Tag Archives: dos attacks

Anonymous teams up with GhostSquad to attack major banks

Anonymous has joined forces with GhostSquad to launch successful cyberattacks on eight international banks that were forced to shut down their websites. The hacktivist collective alongside the hacker group GhostSquad have launched a new operation called Op Icarus which aims to punish corrupt banks and individuals in the financial sector. So far the Central Bank of the Dominican Republic, the Guernsey Financial Services Commission, the Central Bank of Maldives and the Dutch Central Bank were all offline for a brief period on May 6 after being hit with distributed denial of service (DDoS) attacks. A day later, the National Bank of Panama and the Central Bank of Kenya were hit with cyberattacks, followed by the Central Bank of Bosnia and Herzegovina and the Central Bank of Mexico were taken offline as a result of DDoS attacks. All eight of the international banks that have been targeted by Op Icarus have managed to bring their systems back online. Anonymous did send a warning to the banking community in the form of a video that was posted on May 4 which said: “We will not let the banks win, we will be attacking the banks with one of the most massive attacks ever seen in the history of Anonymous”. Members of the group also reportedly told the site Hack Read that: “The National Bank of Panama was a special target considering the importance of the Panama leaks. We want to make sure the corrupt elite named in the papers would be punished one day”. With the addition of the cyberattack against the Central Bank of Greece and the Central Bank of Cyprus, Anonymous has now launched 10 attacks on international banks on its list of 160 potential banks that could be targeted by its members. Anonymous has planned Op Icarus to be a month long campaign against the banking industry as a whole. The US Federal Reserve Bank, the IMF, the World Bank, the New York Stock Exchange and the Bank of England are all listed by the group as potential targets and with more than half of the campaigns’ allotted time remaining, this will most likely not be the group’s grand finale. Source: http://betanews.com/2016/05/12/anonymous-op-icarus/

See the original post:
Anonymous teams up with GhostSquad to attack major banks

Bitrated faces severe DDoS attack and $3,200 ransom demand

A couple of hours ago, Bitrated, a bitcoin trust platform meant for reputation management and consumer protection has posted a tweet, warning users about an ongoing DDoS attack, carried out in the form of an extortion attempts. During the last couple of weeks, numerous Bitcoin-related companies, but also other businesses from all around the world have been affected by such attacks. According to a Medium post written by the Bitrated, it seems like they received a warning mail five minutes prior to the commencement of the attack, asking for a total of 7 BTC, worth around $3,200 at the time of writing. Unlike other extortionists who decided not to stand up to their promise, Bitrated’s servers were attacked for a couple of hours, and were put under a strain of 3.2 Gb/s. In return, DigitalOcean null routed trading on their network infrastructure. According to Bitrated, the company has an ethic code which makes them unable to succumb to any extortion attempts. They believe that blackmail demands are unethical, and funding the extortionists will undoubtedly lead to further attacks. Bitrated also mentioned that due to their nature of being a bootstrapped startup, they do not have the financial resources required to counter-attack such demands, which is why the service may be unavailable for a while. Based on everything that has been outlined so far, what do you personally think about this DDoS attack? Let us know your thoughts in the comment section below. UPDATE: The DDoS attacks have stopped. Therefore, the platform is available. Bitrated encourages users who wish to do so, to withdraw their funds from the system as soon as possible. Source: http://themerkle.com/bitrated-faces-severe-ddos-attack-and-3200-ransom-demand/

Read the article:
Bitrated faces severe DDoS attack and $3,200 ransom demand

Anonymous Threatens Bank DDoS Disruptions

Follows Collective’s ‘Total War’ Against Donald Trump After earlier this year declaring “total war” against U.S. Republican presidential candidate Donald Trump, the hacktivist group Anonymous is now threatening global banks with 30 days of distributed denial-of-service attack disruptions. As a preview, on May 2, the group claimed to have disrupted the website of Greece’s central bank. “Olympus will fall. A few days ago we declared the revival of Operation Icarus. Today we have continuously taken down the website of the Bank of Greece,” the group said in the video posted on You Tube and delivered in the classic Anonymous style via a disembodied, computerized voice. “This marks the start of a 30-day campaign against central bank sites across the world,” it adds. “Global banking cartel, you’ve probably expected us.” Of course, banks have previously been targeted en masse by DDoS attackers. Beginning in 2012, for example, attacks waged by a group calling itself the “Izz ad-Din al-Qassam Cyber Fighters” continued to disrupt U.S. banks’ websites as part of what it called “Operation Ababil.” In March, the Justice Department unsealed indictments against seven Iranians – allegedly working on behalf of the Iranian government – accusing them of having waged those attacks. Regardless of who was involved, it’s unclear if Anonymous could bring similar DDoS capabilities to bear for its Operation Icarus. A Central Bank of Greece official, who declined to be named, confirmed the May 2 DDoS disruption to Reuters , though said the effect was minimal. “The attack lasted for a few minutes and was successfully tackled by the bank’s security systems. The only thing that was affected by the denial-of-service attack was our website,” the official said. Greek banks have been previously targeted by DDoS extortionists, demanding bitcoins. “It would have been better if no disruption occurred, but it is good that the attack – if that is what caused the disruption – was handled so quickly,” says information security expert Brian Honan, who’s a cybersecurity expert to the EU’s law enforcement intelligence agency, Europol. A “World Banking Cartel Master Target List” published by Anonymous to text-sharing site Pastebin early this month lists the U.S. Federal Reserve, as well as Fed banks in Atlanta, Boston, Chicago, Dallas, Minneapolis, New York, Philadelphia, Richmond and St. Louis. Also on the target list are websites for the International Monetary Fund, the World Bank as well as 158 central banks’ websites. In a related video missive issued March 31, Anonymous urged its members to “take your weapons and aim them at the New York Stock Exchange and Bank of England,” promising that “this is the operation to end all others.” The planned Anonymous operation follows elements of the collective earlier this year declaring “total war” against Trump, and on April 1 temporarily disrupting several of Trump’s websites, The Hill reports. Since then, of course, Trump has become the only Republican presidential candidate left standing after his massive win in this week’s Indiana primary. Banks: Beware DDoS Threats While the Anonymous bark doesn’t always equal its bite, in the wake of this alert, “banks in the United Kingdom, United States and Latin America should be very prepared” against potential attacks, says Carl Herberger, vice president of security for DDoS-mitigation and security firm Radware. “In the same vein as someone yelling ‘bomb’ at an airport or fire at a movie theater, cyber-attack threats – whether idle or not – are not to be taken lightly,” he says, although he adds that the number of threatened DDoS attacks outweighs the quantity of actual attacks. Herberger says in light of the new threat, all banks should review their DDoS defense plans, keeping in mind that DDoS attackers do continue to refine their tactics, as seen in the disruption of Geneva-based encrypted email service ProtonMail. “As the attacks on ProtonMail in November 2015 have demonstrated … attackers change the profile of their attacks frequently and leverage a persistent and advanced tactic of revolving attacks geared to dumbfound detection algorithms,” he says, dubbing such tactics “advanced persistent DoS.” Maintain a DDoS Defense Plan Security experts have long recommended that all organizations have a DDoS defense plan in place. The U.K.’s national fraud and cybercrime reporting center, ActionFraud, for example, recently issued the following advice to all organizations: Review: “Put appropriate threat reduction/mitigation measures in place,” tailored to the risk DDoS disruptions would pose to the organization. Hire: If DDoS attacks are a threat, seek professional help. “If you consider that protection is necessary, speak to a DDoS prevention specialist.” Prepare: All organizations should liaise with their ISP in advance of any attack. “Whether you are at risk of a DDoS attack or not, you should have the hosting facilities in place to handle large, unexpected volumes of website hits.” DDoS Extortions Spike The guidance from ActionFraud, released April 29, also warned that the center has recently seen a spike in DDoS extortion threats from an unnamed “online hacking group” demanding the equivalent of $2,250 to call off their planned attack. “The group has sent emails demanding payment of 5 bitcoins to be paid by a certain time and date. The email states that this demand will increase by 5 bitcoins for each day that it goes unpaid,” ActionFraud’s alert states. “If their demand is not met, they have threatened to launch a [DDoS] attack against the businesses’ websites and networks, taking them offline until payment is made.” ActionFraud advises targeted organizations: “Do not pay the demand.” That echoes longstanding advice from law enforcement agencies globally. ActionFraud also urges organizations to keep all copies of DDoS extortion emails – including complete email headers – as well as a complete timeline for the threats and any attacks, and to immediately report threats or attacks to authorities. Investigators say that keeping complete records – including packet-capture logs – is essential for helping to identify perpetrators. Or as ActionFraud advises: “Keep a timeline of events and save server logs, web logs, email logs, any packet capture, network graphs, reports, etc.” Masquerading as Armada Collective? CloudFlare, a DDoS mitigation firm, reports that related attacks began in March and have been carried out under the banner of Armada Collective, as well as potentially Lizard Squad, although it’s not clear if those groups are actually involved. It’s also unclear if the threatened DDoS disruptions have ever materialized. “We’ve been unable to find a single incident where the current incarnation of the Armada Collective has actually launched a DDoS attack,” CloudFlare CEO Matthew Prince says in a blog post. “In fact, because the extortion emails reuse bitcoin addresses, there’s no way the Armada Collective can tell who has paid and who has not. In spite of that, the cybercrooks have collected hundreds of thousands of dollars in extortion payments.” Source: http://www.bankinfosecurity.com/anonymous-threatens-bank-ddos-disruptions-a-9085

See the article here:
Anonymous Threatens Bank DDoS Disruptions

Explanation of DDoS attacks and SQL Injections

In most articles about Hack you usually follow attacks by groups like Anonymous, LulzSec and AntiSec. And you’ve heard also spoke websites and platforms that have been hacked as Sony earlier this year, for example. But are you aware of the methods used to break down these services? There are many tools and techniques that some hackers use to reach their goals but I will not give you all this turnkey. Here I will briefly explain the operating principle of the two most known attacks on the web. — DDoS (Distributed) Denial of Service — SQL injections or SQLi DDoS attacks (Distributed) Denial of Service First of all what is a DDoS attack? A Denial of Service (also known as Distributed Denial of Service, or DDoS), resulting in denial-of-service attack. This kind of attack is to make available a service. Here I take the example (according to the diagram above) an attack on a web server by flooding the network to prevent its operation. You understood the objective and a successful DDoS attack is to render inoperative the website for everyone. As it works? In a DDoS attack, it’s all about logistics. And nothing like an example to explain it all Take a good million malicious people coming together in order to sabotage the company’s affairs X using its call center. They will coordinate their actions say Friday at 10am to call all at the same time the company X. This will be bombarded with millions of phone calls and probably will not manage. The result is that legitimate customers wanting to call this company will struggle to reach her. A DDoS attack on a web server works exactly the same way. Indeed, there is virtually no way of knowing if the generated traffic comes from legitimate requests or hackers. It is a type of attack usually very effective but requires substantial resources following the targeted server. Implementation of the attack A DDoS attack works virtually like a brute force. You’ll need a fairly large number of computers to attack all coordinates simultaneously. According to the example I gave you the call center, you can imagine that he rather difficult to directly control thousands of computers to attack a server. This is where the zombie machines come in. As you probably know, there are a multitude of malware and trojans that once installed on a system dormant pending instructions from the hacker who created it. One such instruction could be for example to send multiple requests to a web server. And so one hacker would have infected several thousand computers could use them to perpetrate the attack. With the use of multiple botnets in general it is very difficult to trace the source of such attacks because the hacker does not have to use its own machine to perform its action (besides controlling botnets but it goes without saying). SQL or SQLI injections What is SQL injection? A SQL injection is an achievement, that is to say a security flaw in an application connected to a database. Typically such flaws leverages bad programming techniques of some developers. ^^ This attack allows a compromise or even a server database if the user using the database system rights. But unlike a DDoS attack a SQLi attack can be easily avoided if a web application is programmed correctly. Implementation of the attack When you want to connect to a web site, you enter your user name and password. To test these settings, the web application will make a request of this type: 1 SELECT user_id FROM users WHERE username = ‘myuser’ AND password = ‘mypass’; Note that the String variables must be enclosed in single quotes. Thus the combination of username (myuser) and password (mypass) must match a line in the table of users (users) to a user_id is returned. If no line is, no user_id is back and in this way the connection with the entered password is invalid. However, if a user enters a substitution value that can be interpreted in the query, then at that time your application is susceptible to SQL injection. Suppose myuser ‘- entered the fields username with any password. This would give: 1 SELECT user_id FROM users WHERE username = ‘myuser’ – ‘AND password =’ ??mypass’; The key to this application is the inclusion of two hyphens (-). This is actually the token to comment out an SQL query. And so everything after the two dashes will be ignored. Here the query executed will be: 1 SELECT user_id FROM users WHERE username = ‘myuser’ As you have noticed most glaring omission here is the verification of the password! And this is by including in the fields username both indents that the password is completely ignored. This is called a SQL injection. The results By imagining that the site has full control over its database, then the consequences can be quite devastating. This can give the possibility to hack delete, create or edit database records, etc … To illustrate the damage that can be caused, consider this request as an example: 1 SELECT user_id FROM users WHERE username = ‘lama’; DROP TABLE users; – ‘AND password =’ ??mypass’; Here we have entered the user name input fields Lama ‘; DROP TABLE users; -. The semicolon used to end a statement and to create a new following. DROP TABLE users; will delete the users table in the database. Basically the query executed by data base will be: 1 SELECT user_id FROM users WHERE username = ‘lama’; 2 DROP TABLE users; Sure SQL permissions as the hacker can do a lot worse! As clear the entire database, create new logins, etc … Protect a SQL injection SQL injection can be easily circumvented by “disinfectant” or “escaping” the data. In English we can translate these words by “Sanitize” or “Escape”. In this way a chain inside a request can not be terminated prematurely. For example, to search the user name Wada in database you are forced to escape the single quote after the L. So you can “sanitize” the chain by inserting a . Returning to the previous SQL injection example with the value myuser ‘-. 1 SELECT user_id FROM users WHERE username = ‘myuser ‘ – ‘AND password =’ ??mypass’; Escaping the single quote after myuser, the database will search the user name myuser ‘-. So the query is executed fully and includes the second condition on the password. There are several methods to escape a string in a request. PHP for example you can use the mysql_real_escape_string () to escape a string in a request. 1 $ Sql ??= “SELECT user_id FROM users”; 2 mysql_real_escape_string ( “myuser” – “). $ Sql. = “AND password = ‘”. mysql_real_escape_string ( “mypass”).

Follow this link:
Explanation of DDoS attacks and SQL Injections

New Jaku Botnet Already Has 19,000 Zombies, Ideal for Spam and DDoS Attacks

Group has ties to the Darkhotel APT attacks Security researchers from Forcepoint say that a new botnet has slowly risen and grown to contain over 19,000 zombies all over the world, but predominantly in Asian countries. Named Jaku ( Star Wars reference alert — Jakku ), the botnet has made most of its victims in countries such as Japan and South Korea, which count 73 percent of all infections. Nevertheless, security experts claim they detected infections with Jaku’s malware in 134 different countries, even if sometimes they comprised one or two users. Jaku is one of the most sophisticated and resilient botnets around Researchers say that first signs of the botnet appeared last September, and in a six-month timeframe, Jaku grew tremendously compared to other similar threats. The group behind Jaku controls the botnet through multiple C&C (command-and-control) servers, most of which are located in countries in the APAC region, such as Singapore, Malaysia, and Thailand. In ordered to stay hidden from sight, the Jaku group deployed three different C&C mechanisms but also used obfuscated SQLite databases on the client-side to store configuration files. The Jaku botnet can be used to deliver spam, to launch DDoS attacks, but also to implement other types of malware. This second-stage delivery process occurs with the help of steganography, which crooks use to bundle their malicious code inside image files. Jaku infects users via poisoned torrent files Forcepoint says that infections usually takes place via malware-laced files shared via BitTorrent. The group usually goes after high-value targets but doesn’t mind if other users are infected as well. Security researchers say the group has shown interest in international Non-Governmental Organizations (NGOs), engineering companies, academic institutions, scientists and government employees. “The Jaku campaign has clear connections with the TTPs used by the threat actors discussed by Kaspersky in the Darkhotel investigations from November 2014,” Forcepoint researchers point out. The Darkhotel group was later known as Dark Seoul , and has recently been connected to hackers in North Korea, part of the Lazarus Group . Source: http://news.softpedia.com/news/new-jaku-botnet-already-has-19-000-zombies-ideal-for-spam-and-ddos-attacks-503689.shtml

Read the original post:
New Jaku Botnet Already Has 19,000 Zombies, Ideal for Spam and DDoS Attacks

Anonymous Target Bank of Greece Website with Massive DDoS Attack

Anonymous shut down the bank of Greece website in a powerful DDoS attack — Vows to target more banks against financial corruption. The online hacktivist Anonymous recently relaunched operation OpIcarus directed towards banking sector in Europe and the United States — The first bank coming under the fire is the Bank of Greece who had their website under a series of distributed denial-of-service attacks ( DDoS ) forcing the servers to remain offline for more than 6 hours. OpIcarus is all about targeting banking and financial giants Anonymous’ Operation OpIcarus was launched in January 2016 and restarted in March 2016. The hacktivists behind the operation believe banks and financial giants are involved in corruption and to register their protest they had to take the war to a next level. In an exclusive conversation with one of the hacktivists behind the Greek bank DDoS attack, HackRead was told that: “The greek central bank has been offline all day. we would like all banks out there to know that unless they hold themselves accountable for their crimes against humanity that we will strike a new bank every single day and punish them #OpIcarus.” Source: https://www.hackread.com/anonymous-ddos-attack-bank-greece-website-down/ The hacktivists also released a YouTbe video revealing the reason and a list of banking websites that will be targeted. The list includes banking and financial institutions in Brazil, Bangladesh, China, USA, UK, Pakistan, Iran and several other countries.

Link:
Anonymous Target Bank of Greece Website with Massive DDoS Attack

Armada Collective Copycats Now Posing as Lizard Squad in DDoS Extortion Scheme

After terrorizing companies under the fake Armada Collective moniker, the same group appears to have switched to using the name of the infamous Lizard Squad hacking crew, CloudFlare reported today. Early this week on Monday, CloudFlare let everyone know there was a criminal goup sending out extortion emails to companies around the globe. The criminals were posing as Armada Collective , an infamous group known for carrying out DDoS attacks if victims didn’t pay a so-called “protection tax.” The crooks were basing their attacks on the victims googling their name and finding out about the tactics of the real Armada Collective. In fact, CloudFlare says it never saw a single DDoS attack carried out by this group against its targets. In another blog post today, CloudFlare says that three days after they exposed the group, the criminals dropped the Armada Collective name and started using Lizard Squad instead, another hacking crew, famous for downing the Xbox and PlayStation networks on Christmas 2014. The change was to be expected since extorted organizations that would google the Armada Collective name would see all the stories about the copycats instead. CloudFlare says that over 500 companies received extortion emails from this group claiming to be Lizard Squad and that all these emails were identical. As before, the group used one single Bitcoin address to receive payments. By using one Bitcoin address, the group would not be able to tell which companies paid the ransom and which didn’t, meaning this was almost sure the same group as before, launching empty threats once again. CloudFlare says that just like when claiming to be Armada Collective, the group never launched any DDoS attacks when posing as Lizard Squad. Below is a comparison of the two ransom notes received by companies, from the fake Lizard Squad group on the left, and from the fake Armada Collective group on the right. Source: http://justfreedownload.net/news/98693/armada-collective-copycats-now-posing-as-lizard-squad-in-ddos-extortion-scheme.html

See more here:
Armada Collective Copycats Now Posing as Lizard Squad in DDoS Extortion Scheme

Businesses pay $100,000 to DDoS extortionists who never DDoS anyone

In less than two months, online businesses have paid more than $100,000 to scammers who set up a fake distributed denial-of-service gang that has yet to launch a single attack. The charlatans sent businesses around the globe extortion e-mails threatening debilitating DDoS attacks unless the recipients paid as much as $23,000 by Bitcoin in protection money, according to a blog post published Monday by CloudFlare, a service that helps protect businesses from such attacks. Stealing the name of an established gang that was well known for waging such extortion rackets, the scammers called themselves the Armada Collective. “If you don’t pay by [date], attack will start, yours service going down permanently price to stop will increase to increase to 20 BTC and will go up 10 BTC for every day of the attack,” the typical demand stated. “This is not a joke.” Except that it was. CloudFlare compared notes with other DDoS mitigation services and none of them could find a single instance of the group acting on its threat. CloudFlare also pointed out that the group asked multiple victims to send precisely the same payment amounts to the same Bitcoin addresses, a lapse that would make it impossible to know which recipients paid the blood money and which ones didn’t. Despite the easily spotted ruse, many businesses appear to have fallen for the scam. According to a security analyst contacted by CloudFlare, Armada Collective Bitcoin addresses have received more than $100,000. “The extortion emails encourage targeted victims to Google for the Armada Collective,” CloudFlare CEO Matthew Prince wrote. “I’m hopeful this article will start appearing near the top of search results and help organizations act more rationally when they receive such a threat.” Source: http://arstechnica.com/security/2016/04/businesses-pay-100000-to-ddos-extortionists-who-never-ddos-anyone/

Continue Reading:
Businesses pay $100,000 to DDoS extortionists who never DDoS anyone

Anonymous Launches DDoS attacks Against Denver Police Website Against Fatal Shooting

Anonymous NWH targets Denver police department domain with DDoS attack to register protest against the fatal shooting of 39-year-old Dion Avila An Anonymous-linked team of attackers called New World Hacking (NWH) has conducted a series of powerful distributed denial-of-service ( DDoS ) attacks on Denver city, county and police website earlier today forcing the site to go offline — The reason for targeting the site was last week’s (Tuesday 14th April) police shooting in which Dion Avila Damon was allegedly killed inside his parked car near the Denver Art Museum. In an exclusive conversation with two of the NWH attackers (Sad Prophet and SinfulHazeCE) behind this attack, HackRead told that: “We see how Denver police don’t care so if they don’t care about killing and innocent; we don’t care about continuous attacks on Denver.” The attackers also hint for a database leak within a week or so depending on the response from Denver police department. However, Fox news reported that Police is investigating an officer-involved in the shooting. Remember, the NWH is the same group who claimed responsibility for shutting down Xbox online service , BBC news servers , HSBC UK’s online banking, the official website for Donald Trump’s election campaign, Salt Lake city Police and airport websites . At the time of publishing this article, the Denver police department website was down. Source: https://www.hackread.com/anonymous-shut-denver-police-website/

View post:
Anonymous Launches DDoS attacks Against Denver Police Website Against Fatal Shooting

South Korea no 1 origin point for DDoS attacks

South Korea has taken the top spot as the largest origin point for DDoS attacks in 2016. Imperva documented DDoS attacks coming out of South Korea at a rate nearly triple that of Russia, which came in second. In fact, South Korea attained a proportion of global DDoS responsibility greater than the next three countries combined. DDoS attacks are one of the more popular tools in the hacker’s toolkit. DDoS, or distributed denial of service attacks, work by essentially flooding the target with traffic. Attackers will normally employ botnets to do this, making it seem as though millions of people are all visiting the same site at the exact same second. Though a favourite of hacktivists, the attack is also employed by cyber-criminals, often using it as a smokescreen to distract defenders while stealing information from the parts of networks that are left undefended. The blackmail group DD4BC, for example, would relentlessly DDoS websites until the unfortunate victims coughed up a couple of bitcoins. Ewan Lawson, a Royal United Services Institute fellow and expert in cyber-security, offered insight as to why South Korea might have reached this zenith. Lawson told SCMagazineUK.com , “It feels like it is in part a reflection of the networked nature of [South Korea] but there are other countries with similar degrees of penetration or greater.” South Korea has one of the highest internet penetration rates in the world and also enjoys one of the faster internet speeds, last year rated at an average of 23.6 Mbps. “It would therefore suggest”, said Lawson, “that there is some vulnerability in the gateways and/or servers that are being exploited by the DDoS enabling malware.” Igal Zeifman, senior manager at Imperva, told SC , “As a rule, botnets thrive either in regions with high Internet connectivity or in emerging Internet markets with a high prevalence of unsecured connected devices.” Zeifman added, “South Korea certainly fits the former scenario, with botnet shepherds benefiting from the organic evolution in connection speeds—something that also improves the attacking (upload) capabilities of compromised devices.” Botnets have been growing rapidly in South Korea over the past year. The South Korean DDoS activity primarily comes from two botnets – Nitol and PCRat – both of which offer remote control over the infected devices. Where they differ is their attack traffic signatures, Zeifman told SC. Nitol, for example, is a Chinese botnet and will probably send out attack disguised as search engine crawlers from Baidu, an immensely popular Chinese website. Jarno Limnell, professor of cyber-security at Aalto university in Finland, explained to SC that both of these botnets are Windows based: “A typical ‘member’ of a botnet is, therefore, a Windows PC. The easiest way to do it – non-updated (and possibly illegal) Windows with the appropriate vulnerability. I guess that in South Korea there a lot of these kind of PCs available to build botnets.” Russia and Ukraine came second and third respectively. Though beaten by South Korea, Zeifman told SC that the two countries owe much of their increased activity to “the emergence of new botnets built out of Windows OS devices compromised with the Generic!BT malware”. Zeifman added this may be indicative of poor security in those countries: “The fact that a known, and pretty outdated, type of malware is successfully being used points to inefficient security measures on the part of device owners.” Meanwhile, and perhaps unsurprisingly, the United States was the most DDoSed country in the world over the last quarter, far outpacing the combined total of the other nine most DDoSed countries. Some of the report’s other findings included the fact that DDoS attacks, are “upping their game” when it comes to botnets. Imperva’s report says this, “this was best exemplified by an increase in the number of DDoS bots with an ability to slip through standard security challenges, commonly used to filter out attack traffic.” Over the first quarter of this year, the number of these kinds of bots “mushroomed” from 6.1 percent to 36.6 percent, as a proportion of total bots. What makes them different is that some of these bots can hold cookies while others can spot javascript, making for a deadly combination. DDoS attackers are also narrowing their gazes. Imperva notes that while DDoS attacks may have once been brutish and crude, the company is seeing far more finesse in the deployment. Attackers have been experimenting with new methods and vectors, which the reports says suggests “that more perpetrators are now re-prioritising and crafting attacks to take down DDoS mitigation solutions, rather than just the target.” Source: http://www.scmagazineuk.com/south-korea-no-1-origin-point-for-ddos-attacks/article/491220/

More:
South Korea no 1 origin point for DDoS attacks