Tag Archives: dos attacks

oneZero outages the result of Chinese DDoS attacks

Continuing our exclusive coverage of the events unfolding at forex solutions provider oneZero, LeapRate has learned that the outages hitting oneZero and thereby some of its hosted clients over the past week are the result of distributed denial-of-service (DDoS) attacks being made against the company. After engaging multiple security contractors, the company has isolated the attacks and has determined that they originate out of China. A distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users. It is the result of multiple compromised systems (for example a botnet) flooding the targeted system – usually one or more web servers – with traffic. The most serious attacks are distributed, meaning that the attack source is more than one (and often thousands) of unique IP addresses. Many of the cases involve forging of IP sender addresses (IP address spoofing) so that the location of the attacking machines cannot easily be identified, nor can filtering be done based on the source address. For these and other reasons, DDoS attacks are typically very effective and difficult to mitigate. oneZero management indicated to LeapRate that the attack against them has been made with a very high level of sophistication, but that the company is working very closely with security contractors and with its clients and expects the situation to be resolved. The attack against oneZero appears to be solely targeting connectivity, and has not at all affected the company’s own systems, so that no company or client data has been compromised. And so far, there has been no attempt to exploit the attack – DDoS hackers often try to blackmail their targets, requiring some sort of ransom to be paid in order to remove the attacks. Source: http://leaprate.com/2015/10/onezero-outages-the-result-of-chinese-ddos-attacks-leaprate-exclusive/

Read this article:
oneZero outages the result of Chinese DDoS attacks

Star Trek Online, Neverwinter Online struck by DDoS attacks twice in one day

Over the weekend video gamers who enjoy exploring the galaxy in Star Trek Online and fighting orcs with swords in Neverwinter Online found themselves briefly unable to do so. Some players described lag spiking so high that characters began “rubber banding”–or repeatedly teleporting back every time a player tries to move somewhere else. Cryptic Studios, Inc., the developer of Star Trek Online and Neverwinter quickly tweeted about the problem. The attack, a distributed denial of service (DDoS) attack hit the servers affecting both games and caused the network supporting them to crumble. The first hit the servers at approximately noon PST on Sunday and the second at 8pm PST on the same day. These sorts of attacks are commonly used by Internet trolls and rabble rousers to attract attention such as the likes of Lizard Squad, DerpTrolling, and LulzSec. Gaming networks are particularly susceptible to DDoS attacks with potentially thousands (or hundreds of thousands) of players expecting a flawless experience that requires the quick response of networks and servers. The attacker who claimed responsibility in the case of the Cryptic Studio’s properties is named NeverGodz (@NeverWinterGod) and may have only targeted Neverwinter Online –the effect on Star Trek Online ’s servers mere collateral damage in the attack. Due to the nature of DDoS, the damage rarely affects just one service, and can disrupt the entire data center or network node adjacent to the target. There were two separate attacks committed by @NeverwinterGod. Both attacks lasted long enough to bring both games down and make it difficult for players to log in or play. Players of both games went to Reddit ( Neverwinter Online , Star Trek Online ) and Twitter to voice their confusion as to the server issues and cited the tweets from Cryptic when they did. Some, such as STO commentator Lootcritter expressed curiosity over the reason for the attacks. So far, most attackers who hit online games have appeared to claim they do it “for the lulz,” or because the attacker is having fun. Although some, like Lizard Squad, claimed to do it to show how security at these sites is lax and unable to withstand attacks. Surviving DDoS attacks has nothing to do with traditional cybersecurity, however, and everything to do with the power and reaction time of network engineers. Most of the Internet mayhem crews and DDoS attackers to hit online games have been young, male and out to make names for themselves by causing disruption. The claims and trumpets of @NeverWinterGod looks no different. DDoS attacks easier, on the rise and a constant threat to online games In 2013, CloudFlare, Inc. CEO Matthew Prince predicted that DDoS attacks would only expand in scope and ease in 2014 and this has remained true for 2015. In April of this year, Arbor Networks, Inc. reported one of the largest DDoS attacks ever detected at 334Gbps. Akamai Technologies Limited backed up these figures stating that attacks had increased in volume and quality, the report stated that the total number of DDoS attacks increased 132.43 percent compared to Q2 2014. As for ease, one of the takeaways from Lizard Squad’s arrival was the launch of the Lizard Stresser DDoS-for-hire service, it is still online today. Although few would be foolish enough to use it after it’s previous hacks. According to Nexusguard Inc. there is a thriving market in DDoS-for-hire services even before Lizard Squad came on the scene, but if an ad hoc Internet mayhem crew could build one it shows how easily such a setup can be built. DDoS attacks are not easy to stop. Due to their distributed nature it’s impossible to squash them at the source, since the attack uses thousands to millions of computers across the globe to produce garbage connections and data directed at the target. Halting the attack at the target is difficult because all that garbage traffic can saturate the network across multiple tiers. Network engineers from anti-DDoS outfits such as Nexusguard need to work with upstream providers to filter out the garbage traffic before it reaches the smaller networks. Stopping a DDoS attack takes a lot of coordinated effort across region-spanning networks and affects more properties than just the intended target. Much in the same way a traffic jam in a city can make multiple exits from a freeway inaccessible. Efforts continue to attempt to thwart DDoS attacks, but it looks as if 2015 will continue to be a year when the volume and capabilities of attacks will rise. Update 09/14/2015 2:25pm PST: Star Trek Online and Neverwinter Online are under DDoS attack again today starting at approximately 1:45pm PST. Tweets suggest that the attacker is targeting Cryptic Studio’s Boston datacenters but did not last long, a mere 20 minutes. The attacker has shown an interest in knocking the servers offline repeatedly so there may be further attempts today. Source: http://siliconangle.com/blog/2015/09/14/star-trek-online-neverwinter-online-struck-by-ddos-attacks-twice-in-one-day/

Visit site:
Star Trek Online, Neverwinter Online struck by DDoS attacks twice in one day

Rutgers Students Want Refunds After Fifth DDoS Attack in One Year

Over 1,000 People Have Signed Change.org Petition Following September Cyberattack Rutgers students are frustrated with the university’s lackluster cybersecurity, considering the school raised tuition in part to fund $3 million worth of network upgrades after several cyberattacks brought the school to a screeching halt last semester. But on September 28, Rutgers University experienced another distributed denial of service (DDoS) attack, the fifth such attack in less than a year. That attack shut down the school’s wireless internet service, and many other services from 1 a.m. to 2 a.m. and again from 10 a.m. to approximately 3 p.m. The university acknowledged that it was “not well protected” during the first four attacks, but had said it had since begun pouring millions of dollars into its cybersecurity efforts, as we reported. This spending was cited as one of the main reasons Rutgers University’s Board of Governos approved a 2.3% increase in tutition for the 2015-2016 year. Rutgers engineering student Riccardo Mui started a change.org petition imploring Rutgers President Robert Barchi to refund the ineffectual tuition hike. Mui comes from a humble background, raised by an immigrant father who could not support him through college. This is his take on the DDoS attack: Since I came to college, I expected at least decent internet speeds, and while it usually holds up, we get DDoS attacks every time an exam rolls around. Now I would not say anything, yet I feel the need to tell all the students to join together to either get a refund or to make Rutgers change something on their own time. Why? Because Rutger’s spent over 3 million on upgrading the network, yet only 160,000 actually went to physical upgrades. Also, they used Incapsula as a DSoS attack defender, which is decent for websites, but definitely not for a University. Besides, we literally wasted all of our money because as soon as an attack was launched, it took down the network. Since there was a tuition increase, it is only fair that we get that money back. The petition reached 300 signatures within an hour, and 750 signatures within the first fifteen hours, and now has more than 1,000 signatures. The “Reasons for Signing” section is telling. Some students were simply angry that the university did not provide what they felt they deserved. Others suspected that the school did not even invest the money in cybersecurity at all. David Park commented, “Only a small percentage of the 3 million raised was actually used to improve Rutgers’ cyber defense system. If Rutgers doesn’t actually use all the money it’s raised from increasing the tuition for its actual purpose, refund the students.” Several students brought up Rutgers’ habit of spending big on athletics. For example, Chetan Kini wrote, “You can’t increase my tuition and then have something like this occur; it’s unacceptable. I’m pretty sure you gave my money to the damn football team since that’s where all our funding goes.” As Leslie Brighton said, “If Don Smith [Rutgers’s Vice President of Information Technology] was doing his job, I wouldn’t even know who he was.” Source: http://newbrunswicktoday.com/article/rutgers-students-want-refunds-after-fifth-ddos-attack-one-year

Originally posted here:
Rutgers Students Want Refunds After Fifth DDoS Attack in One Year

Poker Players Behind DDoS Attacks?

Have you ever wondered who exactly is responsible for the rash of Distributed Denial of Service (DDoS) attacks being aimed at online poker sites ? Such attacks have hit a number of poker rooms in recent months, including the big boys such as PokerStars and Partypoker . Even the regulated poker sites in New Jersey faced a DDoS incident over the summer, with the attackers demanding a ransom be paid in Bitcoin. Of course, the ransom was not paid, and likely never will be whenever computer miscreants attempt such schemes now or in the future. The DDoS attackers must know that taking poker sites hostage won’t result in a big payday via extortion. But could their motive be the possibility of a large payday in some other fashion? WPN a Frequent Victim Take, for instance, the case of the Winning Poker Network . WPN’s Million Dollar Sunday tournaments that guarantee a $1 million prize pool and $200,000 to the winner have repeatedly fallen victim to DDoS attacks. As I understand it, last Sunday’s event was hit once again, although WPN was apparently able to mitigate the damage and keep the tournament rolling. That was not the case last year, when WPN had to cancel such an event after several hours of play, much to the chagrin of players who were stoked and ready to take a shot at that huge prize money. It seems that someone out there has a real vendetta against WPN , targeting those $1 million guaranteed tourneys in particular. Sheldon Adelson Cleared Who could hate online poker so much to want to snuff out the only million-dollar guaranteed tournaments available to U.S. players? Ah, Sheldon Adelson certainly comes to mind. He of the Coalition to Stop Internet Gambling who has vowed to spend whatever it takes to do so. But we can likely rule out the billionaire octogenarian. His knowledge of computers and how they work is obviously lacking. Anyone who believes that youngsters can lose their parents’ house with the click of a mouse certainly wouldn’t understand the finer points of a DDoS attack and how it might be carried out. Poker Players to Blame? Which leads us to what might be the real motive behind the DDoS attacks at WPN. Many believe that the culprits are computer hackers bent on creating havoc and destruction. But could it be that poker players hoping to scare other players away from the Million Dollar Sundays are taking aim at the network? After all, the last two events featured overlays of over $200,000 . Those are nice-sized overlays, which may be the result of players avoiding Million Dollar Sundays due to the cancellation of a $1 million guaranteed event last year and the repeated DDoS attacks that WPN has been subjected to on Sundays this year. Would poker players do such a thing? Nah, they are all upstanding citizens who don’t need to resort to such tactics for monetary gain Source: http://www.pokerupdate.com/news/industry-and-market-analysis/poker-players-behind-ddos-attacks/

View the original here:
Poker Players Behind DDoS Attacks?

Five detained in KPN, Ziggo DDoS cyberattack

Four underage boys and one man were arrested for cyberattacks on the internet service providers Ziggo and KPN. The five were interrogated by the police department’s High Tech Crime Team (THTC) throughout Tuesday following the arrest for Distributed Denial-of-Service (DDoS) attacks on both companies. All suspects were released Tuesday night after questioning. Two attacks on Ziggo in August left internet and email users without services for days, affecting a recorded 1.8 million of the company’s customers, including hospitals and medical facilities. Ziggo previously said they would not be refunding customers for their time without service. The quintet is also accused of posting videos that threatened DDoS attacks against both KPN and Ziggo, although they tried to remain unidentifiable in the video threat. Journalists at the NL Times viewed the videos at the time of the attacks on YouTube. At the time of the cyberattacks, videos surfaced online claiming responsibility, and an allegiance to hacktivist collective Anonymous. Police reported that their impression was that “The boys wanted to show that they were capable of great things.” The three youths aged between 14 and 17 years and the 21-year-old man hail from the Gelderland towns of Berkelland and Lochem, the Noord-Holland municipalities Den Helder and Schoorl, and Vinkeveen in Utrecht. Their computers, mobile phones, external hard drives and USB memory sticks were all seized from their families’ homes. The prosecutor assigned to the case decided they will wait to proceed further until investigators conclude their analysis. Police and the Public Prosecutor have urged that this is not a game and carries a criminal prosecution with up to 10 years imprisonment and the possibility of financial compensation for the damage done. Source: http://www.nltimes.nl/2015/10/07/five-detained-in-kpn-ziggo-ddos-cyberattack/

View article:
Five detained in KPN, Ziggo DDoS cyberattack

Gamers DDoS Thai government sites to protest “Great Firewall of Thailand”

Gamers and privacy campaigners in Thailand have claimed responsibility for the recent take down of several government websites in a coordinated DDoS attack last week. The attacks were in protest at government plans to route the entire country’s Internet through a single gateway, creating what has become known as “The Great Firewall of Thailand” in a nod to China’s strict control over Internet services. According to Al Jazeera, the Anti-CAT Tower Mob—which includes e-sports gamers amongst its ranks—along with the Citizens Against Single Gateway Facebook groups called upon their hundreds of thousands of Facebook fans to execute a simple DDoS attack. The fans were instructed to visit official government websites while constantly refreshing the page, causing them to crash. Over half a dozen government sites, including the Ministry of Defence, and the main government website, were taken down. In response, Thai Police announced that those targeting government sites could be charged under Article 10 of the Computer Crimes Act of 2007, and face up to five years in prison. While the controversial act has resulted in some amusing law enforcement moments in the past—including Thai military leaders warning against “underboob selfies,” it has also been used to ban Bitcoin, Uber, and dictator-simulation game Tropico 5. An estimated 110,000 websites were blocked as of 2010. With e-sports rapidly growing in popularity across Thailand, gamers have been one of the bigger online groups to oppose the single gateway. They have even personified the gateway plans themselves in the form of an anime-style villain called Nong Kalaland, who’s said to hold “the power to control the internet in her fist.” Her namesake headpiece, a coconut shell (kala), is meant to represent Thailand’s self-obsession and wilful ignorance of the larger world, according to Thai site Khaosod. The Thai government has since backed down from its single gateway plans, with the Minister of Information and Communication Technology, Uttama Savanayana, saying that the plans were simply intended to increase Thailand’s competitive edge in the online economic sector. He added that the single-gateway concept was the prime minister’s idea, and would ensure that young people who used the Internet were shielded from abuse. He also promised that the government would not infringe on the public’s right to privacy and freedom of expression. Source: http://arstechnica.co.uk/tech-policy/2015/10/gamers-ddos-thai-government-sites-to-protest-great-firewall-of-thailand/

Follow this link:
Gamers DDoS Thai government sites to protest “Great Firewall of Thailand”

Businesses Beware – DDoS Attacks Are On The Rise Again Read

British businesses are being warned to bump up their protection against Direct Denial of Service (DDoS) attacks after a new study found that the number of such assaults rose hugely in the last quarter. Research by Corero Network Security found that its customers had endured a 32 percent increase in DDoS attacks compared to the previous quarter – an average of 4.5 per day. That’s according to its Trends and Analysis Report for the first half of 2015, which also found that most of the recorded DDoS attacks were smash and grab assaults that lasted less than 30 minutes. Targeted The report found that the DDoS attacks targeting its customers in the first three months of 2015 remained relatively consistent from the previous quarter – averaging three attacks per day. The daily attack volume increased in the second quarter to an average of 4.5 attacks. Corero says that the increasing use of such attacks is down to the ease in purchasing and launching DDoS attack tools, many of which can be obtained for free, and the ability to easily include these into part of a larger strategy. “Attackers are continuing to leverage DDoS attacks as part of their cyber threat arsenal to either disrupt business operations or access sensitive corporate information, and they’re doing it in increasingly creative ways that circumvent traditional security solutions or nullify the previous effectiveness of scrubbing centres,” said Dave Larson, CTO and vice president, product, Corero Network Security. “In order to effectively protect their networks, prevent disruptions to customer operations, and better protect against data theft and financial loss, companies need real-time visibility and mitigation of all DDoS attack traffic targeting their networks, regardless of size or duration.” Under attack The past few months have seen several high profile DDoS attacks as cybercriminals look to take advantage of slightly less well-developed defences in this area. NatWest’s online banking system was the victim of an attack back in August, as was parenting website Mumsnet, showing the range of potential targets. However companies are beginning to fight back against the DDoS threat, with BT announcing today the release of its own cloud-based Distributed Denial of Service (DDoS) mitigation platform, claiming that the service will help its customers stay secure amidst growing numbers of cyber-attacks. Source: http://www.techweekeurope.co.uk/security/cyberwar/corero-ddos-attacks-rise-178274#jzBwTomdGAO2LL7m.99

Read the original post:
Businesses Beware – DDoS Attacks Are On The Rise Again Read

Early warning helped five Russian banks ward off DDoS attacks

Five Russian banks that experienced a distributed denial of service (DDoS) attack Sept. 26 believed to have been aimed at starting a bitcoin-related panic had been warned in advance by the General Directorate of Security and Information Protection of the country’s Central Bank. The regulatory body’s deputy director, Artyom Sychev, was quoted by The CoinTelegraph as saying the attackers were likely trying to cause panic and destabilization rather than collect a bitcoin ransom. The early warning helped the banks fend off the attack, although they did receive threatening letters in the aftermath. The CoinTelegraph also quoted a Central Bank official saying that the letters said, “To prevent such acts in the future, the attackers are asking to send only 50 BTC to their Bitcoin wallet.” Source: http://www.scmagazine.com/ddos-attacks-on-russian-banks-reportedly-aimed-at-causing-bitcoin-panic/article/442842/

View article:
Early warning helped five Russian banks ward off DDoS attacks

Linux botnet observed launching powerful DDoS attacks

Threat actors are leveraging a botnet made up of infected Linux machines to launch powerful distributed denial-of-service (DDoS) attacks against as many as 20 targets per day, according to Akamai’s Security Intelligence Response Team (SIRT). The botnet is composed of Linux machines infected with a stealthy trojan identified in 2014 as “XOR DDoS.” The threat was observed altering its installation depending on the victim’s Linux environment and running a rootkit to avoid detection. According to an advisory published on Tuesday, Akamai’s SIRT has seen DDoS attacks – SYN and DNS floods were the observed attack vectors – that reached anywhere from a few gigabits per second (Gbps) to nearly 179 Gbps. Although the advisory said that 90 percent of targets are located in Asia, Tsvetelin Choranov, security intelligence response engineer with Akamai’s SIRT, told SCMagazine.com in a Tuesday email correspondence that a very small number of attacks have been launched against entities in the U.S. “The target industries confirmed from our standpoint are online gaming and education,” Choranov said, adding, “We don’t have a defined number of systems infected by this malware. Some of the source IPs that we are seeing actively producing malicious traffic have spoofing capabilities.” The advisory noted that evidence suggests the malware is of Asian origin, but Choranov said that Akamai’s SIRT has not heard of anyone claiming responsibility for the DDoS attacks. He added that there is also no known reason for the attacks, such as extortion. Unlike a lot of malware, XOR DDoS is not spreading via exploitation of vulnerabilities. “Rather, it populates via Secure Shell (SSH) services that are susceptible to brute-force attacks due to weak passwords,” the advisory said. “Once login credentials have been acquired, the attackers [use] root privileges to run a Bash shell script that downloads and executes the malicious binary.” The advisory outlines two methods for detecting the malware. “To detect this botnet in your network, you can look for the communications between a bot and its C2, using the Snort rule shown in [the advisory],” the advisory said. “To detect infection of this malware on your hosts you can use the YARA rule [also in the advisory].” XOR DDoS is persistent, meaning it runs processes that will reinstall deleted files. Removing the threat involves identifying malicious files in two directories, identifying the processes responsible for persistence of the main process, killing those processes, and deleting the malicious files. “XOR DDoS malware is part of a wider trend of which companies must be aware: Attackers are targeting poorly configured and unmaintained Linux systems for use in botnets and DDoS campaigns,” the advisory said. Source: http://www.scmagazine.com/linux-botnet-observed-launching-powerful-ddos-attacks/article/441750/

Originally posted here:
Linux botnet observed launching powerful DDoS attacks

Hacker Exfocus Blamed For Knocking Rutgers University Offline With DDoS Attack, Even After Expensive Upgrade

Someone is tormenting Rutgers University. The New Jersey school announced Monday it was fending off a distributed denial-of-service attack that crippled its Internet and Wi-Fi access. The latest cyberattack on a major U.S. research institution comes after a number of similar hacks against Rutgers, a school of approximately 65,000 undergraduate students. “We are currently experiencing a denial-of-service event affecting Internet connectivity and Wi-Fi access,” Rutgers said on its Facebook page. “OIT is working to resolve the issue, and we will inform the Rutgers community as soon as we have more information.” The outage also affected Sakai and eCollege, two online learning tools used to administer homework, tests and other communication, according to student complaints on social media. A previous outage limited the school’s ability to accept credit cards. It appears to be the first attack on Rutgers since the university invested $3 million to better protect its computer networks after at least four attacks during the past school year. That upgrade was the primary reason Rutgers raised tuition and fees by 2.3 percent for the 2015-16 school year, NJ.com reported in August, with a hacker known as Exfocus claiming responsibility for the problems. “Honestly, I am sitting here dumbfounded at the amount of incompetence displayed once again by the Rutgers IT department,” Exfocus wrote in a post on Pastebin in April. “I could run circles around all of you with my eyes closed, and one leg amputated.” A DDoS attack occurs when a hacker takes control of thousands (or millions) of computers and aims them at a single server, overwhelming that network with traffic and ultimately knocking it offline. Similar methods have been used by the Chinese government and the Anonymous hacking collective. Exfocus tweeted: “Did you miss me?” before deleting the message Monday. Student chatter on the anonymous Yik Yak social network also said Exfocus had been bragging there, though the most anyone seems to know about Exfocus came in an interview where he said he was being paid in bitcoin by someone with a grudge against the school. “When I stop getting paid — I’ll stop DDoSing lol. I’m hoping that RU will sign on some DDoS mitigation provider. I get paid extra if that happens,” Exfocus told APollonsky.me before being asked if he wished to share anything else with the Rutgers community. “I’m a fan of Taylor Swift.” Source: http://www.ibtimes.com/hacker-exfocus-blamed-knocking-rutgers-university-offline-ddos-attack-even-after-2117247