Tag Archives: distributed

Edgio enhances its Security platform with DDoS scrubbing and WAAP capabilities

Edgio has enhanced its Security platform enabling enterprises to better detect and respond to emerging threats while ensuring confidentiality, integrity and availability of their data and applications. These new capabilities are aimed at reducing the damage caused by the increase in severity of Distributed Denial of Service (DDoS) and other sophisticated application attacks. The new DDoS scrubbing solution provides dedicated DDoS mitigation capacity that protects all protocols and direct-to-origin attacks and complements Edgio’s 250+ Tbps … More ? The post Edgio enhances its Security platform with DDoS scrubbing and WAAP capabilities appeared first on Help Net Security .

See the article here:
Edgio enhances its Security platform with DDoS scrubbing and WAAP capabilities

Battlefield 1: Are servers up after DDoS attack by The Phantom Squad?

It seems that the servers of popular first-person-shooter game Battlefield 1 have fallen victim to an attack by a hacker group which is said to have resorted to employing the Distributed Denial of Service aka DDoS attack. Plenty of Battlefield 1 gamers have taken to social media forums to report the non-playability of Battlefield 1. Therefore, you can let us know in case the game servers are offline thus momentarily not allowing you play Battlefield 1. It seems that the mastermind of the latest attack on battlefield 1 servers is the Phantom Squad who has claimed responsibility for the attack. “We will be keeping Battlefield 1 servers down. We are waiting for starskids to have an autistic breakdown,” state the hacker group in an official tweet. At this juncture, developers Electronic Arts are yet to issue official comments on the reported DDoS attack on the Battlefield 1 servers by The Phantom Squad. Therefore, you are advised to check for the online game mode in Battlefield 1 and let us know if the game works for you. As soon as the Battlefield 1 servers were ‘attacked’, gamers took to micro-blogging site Twitter to vent their angst. Source: http://www.ibtimes.co.in/are-battlefield-1-servers-after-ddos-attack-by-phantom-squad-can-you-play-game-now-708831

View original post here:
Battlefield 1: Are servers up after DDoS attack by The Phantom Squad?

WikiLeaks website suffers mysterious outage sparking Rule 41 hacking conspiracy

The website was offline for roughly four hours on 1 December. Whistleblowing website WikiLeaks suffered a mysterious outage on the morning of 1 December for roughly four hours, two days after posting its release of a searchable database of 60,000 emails from US government contractor HBGary. The website reportedly went down at around 4:00am (GMT), with some social media users quickly speculating it was the result of yet another distributed-denial-of-service (DDoS) assault – a form of cyberattack that sends waves of traffic at a web server in order to force it offline. By 9:00am (GMT) the website had fully resurfaced. “WikiLeaks is offline. Page no longer exists?!” one user wrote. Another said: “@WikiLeaks is down right now. Could be DDoS attack.” Meanwhile, a well-known account linked with Anonymous added: “Rule 41 happens and the first thing that goes down? WikiLeaks, of course, is currently unreachable.” Rule 41 is the newly-passed law in the US that permits the FBI and other agencies to conduct hacking-based investigations on multiple computers with a single warrant. Despite the claims of Anonymous, there is nothing to suggest it was related to any problems with WikiLeaks’ website.   IBTimes UK  contacted WikiLeaks for comment however had received no response at the time of publication. The outage comes after a slew of politically-charged leaks from the Democratic National Committee (DNC) and the personal email inbox of John Podesta, a close aide to Hillary Clinton. In October, Julian Assange, the founder of the organisation, claimed that unknown forces within the “DC establishment” had attempted to disrupt WikiLeaks’ operations via cyberattack after it released a collection of emails from the DNC. “The US DC establishment – which believes that Hillary Clinton will be the winner of the election – tried to find different ways to distract from our publications,” he said at the time, adding: “They started attacking our servers with DDoS attacks and attempted hacking attacks.” Later, on the morning of 7 November, after publishing 8,000 more DNC emails, WikiLeaks issued a series of updates to its four million-strong follower base about yet another attack. It said: “ WikiLeaks.org  was down briefly. That’s rare. We’re investigating.” Later, it added: “Our email publication servers are under a targeted DoS attack.” Most recently, Assange renewed his effort to be allowed to exit the Ecuadorian embassy in London after a United Nations (UN) panel reinforced an earlier ruling that he was being arbitrarily detained. The decision came down after an appeal by the UK government. “Now that all appeals are exhausted I expect that the UK and Sweden will comply with their international obligations and set me free,” Assange said in a statement. “It is an obvious and grotesque injustice to detain someone for six years who hasn’t even been charged with an offence.” Source: http://www.ibtimes.co.uk/wikileaks-website-suffers-mysterious-outage-sparking-rule-41-hacking-conspiracy-1594392

Read the article:
WikiLeaks website suffers mysterious outage sparking Rule 41 hacking conspiracy

Suspected DDOS attack on Eir email system might have put 400,000 users at risk

DUBLIN, Ireland – In yet another Distributed Denial of Service (DDOS) attack by hackers reported in Ireland, the country’s biggest telco said that its email system suffered a suspected attack.  The attack, suspected to be a DDOS attack, which is a malicious attempt to make a server or a network resource unavailable to users is said to have put 400,000 of Eir users at risk. Customers with @eircom.net addresses reportedly began experiencing problems accessing their mail following the suspected attack.  Following the reports, Eir said it noticed the issue and immediately began its mitigation process. A DDOS attack usually is launched by interrupting or suspending the services of a host connected to the internet. Reports quoted an Eir spokesman as saying that a majority of its customers should be able to access their emails accounts again.  The spokesperson even said that the firm had received no contact with any hackers or any ransom demand. According to reports, users might still face issues even as the mitigation process continues to scan through IP addresses to sort out the genuine ones from those that might have been part of an attack. Source: http://www.bignewsnetwork.com/news/249745895/suspected-ddos-attack-on-eir-email-system-might-have-put-400000-users-at-risk

See the original article here:
Suspected DDOS attack on Eir email system might have put 400,000 users at risk

DDOS attacks: An old nemesis returns to cripple your network

Once considered a cybersecurity threat of the past, Distributed Denial of Service (DDoS) attacks have re-emerged with a vengeance. DDoS attacks are wreaking havoc on enterprises and end users with alarming frequency. Distributed Denial of Service is a cyberattack where multiple systems are compromised, often joined with a Trojan, and used to target a single system to exhaust resources so that legitimate users are denied access to resources. Websites or other online resources become so overloaded with bogus traffic that they become unusable. A well-orchestrated DDoS carried out by automated bots or programs has the power to knock a website offline. These attacks can cripple even the most established and largest organisations. An e-commerce business can no longer conduct online transactions, jeopardising sales. Emergency response services can no longer respond, putting lives in danger. According to the VeriSign Distributed Denial of Service Trends Report, DDoS activity increased by 85 percent in one year. The report also suggested that cyber attackers are beginning to hit targets repeatedly, with some organisations the target of DDoS attacks up to 16 times in just three months. If you think your organisation is obscure and can fly under the cyber attacker radar – forget it. Every industry is vulnerable. If an increase in attacks isn’t troubling enough, the size and the amount of damage DDoS attacks can do is also disturbing. The fastest flood attack detected by Verisign occurred during the fourth quarter of 2015, targeting a telecommunications company by sending 125 million packets per second (Mpps), and driving a volumetric DDoS attack of 65 gigabits per second (Gbps). The end result – the site imploded and was temporarily knocked out of service. Why DDos attacks are back in vogue The reason why DDoS attacks are back is simple – it is relatively easy to launch a sustained attack and cripple any organisation connected to the Internet. Botnets, a group of computers connected for malicious purposes, can actually be acquired as a DDoS for hire service. The ability to acquire destructive assets demonstrates how easy it is for someone with little technical knowledge to attack any organisation. DDoS attacks typically hit in three ways – Application Order, Volumetric, and Hybrid. Application orders cripple networks by potentially creating hundreds of thousands of connections at a time; volumetric attacks seek to overload a site with traffic; hybrid attacks can deliver the double whammy of knocking a business offline. The real danger of DDoS attacks is that they are often an end around. While technicians are pre-occupied with trying to get the website back up, attackers can often plant a backdoor in others areas of the network to eventually steal information. How to prevent DDoS attacks Prevention is nearly impossible, since there is no effective control of hackers in the outside world. A DDoS appliance protecting the Internet connection is the first line of defence. This will help to mitigate an attack. Appliances from vendors such as Fortinet or Radware are placed on customer premise as close to their Internet edge as possible. These devices can help to identify and block most DDoS traffic. However, this solution falls short with a DDoS attack that is attempting to flood Internet circuits. The only way to protect against this type of attack is to have a device at the service provider or in the cloud. A managed security services provider (MSSP) can offer on-demand services that are both cost effective and architected with a cloud focus in mind, in order to effectively protect against each type of attack. A number of companies offer tools to analyse network traffic for signs of malicious activity, which can often weed out unwanted network connections. Infrastructure Access Control Lists (IACLs) can also be installed in routers and switches to detect suspicious traffic patterns and keep unwanted traffic off servers. Many companies believe they can thwart attacks by hiding behind a firewall, but these general purpose tools are typically the first to fall. Firewalls offer some protection, but they can be easily hacked. Organisations expose themselves to attack when they use technology as a crutch. Winning the DDoS war requires organisations to look at their operations as a critical network and seek ways to defend it with talented individuals and technology that stay one step ahead of the attackers. A firewall is important but not a panacea. The major drawback to do-it-yourself solutions is that they are reactive. Attackers can easily modify their methods and come at a business from disparate sources using different vectors. This keeps an organisation always in a defensive position, having to repeatedly deploy additional configurations, while simultaneously attempting to recover from any downtime events. Many organisations have limited expertise and resource bandwidth to deal with the complexities of security and compliance. Managed security services providers with the ability to monitor, manage and protect control systems fill that cybersecurity gap. Detecting a DDoS attack requires specialised hardware capable of sending alerts via email or text. The goal is to report and respond to the incident before the attacker makes resources unavailable. An MSSP who employs both technology and on-site personnel can monitor and act as a full operations team. If a DDoS attack is suspected, it is probably affecting the ISP as well. The security team should immediately contact the ISP to see if they can detect a DDoS attack and re-route traffic. Inquire whether any DDoS protective services are available, and consider a backup ISP as a contingency. DDoS attacks will continue in the future due to the ease of execution. Companies must ensure they are prepared, constantly monitor the network, and have a game plan if an attack is under way. The daily headlines prove that no organisation is immune. With a little foresight it is possible to both thwart an attack and defend against future ones. Source: http://www.itproportal.com/features/ddos-attacks-an-old-nemesis-returns-to-cripple-your-network/

Visit site:
DDOS attacks: An old nemesis returns to cripple your network

DDoS Extortionist Copycats Continue To Hound Victims

It has been a while sine I wrote about this subject (or about anything at all for that matter) but, it occurred to me to today that the distributed denial of service (DDoS) extortionist issue is a problem that needs to be talked about again. Over the last couple years there have been a lot of websites come under attack from miscreants armed with all manner of distributed denial of service platforms and tools. Often these attackers would first launch an attack and then contact the victim company to say “check your logs to see we’re for real”. Once their bonafides were established they would then demand a sum of money to be paid in bitcoin or suffer the “wrath” of their DDoS attack that was more often that naught was severely oversold. There have been examples of criminal outfits like DD4BC who were true to their word when they made a threat. They would in fact follow through on their threat of an attack. This came to an unceremonious end a year ago when one of the main ne’er do wells was arrested by Europol. More often than naught however, these extortion gangs turn out to be little more than confidence tricksters. One such example was the Armada Collective. This was a criminal outfit that did little more than threaten targets but, with one lone exception, never followed through on the threats they made. Mind you, they did end up making a tidy sum of money from their victims. What this did accomplish was to set a precedent that has given rise to the copycat attackers. A prime example of this was an in an email that I received from a friend. His organization was threatened by a copycat group that were masquerading as the Armada Collective. Basically using the name as a hex sign. A brand name that could be used to possibly intimidate an organization. Here is a redacted version of the email that he provided to me. From: Armada Collective Sent: Subject: ATTENTION: Ransom request!!! FORWARD THIS MAIL TO WHOEVER IS IMPORTANT IN YOUR COMPANY AND CAN MAKE DECISION! We are Armada Collective. All your servers will be DDoS-ed starting Wednesday (Jun 29 2016) if you don’t pay 5 Bitcoins @ [Bitcoin wallet address redacted] When we say all, we mean all – users will not be able to access sites host with you at all. If you don’t pay by Wednesday, attack will start, price to stop will increase by 5 BTC for every day of attack. If you report this to media and try to get some free publicity by using our name, instead of paying, attack will start permanently and will last for a long time. This is not a joke. Our attacks are extremely powerful – sometimes over 1 Tbps per second. So, no cheap protection will help. Prevent it all with just 5 BTC @ [Bitcoin wallet address redacted] Do not reply, we will probably not read. Pay and we will know its you. AND YOU WILL NEVER AGAIN HEAR FROM US! Bitcoin is anonymous, nobody will ever know you cooperated. While people might not be aware that an organization had in fact cooperated, as per their email, they would be setting a horrible example. The more that companies pay extortionists like this the more emboldened that the criminals would become. This could potentially become a lucrative endeavor for the criminals. At the time of this writing 1 bitcoin was valued at roughly $628 USD. At a bare minimum there would be 5 bitcoin per email above, they would be raking in at least $3000 USD for each successful attack. Not bad for the cost of an email. If you are the recipient of an email like this, seek help to protect your enterprise. Do not feel compelled to pay the attackers. You have no guarantees that they won’t return. Source: http://www.forbes.com/sites/davelewis/2016/09/08/ddos-extortionist-copycats-continues-to-hound-victims/#2c6d7a7b4d06

Read this article:
DDoS Extortionist Copycats Continue To Hound Victims

DDoS Attacks: Cybercriminals Are More Homegrown Than You Think

Researchers from the FBI and a private security company say many of the distributed denial of service attacks emanate from the West.  BLACK HAT USA – Las Vegas – The stereotype of the seedy cybercriminal from Russia or Eastern Europe may no longer be valid. FBI agent Elliott Peterson told Black Hat attendees this morning that when it comes to the most recent DDoS attacks, the vast majority come from North America, Western Europe and Israel. And many are 16 to 17-years of age or in their mid-20s. “Many use their nicknames on Skype or Twitter and they are heavy users of social media,” said Peterson. Peterson and Andre Correa, cofounder of Malware Patrol, shared much of their recent research on DDoS attacks at a briefing session here this morning. They focused much of their research on amplification and reflection attacks, booters/stressers and IoT and Linux-based botnets. Peterson said the amplification and reflection attacks get a good rate of return: a hacker can send one byte and get 200 in return. The bad threat actors now sell amplification lists that criminals can easily buy over commercial web interfaces. The booters and stressers are inexpensive, they cost roughly $5 to $20 a month and require very little technical knowledge for the criminal to deploy. And on the IoT front, botnets are creating scanning hosts for default credentials or vulnerabilities. A bot is then automatically downloaded and executed. Over the past several months, Peterson and Correa have compiled more than 8 million records. They said last month, the leading DDoS type was SSDP at Port 1900. “This was kind of interesting since most people may think that NTPs were the leading cause of DDoSs, but they scored much lower because many NTP servers have been patched of late,” said Correa. Peterson said some of the criminals are just total scam artists. “They just take your money and don’t do the attack,” he said. “On the other hand, there are also some sophisticated players offering turnkey DDoS services. They provide attack scripts, amp lists and good customer service, sometimes up to six people on hand. Other findings: most attacks are in the 1-5 Gbps range, with the highest DDoS observed at 30 Gbps. Source: http://www.darkreading.com/attacks-breaches/ddos-attacks-cybercriminals-are-more-homegrown-than-you-think-/d/d-id/1326508

See more here:
DDoS Attacks: Cybercriminals Are More Homegrown Than You Think