Tag Archives: dos attacks

Rio 2016: DoS attack made on Swimming Australia website after Mack Horton’s drug remarks

Swimming Australia’s website has been hit by a denial of service (DoS) attack. The ABC has learned the site is operating in an “under attack” mode in the wake of Olympic gold medallist Mack Horton’s comments about his Chinese competitor Sun Yang being a drug cheat. While the site has continued to operate, it has deployed software to check the veracity of every browser accessing the page to ensure they are legitimate. Horton’s social media has been bombarded with hundreds of thousands of negative comments from China. Swimming Australia is not commenting publicly but it is understood the attack has been referred to the Government for investigation. Security analyst Marco Ostini from AusCERT, a non-profit organisation that protects organisations from cyber attacks, said DoS attempts were extremely common. “It’s actually a very difficult problem to put a number on,” he said. “It’s certain though … based on all malicious metrics on the internet, it’s increasing.” Mr Ostini said without seeing the internet traffic and logs associated with Swimming Australia’s page it was hard to work out what had happened, but he doubted it was a high-level attack. “I’d be really surprised if it was [China] state-sanctioned attackers causing trouble for Swimming Australia,” he said. “It’s possibly more likely just a large amount of interested people who are expressing themselves in possibly posting comments [on the website].” Source: http://www.abc.net.au/news/2016-08-11/rio-2016-dos-attack-made-swimming-australia-website/7721848

Read the original:
Rio 2016: DoS attack made on Swimming Australia website after Mack Horton’s drug remarks

Internet Service Providers Under DDOS Attack in Mumbai, Probe Ordered

“Thus, an attack on ISPs is an attack on the nation”. Internet Service Providers (ISPs) in Mumbai are facing an unprecedented attack by hackers which has reduced surfing speeds in the city. Inspector General of Police (Cyber Crime) Brijesh Singh said, “Some unknown people are involved in crashing the ports of Internet Service Providers by making lakhs of requests at a particular terminal at a particular time, which we call “Distributed Denial Of Service”. According to the post on The Hindu, IGP (Cyber Crime) Brijesh Singh said, ‘An FIR has been filed with the Cyber police station in BKC under sections 43 (F) and 66 of the Information Technology Act. They also said the attack was still being carried out. “We have registered an FIR and started tracking down the operators who are trying to crash the servers or ports of ISPs”, he said, adding that the attack has slowed down the internet services and affected subscribers of ISPs. “We are investigating the matter”. Other than this, it’s not clear which ISPs are affected although this reddit thread claims that Airtel is the primary ISP being DDoSed, which distributes broadband to other smaller companies, leading to network blockages across a wide range of ISPs. The attack, however, still continues. The resources behind the attack have to be considerable. “Kindly bare with us as we are trying to solve this problem in very short period with the help of high skilled technicians. please be with us and let’s fight against these hackers (sic)”. As of Monday morning, small and medium ISPs are still struggling to provide uninterrupted service to users. IT expert Vijay Mukhi says, “The idea of a DDoS is to make a computer or a server very slow so that anyone who uses an ISP’s services can not connect. All a hacker has to do is buy enough infected IP addresses and use them for a DDOS attack”. Typically, DDoS attacks are targeted at big websites or platforms with the intention of taking them down or blocking access to them. Source: http://nanonews.org/internet-service-providers-under-ddos-attack-in-mumbai/

More:
Internet Service Providers Under DDOS Attack in Mumbai, Probe Ordered

Anonymous Launches DDoS Attacks Against Rio Court Website

Members of the hacktivist collective Anonymous reportedly launched distributed denial-of-service (DDoS) attacks against the website of the Court of Rio de Janeiro for its decision to block WhatsApp in Brazil. The DDoS attacks against the Court of Rio de Janeiro allegedly forced the site offline for a period. Members of Anonymous Brazil confirmed the attack on their Facebook page saying, “Court of Justice of the state of Rio de Janeiro off in protest to the blockade of the WhatsApp.” The Rio Court recently ruled to block WhatsApp in Brazil as the application will not decrypt communications for criminal investigation procedures, according to reports. The Court of Rio de Janeiro had allegedly sent three court orders to receive specific information from WhatsApp related to criminal investigations. WhatsApp implemented end-to-end encryption to its messages between users in April 2016. The message service provider said it is unable to disclose data on these communications. Court orders through out Brazil have previously ordered a ban on WhatsApp for similar reasons during criminal investigations in December 2015, February and May 2016, according to reports. The website of the Court of Rio de Janeiro is fully restored and functional at the time of this post. WhatsApp service in Brazil has also been restored to users through out the country. Source: http://www.batblue.com/anonymous-launches-ddos-attacks-rio-court-website/

Visit site:
Anonymous Launches DDoS Attacks Against Rio Court Website

Massive DDoS Attack Shut Down Several Pro-ISIS Websites

A team of attackers shut down several ISIS aka Daesh websites against terrorist attacks in Nice and Middle Eastern countries! Terrorism has no religion that’s why whenever a terrorist attack is carried out the victims are innocent people irrespective of race or religion. Hackers and DDoSers, on the other hand, are well aware of the enemy and that’s why recently an attacker going by the handle of ”Mons” conducted a series of DDoS attacks using NetStresser tool just a couple of days ago. The reason for targeting these sites was to protest against the sudden increase of terrorist attacks in France and Middle Eastern countries. In a conversation with HackRead, Mons said that he also got assistance from the owner of BangStresser , the famous DDoSing tool which was allegedly used to shut down BBC’s servers and Donald Trump’s website in one of the largest DDoS attacks ever. However, the attack on pro- ISIS websites varied from 50 Gbps to 460 Gbps. Mons further stated that ”We worked together to take down several ISIS websites. This is for obvious reasons. We want to help in any way we can to weaken their influence that threatens and, to some length, literally destroys our very democracy and human rights. Especially after the recent attacks in France and Arabic countries, our wrath has grown. This war needs to be fought on many fronts, and we try to cover one of them.” Here is a screenshot showing the list of targeted websites along with tweets that show earlier attacks on pro-ISIS sites. Upon checking the history on some targeted sites we can confirm the sites were spreading violent content along with terrorist ideology however at the time of publishing this article some sites were restored while some were listed for sale. This is not the first time when attackers have targeted pro-ISIS platforms. In the past, Anonymous did not only conduct cyber attacks but also exposed companies hosting those sites — Anonymous had also blamed CloudFlare for protecting terrorists’ websites from DDoS attacks but the company had denied the allegations. Source: https://www.hackread.com/ddos-attack-on-pro-isis-websites/

See the article here:
Massive DDoS Attack Shut Down Several Pro-ISIS Websites

US Congress websites recovering after three-day DDoS attack

Library of Congress among the victims to go temporarily offline. Several websites owned and operated by the United States Congress are recovering from a three-day distributed denial-of-service (DDoS) attack. The DDoS campaign began on July 17 when the websites for the Library of Congress (LoC) began experiencing technical difficulties. A day later, the websites went temporarily offline: During the attack, Library of Congress employees were unable to access their work emails or visit any of the Library’s websites. Softpedia reports the attackers ultimately overcame initial defense measures to escalate their campaign. Specifically, they brought down two additional targets: congress.gov, the online portal for the United States Congress; and copyright.gov, the website for the United States Copyright Office. On Tuesday morning, things started to get back to normal. Some email accounts were functioning, writes FedScoop, but other online properties by the LoC remained offline. As of this writing, the three government portals affected by the attack are back online. Tod Beardsley, a senior research manager for Boston-based cybersecurity firm Rapid7, feels that denial-of-service attacks remain popular because of how difficult it is for a target to mitigate a campaign while it is still in progress. As he told FedScoop : “DoS attacks that leverage DNS as a transport is a common mechanism for flooding target sites with unwanted traffic for two reasons. [First,] DNS traffic is often passed through firewalls without traffic inspection, since timely responses to DNS are critical for many networked environments. [And] second, DNS nearly always uses User Datagram Protocol, or UDP, rather than Transmission Control Protocol, or TCP, and UDP-based protocols like DNS are connectionless. As a result of this design, it’s easier for attackers to forge data packets with many fake source addresses, making it difficult to filter good data over bad.” Network filtering devices can help, but only if a company decides to buy one. Perhaps the Library of Congress didn’t own such a device or lacked a service provider with expertise in mitigating DoS/DDoS attacks. There’s little companies can do to protect against DDoS attacks, as script kiddies with a few bucks can rent a botnet online to attack whichever target they choose. With that in mind, organizations should prepare for these attacks by investing in DDoS mitigation technologies that can in the event of an attack help accommodate and filter attack traffic. Source: https://www.grahamcluley.com/2016/07/congress-website-ddos/

See more here:
US Congress websites recovering after three-day DDoS attack

Pokémon Go Servers Suffer Downtime, Possibly Due to DDoS Attacks

With server issues, Pokémon Go players may have had trouble catching much this weekend and it wasn’t merely due to the tremendously popular game crashing a lot on account of a massive new roll-out. A hacker group has claimed responsibility for the server outage, with DDoS attacks. A hacking group known as PoodleCorp has claimed responsibility for Pokémon Go servers crashing on Saturday, an attack which coincided with a roll-out of the tremendously popular game in 26 new countries. While its claim is yet to be verified, the hacking group has notable targeted several YouTube profiles, including the most followed YouTuber of them all, Pewdiepie. The claim was made via a social media post [1] on PoodleCorp’s Twitter account: PokemonGo #Offline #PoodleCorp The group also re-tweeted another post from the supposed leader of the group, who implied that another bigger attack was also coming. The poster wrote [2] : Just was a lil test, we do something on a larger scale soon . Several users took to social media to complain about the outage during a time when the gaming phenomenon is catching on like wildfire around the world, sending Nintendo share prices skyrocket by 86% in a week’s time. I’m really pissed off that Pokémon Go is down because a group of killjoys decided it would be fun to hack the servers and take them offline. — Meg Bethany Read (@triforcemeg) July 16, 2016 Pokemon GO got DDoS ‘d and DDOS became a trending topic lmao Earlier this week, a security researcher discovered a potentially major security flaw [4] win the application. The augmented reality game has captured the imagination of people around the world, wherein players capture virtual Pokemons before collecting and using them to battle other Pokemons captured by other players. Released on July 7, ten days ago, the application has already been downloaded over 10 million times on Apple and Android devices. A new roll-out saw the game now available in 34 countries, including Australia, the United States and almost all of Europe. Source: http://need-bitcoin.com/pokemon-go-servers-suffer-downtime-possibly-due-to-ddos-attacks/

Visit site:
Pokémon Go Servers Suffer Downtime, Possibly Due to DDoS Attacks

WikiLeaks’ website was taken offline with a DDoS attack amid an ongoing hacker feud.

As a long-time feud between rival hacking groups boiled over, the WikiLeaks website was caught in the crossfire and brought offline by a distributed-denial-of-service (DDoS) attack on 5 June. However, rather than react with anger, leaked chat logs show how WikiLeaks’ Twitter account engaged the group responsible, called OurMine, and even offered hacking tips for the future. Direct messages leaked to Buzzfeed show how WikiLeaks’ account, rumoured to be helmed by the website’s founder Julian Assange, told the group – which has become known for hacking the online profiles of high-profile figures – their talents could be put to better use. OurMine has recently hacked a slew of celebrities and technology executives including Facebook’s Mark Zuckerberg, Google’s Sundar Pichai and Spotify founder Daniel Ek. Every time, they leave a message telling the victim how weak their security is and leave a link to their website. Indeed the group claims to be a security firm rather than a hacking outfit. In any case, as far as ‘hacks’ go, OurMine’s activity is fairly tame. Until WikiLeaks’ website was taken down – thanks to an ongoing head-to-head with the Anonymous collective – there was little real damage caused to victims other than embarrassment. The DDoS attack took down the famous whistleblowing website by sending waves of traffic towards its servers, a common tactic used in hacktivist circles as a means of protest. After the incident, WikiLeaks got in touch and said the group was wasting its time by not making the most of the chances received by infiltrating profiles of the rich and famous. “If you support us and want to show you’re skills, then don’t waste your time with DDoS etc,” the account wrote. “Find us interesting mail spools or docs and send them to [WikiLeaks]. That’ll have a much greater impact.” After OurMine replied with “We never change their passwords we are just testing their accounts’ security” WikiLeaks said it was a “huge waste.” The message continued: “There’s a lot more than (sic) could have been done with those accounts. Sending DM’s as Zuckerberg to further access elsewhere. Same with Google CEO. You could have used these accounts to gain access to much more significant information, revealing corrupt behaviour elsewhere.” Based on the chats, OurMine appeared to agree with the new direction. “Great idea,” it said. One the hackers, speaking with Wired, previously said: “We don’t need money, but we are selling security services because there is a lot [of] people [who] want to check their security. We are not blackhat hackers, we are just a security group…we are just trying to tell people that nobody is safe.” Source: http://www.ibtimes.co.uk/wikileaks-tells-ourmine-hackers-impersonate-high-profile-victims-reveal-corrupt-behaviour-1569499

Overwatch Servers Went Down After Alleged DDoS Attack

Infamous hacker group Lizard Squad is thought to be at it again, this time taking down Overwatch servers and leaving players unable to join and remain in a session. Over the past week, Blizzard has been experiencing some problems with Battle.net that have made it difficult for players to use the service as intended with games like Overwatch . Now, there’s word that these issues might have been caused by a DDoS attack launched by members of hacker group Lizard Squad. Some users are reporting that they are unable to log in to Battle.net. Others are able to enter, but find themselves kicked out of multiplayer matches in Overwatch for seemingly no reason. Ordinarily, issues like these would be brushed off as being part and parcel of the modern online experience. However, a suspicious tweet from a known Lizard Squad member has led to the group being implicated, according to a report from VG247. The above tweet is being taken as proof that Lizard Squad member AppleJ4ck was involved with the attack. Some Overwatch players responded to his post to vent their annoyance about the situation — to which AppleJ4ck responded, “in a way, I’m doing y’all a favor.” This is not the first time that Lizard Squad has targeted organizations within the video game industry. The group rose to prominence back in 2014, when a coordinated attack brought down the PlayStation Network and Xbox Live over Christmas, causing massive headaches for the companies involved. Of course, the attack was not an unmitigated success for the group, as the high-profile hack made Lizard Squad an immediate target for authorities. Just days later, a 22-year-old alleged to be a part of the organization was the subject of a raid by police in the United Kingdom. However, the strength of a group like Lizard Squad is the fact that they are spread all over the world. Individual members can be found and brought to justice, but it’s difficult to make a concerted attempt to stamp out its activity outright. If the situation is hard on the authorities, then it’s even more challenging for a company like Blizzard. The overwhelming popularity of Overwatch means its hard enough for the company to keep Battle.net afloat at the best of team, never mind when there are hackers on the prowl. Unfortunately, criminal elements like Lizard Squad are part and parcel of the modern online experience. Companies like Blizzard have to take these groups into consideration when operating a service like Battle.net — hackers have the power to ruin the experience for the rest of us, and the only defence is a robust level of security. Source: http://gamerant.com/overwatch-servers-down-ddos-attack-846/

More:
Overwatch Servers Went Down After Alleged DDoS Attack

DNS attacks cost businesses more than $1 million a year

New research has revealed that DNS attacks are costing businesses more than $1 million a year in lost business and service downtime. For years, DNS has silently and peacefully served internet needs, but it’s mostly been thought of as a trivial protocol requiring very basic configuration and monitoring. Despite its criticality, this service has never really been considered as a potential security issue, mostly because common usage leads people to believe it is a trivial protocol requiring very basic confguration and monitoring. But while DNS may have been safe and apparently secure for the last twenty years, because of its complexity and evolving role in the IT industry it has become a powerful attack vector, with 91% of malware using the DNS protocol. According to the new study from IDC and EfficientIP , the top three DNS attacks that have the largest impact on an organisation are Distributed Denial of Service (DDoS attacks, Zero-Day vulnerabilities and data exfiltration. These types of attacks are the main cause of business outage and data theft. But despite 74% being victims of DNS attacks, 25% of businesses still aren’t implementing any kind of basic security software. EfficientIP’s experts warn that existing DNS defenses are outdated and no longer work. Until now, the approach to IT Security has been one that has downplayed the risk of DNS threats, bundling them in with a wide selection of diferent network threats that can be protected using traditional security tools and techniques. It is an approach that threatens DNS security by overcomplicating architectures, adding slow and inappropriate layers of defence. While firewalls can protect on a basic level, on their own they;re not designed to deal with high bandwidth DDoS attacks, or detect DNS tunnelling attempts (the majority of DDoS attacks are now over 1Gbps), and most businesses still rely on the ‘out-of-the-box’ non-secure DNS servers offered by Microsoft or Linux servers. ‘The report has highlighted that despite the massive increase in cyber attacks, companies and their IT departments still don’t fully appreciate the risks from DNS-based attacks,’ said David Williamson, EfficientIP CEO. ‘In just under two years GDPR will come into effect and companies will be held responsible for all security breaches and could face major fines. It’s crucial for all businesses to start taking DNS security seriously.’ Source: http://www.information-age.com/technology/security/123461604/dns-attacks-cost-businesses-more-1-million-year-study

View article:
DNS attacks cost businesses more than $1 million a year

Defending against DDoS-Day

It was tax time in Australia, 2014, and one Sydney tax agent, like many others across the country, was all-hands-on-deck as staff took endless calls and filled appointment diaries. The frantic pace was welcomed at the young firm, which prided itself on being hip, casual, and cool. The firm’s slick, mobile-friendly website and a good search engine ranking brought a decent rush of new clients to the firm each year. So when the site went on- and offline over the course of a week, phones stopped ringing and staff panicked. The firm was on the receiving end of a distributed denial-of-service (DDoS) attack from IP addresses out of Eastern Europe that overwhelmed the small business IT infrastructure. An email in the company’s generic inbox demanded that US$1,000 be wired to a Western Union account in order for the attacks to stop. “We called our tech guys and they tried to block it,” a senior tax accountant told CRN on condition of anonymity. “We called the cops, but no-one could fix it quickly enough so we paid.” The price was cheap compared to the damage wrought. And fears that the criminals would just ask for more money once the ransom was paid were unfounded; the attacks stopped abruptly and no more was heard from them. Booters and stressers When a dam threatens to breach, it helps to have a network of diversion channels where the water can flow away from the towns below. So it is that a wave of DDoS packets can be soaked up by throwing large networks in front of the target. The floods are becoming more common, but their nature is changing to something more efficient and dangerous than in previous years. Akamai’s latest release of the popular State of the Internet report for the last quarter of 2015 finds a 149 percent increase in total DDoS attacks and a 169 percent increase in infrastructure layer attacks over the same period in 2014. The “vast majority” of these attacks were from so-called booter or stresser providers, the DDoS-for-hire services that operate with a gossamer-thin veil of legitimacy for customers who pay hourly to monthly rates to point the attacks at their own infrastructure. Of course, many who use the services point the booters at rival businesses, governments and, notably, live-stream gaming video channels operated by rivals. These attacks have “increased dramatically”, Akamai says, compared to the preceding three months, with use of network timing attacks that power the booters up by 57 percent on the previous quarter. Such attacks abuse the network timing protocol so a small query generates a large response, which is redirected at a target. “Network Time Protocol amplification attacks have be used in large-scale DDoS attacks peaking shy of 400Gbps, but DNS amplification attacks have also been successfully used to cripple infrastructure and cause serious financial losses,” BitDefender senior threat analyst Adrian Liviu Arsene says. “One of the largest DDoS attack to date was reported to have reached around 500Gbps, although the standard is somewhere around 100Gbps.” Motive and intent Distributed denial-of-service is the second most likely digital attack to be familiar to the average pedestrian after viruses. The method of attack hit mainstream headlines some six years ago, when online activist group Anonymous brought down major websites, including Paypal, the Recording Industry Association of America and the sites of Canberra public agencies. Systematic arrests followed, bursting the bubble of those participants who thought safety in numbers would shield their IP addresses from being singled out by police. It signalled a fall in popularity of DDoS as a means of protest. The criminal undercurrent remains and here cash is king, but motivations still vary. Businesses use DDoS attacks to knock off rivals and criminals to send sites offline until a ransom is paid. Yet others use the digital flood as a diversion to distract security defenders and set off alarms while they hack into back-end systems. One group known as DDoS for Bitcoin, or DDoS4BC, is using the proven anonymity of the crypto-currency to extort companies through DDoS. It is a safer model for criminals than that which ripped through the Sydney tax accountancy, and considerably more expensive for victims. It is, as of January, known to have hit more than 150 companies around the world, first sending an extortion note demanding between AU$5,600 and a whopping AU$112,000 in Bitcoins before launching small DDoS attacks to demonstrate the group’s capabilities. For some victims, the DDoS may be short-lived and devoid of any apparent motive, according to Verizon Enterprise Solutions investigative response managing principal Ashish Thapar. “We have definitely seen DDoS on the rise and several of our partners are logging double the [usual] number of incidents,” Thapar says. “We are also seeing DDoS attacks bringing companies them to their knees but not entirely offline, which acts as a smokescreen for advanced persistent threat attacks at the back end.” That’s also something Secure Logic chief executive officer Santosh Devaraj has seen. The company hosts iVote, the electronic voting system for NSW, and last year bagged the $990,000 contract to operate it until 2020. “There are ‘DDoS for hire’ groups we’ve seen as part of monitoring iVote that may be trying to gain access to infrastructure at the back,” Devaraj says. “The real threat may not be the DDoS.” DDoS down under Australian businesses are less targeted than those overseas, experts agree, thanks in part to our smaller internet pipes. But with the NBN rolling out, DDoS Down Under is expected to become big. The midmarket is likely to be hit harder, BitDefender’s Arsene says. “Midmarket DDoS attacks are likely to rise as the chances of targets actually paying are higher than for other organisations,” he says. “[Criminals] specifically target midmarket companies that don’t have the technical resources to fend off such attacks.” Akamai chief strategist John Ellis agrees, saying extortionists “tend to hit the sites with a large online presence”. “For cyber adversaries, the [midmarket] provides a fantastic target,” Ellis adds. “A Sydney developer team that relies heavily in online app availability, for example, may have to seriously consider whether it rolls over and pays DDoS extortionists.” The attacks in Australia are, for now, fairly small. “We are seeing bigger DDoS attacks, but they’re nowhere near the size of attacks in the US,” says Melbourne IT cloud and mobile solutions general manager Peter Wright. “It is partly because infrastructure and bandwidth limitations reduce the size of DDoS attacks. It is an attribute of infrastructure capacity and there is a risk that, as we broaden the pipes [as part of the National Broadband Network], it brings huge benefits but increases the risk profile as well.” Sinking feeling Big banks are smashed by DDoS attacks every day and largely do not bat an eyelid. Online gambling companies, too, across Australia are blasted during big sporting events. These top end of town players have expensive, tried-and-tested scrubbing mechanisms to largely neuter DDoS attacks, although some betting agencies are known to have regularly paid off attackers during the Melbourne Cup, treating it as a cost of business. The midmarket is not left to its own devices, however. Hosting providers like Melbourne IT and others offer DDoS protection against applications and services, while other companies have cheaper offerings for the budget market. “I am sympathetic to the midmarket, their need for bang-for-buck,” Ellis says. “The challenge for the midmarket is that they don’t have the money that they need… they should focus on business outcomes and partners who understand their business and design outcomes.” For Secure Logic’s Devaraj, DDoS mitigation comes down to a solid cyber security operations centre. “It is where I believe the industry should invest, rather than a particular technology.” Yet companies can use free or cheap DDoS protection from the likes of CloudFlare, or opt for do-it-yourself options that require hardening of security defences – something the average small technology shop may lack the ability to do. “There are DDoS sinkholes and capabilities with our cloud partners,” Wright says. “If a resource or function is hit, we can move workloads to other resources dynamically.” Arsene agrees. “Midmarket tech guys need to start by incorporating DDoS attack risks into their corporate security strategies. Using a secure and managed DNS that supports changing internet protocols on the fly is also recommended, as well as patching software vulnerabilities to mitigate application layer attacks.” Source: http://www.crn.com.au/feature/defending-against-ddos-day-419470/page1 http://www.crn.com.au/feature/defending-against-ddos-day-419470/page2

Read the original post:
Defending against DDoS-Day