Tag Archives: denial of service

Taiwan high-tech industry hardest hit by DDoS attacks in last 30 days

TAIPEI (Taiwan News)—Most denial-of-service (DDoS) attacks launched by hackers from Feb. 15 to March 14, 2017 in Taiwan targeted the high-tech industry, according to statistics compiled by leading global content delivery network provider Akamai Technologies. Industries in Taiwan that were most severely attacked by hackers were the high technology industry (61.8 percent), manufacturing industry (17.6 percent) and the financial services industry (7 percent), according to statistics compiled by Akamai’s intelligent platform that delivers 30 percent of the global Internet traffic. Industries in Taiwan under DDoS attacks from February 15 to March 14, 2017. (Taiwan News) The majority of the hacks were launched from IP addresses in Taiwan, followed by Alabama in the U.S., and Brazil. “It is often a misconception that most attacks are launched from abroad,” said Akamai’s Security Business Unit director Amol Mathur. “Attacks are coming both domestic and outside.” The premium CDN provider works customizes solutions for clients from different industries in Taiwan, including hospitality, banking, travel and airline services. Taiwan’s financial institutes are still recovering from a cybersecurity scare last month, in which 15 banks received threats from an anonymous hacker group to shell out 10 Bitcoins each (equivalent to US$10,466), or brace themselves for DDoS attacks that would compromise their server systems. DDoS attacks launched by hackers often compromise institute’s servers data processing capacity by delivering a sudden deluge of data that overtakes bandwidth resources, for instance if the company server bandwidth only allows 10 Gigabyte per second (Gbps) of capacity it can be paralyzed by a 100 Gbps attack. Hackers might use DDoS as a distraction to conceal other malign operations, such as stealing personal information or credential theft, added Mathur. Industries affected by hacker attacks vary monthly, depending on whether there is a major geopolitical event, said Mathur. For instance global hacker group Anonymous took down the London Stock Exchange system for two hours as part of its campaign against global central banks in June 2016. Mathur advised banks should not heed hacker demands to pay ransom. “In real life you would not pay ransom, so why would you pay hackers,” he said. The cybersecurity expert noted a rise in DDoS attacks globally during the fourth quarter of 2016, and pointed out DDoS attacks data size was increasing exponentially every quarter. Globally, attacks over 100 Gbps jumped 140 percent year-on-year during 4Q16, with the largest-size attack recorded reaching 517 Gbps, according to the Akamai “Fourth quarter 2016 State of the Internet/Security Report.” Mathur noted the cause of increased DDoS attacks was partly due to easy access for people to rent bots online, for as cheap as US$10 by going to a site and simply keying in the website address. Hackers can generate a monthly income of US$180,000 to US$200,000 from bot rentals. It remains extremely difficult for law enforcement agencies from a single country to track down hackers that spread the attacks launched by rented bots around the globe, and hide behind the protection of anonymity offered by the dark web. Additionally, the preferred Bitcoin currency used for business transactions by hackers is hard to trace to an IP address, explained Mathur. Introduction of mobile devices, mobile payment, IP surveillance cameras and emerging Internet of Things (IoT) trends introduce new cybersecurity vulnerabilities as hackers can utilize attacks through large number of connected devices. The Mirai bot for instance exposed vulnerabilities in the default user administrator name and passwords used by thousands of connected IP surveillance cameras and their DVR worldwide, said Mathur. He urged the IoT industry to form a joint standard, and for countries to start implementing regulations that set cybersecurity standards for connected devices. Hackers are also finding ways to target vulnerabilities in smartphone application programming interface (API) to obtain credentials, and data from mobile transactions. Apple Pay and some other mobile payment technologies periodically publish white papers announcing how it is securing data, but are mostly for tech savvy readers, said Mathur. One way consumers can safeguard credit card transactions is to check if the online shopping sites or App they use have The Payment Card Industry Data Security Standard (PCI DSS), noted Mathur. The proprietary information security standard launched nearly a decade ago by major credit card companies Visa, MasterCard, American Express, JCB and others follows a stringent standard and heavily fines companies that do not follow its compliance. Source: http://www.taiwannews.com.tw/en/news/3117326

Originally posted here:
Taiwan high-tech industry hardest hit by DDoS attacks in last 30 days

Protest Aims to ‘Take Down’ WhiteHouse.Gov on Inauguration Day

National PR service circulates—then pulls—release highlighting campaign to crash government website BY: Morgan Chalfant January 14, 2017 4:56 am A leading public-relations service blasted and then removed a news release this week highlighting a campaign to protest the inauguration of Donald Trump by crashing WhiteHouse.gov. PR Newswire, a global news-release distribution service, circulated a release on Thursday highlighting a campaign launched by Protester.io, a digital protest organizing platform, to “take down” the White House website next Friday in protest of Trump’s inauguration. “On January 20th, hundreds of thousands of Americans are going to Washington, DC to march in protest of the inauguration of Donald Trump. Millions more around the country will be joining the cause from home. If you can’t make it to Washington DC on inauguration day, you can still participate by occupying whitehouse.gov online,” the release read. “Why is it important to participate? Isn’t this just another election? We haven’t lost our democracy yet, but it is most definitely under threat. The only way we’re going to defend and revive our democracy is by mobilizing.” Protester.io describes itself as a platform that helps individuals “organize protests like a crowdfunding campaign.” A description of the Inauguration Day protest on its website, named “Occupy WhiteHouse.gov,” instructs interested parties to go to the White House website on Jan. 20 and refresh the page as often as possible throughout the day. The page also includes instructions for protesters to “automate” page refresh so that their computers do this automatically. “When enough people occupy www.WhiteHouse.gov the site will go down. Please join us and stand up against this demagogue who is threatening our democracy and our security,” the protest page states. Shortly after blasting the news release, PR Newswire issued a correction, changing the headline of the release from “Protester.io Launches Campaign to Take Down WhiteHouse.gov on Inauguration Day” to “Protester.io Launches Campaign to Voice Your Opinion at WhiteHouse.gov on Inauguration Day.” Later, the news-release service removed the press release entirely. PR Newswire was purchased by Cision, a global public relations software company based in Chicago, for $841 million from British business events organizer UBM in 2015. PR Newswire is based in New York and distributes public relations messages for companies largely located in the United States and Canada, according to the New York Times. When contacted, a spokesman for Cision confirmed to the Washington Free Beacon that the original release had been modified and later removed entirely “after further evaluation.” “The issuer modified the original release at our request, but after further evaluation, we ultimately decided to remove the release in its entirety and have requested that the rest of our network remove the content as well,” Stacey Miller, director of communication for Cision, wrote in an email Friday afternoon. An organizer for the protest did not respond to a request for comment. Federal investigators have probed what are called distributed denial of service, or DDoS, attacks, which block users from websites by overloading them with traffic. Such attacks brought down Twitter, Spotify, and Amazon last October, prompting investigations by the FBI and Department of Homeland Security. It is unclear whether the planned “Occupy WhiteHouse.gov” protest campaign would constitute a DDoS attack. Attempts to reach the FBI on Friday were unsuccessful. Several protests have been organized around Inauguration Day, including the “Women’s March on Washington” that is expected to draw some 200,000 women to the nation’s capital on Jan. 21, the day following Trump’s inauguration. Fox News reported that protesters are also planning to blockade security checkpoints at the inauguration and organize a “dance party” outside the home of Vice President-elect Mike Pence. Source: http://freebeacon.com/culture/protest-aims-take-whitehouse-gov-inauguration-day/

View post:
Protest Aims to ‘Take Down’ WhiteHouse.Gov on Inauguration Day

Bigger than Mirai: Leet Botnet delivers 650 Gbps DDoS attack with ‘pulverized system files’

Earlier in the year, a huge DDoS attack was launched on Krebs on Security. Analysis showed that the attack pelted servers with 620 Gbps, and there were fears that the release of the Mirai source code used to launch the assault would lead to a rise in large-scale DDoS attacks. Welcome Leet Botnet. In the run-up to Christmas, security firm Imperva managed to fend off a 650 Gbps DDoS attack. But this was nothing to do with Mirai; it is a completely new form of malware, but is described as “just as powerful as the most dangerous one to date”. The concern for 2017 is that “it’s about to get a lot worse”. Clearly proud of the work put into the malware, the creator or creators saw fit to sign it. Analysis of the attack showed that the TCP Options header of the SYN packets used spelled out l33t, hence the Leet Botnet name. The attack itself took place on 21 December, but details of what happened are only just starting to come out. It targeted a number of IP addresses, and Imperva speculates that a single customer was not targeted because of an inability to resolve specific IP addresses due to the company’s proxies. One wave of the attack generated 650 Gbps of traffic — or more than 150 million packets per second. Despite attempting to analyze the attack, Imperva has been unable to determine where it originated from, but the company notes that it used a combination of both small and large payloads to “clog network pipes and bring down network switches”. While the Mirai attacks worked by firing randomly generated strings of characters to generate traffic, in the case of Leet Botnet the malware was accessing local files and using scrambled versions of the compromised content as its payload. Imperva describes the attack as “a mishmash of pulverized system files from thousands upon thousands of compromised devices”. What’s the reason for using this particular method? Besides painting a cool mental image, this attack method serves a practical purpose. Specifically, it makes for an effective obfuscation technique that can be used to produce an unlimited number of extremely randomized payloads. Using these payloads, an offender can circumvent signature-based security systems that mitigate attacks by identifying similarities in the content of network packets. While in this instance Imperva was able to mitigate the attack, the company says that Leet Botnet is “a sign of things to come”. Brace yourself for a messy 2017… Source: http://betanews.com/2016/12/28/leet-botnet-ddos/

View article:
Bigger than Mirai: Leet Botnet delivers 650 Gbps DDoS attack with ‘pulverized system files’

Education Ministry website is under DDoS-attacks

Website of the Ministry of Education and Science does not work due to DDoS-attack. As noted by Interfax-Ukraine, citing the press service of the department, the attack on the portal has been made yesterday. “The attack was made on the weekend, and as a result of it the website is down”, noted in the department. According to the ministry, at the moment the attack has been finished, the work to restore the website is underway, but they have not completed it yet. Earlier the websites of the Ministry of Finance, the State Treasury and the Pension Fund also suffered from the hacker attacks. Source: http://112.international/society/education-ministry-website-is-under-ddos-attacks-12465.html

View article:
Education Ministry website is under DDoS-attacks

Hackers hit Thai government with DDoS attacks protesting against restrictive internet law

Classified government records are believed to have been accessed by the hackers. Anonymous hackers have reportedly hit Thailand government websites with targeted DDoS attacks in retaliation for the passage of a bill which is feared to impose considerable restrictions on internet freedom. The bill introduced amendments to the country’s computer crime law and was unanimously passed by the military-appointed legislature on 16 December, according to reports. The new law allows Thai authorities to monitor and access private communications as well as censor online content without a court order. The DDoS attack knocked out Thailand’s defence ministry website. At the time of writing, the site remains inaccessible. Anonymous hackers also reportedly targeted the Thai Ministry of Digital Economy and Society, the Prime Minister’s Office and the Office of the National Security Council. A hacker, claiming to be part of the Anonymous campaign against the Thai government titled “Op Single Gateway”, going by the pseudonym “blackplans”, posted screenshots on Twitter of what he/she claimed were documents stolen from the compromised government sites. The Thai defence ministry said the attack accomplished little. “They couldn’t do anything because we have defence systems in place that are ready for such situations,” said Kongcheep Tantrawanich, a defence ministry spokesman,” ABC News reported. He warned that further attacks could lead to “destroying financial systems, banks, transportation systems, airports and can cause damage toward the population of an entire country”. The Thai government characterised the hackers as “thugs” bent upon “creating chaos” and “overstepping boundaries”. The government has also asked the public to come forward with information about the hackers. Thai cyber controls raise censorship and privacy concerns Privacy groups have raised concerns about Thailand’s new cyber laws, which are believed to infringe on human rights and freedom of expression. The UN Office of Human Rights said in a statement on Monday (19 December): “We are concerned by amendments to Thai legislation that could threaten online freedoms, and call on the government to ensure the country’s cyber laws comply with international human rights standards.” According to local reports, Amnesty International, in collaboration with the Thai Netizen Network, lodged a petition with the Thai National Legislative Assembly. The petition, which has also been endorsed by 300,000 internet users, calls for reconsideration of the amendments to the computer crime act. “The bill is very broad and open to interpretation and we will have to see how the government will implement these laws,” said Arthit Suriyawongkul of the Thai Netizen Network. “It’s not the law itself that is a rights violation, but the authorities’ extensive power when monitoring and censoring online content, which could raise privacy concerns.” Thai Prime Minister Prayuth Chan-ocha defended the amendments to the nation’s cyber laws. “This law is for when anyone posts something that is poisonous to society so that we know where it comes from,” Prayuth said, Reuters reported. “Don’t think this is a rights violation. This isn’t what we call a rights violation … this is what we call a law to be used against those who violate the law,” he said. Source: http://www.ibtimes.co.uk/hackers-hit-thai-government-ddos-attacks-protesting-against-restrictive-internet-law-1597339

Read this article:
Hackers hit Thai government with DDoS attacks protesting against restrictive internet law

Indian Bitcoin Exchange Suffers Outage as DDoS Attacks Continue

T he onslaught of DDoS attacks targeting bitcoin websites around the world isn’t showing any signs of abating as an Indian bitcoin exchange came under attack today. Indian bitcoin exchange Coinsecure saw a spike in traffic this Monday morning local time. The number of connections attempting to reach the website was enough to disrupt exchange activity. Operational delays ensued on its website, mobile application and other API-enabled platforms. In an email to customers, the bitcoin exchange revealed the reason for the delays. We were under a massive DDoS attack this morning that blocked traffic temporarily to our website, API and Android App. You may have experienced delays in withdrawals and deposits as well, this morning. The email, which reached customers afternoon in local time, confirmed that the website was fully operational again, following several hours of disruption. Bitcoin Exchanges. Ripe Targets? Bitcoin exchanges and websites are perhaps the most-obvious targets for DDoS extortionists seeking ransom in bitcoin. Still, Kraken CEO Jesse Powell told CCN in an earlier exchange that bitcoin companies aren’t always the best targets. “Most Bitcoin companies aren’t profitable and we’re therefore not great targets,” said Powell, whose exchange suffered a DDoS attack in November last year. Thai bitcoin exchange Bitcoin Co. Ltd., also suffered a DDoS attack in November 2015, albeit from a different perpetrator. “We have received several DDOS-ransom letters to https://bx.in.th,” Bitcoin Co. Ltd Managing Director David Barnes told CCN . “[The] last was supposedly from Armada Collective requesting 10BTC.” More importantly, he added: Attackers seem to lose interest quickly when you block them or don’t respond to their messages. CCN was also targeted in November 2015, with one extortionist communicating via email to demand 2 bitcoins in ransom. The email was ignored and we duly put up a 5 BTC reward for any information leading to a successful police report. While we came short of finding details, CCN continues to be targeted frequently with DDoS attacks. At the time in 2015, bitcoin was trading near peaks of $500 and has come a considerable way since while avoiding volatility. As the value of the cryptocurrency makes gains with stable footing, bitcoin businesses and websites continue to remain targets. A New Wave of Attacks The latest instances of DDoS disruptions could ostensibly be new wave of attacks targeting bitcoin websites. Last week, European bitcoin and altcoin exchange BTC-e was also targeted, resulting in temporary disruption of exchange activity. CCN was also the target of a DDoS attack last week. The website saw temporary disruption lasting 1-2 hours before the attacks were mitigated. Source: https://www.cryptocoinsnews.com/indian-bitcoin-exchange-suffers-outage-ddos-attacks-continue/

Continue reading here:
Indian Bitcoin Exchange Suffers Outage as DDoS Attacks Continue

OpEdNews Attacked by DDoS Denial of Service Attack

OpEdNews was victim of an aggressive DDoS denial of service attack yesterday. OpEdNews was victim of an aggressive DDoS denial of service attack yesterday. The attack came in the form of tens of thousands of emails bombarding our server. These took up all our bandwidth resources and caused the site to either shut down or run very slowly. We don’t know who initiated the attack, but it shut down our server several times yesterday and has caused some problems with our view tracking. Senior OEN editor Josh Mitteldorf observed, “We might start by asking whose lies are we undermining? What powers are we speaking truth to?” At the same time the DDoS attack was going on, we’ve been in the middle of transferring OpEdnews to a new, much better, faster, higher bandwidth server– shifting from two to 32 gigabytes of RAM, with a much faster processor and faster SSD hard drive. OpEdNews hope to have the transition to the new server finished by tomorrow, after which we’ll be able to better sort out the problem with article view tracking. There may be a brief time, during the transfer, when you can’t submit content– articles, comments. That will pass as soon as the DNS servers shift the site from the old server to the new server. This varies with your location. In simpler language, the pause in the ability to submit will last until the site domain name has been fully shifted to be pointed to the new server. Source: http://www.opednews.com/Diary/OpEdNews-Attacked-by-dDOS-by-Rob-Kall-Distributed-Denial-Of-Service-Attack-DDOS_OpEdNews-161215-445.html

View article:
OpEdNews Attacked by DDoS Denial of Service Attack

Rio 2016: DoS attack made on Swimming Australia website after Mack Horton’s drug remarks

Swimming Australia’s website has been hit by a denial of service (DoS) attack. The ABC has learned the site is operating in an “under attack” mode in the wake of Olympic gold medallist Mack Horton’s comments about his Chinese competitor Sun Yang being a drug cheat. While the site has continued to operate, it has deployed software to check the veracity of every browser accessing the page to ensure they are legitimate. Horton’s social media has been bombarded with hundreds of thousands of negative comments from China. Swimming Australia is not commenting publicly but it is understood the attack has been referred to the Government for investigation. Security analyst Marco Ostini from AusCERT, a non-profit organisation that protects organisations from cyber attacks, said DoS attempts were extremely common. “It’s actually a very difficult problem to put a number on,” he said. “It’s certain though … based on all malicious metrics on the internet, it’s increasing.” Mr Ostini said without seeing the internet traffic and logs associated with Swimming Australia’s page it was hard to work out what had happened, but he doubted it was a high-level attack. “I’d be really surprised if it was [China] state-sanctioned attackers causing trouble for Swimming Australia,” he said. “It’s possibly more likely just a large amount of interested people who are expressing themselves in possibly posting comments [on the website].” Source: http://www.abc.net.au/news/2016-08-11/rio-2016-dos-attack-made-swimming-australia-website/7721848

Read the original:
Rio 2016: DoS attack made on Swimming Australia website after Mack Horton’s drug remarks

Internet Service Providers Under DDOS Attack in Mumbai, Probe Ordered

“Thus, an attack on ISPs is an attack on the nation”. Internet Service Providers (ISPs) in Mumbai are facing an unprecedented attack by hackers which has reduced surfing speeds in the city. Inspector General of Police (Cyber Crime) Brijesh Singh said, “Some unknown people are involved in crashing the ports of Internet Service Providers by making lakhs of requests at a particular terminal at a particular time, which we call “Distributed Denial Of Service”. According to the post on The Hindu, IGP (Cyber Crime) Brijesh Singh said, ‘An FIR has been filed with the Cyber police station in BKC under sections 43 (F) and 66 of the Information Technology Act. They also said the attack was still being carried out. “We have registered an FIR and started tracking down the operators who are trying to crash the servers or ports of ISPs”, he said, adding that the attack has slowed down the internet services and affected subscribers of ISPs. “We are investigating the matter”. Other than this, it’s not clear which ISPs are affected although this reddit thread claims that Airtel is the primary ISP being DDoSed, which distributes broadband to other smaller companies, leading to network blockages across a wide range of ISPs. The attack, however, still continues. The resources behind the attack have to be considerable. “Kindly bare with us as we are trying to solve this problem in very short period with the help of high skilled technicians. please be with us and let’s fight against these hackers (sic)”. As of Monday morning, small and medium ISPs are still struggling to provide uninterrupted service to users. IT expert Vijay Mukhi says, “The idea of a DDoS is to make a computer or a server very slow so that anyone who uses an ISP’s services can not connect. All a hacker has to do is buy enough infected IP addresses and use them for a DDOS attack”. Typically, DDoS attacks are targeted at big websites or platforms with the intention of taking them down or blocking access to them. Source: http://nanonews.org/internet-service-providers-under-ddos-attack-in-mumbai/

More:
Internet Service Providers Under DDOS Attack in Mumbai, Probe Ordered

Anonymous Launches DDoS Attacks Against Rio Court Website

Members of the hacktivist collective Anonymous reportedly launched distributed denial-of-service (DDoS) attacks against the website of the Court of Rio de Janeiro for its decision to block WhatsApp in Brazil. The DDoS attacks against the Court of Rio de Janeiro allegedly forced the site offline for a period. Members of Anonymous Brazil confirmed the attack on their Facebook page saying, “Court of Justice of the state of Rio de Janeiro off in protest to the blockade of the WhatsApp.” The Rio Court recently ruled to block WhatsApp in Brazil as the application will not decrypt communications for criminal investigation procedures, according to reports. The Court of Rio de Janeiro had allegedly sent three court orders to receive specific information from WhatsApp related to criminal investigations. WhatsApp implemented end-to-end encryption to its messages between users in April 2016. The message service provider said it is unable to disclose data on these communications. Court orders through out Brazil have previously ordered a ban on WhatsApp for similar reasons during criminal investigations in December 2015, February and May 2016, according to reports. The website of the Court of Rio de Janeiro is fully restored and functional at the time of this post. WhatsApp service in Brazil has also been restored to users through out the country. Source: http://www.batblue.com/anonymous-launches-ddos-attacks-rio-court-website/

Visit site:
Anonymous Launches DDoS Attacks Against Rio Court Website