of service (DDoS) attacks increased in 2016 thanks, in part, to Internet of Things botnets, according to information service provider Neustar. The company said it mitigated 40 percent more DDoS attacks from January through November, compared to the year earlier. Neustar warned that as botnet code assemblies are published, dangerous new DDoS developments will continue to emerge, such as persistent device enrollment, which enables botnet operators to maintain control of a device even after it’s rebooted. From colleges to entire U.S. regions, here are eight situations where vulnerable IoT devices brought down networks. DDoS Attack Affects U.S. College For 54 Hours A distributed denial of service attack on a college in February, recently made public by security firm Incapsula, affected that institution’s network for 54 hours straight. Incapsula recently revealed the attack, noting that the attackers seemed adept at launching application layer assaults on vulnerable IoT devices. “Based on a number of signature factors, including header order, header values and traffic sources, our client classification system immediately identified that the attack emerged from a Mirai-powered botnet,” according to an Incapsula spokesperson in a blog post. “Our research showed that the pool of attacking devices included those commonly used by Mirai, including CCTV cameras, DVRs and routers.” DDoS Attack Takes Down Netflix, Twitter An October DDoS attack – which was launched through IoT devices and blocked an array of websites – deepened the industry’s concerns over the security risk of the Internet of Things. The denial of service attack was launched through Internet of Things consumer devices, including webcams, routers and video recorders, to overwhelm servers at Dynamic Network Services (Dyn) and led to the blockage of more than 1,200 websites. The attack on Dyn, which connects users to websites such as Twitter and Netflix, came from tens of millions of addresses on devices infected with malicious software codes, knocking out access by flooding websites with junk data. DDoS Attack Through Vending Machines Hits University Verizon’s preview of its 2017 Data Breach Digest in February revealed that an unnamed university was hit by a DDoS attack launched through vending machines, lights, and 5,000 other IoT devices. According to Verizon, an incident commander noticed that “name servers, responsible for Domain Name Service (DNS) lookups, were producing high-volume alerts and showed an abnormal number of sub-domains related to seafood.” While administrators were locked out, the university intercepted “the clear text password for a compromised IoT device over the wire and then use that information to perform a password change before the next malware update.” DDoS Attacks Attempted Against Campaign Websites of Hillary Clinton And Donald Trump According to security firm Flashpoint, hackers attempted four Mirai botnet DDoS attacks in November against the campaign websites of Hillary Clinton and Donald Trump. According to Flashpoint, the company observed a 30-second HTTP Layer 7 (application layer) attack against Trump’s website, while the next day, it saw attacks against both Trump and Clinton’s campaign sites. While attacks were attempted, neither website observed or reported outages. “Flashpoint assesses with moderate confidence that the Mirai botnet has been fractured into smaller, competing botnets due to the release of its source code, which has led to the proliferation of actors exploiting the botnet’s devices,” a spokesperson wrote on Flashpoint’s website. BBC Domain Downed By By DDoS Attack On New Year’s Eve 2016, the BBC’s website was hit by a DDoS attack that downed its entire domain – including on-demand television and radio player – for more than three hours. While BBC originally said that it was undergoing a technical issue, the broadcaster’s news organization later said the outage was a result of a DDoS attack, according to “sources within the BBC.” Russian Banks Hit With Waves Of DDoS Attacks In November, at least five Russian banks, including Sberbank and Alfabank banks, were the victims of prolonged DDoS attacks that lasted over two days. According to Security Affairs, the attack came from a wide-scale botnet involving up to 24,000 computers and IoT devices that were located in 30 countries. The banks’ online clients services were not disrupted. According to security firm Kaspersky Lab, the incident was the first time that massive DDoS attacks hit Russian banks in 2016. Rio Olympics Organizations Hit By DDoS Attack Staged By LizardStresser Arbor Networks’ security engineering and response team revealed in a statement that several organizations affiliated with the Olympics came under “large-scale volumetric” DDoS attacks beginning in September 2015. “A large proportion of the attack volume consisted of UDP reflection and amplification attack vectors such as DNS, chargen, ntp, and SSDP, along with direct UDP packet-flooding, SYN-flooding, and application-layer attacks targeting Web and DNS services,” said Arbor Networks in a statement. According to Arbor Networks, a DDoS-for-hire service, called LizardStresser, staged most of the pre-Olympic attacks. Despite the attacks, Arbor Networks performed several mitigation measures to help Olympics administrators keep their systems running. Brian Krebs’ Website Experienced DDoS Attack In September 2016, security investigative reporter Brian Krebs’ information blog experienced a DDoS attack. The attack reportedly placed peak traffic at around 620 Gbps. Krebs determined a Mirai botnet was responsible for the attack: “The source code that powers the IoT botnet responsible for launching the historically large DDoS attack against KrebsOnSecurity last month has been publicly released, virtually guaranteeing that the Internet will soon be flooded with attacks from many new botnets powered by insecure routers, IP cameras, digital video recorders and other easily hackable devices,” he stated on his blog. “My guess is that (if it’s not already happening) there will soon be many Internet users complaining to their ISPs about slow Internet speeds as a result of hacked IoT devices on their network hogging all the bandwidth. On the bright side, if that happens it may help to lessen the number of vulnerable systems,” said Krebs in the blog post. Source: http://www.crn.com/slide-shows/internet-of-things/300084663/8-ddos-attacks-that-made-enterprises-rethink-iot-security.htm

Original post:
8 DDoS Attacks That Made Enterprises Rethink IoT Security