Tag Archives: denial of service

Dukascopy Server Crash on Wednesday Caused by DDoS Attack

The company has contracted a third party specializing in such threats in order to prevent further attacks from happening S wiss Dukascopy Bank was a target of a distributed denial-of-service (DDoS) attack yesterday, a company spokesperson shared with Finance Magnates’ reporters. The server crash prompted a number of the brokerage’s clients to take to social media in order to establish what the issues were with the website and the demo and real accounts servers of the firm. Additionally, the company detailed that the outage lasted an hour and thirteen minutes. A company spokesperson stated to Finance Magnates reporters, “As you may know yesterday starting from 12:31 GMT to 13:44 GMT Dukascopy servers were down due to a DD0S attack.” The DDoS attack was successfully mitigated and we expect that it will not be repeated “The DDoS attack was successfully mitigated and we expect that it will not be repeated. Protection measures have been implemented, including enabling third party services specializing on such kind of threats.” As stated above, the company has turned to a third party contractor in order to alleviate the risks associated with any further DDoS attack. Financial services institutions are frequent targets of DDoS attacks, however the companies most frequently suffering are banks or credit card payment gateways. In the earlier stages of online business, threats about DDoS attacks have been unlawfully used by some outfits to blackmail their competitors. Our reporters have heard about similar criminal practices remaining in play in more recent cases in the industry. Both binary options providers and brokers have been targets of similar attacks in recent years. As for Dukascopy, it is business as usual on the company’s platforms today, while the euro is hitting fresh 1-month highs against the U.S. dollar and the British pound. Source: http://www.financemagnates.com/forex/brokers/dukascopy-server-crash-on-wednesday-caused-by-ddos-attack/

Follow this link:
Dukascopy Server Crash on Wednesday Caused by DDoS Attack

DOSarrest External Monitoring Service launches iOS and Android App

VANCOUVER , April 8, 2015 /PRNewswire/ – DOSarrest Internet Security, a fully managed cloud based DDoS protection service, today announced that their DOSarrest External Monitoring Service (DEMS), a real-time website monitoring tool, launches a new iOS and Android application for clients. This application is a complimentary service to all DOSarrest clients who are subscribed to DOSarrest’s industry leading DDoS protection service. The new mobile application on iOS and Android will allow clients to easily access and view their website(s) status and performance in real-time 24/7/365, as well as enable them to historically view all of the statistics for up to 1 year from 8 globally distributed sensors. Jag Bains, CTO of DOSarrest says “This application is beneficial to all of our clients who have a mission critical website that requires 100% uptime. Unlike other monitoring services, this service is fully managed 24/7/365. Should anything unexpected occur, our engineers will investigate, pinpoint and advise the client on a solution in near real-time. No other vendor in this industry offers this level of customer service.” “We have a number of clients who depend on this service and some have subscribed to it that aren’t even using our DDoS protection service,” says Mark Teolis , CEO of DOSarrest. “With the new mobile application, in one click on your smart phone, you can view what sites are up or down and why in real-time, whenever and wherever you are. It’s like the laptop version in your pocket.” Teolis adds “As I far as I know, no other DDoS protection service or CDN offers any such complimentary service that compares to our External Monitoring Service, with 8 globally distributed sensors completely independent of any of our scrubbing nodes.” About DOSarrest Internet Security: DOSarrest founded in 2007 in Vancouver, B.C. , Canada , is one of only a couple of companies worldwide to specialize in cloud based DDoS protection services . Additional Web security services offered are Cloud based W eb A pplication F irewall (WAF), V ulnerability T esting and O ptimization (VTO) as well as cloud based global load balancing. SOURCE: http://www.prnewswire.com/news-releases/dosarrest-external-monitoring-service-launches-ios-and-android-app-499026641.html

Michigan High School Student Facing Charges After lauching DDoS attack on School Network

A student at Monroe High School in Monroe, Michigan, was recently caught conducting a distributed denial of service attack (DDoS), and Monroe Public Schools Superintendent Barry Martin says the district will be pressing charges. Over a period of two weeks, the unnamed student managed to take the network down for ten to fifteen minutes at a time during the school day. This had a heightened effect on the district, as modern-day high schools rely heavily on the Internet for administration as well as classroom instruction. “We are so reliant on the Internet that we can’t afford to have down time,” said Stephen McNew, the superintendent of the district in which the student attended school. No Sensitive Data Compromised Despite having success at being disruptive, an act that the student considered to be a prank, no sensitive documents, e-mails, or files were ever compromised, which should contribute greatly to his defense. Merely disrupting communications is far less of a crime than is stealing sensitive information about other students or private communications between staff members. “A Good Student” Barry Martin called the alleged hacker “a good student” in comments to the Monroe News but said that this act could not be tolerated, and charges would be filed. DDoS is a federal felony, but from the sounds of it, the FBI has not yet been involved in the case. It is taken very seriously when the targets are larger organizations or government institutions, and ordinarily those who are serious about conducting DDoS attacks are careful to cover their tracks. It is not yet evident how the student was found to be a suspect in the case, but in the town of roughly 20,000 people, the pool of likely suspects is rather slim. The profile would be a student with high grades and extreme computer aptitude. This would make the pool of likely suspects even smaller. The way that high schools often conduct such investigations, the student would have been brought in front of a police officer and interrogated until he confessed. Like as not, school officials would pretend to know already that he was guilty, and he would confess. Equally as likely, the student bragged about it to another student, who then turned him in. Another thing that the administrators said about the student was that he probably didn’t know the seriousness of what he was doing. This is in line with existing research that has concluded that adolescents are less likely to consider the consequences of their actions before taking them. Locals Have Mixed Feelings Many locals on the Monroe News Facebook page felt that a felony would be too stern a response for the gifted student’s prank. After all, in the end, the one thing he illustrated was that the school district had a weak network infrastructure that needs upgrading. Especially if, as administrators have said, they are extremely reliant on the Internet in daily teaching. Source: https://hacked.com/michigan-high-school-student-facing-charges-ddosing-school-network/

View post:
Michigan High School Student Facing Charges After lauching DDoS attack on School Network

DDoS attack targets Femsplain on International Women’s Day

Feminist blog Femsplain was taken offline earlier today by a distributed denial of service (DDoS) attack, according to the site’s founder, Amber Gordon. She tells The Verge that the site was offline for roughly three hours before service returned intermittently late Sunday afternoon on the East Coast. The timing seems far from random: today is International Women’s Day. In a tweet, Gordon — best known online as @missambear — shared a screenshot showing the massive influx of traffic from the DDoS attack. Such attacks overwhelm the servers that host websites with a avalanche of requests. According to Gordon, these sorts of attacks are not rare. “We constantly have people attacking us and attempting to bring our website down. It’s unfortunate but the reality of our mission.” She added in comments to The Verge that prior attacks are “never to this severity and I think it’s because it’s International Women’s Day.” Social media accounts taking credit for the attack used the hashtag #internationalwomensday, suggesting the harassment is tied to today’s date. The blog started up late last year as a place for women to discuss topics from online harassment to Gamergate. It has a group of female contributors who publish stories to the site. It also shares reader submissions. Gordon says that “our community is so vocal about supporting us that tons of people were sending messages out on social media to raise awareness that this was happening.” She added, “unfortunately it happened on a day that’s meant to celebrate women.” Source: http://www.theverge.com/2015/3/8/8171269/ddos-attack-targets-femsplain-on-international-womens-day

Excerpt from:
DDoS attack targets Femsplain on International Women’s Day

Register for DDoS Protection and Response Strategies Webinar!

As cyber-criminals innovate and develop new techniques to tackle defensive methods, it has never been more important for information security professionals to have strong, proactive defense and remediation strategies in place. During this webinar, the speakers will share insight on how to address the risks and respond to attacks. Hear about the evolution of and motivations behind DDoS attacks and the attack vectors exploited Discover how to implement multi-layered DDoS defense Identify best practice detection and classification techniques Discover how to implement resilient DDoS incident response practices Date: November 12th 2014 Time: 10:00AM EST/15:00 GMT Click here to register !

See more here:
Register for DDoS Protection and Response Strategies Webinar!

Report on China’s underground services for DDoS Attacks

After analyzing trends in the Chinese underground, Trend Micro found that activity in the marketplace doubled between 2012 and 2013. Upon an even closer look, researchers at the firm also found that the most coveted tools and services in the underground were compromised hosts, remote access trojans (RATs) and distributed denial-of-service (DDoS) attack services. Trend Micro’s new research paper, “The Chinese Underground in 2013,”(PDF) detailed criminal activity facilitated in the space, and in a Thursday interview with SCMagazine.com, Christopher Budd, global threat communication manager at the company, said that, among the products, compromised hosts were most sought after. In the report, Trend Micro defined “compromised hosts” as client workstations or servers that cybercriminals “have gained command and control of” without the owners’ consent. “That makes sense, because the compromised host is a multi-tasker,” Budd said. “It’s kind of a like a Swiss army knife – you can do multiple things with it.” The report also highlighted the going rate last year for popular black market services. Distributed denial-of-service (DDoS) offerings, for instance, were offered for anywhere from $16 per day to nearly $500 for a “lifetime” DDoS toolkit rental, the report revealed. Researchers also monitored underground activity centered around mobile attacks. Trend Micro found that the most in demand offerings were SMS spamming services, SMS servers and premium service numbers. Overall, the report noted that the increased activity in the China’s underground took into account, both the number of participants and the number of product and services offerings in 2013. In his interview, Rudd also noted that attacks, facilitated through shady transactions in China’s underground market, were most often aimed at other users in the country – an ongoing trend that will likely continue. “The participants in the Chinese underground looking inward, and the Russian underground looking outward [in attacks], has been a consistent trend,” Budd said. “And partly, that’s linguistic, because the people in the Chinese underground market [products and services] in Chinese as opposed to English – [but] it’s a combination of cultural and linguistic factors,” he said. Source: http://www.scmagazine.com/report-chinas-underground-activity-doubled-last-year/article/369849/

See the original article here:
Report on China’s underground services for DDoS Attacks

Amazon cloud infested with DDoS botnets

Security researchers have found yet another exploit on the Amazon cloud computing platform through the Elasticsearch distributed search engine tool. According to analysis, hackers are able to gain access to the search engine to deploy a battalion of botnets on Amazon cloud. The vulnerability should be a cause of alarm and, therefore, merits the attention of enterprises because it could manipulate Amazon cloud platforms in an attempt to launch distributed denial of service attacks against hundreds of thousands of websites. Amazon cloud users can a representational state transfer API to search various documents through Elasticsearch, an open-source search engine server built based on Java. It is more popular among cloud environments for its distributed architecture that enables multiple nodes. Researchers found security issues on the versions 1.1.x of Elasticsearch because its API scripting lacks a mechanism to authenticate access and a sandbox security infrastructure. Therefore, anyone, including hackers, can penetrate Elasticsearch just so easy. After that, attackers could carry out several malicious activities using Elasticsearch’s scripting capability such as carrying out arbitrary code on the server. As of now there is no patch coming from the developers of Elasticsearch. Nonetheless, versions 1.2.0 and up are safe from being exploited by hackers. New offshoots of Mayday Trojan for Linux has been spotted over the past week and the malware already launched DDoS attacks against targets DNS amplification. A Mayday variant was reported to be running on an Amazon server that has been compromised through the Elasticsearch exploit, though there are other platforms that could have been potentially manipulated. However, the Mayday variant did not resort to DNS amplification on the compromised EC2 instances. Instead it was used to launch attacks by flooding several websites with UDP traffic. As a result, many regional banking institutions in the United States and electronics companies in Japan had to transfer their IP addresses to DDoS mitigation service vendors. The Amazon EC2-run virtual machines were also reported to have been attacked by hackers through a CVE-2014-3120 exploit in the 1.1.x versions of Elasticsearch. Researchers observed that many commercial enterprises still use those versions. According also to security researchers, attackers have changed proof-of-concept exploit code for CVE-2014-3120 to install a Web shell developed based on Perl. A Web shell is a script that enables hackers to deploy Linux shell commands backdoor through the Web. The script was then further manipulated to download a fresh variant of the Mayday DDoS botnet. Amazon has already notified its customers about the issue. Source: http://www.techwalls.com/amazon-cloud-infested-ddos-botnets/

See more here:
Amazon cloud infested with DDoS botnets

17-Year-Old Behind Norway DDoS Attacks This Week

On Thursday, the Norwegian police have arrested and charged a 17-year-old in connection to the recent massive distributed denial-of-service (DDoS) attacks directed at major financial institutions and other businesses in the country. The teen, from the city of Bergen, on Norway’s west coast, claimed to be part of the hacktivist group Anonymous Norway, who, in a Twitter message, dismissed any connection to him or the DDoS incidents. On the day of the attack, the teenager sent a letter to the media, claiming to be part of Anonymous and saying that “the motivation behind the current attacks and the next attacks in the future is to get the community to wake up. The number of major IT security attacks is increasing and there is nothing being done to prevent such events.” Evidence that Anonymous Norway was not involved in the incidents is the fact that the boy joined the group’s Facebook page on the same day of the attack. Furthermore, the hacker outfit provided a Pastebin link in a new tweet, pointing to the identity of the perpetrator; they did not create the post, just scooped it up. Initially, the youngster was charged with gross vandalism, which carries a maximum prison sentence of six years in Norway. However, since he has no record and is still a minor, this should be greatly reduced. According to News in English, Frode Karlsen of the Bergen police told Norwegian Broadcasting that the authorities are taking the matter seriously because this sort of attack can have significant impacts on society, like individuals not being able to reach emergency services in case they needed help. After his arrest, the teen cooperated in the investigation and clarified the nature of his actions. His defense lawyer stated that “he’s sorry for having caused all this and has laid his cards on the table.” The DDoS attack, which occurred on Tuesday, was considered among the largest ever seen in Norway and leveraged the vulnerable “pingback” WordPress feature. Its increased significance is due to the fact that it targeted layers three (network) and four (transport) of the OSI model, as well as layer seven (application), at the same time. Mitigating an application layer DDoS attack is not too easy, because the requests are directed at the application interface and mimic legitimate behavior, which makes filtering out the bad traffic more difficult. The attack aimed at disrupting the online services of major financial institutions in Norway (Norges Bank, Sparebank 1, Storebrand, Gjensidige, Nordea, Danske Bank), as well as other business, like Scandinavian Airlines (SAS) and Norwegian Air. The website of the largest telecommunications company in Norway, Telenor, was also affected. Source: http://news.softpedia.com/news/17-Year-Old-Behind-Norway-DDoS-Attacks-this-Week-450391.shtml

Read the article:
17-Year-Old Behind Norway DDoS Attacks This Week

‘Political’ DDoS Attacks Skyrocket in Russia

Commercial hackers in Russia are giving way to politically motivated cyber criminals targeting ideological enemies, a new study said Wednesday. The most powerful DDoS attacks on Russian websites in the first six months of 2014 were triggered by the political crisis in Ukraine, digital security company Qrator Labs revealed. February’s Olympic Games in Sochi also prompted a spike in DDoS attacks, said the study, as reported by Bfm.ru news website. Hacker attacks in Russia have generally decreased in quantity, but have become more powerful compared with the first six months of 2013, the report said. About 2,700 distributed denial-of-service (DDoS) attacks occurred during the first six months of 2014, compared with 4,400 over the same period last year, Bfm.ru said. But the number of powerful attacks upward of 1 Gbps increased five times to more than 7 percent of the total, the report said, citing Qrator Labs digital security company. Some of the attacks peaked at 120 to 160 Gbps, the report said. Attack time also grew significantly, with DDoS strikes lasting up to 91 days, compared with 21 days in the first half of 2013. Average botnet size tripled from 136,000 to 420,000 machines per attack. This indicates ideological motivation on behalf of the attackers, who, unlike criminal hackers attacking websites for money, have more time at their disposal, Qrator Labs was quoted as saying. The media made the list of prime DDoS targets along with payment systems and real estate websites. Last season, Forex websites and online stock exchanges accounted for the “absolute majority” of the attacks, the study said, without providing exact figures. Source: http://www.themoscowtimes.com/news/article/political-ddos-attacks-skyrocket-in-russia/503226.html

Are DDoS attacks becoming more sophisticated?

If you’ve taken the time to read the various security articles over the last few months, you’ll quickly realise that the relatively nascent Bitcoin is well acquainted with DDoS. Initially, this was to undermine and influence Bitcoin currency, but now it is actually being used to steal Bitcoin funds in the millions of dollars. Of course, the very nature of a “”virtual currency”” is going to be attractive to cyber criminals who see it as an easy target; after all, they only have to steal digital information from a computer. At the end of the day, the attackers are winning with what is all too often considered a crude tool. It begs the question: Is DDoS still to be considered a blunt instrument? From what I have seen, the answer is a resounding no. Here’s why: Unconventional DDoS DDoS is getting more sophisticated – DDoS in its simplest form attempts to bombard a server with so many requests that it can’t handle the volume and therefore just shuts down, making a website inaccessible. The conventional understanding of DDoS is that it is typically massive in terms of bandwidth, packets per second and connection, and the latest attacks on BitStamp suggest there was indeed a high volume aspect to the attack. The more important aspect to this attack was how the attackers were able to masquerade the hash of a user transaction and essentially bombard the exchanges with it- in the hope it would be processed before the actual legitimate sessions. In effect, this was not your typical ‘clog the pipe’ DDoS strategy, which is usually touted in articles detailing a huge DDoS attack. The attackers had quite specific knowledge and did their homework when it came to how best to take advantage of DDoS tools and bring down the exchange. Blurring the lines between DDoS and hacking DDoS and hacking have traditionally been seen as two mutually exclusive security initiatives, each requiring its own set of mitigating strategies. While we have seen the two used in tandem – where the DDoS is the ‘feint’ used to cover backend attempts for data theft – the Bitstamp situation stands apart from these experiences in that the DDoS was the actual tool used to carry out the theft. The spoofing of a digital signature/hash to modify the blockchain record was within the payload of the actual DDoS attack. It’s an alarming development considering that more and more ‘conventional’ companies are implementing public facing tools to carry out transactions, which could be hijacked in a similar manner as seen here. There’s no doubt that the stakes are high when it comes to Bitcoin- on the one hand, there could be a lot to gain as adoption and popularity rises; and on the other, there is the regulatory uncertainty and likely insurance issues to consider. When it comes to protecting yourself, realise that by accepting virtual currency, you also become a target for Bitcoin miners and make sure you have appropriate technology in place to protect yourself from DDoS attacks – whether it is a hardware solution that takes days to install and requires a higher up-front cost; or a provider who offers DDoS protection services that can be up and running in as little as a few hours for a monthly cost. Source: http://www.techradar.com/news/software/security-software/are-ddos-attacks-becoming-more-sophisticated–1254382

Read the original post:
Are DDoS attacks becoming more sophisticated?