Tag Archives: denial of service attack

Dark Web Marketplaces Go Down In Reported Mass DDoS Attack

There seems to be some turbulence going on in the murky world of the dark web, with four of its major drug marketplaces unexpectedly going offline, reports said. The dark web is a section of the internet where people contact each other anonymously without the fear of being monitored. It is usually used by criminals to sell drugs, chemicals, weapons, child abuse images and even offer assassination services. Websites The Trade Route, Tochka, Wall Street Market and Dream Market, were down without any notification or clarification from the sites’ administrators. According to some users of such markets, this might either be a DDoS attack by a hacker or a large scale action by law enforcement authorities.                     However, there are more chances of the former happening than the latter. Some dark web users have also started complaining of botnet attacks.           Another farfetched theory is that this is scam by a bunch of drug dealers — taking off with the money of their clients while not providing them with the required merchandize. With no notification or clarification from the sites’ administrators, the exact reason for the sudden disappearance of such marketplaces remains unclear. However, a user going by the name Automoderator commented on a the subreddit /r/DarkNetMarketNoobs that the WallStreetMarket is not listed currently, as it is facing “very serious issues” and warned others to avoid it all costs. Some other users on the subreddit say that the Dream Market has been working fine on all its mirrors, but, however its main site is down. At the time of writing, the marketplaces were still down, according to dark web marketplace tracker deepdotweb. Many sites on the dark web are also run by law enforcement — the Australian Police ran one of the world’s biggest child porn sites on the dark web between October 2016 and September 2017, called Child’s Play, in an effort to nab pedophiles. The police grabbed the administrator access from two cyber criminals — Benjamin Faulkner and Patrick Falte and started administering the sites. Police even posted more child porn on the site in an effort to convince the viewers that the site had not been taken over by the authorities. By the time they shut down the site, police were able to nab more than 90 pedophiles in Australia and 900 across the world. In case, the marketplaces were being taken over by law enforcement to nab drug traffickers and child porn purveyors, it might be a different case. However the development has many dark web users in a state of paranoia and many users have posted on Reddit reminding other users of such busts. Such attacks on dark web markets in the past have usually begun with large-scale DDoS attacks. In July, a massive trans-continental sting saw two of the dark web’s biggest sites at the time, AlphaBay and Hansa, being taken down. Law enforcement agencies claimed they were able to collect incriminating information on hundreds of buyers and vendors, going as far as threatening to prosecute them. Source: http://www.ibtimes.com/dark-web-marketplaces-go-down-reported-mass-ddos-attack-2601105

See the original article here:
Dark Web Marketplaces Go Down In Reported Mass DDoS Attack

Euro commissioner calls for more collaboration on cyber security

European commissioner for security union has called for greater awareness of cyber security risks and increased collaboration in defending against them. Cyber threats are one of the top security concerns for nine out of 10 European Union citizens, according to Julian King, European commissioner for security union. “In an internet-connected age that is becoming ever more dependent on internet-connected technologies, we have become more vulnerable to those who are ready to exploit those technologies to try and do us harm for financial or political motives,” he told the CyberSec European Cybersecurity Forum in Krakow, Poland. King, who has previously served as the UK ambassador to France, said that while the digital age brings “huge opportunities”, it also brings risk. But he said these risks are becoming increasingly widely understood, particularly because of events such as the WannaCry and NotPetya attacks in May and June 2017, which affected hundreds of thousands of individuals and organisations in more than 150 countries and naturally serve as a “wake-up call”. According to the latest Europol report on internet organised crime, King said the barriers to committing cyber attacks are “woefully low”, with little chance of getting caught, mainly because of the availability of a “vast range” of cyber criminal tools and services on the dark net, with some attacks costing as little as $5. “For criminals, non-state and state actors, life has never been so easy,” he said, “with an arsenal that includes ransomware, phishing tools, Trojans, distributed denial of service [DDoS] attacks, botnets and identity theft services.” In 2016, said King, European citizens were the subject of two billion data breaches, and every month, one in five industrial computers was attacked. Since 2016, more than 4,000 ransomware attacks have taken place every day across the EU – a 300% increase on 2015, he said. Aviation systems face an average of 1,000 cyber attacks a month, and card-not-present fraud is currently worth about €1bn a year in the Eurozone alone. ‘Tackle this scourge’ “If we were talking about a public health issue, then we would be using the word ‘pandemic’ to describe the scale of the challenge,” said King, “so I think it is time to shift our efforts to tackle this scourge, which is precisely what the European Commission, with the other institutions and the member states, wants to do. “We want to strengthen resilience, build effective deterrents and create durable cyber defence.” King pointed out that this work has been going on for some time, and that the European Union has had a cyber security strategy since 2013. “The Network and Information System [NIS] directive, agreed in 2016, built on that and will require [operators of] essential systems to assess risk, prepare a strategy, put in place protections, develop capabilities and competence, educate staff and the public, and share information about threats and incidents,” he said. The challenge is that the threat itself does not stand still, said King. “It continues to change and evolve, both in its nature and in terms of the expanding attack surface that we are seeking to protect and manage, with homes, hospitals, governments, electricity grids and cars becoming increasingly connected.” ‘Offline’ lives affected Another important fact to acknowledge, said King, is that cyber attacks are increasingly affecting people’s “offline” lives, such as the power outages in Ukraine caused by cyber attacks. He noted that, according to Symantec, the Dragonfly hacking group potentially still has the capacity to control or sabotage European energy systems. “The internet of things [IoT] means that tens of billions more devices will go online, and in 2016, the Mirai malware attack highlighted IoT vulnerability, with hundreds of thousands of normal devices infected and turned into the world’s biggest botnet,” he said. The internet was designed and built on trust, said King. “Our challenge today is to retro-engineer security and security awareness into the system,” he said, noting that “too often” in the rush to get new devices to market, manufacturers “forget” security or do not give it enough importance. “That means devices never lose their easy-to-guess default passwords; it means the update policy is unclear; it means encryption not being used; and it means unnecessary ports, hardware, services and code that make the attack surface larger than it needs to be,” he said. According to King, all these things are “relatively straightforward” to sort out, but when they are attacked cumulatively, it has “deeply troubling implications for our collective digital security and, as a result, cyber threats are becoming more strategic, especially with the ability to endanger critical infrastructure, and they are becoming more ‘endemic’ – spreading from IT networks to the business-critical operations of other economic sectors”. Collective response A few days after the recent State of the Union speech by European Commission president Jean Claude Junker underlining the importance of tackling cyber threats, King said the EC had presented a package of proposals intended to reinforce a collective response based on resilience, deterrence and defence. “In all of these areas, we need to strengthen co-operation and we need to focus on international governance and international co-operation,” said King. “We urgently need to become more resilient. We need to make ourselves harder to attack, and we need to be quicker to respond.” To that end, he said, the EC is proposing an EU cyber security agency based on the existing Enisa network and information security agency to help drive up cyber security standards and ensure a rapid and co-ordinated response to attacks across the whole of the EU. Member states also need to fully implement the NIS directive, said King, to extend beyond critical sectors to other sectors at risk, starting with public administration, and to resource their computer incident response teams properly. “To further reinforce these efforts, the new cyber security agency will also implement an EU standards certification framework to drive up the level of cyber security by ensuring that products on the market are sufficiently cyber resilient,” he said. “We need to move to a world in which there are no default passwords on internet-connected devices, where all companies providing internet services and devices adhere to a vulnerability disclosure policy, and where connected devices and software are updatable for their entire lifespan.” Standards certification framework King said the new standards certification framework should promote new EU-wide schemes and procedures and create a comprehensive set of rules, requirements and standards to evaluate how secure digital products and services actually are. “But, given that 95% of attacks involve some human interaction with technology, building resilience also means changing behaviours to improve cyber hygiene…and having the right skills to drive technological innovation to stay ahead of attackers,” he said, pointing out that Europe is projected to have 350,000 unfilled cyber security jobs by 2022. “We need to mainstream cyber security education and training programmes and we need to invest in innovation,” said King. As well as improving resilience, he said, there is a need to create real and credible disincentives for attackers. “We need to make attacks easier to detect, trace, investigate and punish,” he said. But attribution is often difficult, said King, and for this reason, the EC is seeking to promote the uptake of Internet Protocol Version 6 (IPv6). “Under IPv6, you will only be able to allocate a single user per IP address,” he said, adding that the EC is also seeking to increase cooperation and sharing of cyber expertise and reinforcing forensic capabilities across the EU and within Europol “so that law enforcement can keep pace with criminals”. Strengthen cyber defence When it comes to defence, said King, the EC plans to explore whether the new EU Defence Fund could help to develop and strengthen cyber defence capabilities. “We want to team up with our partners, and the EU will deepen co-operation with Nato on cyber security, hybrid threats and cyber defence,” he said. “It is in our common interest.” Finally, King said that while the internet offers “enormous opportunities” for citizens, governments and international organisations, it also offers “unprecedented opportunities” for criminals, terrorists and other hostile actors. “We need to be alive to this risk, and we need to take steps together to counter these threats because by working together, we can boost resilience, drive technological innovation, increase deterrents, and harness international co-operation to promote our collective security,” he concluded. Source: http://www.computerweekly.com/news/450427879/Euro-commissioner-calls-for-more-collaboration-on-cyber-security

Link:
Euro commissioner calls for more collaboration on cyber security

Australian companies face an increasing threat from domestic DDoS instigators

Mobile botnets, targeted DDoS attacks pose growing threat to Australian targets. Australian organisations are being hit by over 450 distributed denial of service (DDoS) attacks every day and fully a quarter of them are coming from domestic sources, analysts have warned as figures show DDoS attacks making a resurgence after nearly a year of decline. New figures from the Arbor Networks ATLAS service – which collects data on DDoS attacks and malware from 400 service providers – suggested that Australian targets suffered 14,000 attacks of various intensity in August alone. The largest of the attacks, in early August, measured 51.9 Gbps in intensity while the heaviest volume of packets – 15.8 million packets per second – came in an attack later in the month. While the United States was the largest source of the attacks – comprising 30 percent of the overall total – the lion’s share of the remainder came from Chinese (24 percent), Australian (24 percent), and UK (23 percent) sources. The August figures reinforce the resurgent threat from DDoS attacks, which flood targets with data in an effort to interrupt their operation for even a short period. They also reflect the continuing flexibility of attackers that were able to build a botnet out of mobile devices to instigate a high-impact DDoS extortion campaign against numerous travel and hospitality organisations. hat botnet, called WireX, was embedded in around 300 Google Play Store applications and had spread to estimated 130,000 to 160,000 bots that produced over 20,000 HTTP/HTTPS requests per second. On August 17 WireX was taken down through a concerted effort involving Google, Akamai, Cloudflare, Flashpoint, Oracle Dyn, RiskIQ, Team Cymru, and other organisations. Instigated by devices from over 100 countries, WireX changed quickly as the attacker “learned rapidly to try different techniques to try to thwart the defenders,” Arbor Security Engineering & Response Team (ASERT) principal engineer Roland Dobbins wrote in his analysis of the attack. WireX reflects the ingenuity being applied to the creation of DDoS attacks as identified in Akamai’s recent Q2 2017 State of the Internet Security Report. Analysing attacks remediated over Akamai’s core content distribution network, that report noted a 28 percent quarter-on-quarter increase in the total number of DDoS attacks as well as increases in infrastructure layer (by 27 percent), reflection-based (21 percent), and average number of attacks (28 percent) per target. Changing geographic distribution showed that “geographic profiling is a real and potentially imminent threat to Australia,” Akamai Asia-Pacific senior security specialist Nick Rieniets said in a statement. “When there are changes like this in the threat landscape and when new threats are released, companies need to recognise, acknowledge and assess that volatility, and change their security controls accordingly, and in a timely manner.” Akamai’s DDoS analysis suggested that the PBot botnet had been tapped once again to generate the biggest DDoS attacks observed in the second quarter. PBot – which Rieniets called “proof that the minute threat actors get access to a new vulnerability they can work out how to weaponise it” – appeared to have primarily infected around 400 Web servers, boosting the volume of data produced per device compared with previous infections such as last year’s Internet of Things-focused Mirai botnet. The range and efficacy of DDoS attack tactics have highlighted the need for businesses to remain disciplined about their protections, security experts have warned. “It’s important that organizations implement best current practices (BCPs) for their network infrastructure, application/service delivery stacks, and ancillary supporting services,” Arbor’s Dobbins writes. “This will allow the organization to maintain availability and ensure continuous service delivery even in the face of attack.” With many organisations found to not have a formal DDoS defense plan in place – and many that do, never rehearsing it – Dobbins said testing needed to become a habit: “It is critical that organizations devise and rehearse their DDoS defense plans in order to ensure that they have the requisite personnel, skills, operational processes, communications plans, and support services in place to defend their Internet properties in a timely and effective manner.” Source: https://www.cso.com.au/article/627915/australian-companies-face-an-increasing-threat-from-domestic-ddos-instigators/

Read More:
Australian companies face an increasing threat from domestic DDoS instigators

DDoS protection, mitigation and defense: 7 essential tips

Protecting your network from DDoS attacks starts with planning your response. Here, security experts offer their best advice for fighting back. DDoS attacks are bigger and more ferocious than ever and can strike anyone at any time. With that in mind we’ve assembled some essential advice for protecting against DDoS attacks. 1. Have your DDoS mitigation plan ready Organizations must try to anticipate the applications and network services adversaries will target and draft an emergency response plan to mitigate those attacks. [ Find out how DDoS attacks are evolving and bookmark CSO’s daily dashboard for the latest advisories and headlines. | Sign up for CSO newsletters. ] “Enterprises are paying more attention to these attacks and planning how they’ll respond. And they’re getting better at assembling their own internal attack information as well as the information their vendors are providing them to help fight these attacks,” says Tsantes. IBM’s Price agrees. “Organizations are getting better at response. They’re integrating their internal applications and networking teams, and they know when the attack response needs to be escalated so that they aren’t caught off guard. So as attackers are becoming much more sophisticated, so are the financial institutions,” she says. “A disaster recovery plan and tested procedures should also be in place in the event a business-impacting DDoS attack does occur, including good public messaging. Diversity of infrastructure both in type and geography can also help mitigate against DDoS as well as appropriate hybridization with public and private cloud,” says Day. “Any large enterprise should start with network level protection with multiple WAN entry points and agreements with the large traffic scrubbing providers (such as Akamai or F5) to mitigate and re-route attacks before they get to your edge.  No physical DDoS devices can keep up with WAN speed attacks, so they must be first scrubbed in the cloud.  Make sure that your operations staff has procedures in place to easily re-route traffic for scrubbing and also fail over network devices that get saturated,” says Scott Carlson, technical fellow at BeyondTrust. 2. Make real-time adjustments While it’s always been true that enterprises need to be able to adjust in real-time to DDoS attacks, it became increasingly so when a wave of attacks struck many in the financial services and banking industry in 2012 and 2013, including the likes of Bank of America, Capital One, Chase, Citibank, PNC Bank and Wells Fargo. These attacks were both relentless and sophisticated. “Not only were these attacks multi-vector, but the tactics changed in real time,” says Gary Sockrider, solutions architect for the Americas at Arbor Networks. The attackers would watch how sites responded, and when the site came back online, the hackers would adjust with new attack methods. “They are resolute and they will hit you on some different port, protocol, or from a new source. Always changing tactics,” he says. “ Enterprises have to be ready to be as quick and flexible as their adversaries.” 3. Enlist DDoS protection and mitigation services John Nye, VP of cybersecurity strategy at CynergisTek explains that there are many things enterprises can do on their own to be ready to adjust for when these attacks hit, but enlisting a third-party DDoS protection service may be the most affordable route. “Monitoring can be done within the enterprise, typically in the SOC or NOC, to watch for excessive traffic and if it is sufficiently distinguishable from legitimate traffic, then it can be blocked at the web application firewalls (WAF) or with other technical solutions. While it is possible to build a more robust infrastructure that can deal with larger traffic loads, this solution is substantially costlier than using a third-party service,” Nye says. Chris Day, chief cybersecurity officer at data center services provider Cyxtera, agrees with Nye that enterprises should consider getting specialty help. “Enterprises should work with a DDoS mitigation company and/or their network service provider to have a mitigation capability in place or at least ready to rapidly deploy in the event of an attack.” “The number one most useful thing that an enterprise can do — if their web presence is  that  critical to their business — is to enlist a third-party DDoS protection service,” adds Nye. “I will not recommend any particular vendor in this case, as the best choice is circumstantial and if an enterprise is considering using such a service they should thoroughly investigate the options.” 4. Don’t rely only on perimeter defenses Everyone we interviewed when reporting on the DDoS attacks that struck financial services firms a few years ago found that their traditional on-premises security devices — firewalls, intrusion-prevention systems, load balancers —were unable to block the attacks. “We watched those devices failing. The lesson there is really simple: You have to have the ability to mitigate the DDoS attacks before it gets to those devices. They’re vulnerable. They’re just as vulnerable as the servers you are trying to protect,” says Sockrider, when speaking of the attacks on banks and financial services a few years ago. Part of the mitigation effort is going to have to rely on upstream network providers or managed security service providers that can interrupt attacks away from the network perimeter. It’s especially important to mitigate attacks further upstream when you’re facing high-volume attacks. “If your internet connection is 10GB and you receive a 100GB attack, trying to fight that at the 10GB mark is hopeless. You’ve already been slaughtered upstream,” says Sockrider. 5. Fight application-layer attacks in-line Attacks on specific applications are generally stealthy, much lower volume and more targeted. “They’re designed to fly under the radar so you need the protection on-premises or in the data center so that you can perform deep-packet inspection and see everything at the application layer. This is the best way to mitigate these kinds of attacks,” says Sockrider. “Organizations will need a web protection tool that can handle application layer DoS attacks,” adds Tyler Shields, VP of Strategy, Marketing & Partnerships at Signal Sciences. “Specifically, those that allow you to configure it to meet your business logic. Network based mitigations are no longer going to suffice,” he says. Amir Jerbi, co-founder and CTO is Aqua Security, a container security company, explains how one of the steps you can take to protect against DDoS attacks is to add redundancy to an application by deploying it on multiple public cloud providers. “This will ensure that if your application or infrastructure provider is being attacked then you can easily scale out to the next cloud deployment,” he says. 6. Collaborate The banking industry is collaborating a little when it comes to these attacks. Everything they reveal is carefully protected and shared strictly amongst themselves, but in a limited way, banks are doing a better job at collaborating than most industries . “They’re working among each other and with their telecommunication providers. And they’re working directly with their service providers. They have to. They can’t just work and succeed in isolation,” says Lynn Price, IBM security strategist for the financial sector. For example, when the financial services industry was targeted, they turned to the Financial Services Information Sharing and Analysis Center for support and to share information about threats. “In some of these information-sharing meetings, the [big] banks are very open when it comes to talking about the types of attacks underway and the solutions they put into place that proved effective. In that way, the large banks have at least been talking with each other,” says Rich Bolstridge, chief strategist of financial services at Akamai Technologies. The financial sector’s strategy is one that could and should be adopted elsewhere, regardless of industry. 7. Watch out for secondary attacks As costly as DDoS attacks can be, they may sometimes be little more than a distraction to provide cover for an even more nefarious attack. “DDoS can be a diversion tactic for more serious attacks coming in from another direction. Banks need to be aware that they have to not only be monitoring for and defending the DDoS attack, but they also have to have an eye on the notion that the DDoS may only be one aspect of a multifaceted attack, perhaps to steal account or other sensitive information,” Price says. 8. Stay vigilant Although many times DDoS attacks appear to only target high profile industries and companies, research shows that’s just not accurate. With today’s interconnected digital supply-chains (every enterprise is dependent on dozens if not hundreds of suppliers online), increased online activism expressed through attacks, state sponsored attacks on industries in other nations, and the ease of which DDoS attacks can be initiated, every organization must consider themselves a target. So be ready, and use the advice in this article as a launching point to build your organization’s own anti-DDoS strategy. Source: https://www.csoonline.com/article/2133613/network-security/malware-cybercrime-ddos-protection-mitigation-and-defense-7-essential-tips.html

More:
DDoS protection, mitigation and defense: 7 essential tips

Google pulls 300 Android apps used for DDoS attacks

A number of security researchers teamed up to fight the WireX botnet. If a random storage manager or video player you downloaded recently has disappeared from your Android device, don’t worry: it might have been for your own good. Google has removed 300 apps from the Play store, which were apparently merely masquerading as legitimate applications. In truth, they were made to hi-jack your phone so it can be used as part of a botnet’s distributed denial of service (DDoS) attacks. WireX, as the botnet is called, pummeled several content providers and delivery networks with traffic from the devices it hi-jacked on August 17th, though it’s been active since around August 2nd. In some cases, it also acted as a ransomware, demanding money from its victim. It was content delivery network Akamai that discovered its existence following an assault on one of its clients. The company then got together with Google and several security researchers from rival companies like Cloudflare, Flashpoint, Oracle + Dyn, RiskIQ, Team Cymru and other organizations to solve the issue. Upon learning that the Play Store is inundated with hundreds of fake WireX apps hiding behind the guise of innocuous programs like storage managers and ringtones, the big G did its part and blocked them all. Here are a few samples of infected apps: In a statement, Mountain View said it’s now also in the process of removing applications from affected devices. It’s unclear how long that would take, though, since based on the team’s research, WireX compromised over 70,000 devices from over 100 countries. Source: https://www.engadget.com/2017/08/29/google-pulls-300-android-apps-wirex-ddos/

Taken from:
Google pulls 300 Android apps used for DDoS attacks

Second Quarter Reported DDoS Attacks Lasting Days, Not Minutes

What would you do if your company was hit with a DDoS attack that lasted 11 days? Perhaps a large organization could withstand that kind of outage, but it could be devastating to the SMB, especially if it relies on web traffic for business transactions. That 11-day – 277 hours to be more exact – attack did happen in the second quarter of 2017. Kaspersky Lab said it was longest attack of the year, and 131 percent longer than the longest attack in the first quarter. And unfortunately, the company’s latest DDoS intelligence report said we should expect to see these long attacks more frequently, as they are coming back into fashion. This is not the news businesses want to hear. Enduring DDoS attacks isn’t new. Igal Zeifman, senior manager at Imperva for the Incapsula product line, told me in an email comment that in 2016, the company tracked a network layer attack that lasted more than 29 days and an application layer assault that persisted for 69 days straight. However, Zeifman argued against the Kaspersky finding, saying that it doesn’t mesh with what his company has seen, despite those extended attacks from last year: For the past four quarters we continued to see a persistent decline in the average attack duration, driven by an increased number of short attack burst of 30 minutes or less. These bursts accounted for over 58 percent of all network layer attacks and more than 90 percent of all assault layer attacks in the first quarter of the year. Interesting to see such disparate results in the length of DDoS attacks . Whether days long or short bursts, one thing is certain – those initiating the attacks have very definite reasons for doing so. As the Kaspersky Lab report stated, financial extortion was a top reason for the attacks in the second quarter: This approach was dubbed “ransom DDoS”, or “RDoS”. Cybercriminals send a message to a victim company demanding a ransom of 5 to 200 bitcoins. In case of nonpayment, they promise to organize a DDoS attack on an essential web resource of the victim. Such messages are often accompanied by short-term attacks which serve as demonstration of the attacker’s power. The victim is chosen carefully. Usually, the victim is a company which would suffer substantial losses if their resources are unavailable. Political hacktivists are hard at work, too, going after news organizations, elections and, in the U.S., the FCC, likely in retaliation for wanting to abolish net neutrality. The FCC has acknowledged the attack, but reports are the agency is making its cybersecurity efforts secret . I’ll be following up more on that story later this week. Source: http://www.itbusinessedge.com/blogs/data-security/second-quarter-reported-ddos-attacks-lasting-days-not-minutes.html

Original post:
Second Quarter Reported DDoS Attacks Lasting Days, Not Minutes

Journalist Sues FCC For Hiding Details About Its Alleged, Phantom DDoS Attack

You might recall that when John Oliver did his latest piece on net neutrality, the FCC’s comment system ground to a halt under the load of viewers pissed to realize that the FCC is trying to kill popular consumer protections protecting them from buffoonery by the likes of Comcast. But the FCC then did something odd: it claimed that a DDoS attack, not HBO’s hit show, resulted in the website’s issues. A statement issued by the FCC proclaimed that extensive “analysis” by the FCC had led the agency to conclude that it had suffered the attack at roughly the same time Oliver’s program had ended: “Beginning on Sunday night at midnight, our analysis reveals that the FCC was subject to multiple distributed denial-of-service attacks (DDoS). These were deliberate attempts by external actors to bombard the FCC’s comment system with a high amount of traffic to our commercial cloud host. These actors were not attempting to file comments themselves; rather they made it difficult for legitimate commenters to access and file with the FCC.” The problem: security experts saw no evidence that claim was true in publicly available logs, and saw none of the usual indicators preceding such an attack. And the FCC ever since has been bizarrely cagey, refusing to provide any evidence whatsoever supporting its claim. The FCC was subsequently prodded by several Senators as to the nature of the attack, but the FCC still refused to share any real data, despite agency boss Ajit Pai repeatedly, breathlessly insisting he would be a stalwart defender of transparency at the agency. And when Gizmodo recently filed a FOIA request for anything regarding the nature of the attack, the FCC first released seventeen pages of nonsense, before admitting it had no documented “analysis” proving an attack as previously claimed. When additional websites began to point out that the FCC’s behavior here was a little odd, the agency sent out a strangely-punchy press release lambasting news outlets for being “irresponsible.” So what’s really happening here? The unsubstantiated journalist guess du jour is that the FCC bizarrely made up a DDoS attack in a feeble attempt to downplay the “John Oliver effect” in the media. “We weren’t inundated by millions of people angry that we’re killing popular consumer protections solely to the benefit of Comcast,” this narrative suggests, “we were unfairly attacked!” The fact that there never actually was a DDoS attack would go a long way toward explaining the Trump FCC’s subsequent inability to provide any evidence supporting the claim, even under pressure from Congress. Hoping to flesh this theory out a bit, journalist Kevin Collier last week filed a lawsuit against the FCC (pdf) not only demanding more data on the agency’s supposed DDoS attack, but also urging the FCC to provide some insight on what it’s doing to address the wave of bogus, bot-produced anti-net neutrality comments flooding the agency’s website in recent months: “Collier said his records request was prompted by the FCC’s “weird and cagey” inclination to obscure details about the incident. “The fact that they gave Gizmodo such a runaround in its own request for internal ‘analysis’ of the attack just goes to show this,” he said. “I want to know the full story.” Sen. Ron Wyden, Democrat of Oregon, told Gizmodo last week the FCC’s actions raised “legitimate questions about whether the agency is being truthful when it claims a DDoS attack knocked its commenting system offline.” Again, the refusal to address fraudulent anti-net neutrality comments being made at the FCC website (like the one made in my name), combined with the FCC’s bizarre, phantom DDoS attack, has many believing the FCC is actively engaged in an intentional, amateurish attempt to downplay the massive backlash to their assault on net neutrality. And while it’s entirely possible the FCC is just being non-transparent and generically stupid here, if it can be proved the agency actively lied about a DDoS attack then covered it up simply to downplay the immense unpopularity of its policies, the inevitable lawsuits against the agency in the wake of its final vote to kill the rules could get very interesting. Source: https://www.techdirt.com/articles/20170803/13582337915/journalist-sues-fcc-hiding-details-about-alleged-phantom-ddos-attack.shtml

Read More:
Journalist Sues FCC For Hiding Details About Its Alleged, Phantom DDoS Attack

FCC says its cybersecurity measures to prevent DDoS attacks must remain secret

The FCC has provided a few — very few — details of the steps it has taken to prevent attacks like the one that briefly took down its comment system in May. The agency has faced criticism over its secrecy regarding the event, and shows no sign of opening up; citing “the ongoing nature of the threats,” to reveal its countermeasures would “undermine our system’s security.” These cryptic comments are the first items of substance in a letter (PDF) sent to the House Energy and Commerce and Government Reform committees. Members thereof had sent letters to the FCC in late June asking what solutions it was implementing to mitigate or prevent future attacks. A cover letter from FCC Chairman Ajit Pai emphasizes the fact that millions of comments have been filed since, including 2 million in the 4 days following the attack. He writes that the Commission’s IT staff “has taken additional steps… to ensure the ongoing integrity and resiliency of the system.” What those steps are, however, he did not feel at liberty to say, except that they involve “commercial cloud providers” and “internet-based solutions.” Since the comment filing system is commercially cloud-hosted, and the system is fundamentally internet-based, neither of these descriptions is particularly revelatory. It’s not the security, it’s the communication The issue, however, isn’t that we are deeply afraid that another hacker will take down the system. After all, basic rate limiting and some analytics seem to have done the job and allowed record numbers of comments immediately after the attack stopped. The FCC was still writing reports and calling experts at the time the system had returned to full operation. The issue is the FCC’s confusing and misleading handling of the entire thing. The nature and extent of the attack is unclear — it’s described in a previous letter to concerned senators as a “non-traditional DDoS attack.” Supposedly the API was being hammered by cloud-based providers. What providers? Don’t they have records? Who was requesting the keys necessary to do this? Very little has been disclosed, and even requests of information circumstantial to the attacks have been denied. What is so sensitive about an analysis of the network activity from that period? Petitioners seeking to see communications pertaining to the attack were told much of the analysis was not written down. Even the most naive internet user would find it hard to believe that in a major agency of a modern bureaucracy, a serious attack on its internet infrastructure, concerning a major internet policy, would fail to be discussed online.  The FCC also says it consulted with the FBI and agreed that the attack was not a “significant cyber incident” as such things are defined currently in government. For the curious: A cyber incident that is (or group of related cyber incidents that together are) likely to result in demonstrable harm to the national security interests, foreign relations, or economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people. Okay, that seems reasonable. So why is it being kept under wraps? Why are the countermeasures, which are probably industry standard, unable to be disclosed? How would disclosing the details of those security countermeasures undermine those systems? If it’s the “ongoing threat,” what is the threat exactly if not the pervasive threat of hacking faced by any public website, service or API? Have there been follow-up attacks we haven’t been informed of? The investigation is also ongoing, but in that case how could it fail to produce written records for FOIA requests like those already submitted? The more the FCC drags its feet and stammers out non-answers to simple questions regarding what it itself has categorized a non-major attack that happened months ago and did not significantly affect its systems, the less we trust what it does say. Concerned senators, representatives and others are not going to stop asking, however. Let’s hope whatever the FCC seems unwilling to share comes out before it ceases to be relevant. It would be a shame, for instance, to receive a full report on hackers bent on supporting one side of the net neutrality argument… the day after the FCC votes on the issue. Source: https://techcrunch.com/2017/07/31/fcc-says-its-cybersecurity-measures-to-prevent-ddos-attacks-must-remain-secret/

See more here:
FCC says its cybersecurity measures to prevent DDoS attacks must remain secret

Are massive cyberattacks the new normal?

When domain name system services supplier Dyn got hit with a distributed denial of service (DDoS) attack last October, waves of traffic overwhelmed the company’s network and disrupted access to the internet for large swathes of the United States and Europe. The Dyn perpetrators had successfully orchestrated one of the biggest-ever DDoS attacks, powered by a botnet of Internet of Things devices. Whoever was responsible for the Dyn attack showed how easy it was to deploy the Mirai source code, which is publicly available and easy to obtain. Many botnets have since incorporated the code, raising concerns that even worse is yet to come. The Mirai botnet also serves as the basis of an ongoing DDoS-for-hire service. With the number of IoT devices in business now in the billions, the specter of crippling attacks targeting IoT installations found in industrial control systems or critical national infrastructure becomes a possibility. The security world got another reminder of the growing magnitude of the threat when attackers carried out the biggest ransomware attack in history in May, infecting computers operated by more than 200,000 people in 150 countries with the so-called WannaCry virus. Size doesn’t matter The proliferation of these more powerful tools and technologies used to launch cyberattacks means that anyone can get access to a cyberweapon and potentially wreak wide-scale havoc. The irony is that many organizations still fail to enforce basic measures that would otherwise protect themselves from attack. Too many remain unprepared and fail to take simple steps, such as patching software on a routine basis. In theory, attacks like WannaCry should be preventable. Indeed, there was no shortage of warnings that organizations were leaving themselves vulnerable by failing to update aging computer operating systems with the latest software patches. It’s up to IT to be on top of updates for patches issued for any open source software used by the organization, particularly when it comes to their IoT deployments. They also need to be mindful of the lack of security in the IoT ecosystem. According to an AT&T Cybersecurity Insights report, the world of IoT has become a digital Petri dish for hackers and other cybercriminals eager to probe for weak spots. Other IoT must-do’s: Many devices get shipped from the manufacturer preconfigured with usernames and passwords that hackers can locate using search engines. Change them immediately. As DDoS attacks grow ever larger, there’s obvious incentive to take measures that will block as many potential threats as possible at the edge of your network. Along with identifying your vulnerabilities, make sure there are multiple layers of security in place and configure your applications to make them better resistant to exploitation. Make sure there’s a good firewall in place along with rules to drop junk packets or reject unnecessary external protocols. An ISP can help by stopping unnecessary traffic upstream. Also, run constant network scans of the corporate network to locate any security holes before the bad guys find them first. A fail-safe defense may not exist but you can mitigate a threat that, unfortunately, is becoming the new normal in the security world. Source: http://www.csoonline.com/article/3200769/data-breach/are-massive-cyberattacks-the-new-normal.html

Link:
Are massive cyberattacks the new normal?

Final Fantasy 14 is experiencing DDoS attacks

Trouble logging in? It may be due to hackers Final Fantasy 14’s servers have been under intense strain this past weekend. It now seems that these issues are the direct result of distributed denial-of-service attacks, Square Enix stated today. The attacks have apparently been going on since June 16, the first day that the game’s second expansion, Stormblood, went live for early access. This past weekend, early adopters were met with congested servers that were filled to capacity. Some queues just to log in surpassed 6,000 users. In the game proper, overwhelmed servers have lead to increased load times and made some quests impossible to complete. Stormblood was officially released yesterday and as of today, massive amounts of access requests due to the alleged hack are continuing to occur. Square Enix has stated that its technicians are doing all they can to defend against the attacks, but they are “continuing to take place by changing their methods at every moment.” The company also assured players that character data and private information associated with accounts have not been affected. Source: https://www.polygon.com/2017/6/21/15845898/final-fantasy-14-stormblood-servers-ddos-attack

View the original here:
Final Fantasy 14 is experiencing DDoS attacks