Tag Archives: development

OMG, that’s downright Wicked: Botnet authors twist corpse of Mirai into new threats

Infamous IoT menace lives on in its hellspawn Cybercrooks are using the infamous Mirai IoT botnet as a framework to quickly add in new exploits and functionalities, it has emerged.…

See the original post:
OMG, that’s downright Wicked: Botnet authors twist corpse of Mirai into new threats

FCC blames DDoS for weekend web lockout

Not down to people trying to file comments on issues rhyming with wetsuit balloty, it insists Vid   Problems faced by consumers hoping to submit comments to the Federal Communications Commission over the weekend were caused by a denial of service attack, the US government agency admits.…

More:
FCC blames DDoS for weekend web lockout

Are your competitors organizing DDoS attacks against you?

According to recent research from Kaspersky Lab and B2B International, nearly half (48 per cent) of the companies surveyed believe they know the identity and motivation of those behind recent DDoS att…

View article:
Are your competitors organizing DDoS attacks against you?

Week in review: APT wars, 18-year-old bug endangers Windows users, and main sources of data breaches

Here's an overview of some of last week's most interesting news and articles: Simda botnet taken down in global operation The Simda botnet, believed to have infected more than 770,000 computers …

Read the original:
Week in review: APT wars, 18-year-old bug endangers Windows users, and main sources of data breaches

DDoS attack downs Twitch on news of Amazon acquisition

Just hours after Amazon announced a $970m deal to acquire Twitch, the live video platform for gamers was taken offline temporarily by a distributed denial of service (DDoS) attack. Twitch is the latest in a string of online gaming platforms to be hit by DDoS attacks that have been linked to several groups, including Lizzard Squad, jihadist group Islamic State, and Anonymous. At the weekend, Sony’s PlayStation Network was knocked offline and several others experienced disruptions, including Microsoft’s Xbox Live and Blizzard’s Battle.net. DDoS attacks are commonly used by competitors or activists to take services offline using a variety of techniques that make services impossible to reach. The reason for the DDoS attack on Twitch is unknown, but industry pundits have speculated that it may be linked to concerns about the acquisition by Amazon. Commenting on the weekend disruptions, Dave Larson, CTO at Corero Network Security, said the drivers for launching DDoS attacks are far ranging and difficult to pinpoint in many cases. “Anyone can become a victim at any time and, as the attacks continue to become stronger, longer and more sophisticated, businesses that rely on their online web applications as a revenue source cannot become complacent,” he said. Larson said the latest DDoS attacks underscore the importance of including a DDoS first line of defence as a component of network security architecture. Lancope chief technology officer TK Keanini said that while DDoS was once a resource held by a few of the elite groups on the net, this method of attack is now available to anyone as it is offered as a service. “If you know where to look, and you have some crypto currency in hand, just point and shoot,” he said. According to Keanini, any business connected to the internet is likely to be targeted by a DDoS attack at some point. “But game networks have to work harder than most to remain secure as they are incredibly attractive targets. “Not only are they high profile, with any disruption making the news, but given all the in-game commerce, credit card and personal information is kept up to date and can be monetised by these cyber criminals,” he said. Source: http://www.computerweekly.com/news/2240227573/DDoS-attack-downs-Twitch-on-news-of-Amazon-acquisition

See the original post:
DDoS attack downs Twitch on news of Amazon acquisition

PlayStation network back online after DDoS attack

Sony’s PlayStation and Entertainment networks are back online after they were forced offline by a distributed denial-of-service (DDoS) attack, the company said late Sunday. “People can now enjoy the services on their PlayStation devices,” Sony spokesman Sid Shuman wrote in a blog post “We have seen no evidence of any intrusion to the network and no evidence of any unauthorized access to users personal information,” he said, also offering apologies for any inconvenience caused. Sony was hit by a large scale DDoS attack which struck upstream traffic routes over which Sony has no control, affecting players’ ability to log in, Sony Online Entertainment President John Smedley wrote on Twitter on Sunday. DDoS attacks attempt to crash a network by sending large amounts of data to a service provider. A group calling itself the “Lizard Squad” claimed on Twitter to be behind the attack. It said that it had “planted the ISIS flag on @Sony’s servers,” referring to the militant group that occupies parts of Syria and Iraq. Earlier on Sunday, the group tweeted directly to American Airlines writing that it had “received reports” that a flight carrying Smedley “has explosives on board.” This appeared to be a way to aggravate Sony further. Smedley had tweeted earlier that his flight had been diverted for reasons that had to do with “something about security and our cargo.” The Boeing 757, with 179 passengers and six crew which left from Dallas-Fort Worth for San Diego was diverted to Phoenix due to a “a security-related issue” and landed safely, according to American Airlines. Source: http://www.cio-asia.com/resource/networking/playstation-network-back-online-after-ddos-attack/

More:
PlayStation network back online after DDoS attack

Eve Online Servers Knocked Offline Due to DDoS Attacks

Eve Online, the space-based videogame with over half a million active players, has been forced offline for more than 12 hours due to a series of cyber attacks against a cluster of its servers located in London. According to the Eve Online Status Twitter account, the first signs of trouble were seen at around 8pm on Thursday, 21 August, and by 11pm the Icelandic-based CCP Games which develops the game had confirmed the problem was due to a series of distributed denial of service (DDoS) attacks. DDoS attacks are a common tool used by criminals to flood servers with traffic in order to knock them offline and unavailable to anyone trying to access them. Some had apparently linked the offline status of the game to the recent activity of the Bardarbunga volcano in Iceland which is on the verge of erupting, however CCP Games explicitly ruled this out.   The problem is affecting the Tranquility server cluster, which all Eve Online players connect to in order to play the game. This cluster of servers is based in London. Even the Eve Online wiki is inaccessible as it too is seemingly hosted on the Tranquility server. An update from CCP Games on Twitter at 8am on Friday, 22 August, simply saying: “Tranquility is currently under heavy load again” and pointing player to a forum thread. However this thread also appears to be offline at the time of publication. DDoS attacks are often used by unscrupulous companies in order to knock rivals offline for a sustained period of time, with many cyber-criminals renting out DDoS services for as little as £5-an-hour. Eve Online is a massively multiplayer online game set in the fictional world of New Eden where players pilot customisable spaceships through a galaxy of over 7,500 star systems. The game is also unique in that its developers create the structure of New Eden but then handed over control of what happens in the game to the players. The rest is a virtual world where corporations and alliances hold huge power and where huge battles can cost the equivalent of over $300,000 in real world money. Source: http://www.ibtimes.co.uk/eve-online-servers-knocked-offline-due-ddos-attacks-1462180

Continue Reading:
Eve Online Servers Knocked Offline Due to DDoS Attacks

Chinese Linux Trojan makes the jump to Windows – DDoS attacks largely aimed within China

A CHINESE TROJAN , one of the few to be written for the Linux operating system, has seemingly made the jump to Windows. First reported in May by Russian anti-malware software house Dr Web, the original malware known as “Linux.Dnsamp” is a Distributed Denial of Service (DDoS) Trojan, which, according to the company blog, transfers between Linux machines, altering the startup scripts, collecting and sending machine configuration data to the hackers’ server and then running silently waiting for orders. Now it appears that the same hackers have ported the Trojan to run in Windows as “Trojan.Dnsamp.1? The Windows version gains entry to the system under the guise of a Windows Service Test called “My Test 1?. It is then saved in the system folder of the infected machine under the name “vmware-vmx.exe”. When triggered, just like its Linux counterpart, the Trojan sends system information back to the hackers’ central server and then awaits the signal to start a DDoS attack or start downloading other malicious programs. Fortunately, the vast majority of the attacks using this method were aimed at other Chinese websites, which were attacked 28,093 times, but Dr Web warns that US websites came second with nine percent of attacks. Although the threat of malware is an everyday hazard to most computer users, to find an attack on Linux is much rarer, and to find any kind of malware that has been ported from one operating system to another is almost unheard of. In June, RSS reader service Feedly, note app Evernote and streaming music service Deezer all suffered DDoS attacks. Google is working on Project Shield, an initative designed to help smaller web servers fight off DDoS attacks. Source: http://www.theinquirer.net/inquirer/news/2361245/chinese-linux-trojan-makes-the-jump-to-windows

Follow this link:
Chinese Linux Trojan makes the jump to Windows – DDoS attacks largely aimed within China

DDoS extortion attacks on the rise

While digital ransom attacks come in various types and forms, Distributed Denial of Service (DDoS) attacks are top of the list of methods used by attackers to force money from targeted companies. So says Bryan Hamman, territory manager of Arbor Networks, who points out that in recent weeks, well-known names such as Evernote and Feedly have fallen victim to extortion attacks, but these companies are just the tip of the iceberg when it comes to this very lucrative criminal activity. InfoSecurity Magazine reports that this year the number of network time protocol amplification attacks increased 371.43%. The average peak DDoS attack volume increased a staggering 807.48%. The news aggregator Feedly said it had come under a DDoS attack from cyber criminals, which was preventing users from accessing its service. “Criminals are attacking Feedly with a distributed denial of service attack. The attacker is trying to extort money from us to make it stop. We refused to give in and are working with our network providers to mitigate the attack as best as we can,” said Feedly in a blog post. “‘Pay up or we’ll take your Web site down’, so goes the adage that usually accompanies ransom-based cyber-attacks,” says Hamman. According to Arbor’s ninth annual Worldwide Infrastructure Security Report, DDoS extortion attacks account for 15% of all DDoS attacks. While it may seem like a relatively small percentage, one must consider that as many as 10 000 DDoS attacks occur world-wide every day and the potential cost in damages and reputation can have a significant impact on a targeted organisation, Hamman points out. He explains that DDoS extortion attacks are generally volumetric, high bandwidth attacks launched with the aim of crashing a company’s Web site or server by bombarding it with packets, which originate from a large number of geographically distributed bots. The size of volumetric DDoS attacks continues to increase year on year, and they remain a major threat to enterprises and Internet service providers alike, he adds. “Traditionally, DDoS extortion attacks were used against online gambling sites, around major sporting events. Criminal gangs would initiate attacks that would bring the Web site down just before the event was to start, thus forcing the companies to choose between suffering a major loss in monetary and reputational terms or paying up. Increasingly, however, DDoS attacks are being used to extort money from all sorts of businesses and the reality is that no company should feel safe,” he says. So what is the right response when it comes to extortion demands? Hamman asks. “The answer is simple and always the same – not to give in. Organisations should under no circumstances agree to pay the ransom – it can set a dangerous precedent and encourage more attacks in the future; while it might make the pain go away in the short term, the long-term results are generally not worth it. “Declining to pay comes, of course, with severe consequences – as we saw from recent attacks on Feedly, who suffered from three separate waves of DDoS attacks. However, the company has now recovered from the attack and is operating as normal. Furthermore, it has been praised for its brave decision by the security community and even its own customers,” says Hamman. According to Hamman, many companies still rely on reactive measures such as router filters and firewalls, which are inefficient and not sophisticated enough to protect against organised cyber crime. Instead, he says, organisations need to invest in preventive, multi-layered mitigation, which includes on-premise and cloud protection, as well as allowing for co-operation with their ISP or hosting company. In addition, putting a mitigation strategy in place, should the worst happen, is of crucial importance – especially as only 17% of organisations globally feel they are fully prepared for a security incident. “By building defences, implementing plans ahead of time and refusing to give in, businesses needn’t feel threatened anymore – attackers wanting to make easy money will have to look elsewhere.” Source: http://www.itweb.co.za/index.php?option=com_content&view=article&id=136989:DDoS-extortion-attacks-on-the-rise&catid=265

See the original article here:
DDoS extortion attacks on the rise

Popcorn Time Hit By Massive DDoS Attack

A major fork of the popular Popcorn Time project is currently being subjected to a massive DDoS attack. The whole project has been hit, from the site hosting its source through to its CDN, API and DNS servers. The team tells TorrentFreak that the attack amounts to 10Gbps across their entire network. Every year sees periods when sites in the file-sharing sector are subjected to denial of service attacks. The attackers and their motives are often unknown and eventually the assaults pass away. Early in 2014 many torrent sites were hit, pushing some offline and forcing others to invest in mitigation technology. In May a torrent related host suffered similar problems. Today it’s the turn of the main open source Popcorn Time fork to face the wrath of attackers unknown. TorrentFreak spoke with members of the project including Ops manager XeonCore who told us that the attack is massive. “We are currently mitigating a large scale DDoS attack across our entire network. We are currently rerouting all traffic via some of our high bandwidth nodes and are working on imaging and getting our remaining servers back online to help deal with the load,” the team explain. The attack is project-wide with huge amounts of traffic hitting all parts of the network, starting with the site hosting the Popcorn Time source code. Attack on the source code site – 980Mbps Also under attack is the project’s CDN and API. The graph below shows one of the project’s servers located in France. The green shows the normal traffic from the API server, the blue represents the attack. Attack on the France API server – 931Mbps Not even the project’s DNS servers have remained untouched. At one point two of three DNS servers went down, with a third straining under almost 1Gbps of traffic. To be sure, a fourth DNS server was added to assist with the load. Attack on the Dutch DNS server – peaking at 880Mbps All told the whole network is being hit with almost 10Gbps of traffic, but the team is working hard to keep things operational. “We’ve added additional capacity. Our DNS servers are currently back up and running but there is still severe congestion around Europe and America. Almost 10Gbps across the entire network. Still working on mitigating. API is still online for most users!” they conclude. Nobody has yet claimed responsibility for the attack and it’s certainly possible things will remain that way. Only time will tell when the attack will subside, but the team are determined to keep their project online in the meantime. Source: http://torrentfreak.com/popcorn-time-hit-by-massive-ddos-attack-140814/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Torrentfreak+%28Torrentfreak%29

Read More:
Popcorn Time Hit By Massive DDoS Attack