Tag Archives: development

17-Year-Old Behind Norway DDoS Attacks This Week

On Thursday, the Norwegian police have arrested and charged a 17-year-old in connection to the recent massive distributed denial-of-service (DDoS) attacks directed at major financial institutions and other businesses in the country. The teen, from the city of Bergen, on Norway’s west coast, claimed to be part of the hacktivist group Anonymous Norway, who, in a Twitter message, dismissed any connection to him or the DDoS incidents. On the day of the attack, the teenager sent a letter to the media, claiming to be part of Anonymous and saying that “the motivation behind the current attacks and the next attacks in the future is to get the community to wake up. The number of major IT security attacks is increasing and there is nothing being done to prevent such events.” Evidence that Anonymous Norway was not involved in the incidents is the fact that the boy joined the group’s Facebook page on the same day of the attack. Furthermore, the hacker outfit provided a Pastebin link in a new tweet, pointing to the identity of the perpetrator; they did not create the post, just scooped it up. Initially, the youngster was charged with gross vandalism, which carries a maximum prison sentence of six years in Norway. However, since he has no record and is still a minor, this should be greatly reduced. According to News in English, Frode Karlsen of the Bergen police told Norwegian Broadcasting that the authorities are taking the matter seriously because this sort of attack can have significant impacts on society, like individuals not being able to reach emergency services in case they needed help. After his arrest, the teen cooperated in the investigation and clarified the nature of his actions. His defense lawyer stated that “he’s sorry for having caused all this and has laid his cards on the table.” The DDoS attack, which occurred on Tuesday, was considered among the largest ever seen in Norway and leveraged the vulnerable “pingback” WordPress feature. Its increased significance is due to the fact that it targeted layers three (network) and four (transport) of the OSI model, as well as layer seven (application), at the same time. Mitigating an application layer DDoS attack is not too easy, because the requests are directed at the application interface and mimic legitimate behavior, which makes filtering out the bad traffic more difficult. The attack aimed at disrupting the online services of major financial institutions in Norway (Norges Bank, Sparebank 1, Storebrand, Gjensidige, Nordea, Danske Bank), as well as other business, like Scandinavian Airlines (SAS) and Norwegian Air. The website of the largest telecommunications company in Norway, Telenor, was also affected. Source: http://news.softpedia.com/news/17-Year-Old-Behind-Norway-DDoS-Attacks-this-Week-450391.shtml

Read the article:
17-Year-Old Behind Norway DDoS Attacks This Week

Norway banks hit in largest-ever DDoS attack, Anonymous ‘takes credit’

Norway’s top financial institutions have been hit in what appears to be a coordinated cyber-attack, the biggest-ever the country has experienced. Anonymous Norway may be responsible for the operation. The Tuesday attack targeted at least eight top Norway companies, including central Norges Bank, Sparebank 1, Danske Bank and insurance companies Storebrand and Gjensidige. Three Norwegian airlines and a big telecommunication company may also have been affected by the same attack. The malicious bombardment with requests caused traffic problems for their website and disrupted access throughout the day. This affected the banks’ online payment services as well. “The scale is not the largest we have seen, but it is the first time it has hit so many central players in the finance sector in Norway,” said the head of Evry’s security team, Sverre Olesen in an interview with Dagens Næringsliv business newspaper. Evry provides services to many of the affected companies and was busy dealing with the emergency. The company said the attackers used a vulnerability in the blogging platform WordPress and other venues to hit the websites. They didn’t appear to try to hack into the targets’ networks and try to steal any personal information, it added. The source of the attack was abroad, Evry said. Norway’s National Security Authority (Nasjonal sikkerhetsmyndighet, NSM) said it was investigating the attack, but could not identify the perpetrators yet. The newspaper said it received an email signed by Anonymous Norway claiming responsibility for the DDoS attack on the banks. The email came before the news about it broke. But a tweet on the Anonymous Norway Twitter account denied the hacktivist group’s involvement, saying they were “laughing at those who think we are behind the attacks.” Source: http://rt.com/news/171724-norway-banks-anonymous-ddos/

Read the original post:
Norway banks hit in largest-ever DDoS attack, Anonymous ‘takes credit’

Brute-force bot busts shonky PoS passwords

RAM scrapers foisted on 60 terminals A botnet has compromised 60 point of sale (PoS) terminals by brute-force password attacks against poorly-secured connections, FireEye researchers say.…

See more here:
Brute-force bot busts shonky PoS passwords

‘Political’ DDoS Attacks Skyrocket in Russia

Commercial hackers in Russia are giving way to politically motivated cyber criminals targeting ideological enemies, a new study said Wednesday. The most powerful DDoS attacks on Russian websites in the first six months of 2014 were triggered by the political crisis in Ukraine, digital security company Qrator Labs revealed. February’s Olympic Games in Sochi also prompted a spike in DDoS attacks, said the study, as reported by Bfm.ru news website. Hacker attacks in Russia have generally decreased in quantity, but have become more powerful compared with the first six months of 2013, the report said. About 2,700 distributed denial-of-service (DDoS) attacks occurred during the first six months of 2014, compared with 4,400 over the same period last year, Bfm.ru said. But the number of powerful attacks upward of 1 Gbps increased five times to more than 7 percent of the total, the report said, citing Qrator Labs digital security company. Some of the attacks peaked at 120 to 160 Gbps, the report said. Attack time also grew significantly, with DDoS strikes lasting up to 91 days, compared with 21 days in the first half of 2013. Average botnet size tripled from 136,000 to 420,000 machines per attack. This indicates ideological motivation on behalf of the attackers, who, unlike criminal hackers attacking websites for money, have more time at their disposal, Qrator Labs was quoted as saying. The media made the list of prime DDoS targets along with payment systems and real estate websites. Last season, Forex websites and online stock exchanges accounted for the “absolute majority” of the attacks, the study said, without providing exact figures. Source: http://www.themoscowtimes.com/news/article/political-ddos-attacks-skyrocket-in-russia/503226.html

ATTACK of the Windows ZOMBIES on point-of-sale terminals

Infosec bods infiltrate botnet, uncover crap password security Security watchers have spotted a fresh Windows-based botnet that attempts to hack into point-of-sale systems.…

More:
ATTACK of the Windows ZOMBIES on point-of-sale terminals

Facebook scuttles 250k-strong crypto-currency botnet

As noose tightens, VXer pleades: ‘Stop breaking my ballz’ Facebook has taken down a Greek botnet that at its peak compromised 50,000 accounts and infected 250,000 computers to mine crypto-currencies, steal email and banking details and pump out spam.…

See more here:
Facebook scuttles 250k-strong crypto-currency botnet

June – The month of DDoS attacks

The list of DDoS attacks in the month of June has made for grim reading. High-profile sites have been targeted by extortion demands, online games got disrupted and at least one company was put out of business as a direct result. While it’s tempting to look for a single cause at the root of this apparent tsunami of distributed denial-of-service activity, the reality is considerably more complex. Online activism, the profit motive and even potential nation-state activity contributed to June’s high volume of DDoS attacks. The only commonality, in fact, may be the ease with which DDoS attacks can be launched. Experts like Molly Sauter, an academic and author of the forthcoming book The Coming Swarm, say that the process is childishly simple. “Literally, if you have a credit card and if you’re bored, it could be anyone,” Sauter told Network World. “It’s so easy to rent a botnet – most of them are out of Russia – and you can rent one for stupid cheap, and then deploy it for a couple of hours, and that’s really all you need to target a major site like Feedly or Evernote.” Sauter’s research focuses on the socio-political aspects of technology. She highlights the attacks, earlier in June, on websites connected to the World Cup’s sponsors and backers, which used the iconography of Anonymous. “I’m seeing a lot of Anonymous-oriented DDoS actions,” she said. Anonymous, according to Sauter, is a useful “brand” for politically motivated DDoS attacks, allowing groups to identify themselves with a particular flavor of political thought, despite no organizational connection to other activists. But the highest-profile attacks in the U.S. this June were not politically motivated – the DDoS attempts that took down RSS reader Feedly and note-taking and personal organization service Evernote drew big headlines, and Feedly, at least, was asked for ransom by its attackers. Feedly didn’t pay up, and, according to Forrester principal analyst Rick Holland, that’s probably for the best. “There’s no guarantee that they’re not going to continue to DDoS you,” he said. “It’s like regular extortion – you start paying people off and then, suddenly, they’re going to keep coming back to you every month.” Holland stopped short of urging a blanket refusal to pay off DDoS extortionists, however, saying that companies need to decide their own cases for themselves, in close consultation with their legal teams. He doesn’t know of any companies that have paid a DDoS ransom, but said that it wouldn’t surprise him to learn that it has happened. “I wouldn’t be surprised if people have gotten DDoS, it didn’t go public, they paid a ransom and that was that, but I have not specifically had those conversations,” he said. IDC research manager John Grady said that the increasing primacy of online services means that extortion-based DDoS attacks are becoming a more serious threat. “When there are direct ties from resource availability to revenue, targeting availability is a quick way to get someone’s attention,” he said. Grady echoed both Sauter’s point about the general cheapness of botnets and Holland’s argument that paying the ransom doesn’t make a company proof against further attacks. What’s more, he said, the growing power of some types of attack swings the balance of power further in favor of the attackers. “Increasingly, the ease of amplifying attacks through DNS or NTP, which can ramp traffic up in the hundreds of gigabit range that we’ve seen become common, gives attacks real economies of scale,” Grady said. Research from Forrester shows that, in addition to volumetric attacks like DNS and NTP (which essentially flood targets with unwanted data), targeted application-level attacks have been on the rise. Application-level incidents had been seen by 42% of DDoS victims surveyed in a 2013 report – just shy of the 44% that suffered volumetric attacks. Moreover, 37% used some combination of techniques. According to a report from Infonetics, that trend has prompted increasing attention for application-level mitigation technology. “An increasing number of application-layer attacks, which older DDoS detection and mitigation infrastructure can’t identify and block, are forcing companies to make new investments in DDoS solutions,” wrote principal security analyst Jeff Wilson in December. What this means is that a DDoS attack, whether it’s motivated by politics or money, is an increasingly unequal struggle. Attack techniques have become easier, cheaper and more powerful at the same time as their effects have become more damaging – and defensive measures have failed to keep pace. “The cost of entry is very low for the attackers and the cost to defend is very high for the targets,” said Holland. He said that the best defense may be to simply be as forewarned as possible, and to make plans in advance for potential DDoS incidents. Many businesses haven’t even considered the potential ramifications of a DDoS. Source: http://www.networkworld.com/article/2449855/security0/bloody-june-what-s-behind-last-month-s-ddos-attacks.html

Continue reading here:
June – The month of DDoS attacks

Week in review: DDoS attacks becoming more effective, and how to build trust between business and IT

Here's an overview of some of last week's most interesting news, articles and interviews: Gathering and using threat intelligence In this interview, Tomer Teller, Security Innovation Manager at…

eToro’s Website down Due to Malicious DDOS Attacks, Functionality Restored

Thursday has turned out to be somewhat of a more busy day for social trading platform eToro than usual. According to a company statement, the company’s service has been under attack by a malicious group of attackers since 07:12 GMT. After numerous complaints by customers of the firm, a thorough statement has been provided by eToro’s CEO, Yoni Assia. “I am sure that by now, most of you are already aware of the fact that our platform was under attack by a malicious group of hackers. I realize that many of you may be frustrated, angry, or simply worried following the unusual service interruptions that happened on Thursday, July 3rd and I wanted to contact you personally to apologize and explain what happened. Since 07:12 GMT, July 3rd, eToro has been the target of a criminal DDoS attack – a technique used by hackers to take an internet service offline by overloading its servers. (To read more about DDoS attacks:http://en.wikipedia.org/wiki/Denial-of-service_attack). I believe the choice to attack today was not a random one, as both you and eToro have been gearing up for today for the better part of the week. We had everything in place for you to experience a great day of trading, with the NFP announcement. I speak for everyone at eToro when I say that we deeply regret that this experience was denied you. We have robust systems in place to deal with such instances; however the scale of this particular attack caused our platform to experience significant downtime. All your personal data, including billing information, financial information and personal details is secure. More than that, throughout today we offered several alternatives for those of you who wanted to close a position, in order to give you as much control as was possible with regard to your portfolio. The status right now is that we were successful in restoring all of our services. Regrettably, as with attacks such as this, we might see more interruptions in the next few days. It is my personal goal to make sure you receive the best experience possible and I guarantee that all of us here at eToro are working around the clock to make sure this is exactly what you get. Our technical and service teams are at your disposal and are working non-stop to help each and every one of you resolve any issue affecting your personal account.” Update: On Friday morning in Europe, users have been reporting troubles with website and app functionality, and issues with logging in. Around 9BST, the status of the website was updated by the company, with eToro stating that currently it’s up and running, despite still being under attack. According to a company spokesperson, the malicious attempts are now blocked before they can affect eToro’s community. Source: http://forexmagnates.com/etoros-website-down-due-to-malicious-ddos-attacks-restored-only-to-go-dark-again/#sthash.PWXi3f61.dpuf

Continued here:
eToro’s Website down Due to Malicious DDOS Attacks, Functionality Restored

Could Cookies Be Used to Launch DoS Attacks?

Giant cookies could be used to create a denial of service (DoS) on blog networks, says infosec researcher Bogdan Calin. Such an attack would work by feeding users cookies with header values so large that they trigger web server errors. Calin created a proof of concept attack against the Google Blog Spot network after a customer reported problems with internal security testing. In his subsequent tests, he found that if one sends many cookies to a browser, sets them to never expire and includes pointers to a blog network’s root domain, the user won’t ever be able to see any blogs on the service. Victims can tell if supersized cookies have been stuffed down their browser’s throats when 400 errors such as “Your browser sent a request that this server could not understand. Size of a request header field exceeds server limit” appear. Sydney security bod Wade Alcorn (@WadeAlcorn) said the attack would work if custom cookies could be set. “This attack, denial-of-service by cookies, sets many long cookies, forcing the browser to create a very long request [that] is too long for the server to handle, and simply returns an error page,” Alcorn said. “The vulnerable browser won’t be able to visit that origin until the cookies are cleared. “When a browser visits one of these [user-controlled] subdomains it will allow a cookie to be set on the parent domain [which] means that when a denial-of-service by cookies attack is launched, the victim browser will not be able to visit the parent domain or any of the subdomains.” For an application to be vulnerable it must provide an opportunity for the attacker to set custom cookies in the victim’s browser, Alcorn pointed out. Chrome users were not affected when perusing Blog Spot but were on other unnamed domains. Alcorn said a Google security rep told him the risk was a problem for web browser developers to fix, rather than a lone web app providers, and welcomed ideas that could squash the vector. Source: http://www.theregister.co.uk/2014/07/02/monster_cookies_can_nom_nom_nom_all_the_blogs/

Read this article:
Could Cookies Be Used to Launch DoS Attacks?