Tag Archives: ddos news

Korean foreign ministry gets several DDoS attacks from China

The website of South Korea’s Ministry of Foreign Affairs has come under several cyberattacks originating from China but little damage has been reported so far, the ministry said Tuesday. “Several on-and-off DDoS attack attempts originating from China have taken place on websites including that of the Ministry of Foreign Affairs,” ministry spokesman Cho June-hyuck said in a press briefing. Defensive measures were immediately taken against the cyberattacks and no damage has been sustained, he said. The latest hacking attempts came as bilateral tensions remain high over the deployment of a US missile defense system in South Korea. Since the attempts, the foreign ministry has launched a special response team and distributed a response manual among the South Korean diplomatic missions in China, the spokesman noted. The spokesman did not elaborate on exactly who is behind the DDoS, or distributed denial of service, attacks, but they are the latest in a recent series of Chinese retaliations on South Korean industries and entities. A month earlier, the Chinese-language website of South Korean retail giant Lotte as well as its duty-free branch’s Chinese and Japanese-language websites sustained similar DDoS assaults, incurring heavy revenue losses. The attacks came as China stepped up its retaliatory actions over Seoul’s on-going deployment of the US missile interception system, Terminal High Altitude Area Defense. China vehemently protests the deployment which it said would compromise its security interests. “Our government pays attention to the Chinese government’s (past) expression of its consistent stance that it opposes any kind of cyberattack,” the ministry spokesman noted. “The government is expecting that (China) will continuously take responsible steps in accordance with the stance.” South Korea has also recently lodged a protest with the Chinese government after South Korean national flags were found destroyed in China, Cho said. “A national flag is a symbol of a nation’s dignity and the government takes very seriously the cases of destroyed Taegeukgi that took place in certain Chinese areas,” he said. “The government has officially lodged complaints with China on many occasions and demanded China take steps to address them immediately.” “In any case, the people-to-people exchange which is the foundation of the bilateral relationship should come under a man-made obstacle,” the spokesman said, adding that the South Korean government is trying to proactively react to China’s unjust measures in order to minimize any impact on South Korean companies. Referring to a media report alleging North Korean involvement in hacking attempts at a Poland bank and other international financial institutions, Cho also said that North Korea is likely to be using illegal cyber activities for a source of foreign currency earnings. “Given the international community’s concerns over the possibility that illegal income could be used for the development of weapons of mass destruction, North Korean cyber threats are emerging as new international threats along with its nuclear, missile and WMD threats.” (Yonhap) Source: http://www.koreaherald.com/view.php?ud=20170328000862

Follow this link:
Korean foreign ministry gets several DDoS attacks from China

A DDoS attack is cheaper than a pack of doughnuts

Cybercriminals organising DDoS attacks are making a profit of around $18 per hour, says Kaspersky. Do you know how much it costs to hire hackers for a DDoS attack? I’m asking for a friend. Anyway, Kaspersky Lab seems to know the answer as its researchers have spent some time looking into DDoS-as-a-service websites, and have come up with some numbers. As it turns out, it’s can be pretty cheap to have a website DDoSed, even though that could mean losses for the victim, in millions. It seems as hackers are undervaluing their services, yet again. In a press release, Kaspersky Lab said a DDoS attack can cost “anything from $5 for a 300-second attack, to $400 for 24 hours”. The average price for an attack is approximately $25 an hour. Using a cloud-based botnet of 1,000 desktops will set you back roughly $7 per hour. “That means the cybercriminals organising DDoS attacks are making a profit of around $18 per hour.” http://www.itproportal.com/news/a-ddos-attack-is-cheaper-than-a-pack-of-doughnuts/The definitive price is determined by a couple of factors. First, what type of devices are being used. An IoT-botnet is cheaper than a server-botnet. The type of site that needs to be attacked can also be a factor. Government sites, or those with dedicated DDoS protection, will be more expensive. “We expect the profitability of DDoS attacks to continue to grow. As a result, will see them increasingly used to extort, disrupt and mask other more intrusive attacks on businesses,” commented says Russ Madley, Head of B2B at Kaspersky Lab UK. “Worryingly, small and medium sized businesses are not confident in their knowledge of how to combat these threats effectively. The longest DDoS attack in 2016 lasted 292 hours according to Kaspersky Lab’s research, or about 12 days. Most online businesses can ill-afford to have their ‘doors closed’ for even an hour, let alone for 292 hours, as criminals take advantage of their poor defences. Companies that host these online sites are also under attack on a daily basis. The channel has a significant opportunity with our help to identify risks, provide strategic advice and deliver the right solutions to customers to prevent damaging DDoS attacks.” Source: http://www.itproportal.com/news/a-ddos-attack-is-cheaper-than-a-pack-of-doughnuts/

Original post:
A DDoS attack is cheaper than a pack of doughnuts

Criminal benefits: profit margin of a DDoS attack can reach 95%

Kaspersky Lab’s researchers have discovered the full extent of the profit margins benefiting criminals from DDoS services that are available on the black market. Kaspersky Lab’s experts have studied the DDoS services available on the black market and determined just how far this illegal business has advanced, as well as the extent of its popularity and profitability. The worrying news is that arranging an attack costs as little as $7 an hour, while the targeted company can end up losing thousands, if not millions, of dollars. The level of service involved when arranging a DDoS attack on the black market is not very different from that of a legal business. The only difference is that there’s no direct contact between the provider and the customer. The ‘service providers’ offer a convenient site where customers, after registering, can select the service they need, pay for it, and receive a report about the attacks. In some cases, there is even a customer loyalty program, with clients receiving rewards or bonus points for each attack. There are a number of factors that affect the cost for the customer. One is the type of attack and its source: for example, a botnet made up of popular IoT devices is cheaper than a botnet of servers. However, not all those providing attack services are ready to specify such details. Another factor is the duration of the attack (measured in seconds, hours and days), and the client’s location. DDoS attacks on English-language websites, for example, are usually more expensive than similar attacks on Russian-language sites. Another big factor affecting the cost is the type of victim. Attacks on government websites and resources protected by dedicated anti-DDoS solutions are much more expensive, as the former are high risk, while the latter are more difficult to attack. For instance, on one DDoS-as-a-service website, the cost of an attack on an unprotected website ranges from $50 to $100, while an attack on a protected site costs $400 or more. It means a DDoS attack can cost anything from $5 for a 300-second attack, to $400 for 24 hours. The average price for an attack is around $25 per hour. Kaspersky Lab’s experts were also able to calculate that an attack using a cloud-based botnet of 1000 desktops is likely to cost the providers about $7 per hour. That means the cybercriminals organising DDoS attacks are making a profit of around $18 per hour. There is, however, yet another scenario that offers greater profitability for cybercriminals – it involves the attackers demanding a ransom from a target in return for not launching a DDoS attack, or to call off an ongoing attack. The ransom can be the bitcoin equivalent of thousands of dollars, meaning the profitability of a single attack can exceed 95 per cent. In fact, those carrying out the blackmail don’t even need to have the resources to launch an attack – sometimes the mere threat is enough. “We expect the profitability of DDoS attacks to continue to grow. As a result, will see them increasingly used to extort, disrupt and mask other more intrusive attacks on businesses. Worryingly, small and medium sized businesses are not confident in their knowledge of how to combat these threats effectively. The longest DDoS attack in 2016 lasted 292 hours according to Kaspersky Lab’s research, or about 12 days,” said says Russ Madley, head of B2B at Kaspersky Lab UK. “Most online businesses can ill-afford to have their ‘doors closed’ for even an hour, let alone for 292 hours, as criminals take advantage of their poor defences. Companies that host these online sites are also under attack on a daily basis. The channel has a significant opportunity with our help to identify risks, provide strategic advice and deliver the right solutions to customers to prevent damaging DDoS attacks.” Interestingly, some cybercriminals have no scruples about selling DDoS attacks alongside protection from them. Kaspersky Lab’s experts, however, do not recommend using criminal services. Source: http://www.information-age.com/connected-cities-suffer-catastrophic-blackouts-123465253/

Taken from:
Criminal benefits: profit margin of a DDoS attack can reach 95%

Did you know: Crimelords behind DDoS attacks offer customer loyalty points?

Tweaking business models for greater 404 kerching The DDoS attack business has advanced to the point that running an attack can cost as little as $7 an hour, while the targeted company can end up losing thousands, if not millions of dollars.…

View the original here:
Did you know: Crimelords behind DDoS attacks offer customer loyalty points?

Servers hosting Daphne Caruana Galizia’s website suffer ‘unprecedented’ DDoS attack

The servers hosting Daphne Caruana Galizia’s personal blog have suffered a DDoS attack. A DDos (denial of service) attack occurs when many systems flood the bandwidth of a targeted system, in an attempt to make the online service unavailable. Mrs Caruana Galizia does not yet know who is behind the attack, but did say it is highly likely to be a person of Maltese nationality.. Prior to the DDoS attack on the servers, she said, a fake Gmail account was setup – similar to her personal email address. The person who created the account, then emailed two persons working for the company who handle software support for the website, and tried to acquire information required to hack the site through them. This, however, did not work and the software support personnel realised that it was not Mrs Caruana Galizia’s email address, and also the use of broken English in the email. This, she said, is what led her to believe that the person behind the attack is Maltese. The police were contacted aftewr the DDOS attack occurred later, and an investigation is ongoing. The fake Gmail address used a proxy server, and thus far no culprit has been identified, she said. She explained that aside from the crime involving the DDoS attack, impersonation is also a crime. Vanilla Communications, a server hosting company owned by David Thake, hosts Daphne Caruana Galizia’s personal blog – a service that she pays for each month, she said. In a Facebook post, Mr Thake said that the servers hosting her website suffered a DDoS attack which he called “unprecedented in scale.” Mr Thake, in his post, said the attack brought the network to its knees. Source: http://www.independent.com.mt/articles/2017-03-21/local-news/Servers-hosting-Daphne-Caruana-Galizia-s-website-suffer-unprecedented-DDOS-attack-6736171884

Follow this link:
Servers hosting Daphne Caruana Galizia’s website suffer ‘unprecedented’ DDoS attack

Russian bank Alfa Says it was Under DNS Botnet Attacks

The Russian banking giant Alfa announced, in a press statement, that hackers targeted its cyber infrastructure in a large-scale DNS Botnet attack. The purpose appears to have been to make it seem as though the bank had been communicating with the Trump Organization. The bank is now asking U.S. to assist it to uncover the culprits. On Friday, the bank revealed that their servers were under three cyber attacks targeting the domain name server (DNS) since mid-February. It is unclear who was behind these attacks; the details show unknown hackers allegedly used Amazon and Google servers to send requests to a Trump Organization server posing to look like they came from Alfa Bank, pushing the Trump server to respond back to the bank. An Alfa Bank spokesperson said: “The cyber attacks are an attempt by unknown parties to manufacture the illusion of contact between Alfa Bank’s DNS servers and ’Trump servers’’. Furthermore, Alfa Bank revealed that it is ready to work with the U.S. law enforcement agency to identify the individuals involved in the campaign. The bank has already hired Stroz Friedberg, a US-based cyber security firm to get into the depth of the matter. “The cyber attacks are an attempt by unknown parties to manufacture the illusion of contact between Alfa Bank’s DNS servers and ‘Trump servers,” an Alfa Bank representative said in a statement. “We have gone to the U.S. Justice Department and offered our complete cooperation to get to the bottom of this sham and fraud.” On February 18, 2017, the bank claims it experienced suspicious cyber activity from an unidentified third-party. Specifically, the unidentified third-party repeatedly sent suspicious DNS queries from servers in the U.S. to a Trump Organization server. The unidentified individuals made it look as though these queries originated from variants of MOSCow.ALFAintRa.nET. The use of upper and lower case indicated the human intervention in the process. Moreover, Alfa Bank says it received more than 1,340 DNS responses containing mail.trump-email.com.moscow.alfaintra.net. Last week, CNN reported that the FBI’s counterintelligence team was investigating if there was a computer server connection between the Trump Organization and Alfa Bank during the U.S. election, according to sources close to the investigation. The bank has now denied that there was ever a conversation between both parties. Mark McArdle, CTO at cyber security company eSentire commented on the issue and said that: “A botnet is typically associated with an attack that leverages scale, as it can employ thousands (potentially millions with IoT devices) of devices and use them to coordinate an attack on a target. We’ve seen this with some big DDoS attacks. We also see botnets being used as platforms for large-scale spamming. However, the number of DNS connections reported in the Alfa Bank attacks (1,340 in once case) don’t indicate massive scale. A botnet, however, can be used to add another layer of obfuscation between you and your attacker. Following the breadcrumbs back could bring you to a PVR that has been hacked and is now part of a botnet. I suspect in this case, the botnet is being used more for obfuscation of identity than scale. The attackers may be using a botnet to send spoofed DNS requests to a legitimate Trump server using a spoofed “reply-to” address inside Alfa-Bank’s infrastructure. Spoofing DNS lookups is not very difficult since DNS is not authenticated, and the ability to spoof source addresses is unfortunately still available – all you need is a system to launch your attack from that is connected to the Internet via an ISP that doesn’t filter out spoofed source addresses. While this type of attack has been around for a while, what’s new in this case is that someone is using it to try and contrive evidence of a relationship where neither party sought one. Additionally, there is also reference in Alfa Bank’s statement about Spam messages from marketing@trumphotels.com. It’s also possible to spoof email (spammers do this all the time). A spoofed email could include a reference to a legitimate Trump Org server and a real connection would be established if a user clicked on it (or selected “show images” in the email). Again, this does not mean the email came from Trump Org, just that it was sent in order to attempt to solicit “a connection” between Trump Org and Alfa-Bank.” Either way, identity is difficult to determine unless cryptographic certificates are used, and ultimate hack attribution is even more difficult. This is not the first time that allegations surrounding Trump’s relations with Russia have emerged. Some believe Russia hacked the US election to give Trump a way to win the presidency while some believe that Russian media was involved in spreading fake news against Trump’s opponent Hillary Clinton. Either way, nothing has been proven yet. Source: https://www.hackread.com/russia-alfa-bank-target-with-dns-botnet-attacks/

More:
Russian bank Alfa Says it was Under DNS Botnet Attacks

Nine Ways To Protect Your Technology Company From DDoS Attacks

DDoS attacks can wreak havoc on your company’s efficiency if you’re not careful. The Mirai botnet — malware that can be used for large-scale network attacks — can often go undetected due to common oversights and lack of preparation. It may be daunting to think about how IoT devices that make your company run smoothly can be used against you; however, it doesn’t take much time to set up multiple precautions to prevent it. Below, executives from Forbes Technology Council highlight simple and cost-effective ways that you can safeguard your company from baleful botnets. 1. Start By Looking At Your Infrastructure There are many botnets, Mirai just happens to be one of the largest known ones. Technology companies need to start developing more secure products rather than security being an afterthought. Firms need to look at their internet infrastructure to funnel botnet traffic away from their core business to enable the business to function when these attacks occur. – Heeren Pathak, Vestmark 2. Understand That Anyone Can Be A Target It’s very important to understand that anyone can be a target, no matter if you are a big or small company. If being offline just for a few minutes can cause a big economical impact, then you definitely should find a trusted partner that offers good solutions to mitigate against DDoS attacks. There are some companies offering this kind of service, but a quick Google search should be handy. – Cesar Cerrudo, IOActive 3. Choose The Right Hosting Partners No matter your line of business, your public-facing websites are potential targets of massive DDoS attacks. For business without a dedicated team of security experts, it’s important to choose the right hosting partners. For many customers of AWS, you automatically received free protection against some forms of attacks similar to Mirai botnet with the release of AWS Shield in December of 2016. – Jamey Taylor, Ticketbiscuit, LLC 4. Monitor Your Traffic Companies need to be skeptical of any device they have hanging on their networks. The average company now needs to apply firewall rules on a device-by-device basis, anticipating the possibility of a printer, web camera or AV control system becoming infected. Smart traffic monitoring software and methods of quarantining devices should be commonplace. – Chris Kirby, Voices.com 5. Set Strong, Custom Passwords IT security organizations should ensure their IoT devices have no direct public management access from outside the network. If an IoT device must be managed remotely through publicly accessible IPs, change the management password on the device from the default to a strong, custom one. IT admins need to put intrusion prevention, gateway anti-malware and network sandbox solutions at the network perimeter. – Bill Conner, SonicWall 6. Don’t Rely On The Internet Nearly all consumer products are computer-based in today’s marketplace, which makes reliance on the internet dangerous to a product’s infrastructure. That said, Cloudflare, Akamai and Dynect are solution services that will act as a protective wall for your servers and prevent large-scale network attacks. – Pin Chen, ONTRAPORT 7. Have The Right Company Policies In Place Technology companies should have policies in place to make sure IoT devices default factory credentials are changed as soon as they are procured. Will this guarantee they will never get infected with Mirai botnet? No. But this basic step along with modifying factory default privacy and security settings, firmware updates, audits, etc. will reduce the chances of an IoT device being infected. – Kartik Agarwal, TechnoSIP Inc 8. Cooperate And Act Mirai shows how an internet of everything can cause new kinds of net-quakes. Attackers can fire so much hostile traffic at one target that it takes down entirely unrelated sites nearby, in effect, causing major collateral damage. Unfortunately, there’s no simple defensive fix — it takes cooperation and active network control to deflect traffic tsunamis. – Mike Lloyd, RedSeal 9. Be Prepared Large-scale network attacks are not going away, and technology companies need to ensure they’re prepared. Doing a security audit of what protections are currently in place, and looking for existing holes that need to be plugged, is a good place to start. Also, make sure any IoT devices used at your company have security in place to prevent them from becoming part of this bot army. – Neill Feather, SiteLock Source: https://www.forbes.com/sites/forbestechcouncil/2017/03/16/nine-ways-to-protect-your-technology-company-from-ddos-attacks/2/#73d67f6a7178

Visit link:
Nine Ways To Protect Your Technology Company From DDoS Attacks

Dormant Linux kernel vulnerability finally slayed

Just, er, eight years later A recently resolved vulnerability in the Linux kernel that had the potential to allow an attacker to gain privilege escalation or cause denial of service went undiscovered for seven years.…

Originally posted here:
Dormant Linux kernel vulnerability finally slayed

DDoS Attacks; Can You Find Who Dunnit?

Kaspersky Lab and B2B International recently polled 4,000 businesses among 25 countries that had been hit by a distributed denial of service (DDoS) attack; 40% of respondents said they believed that a rival business had launched the attack. Only 20% of DDoS victims blamed foreign governments and secret service organizations, and another 20% suspect disgruntled former employees. These are interesting statistics, given that it is extremely difficult to determine who launched a DDoS attack. Has law enforcement found any trends to support this belief that many DDoS attacks are caused by industrial sabotage? Maybe, maybe not. When it comes to hacking—especially DDoS hacks—law enforcers seldom find the perpetrators, because it is extremely difficult for anyone to trace the origins of DDoS attacks. The source is typically 1) a legitimate third-party server, running a service which has been leveraged by an attacker as part of a reflection/amplification attack, or 2) a direct flood attack from a single device, or 3) a botnet of many devices in which the IP source addresses are easily spoofed to ones that cannot be associated with the attacker. Motivations and Means Hacker motivations vary; some are political, others are financial. Certainly, if a business wanted to inflict financial or reputational harm upon a competitor, a DDoS attack would do the trick. After all, it is easy and relatively inexpensive for anyone to rent a botnet or DDoS-for-hire service to carry out a DDoS attack. Yes, it’s possible, but do victims have any evidence to back up their suspicions, or are they just paranoid about a rival business? Likewise, the threat of a disgruntled, malicious insider or former employee is a reasonable concern. But again, it is hard to trace the breadcrumbs. Speculating about “who dunnit” is usually pointless; there’s little hope of hunting down the perpetrator(s), and it costs time and money to conduct an investigation. Even if the perps are brought to justice, they’ve already damaged your business. The moral of the story is that it’s useless to close the proverbial stable door after the horse has left; the best approach is to prevent an attack by having DDoS protection in place. Source: http://www.dos-mitigation.com/wp-admin/post-new.php

More:
DDoS Attacks; Can You Find Who Dunnit?

IoT DDoS Reaches Critical Mass

In the wake of the Mirai botnet activity that dominated the end of last year, the “DDoS of Things (DoT)”, where bad actors use IoT devices to build botnets which fuel colossal, volumetric DDoS attacks, has become a growing phenomenon. According to A10 Networks, the DoT is reaching critical mass—recent attacks have leveraged hundreds of thousands of IoT devices to attack everything from large service providers and enterprises to gaming services, media and entertainment companies. In its research, it uncovered that there are roughly 3,700 DDoS attacks per day, and the cost to an organization can range anywhere from $14,000 to $2.35 million per incident. In all, almost three quarters of all global brands, organizations and companies (73%) have been victims of a DDoS attack. And, once a business is attacked, there’s an 82% chance they’ll be attacked again: A full 45% were attacked six or more times. There were 67 countries targeted by DDoS attacks in Q3 2016 alone, with the top three being China (72.6%), the US (12.8%) and South Korea (6.3%). A10 found that 75% of today’s DDoS attacks target multiple vectors, with a 60/40 percentage split of DDoS attacks that target an organization’s application and network layers, respectively. Meanwhile, DDoS-for-hire services are empowering low-level hackers with highly damaging network-layer bursts of 30 minutes or less. This relentless attack strategy systemically hurts corporations as colossal DDoS attacks have become the norm too; 300 Gbps used to be considered massive, but today, attacks often push past 1 Tbps thanks to the more than 200,000 infected IoT devices that have been used to build global botnets for hire. No industry is immune: While 57% of global DDoS attacks target gaming companies, any business that performs online services is a target. Software and technology were targeted 26% of the time; financial services 5%; media and entertainment, 4%; internet and telecom, 4%; and education, 1%. Source: https://www.infosecurity-magazine.com/news/iot-ddos-reaches-critical-mass/

See the original post:
IoT DDoS Reaches Critical Mass