Tag Archives: internet

Massive DDoS Attacks Disable Internet Access Throughout Liberia

British security researcher Kevin Beaumont recently reported that a series of massive cyber attacks using the Mirai DDoS botnet periodically disabled all Internet access throughout the country of Liberia. “Liberia has one Internet cable, installed in 2011, which provides a single point of failure for Internet access. … The attacks are extremely worrying because they suggest a Mirai operator who has enough capacity to seriously impact systems in a nation state,” Beaumont wrote. An employee at a Liberian mobile service provider told Network Worldthat the attacks were hurting his business. “It’s killing our revenue,” he said. “Our business has been targeted frequently.” Beaumont said it appears that the attacks, which targeted Liberian telecom operators who co-own the single Internet cable, were being used to test denial of service techniques. Given the volume of traffic, more than 500 Gbps, Beaumont said it appears that the botnet is owned by the same actor who hit the managed DNS provider Dyn on October 21, disabling websites across the U.S. Mikko Hypponen, chief research officer at F-Secure, told VICE News that those actors were probably… kids. “Kids who have the capability and don’t know what to do with it,” he said. Flashpoint director of security research Allison Nixon agreed with that assessment, stating in a blog post, “The technical and social indicators of this attack align more closely with attacks from the Hackforums community than the other type of actors that may be involved, such as higher-tier criminal actors, hacktivisits, nation states, and terrorist groups.” Still, NSFOCUS chief research intelligence analyst Stephen Gates told  eSecurity Planet  by email that attacks like these could have a real impact on tomorrow’s U.S. presidential election. While U.S. polling machines aren’t connected to the Internet, Gates said, some voter identification systems may be. “In some states, the voter ID must be checked before a voter can proceed,” he said. “If those systems are connected to the Internet to gain access to a database of registered voters, and they were taken offline, then would-be voters could not be verified.” “What that would mean to the election process is anyone’s guess,” Gates added. According to Nexusguard’s Q3 2016 DDoS Threat Report, the number of reflection-based DDoS attacks fell more than 40 percent during the third quarter of the year, while IoT-based botnets reached unprecedented speeds. The U.S. saw the most attack events in the third quarter, followed by China, Russia and the United Kingdom. “Few service providers can sustain the level of malicious traffic we saw in Q3 from IoT botnets, so these DDoS outages are causing companies to completely rethink their cybersecurity strategies,” Nexusguard chief scientist Terrence Gareau said in a statement. “Hackers’ preferences for botnets over reflection attacks are typical of cyclical behavior, where attackers will switch to methods that have fallen out of popularity to test security teams with unexpected vectors,” Gareau added. Source: http://www.esecurityplanet.com/network-security/massive-ddos-attacks-disable-internet-access-throughout-liberia.html

More:
Massive DDoS Attacks Disable Internet Access Throughout Liberia

The Dyn DDOS Attack And The Changing Balance Of Online Cyber Power

As the denial of service (DDOS) attack against Dyn shook the internet a little over a week ago, it brought to the public forefront the changing dynamics of power in the online world. In the kinetic world of the past, the nation state equivalent was all-powerful, since it alone could raise the funds necessary to support the massive military and police forces necessary to command societies. In the online world, however, the “armies” being commanded are increasingly used against their will, massive networks of infected drone machines formed into botnets. The cost of acquiring, powering, cooling, connecting and operating these virtual soldiers are borne by private individuals and corporations, with criminal enterprises able to co-opt them into massive attack botnets. What does this suggest is in store for the future of the online world? The notion of using large botnets to launch globally distributed DDOS attacks is by no means a new concept and in fact has become a hallmark of the modern web. Indeed, I remember as a freshman in college 16 years ago seeing a new Linux server installed where I worked one morning and seeing the same machine being carted off by the security staff that afternoon after it had been hacked and converted into a botnet drone just a few hours after being plugged in. What makes the attack against Dyn so interesting is the scale at which it occurred and its reliance on compromised Internet of Things devices, including DVRs and webcams, allowing it to command a vastly larger and more distributed range of IP addresses than typical attacks. Making the attack even more interesting is the fact that it appears to have relied on open sourced attack software that makes it possible for even basic script kiddies to launch incredibly powerful attacks with little knowledge of the underlying processes. This suggests an immense rebalancing in the digital era in which anyone anywhere in the world, all the way down to a skilled teenager in his or her parent’s basement in a rural village somewhere in a remote corner of the world, can take down some of the web’s most visible companies and wreak havoc on the online world. That preliminary assessments suggest that the attack was carried out by private actors rather than a nation state only reinforces this shift in online power.  Warfare as a whole is shifting, with conflict transforming from nations attacking nations in clearly defined and declared geographic battlespaces to ephemeral flagless organizations waging endless global irregular warfare. In the cyber domain, as the battleground of the future increasingly places individuals and corporations in the cross hairs, this raises the fascinating question of how they can protect themselves? In particular, the attack against Dyn largely mirrored an attack against Brian Krebs’ Krebs on Security blog last month, which raises the specter of criminals and nations being able to increasingly silence their critics, extort businesses and wreak havoc on the online world, perhaps even at pivotal moments like during an election day. In the physical world, the nation state offers protection over the physical assets of companies operating in its territories, with military and police forces ensuring the sanctity of warehouses, office buildings and other tangible assets. However, in the digital world, state hackers from one country can easily compromise and knock offline the ecommerce sites of companies in other nations or leak their most vital secrets to the world. In the case of Brian Krebs’ site, his story thankfully has a happy ending, in which Alphabet’s Jigsaw (formerly Google Ideas) took over hostingof his site under their Project Shield program. Project Shield leverages Google’s massive global infrastructure to provide free hosting for journalistic sites under sustained digital attack, protecting them from repressive governments and criminal enterprises attempting to silence their online voices. Looking to the future, what options do companies have to protect themselves in an increasingly hostile digital world? Programs such as the Project on Active Defense by George Washington University’s Center for Cyber & Homeland Security are exploring the gray space of proactive countering and highly active response to cyberattacks. For example, what legal and ethical rights does a company have to try and stop an incoming cyberattack? Can it “hack back” and disable key command and control machines in a botnet or take other active approaches to disrupt the incoming traffic? What happens if a company remotely hacks into a control machine to disable it and it turns out it is an infected internet-connected oven in someone’s house and in the process of disabling it, the oven malfunctions and turns to maximum heat and eventually catches fire and burns the house down? Is the company responsible for the damage and potential loss of life? What legal responsibilities and liabilities do device manufacturers have to develop a more secure Internet of Things? If a company in 2016 still sells devices with default administrative passwords and well-known vulnerabilities that make them easy prey for botnets, should the companies bear the same burden as any other consumer safety issue? As over-the-air remote security updates become more common, should legislation be passed to require all consumer devices have the ability to be remotely updated with security patches? As the modern web celebrates more than 20 years of existence, somewhere over those last two decades the web has gone from a utopia of sharing and construction of a brighter future to a dystopia of destruction and unbridled censorship. Will the web grow up and mature to a brighter security future or will it descend into chaos with internet users fleeing to a few walled gardens like Facebook that become the “safe” version of the web? Only time will tell. Source: http://www.forbes.com/sites/kalevleetaru/2016/10/31/the-dyn-ddos-attack-and-the-changing-balance-of-online-cyber-power/#73a1613de230

More:
The Dyn DDOS Attack And The Changing Balance Of Online Cyber Power

DDoS attack that disrupted internet was largest of its kind in history, experts say

Dyn, the victim of last week’s denial of service attack, said it was orchestrated using a weapon called the Mirai botnet as the ‘primary source of malicious attack’ The cyber-attack that brought down much of America’s internet last week was caused by a new weapon called the Mirai botnet and was likely the largest of its kind in history, experts said. The victim was the servers of Dyn, a company that controls much of the internet’s domain name system (DNS) infrastructure. It was hit on 21 October and remained under sustained assault for most of the day, bringing down sites including Twitter, the Guardian, Netflix, Reddit, CNN and many others in Europe and the US. The cause of the outage was a distributed denial of service (DDoS) attack, in which a network of computers infected with special malware, known as a “botnet”, are coordinated into bombarding a server with traffic until it collapses under the strain. What makes it interesting is that the attack was orchestrated using a weapon called the Mirai botnet. According to a blogpost by Dyn published on Wednesday, Mirai was the “primary source of malicious attack traffic”. Unlike other botnets, which are typically made up of computers, the Mirai botnet is largely made up of so-called “internet of things” (IoT) devices such as digital cameras and DVR players. Because it has so many internet-connected devices to choose from, attacks from Mirai are much larger than what most DDoS attacks could previously achieve. Dyn estimated that the attack had involved “100,000 malicious endpoints”, and the company, which is still investigating the attack, said there had been reports of an extraordinary attack strength of 1.2Tbps. To put that into perspective, if those reports are true, that would make the 21 October attack roughly twice as powerful as any similar attack on record. David Fidler, adjunct senior fellow for cybersecurity at the Council on Foreign Relations, said he couldn’t recall a DDoS attack even half as big as the one that hit Dyn. Mirai was also used in an attack on the information security blog Krebs on Security, run by the former Washington Post journalist Brian Krebs, in September. That one topped out at 665 Gbps. “We have a serious problem with the cyber insecurity of IoT devices and no real strategy to combat it,” Fidler said. “The IoT insecurity problem was exploited on this significant scale by a non-state group, according to initial reports from government agencies and other experts about who or what was responsible. “Imagine what a well-resourced state actor could do with insecure IOT devices,” he added. According to Joe Weiss, the managing partner at the cybersecurity firm Applied Control Solutions and the author of Protecting Industrial Control Systems from Electronic Threats, it is hard to know what Mirai could become. “A lot of these cyber-attacks start out as one particular type of attack and then they morph into something new or different,” he said. “A lot of this is modular software. “I can’t speak for anyone else,” Weiss continued. “[But] I don’t know that we really understand what the endgame is.” Source: https://www.theguardian.com/technology/2016/oct/26/ddos-attack-dyn-mirai-botnet

Original post:
DDoS attack that disrupted internet was largest of its kind in history, experts say

?How to defend against the internet’s doomsday of DDoS attacks

Last week assault on Dyn’s global managed DNS services was only the start. Here’s how to fend off hackers’ attacks both on your servers and the internet. We knew major destructive attacks on the internet were coming. Last week the first of them hit Dyn, a top-tier a major Domain Name System (DNS) service provider, with a global Distributed Denial of Service (DDoS)attack. As Dyn went down, popular websites such as AirBnB, GitHub, Reddit, Spotify, and Twitter followed it down. Welcome to the end of the internet as we’ve known it. Up until now we’ve assumed that the internet was as reliable as our electrical power. Those days are done. Today, we can expect massive swaths of the internet to be brought down by new DDoS attacks at any time. We still don’t know who was behind these attacks. Some have suggested, since Dyn is an American company and most of the mauled sites were based in the US, that Russia or Iran was behind the attack. It doesn’t take a nation, though, to wreck the internet. All it takes is the hundreds of millions of unsecured shoddy devices of the Internet of Things (IoT). In the Dyn onslaught , Kyle York, Dyn’s chief strategy officer said the DDoS attack used “tens of millions” devices. Hangzhou Xiongmai Technology, a Chinese technology company, has admitted that its webcam and digital video recorder (DVR) products were used in the assault. Xiongmai is telling its customers to update their device firmware and change usernames and passwords. Good luck with that. Quick: Do you know how to update your DVR’s firmware? The attack itself appears to have been made with the Mirai botnet. This open-source botnet scans for devices using their default username and password credentials. Anyone can use it — China, you, the kid next door — to generate DDoS attacks. For truly damaging DDoS barrages, you need to know something about the internet’s architecture, but that’s not difficult. Or, as Jeff Jarmoc, a Salesforce security engineer, tweeted, “In a relatively short time we’ve taken a system built to resist destruction by nuclear weapons and made it vulnerable to toasters.” That’s funny, but it’s no joke. Fortunately, you can do some things about it. Securing the Internet of Things First, and this unfortunately is a long-term solution, IoT vendors must make it easy to update and secure their devices. Since you can’t expect users to patch their systems — look at how well they do with Windows — patching must be made mandatory and done automatically. One easy way to do this is to use an operating system, such as Ubuntu with Snap, to update devices quickly and cleanly. These “atomic” style updating systems make patches both easier to write and deploy. Another method is to lock down IoT applications and operating systems. Just like any server, the device should have the absolute minimum of network services. Your smart TV may need to use DNS, but your smart baby monitor? Not so much. That’s all fine and dandy and it needs to be done, but it’s not going to help you anytime soon. And, we can expect more attacks at any moment. Defending your intranet and websites First, you should protect your own sites by practicing DDoS prevention 101. For example, make sure your routers drop junk packets. You should also block unnecessary external protocols such as Internet Control Message Protocol (ICMP) at your network’s edge. And, as always, set up good firewalls and server rules. In short, block everything you can at your network edge. Better still, have your upstream ISP block unnecessary and undesired traffic. For example, your ISP can make your life easier simply by upstream blackholing. And if you know your company will never need to receive UDP traffic, like Network Time Protocol (NTP) or DNS, your ISP should just toss garbage traffic into the bit bin. You should also look to DDoS mitigation companies to protect your web presence. Companies such as Akamai, CloudFlare, and Incapsula offer affordable DDoS mitigation plans for businesses of all sizes. As DDoS attacks grow to heretofore unseen sizes, even the DDoS prevention companies are being overwhelmed. Akamai, for example, had to stop trying to protect the Krebs on Security blog after it was smacked by a DDoS blast that reached 620 Gbps in size. That’s fine for protecting your home turf, but what about when your DNS provider get nailed? You can mitigate these attacks by using multiple DNS providers. One way to do this is to use Netflix’s open-source program Denominator to support managed, mirrored DNS records. This currently works across AWS Route53, RackSpace CloudDNS, DynECT, and UltraDNS, but it’s not hard to add your own or other DNS providers. This way, even when a DDoS knocks out a single DNS provider, you can still keep your sites up and running. Which ones will work best for you? You can find out by using Namebench. This is an easy-to-use, open-source DNS benchmark utility. Even with spreading out your risk among DNS providers, DNS attacks are only going to become both stronger and more common. DNS providers like Dyn are very difficult to secure. As Carl Herberger, vice president for security solutions at Radware, an Israeli-based internet security company, told Bloomberg, DNS providers are like hospitals: They must admit anyone who shows up at the emergency room. That makes it all too easy to overwhelm them with massive — in the range of 500 gigabits per second — attacks. In short, there is no easy, fast fix here. One way you can try to keep these attacks from being quite so damaging is to increase the Time to Live (TTL) in your own DNS servers and caches. Typically, today’s local DNS servers have a TTL of 600 seconds, or 5 minutes. If you increased the TTL to say 21,600 seconds, or six hours, your local systems might dodge the DNS attack until it was over. Protecting the internet While the techniques might help you, they don’t do that much to protect the internet at large. DNS is the internet’s single point of total failure. That’s bad enough, but as F5, a top-tier ISP notes, DNS is historically under-provisioned. We must set up a stronger DNS system. ISPs and router and switch vendors should also get off their duffs and finally implement Network Ingress Filtering, better known as Best Current Practice (BCP)-38. BCP-38 works by filtering out bogus internet addresses at the edge of the internet. Thus, when your compromised webcam starts trying to spam the net, BCP-38 blocks these packets at your router or at your ISP’s router or switch. It’s possible, but unfortunately not likely, that your ISP has already implemented BCP-38. You can find out by running Spoofer. This is a new, open-source program that checks to see how your ISP handles spoofed packets. So why wasn’t it implemented years ago? Andrew McConachie, an ICANNtechnical and policy specialist, explained in an article that ISPs are too cheap to pay the small costs required to implement BCP-38. BCP-38 isn’t a cure-all, but it sure would help. Another fundamental fix that could be made is response rate limiting (RRL). This is a new DNS enhancement that can shrink attacks by 60 percent. RRL works by recognizing that when hundreds of packets per second arrive with very similar source addresses asking for similar or identical information, chances are they’re an attack. When RRL spots malicious traffic, it slows down the rate the DNS replies to the bogus requests. Simple and effective. Those are some basic ideas on how to fix the internet. It’s now up to you to use them. Don’t delay. Bigger attacks are on their way and there’s no time to waste. Source: http://www.zdnet.com/article/how-to-defend-against-the-internets-doomsday-of-ddos-attacks/  

View article:
?How to defend against the internet’s doomsday of DDoS attacks

Anonymous hacker charged with #opJustina DDoS attacks on hospital

The Anonymous-affiliated hacker who admitted to cyberattacks on two hospitals in the #opJustinaoperation and fled the country while being investigated was indicted last week. Martin Gottesfeld, 32, a biotechnology information technology professional from Somerville, Massachusetts, is being charged with conspiracy to launch cyberattacks against two local hospitals: Boston Children’s Hospital (BCH) and the Wayside Youth and Family Support Network, a mental health facility. Those two hospitals were at the center of a case that attracted masses of media attention: that of Justina Pelletier, the then-15-year-old who was caught in a 16-month custody battle as her parents tried to have her treated for mitochondrial disease at one hospital, while Boston Children’s Hospital treated her in a psychiatric unit as a ward of the state. Gottesfeld’s indictment, handed down on Wednesday, also charges him with intentional damage to a protected computer. Both are felony hacking charges. Gottesfeld admitted to the attacks last month, explaining how he did it and why in an editorial published by the Huffington Post. I had heard many, too many, such horror stories of institutionalized children who were killed or took their own lives in the so-called “troubled teen industry”. I never imagined a renowned hospital would be capable of such brutality and no amount of other good work could justify torturing Justina. The distributed denial of service (DDoS) attack against BCH was planned for maximum financial damage, Gottesfeld said: he knew that the hospital was planning a big fundraising drive and that most donors gave online. In his editorial, he went on to scoff at BCH for making it easy for him to attack it, since the hospital kept its donation page on the same public network as the rest of its systems: Rookie mistake. To take it down, I’d have to knock the whole hospital off the internet. He also claimed that no patients would be harmed: There’s no such thing as an outage-proof network, so hospitals have to be able to function without the internet. It’s required by federal law, and for accreditation. The only effects would be financial and on BCH’s reputation. That’s not how the hospital, or the prosecution, sees it. The indictment states that BCH had to shut down its access to the internet and email servers to protect patient medical records. That meant that physicians outside the hospital couldn’t get at patients’ records. Nor could patients communicate with their doctors. BCH claims that responding to, and mitigating, the damage of the attack cost $300,000, while the disruption in fundraising meant another $300,000 hit, for a total loss of $600,000. Gottesfeld claims that the attack against BCH was a justifiable reaction to the actions of the hospital, which was described as  a “parentectomy”. Gottesfeld’s defence, to blame the hospital for the attack, is all too commonly heard. The blame-the-victim reasoning is often voiced by other cyberattackers, be it from people who guess at weak passwords and use them to waltz into accounts without authorization, or those who launch crippling attacks such as those that Gottesfeld admits to. But just because it’s easy to do doesn’t make those or other cybercrimes OK. They’re illegal, and they can result in jail time, fines or both. Each of the charges Gottesfeld’s facing carry a maximum sentence of five years in jail, along with fines. Gottesfeld has been detained in Rhode Island since he and his wife were plucked off their boat near the coast of Cuba and arrested in Florida. When the indictment was handed down last Wednesday, Gottesfeld was reportedly on day 16 of a hunger strike over the appointment of the office of Carmen Ortiz as his prosecutor. Ortiz was the prosecutor in the cases against both Aaron Swartz and Jonathan James, who both later took their own lives. She has faced sharp criticism over her approach to those cases. In spite of his admission to the DDoS attacks, Gottesfeld is likely to plead not guilty at his arraignment this week before US Magistrate Judge Marianne B. Bowler, his wife told the Washington Times. Source: https://nakedsecurity.sophos.com/2016/10/24/anonymous-hacker-charged-with-opjustina-ddos-attacks-on-hospitals/

Taken from:
Anonymous hacker charged with #opJustina DDoS attacks on hospital

How Hackers Make Money from DDoS Attacks

Attacks like Friday’s are often financially motivated. Yesterday’s attack on the internet domain directory Dyn, which took major sites like Twitter and Paypal offline, was historic in scale. But the motivation for the attack may seem opaque, since no valuable information seems to have been stolen. A group called New World Hackers is claiming credit, but giving conflicting accounts of their motives—and security experts have called them “impostors.” So why else might someone have done it? This class of hack, known as a distributed denial of service (DDoS) attack, has been around for a while. And while many DDoS attacks are indeed motivated by politics, revenge, or petty trolling, there’s frequently money involved. For instance, DDoS attacks are often used as leverage for blackmail. Once a hacking group has a reputation for being able to field a large and dangerous botnet to knock servers offline, they can demand huge ‘protection’ payments from businesses afraid of facing their wrath. In fact, they don’t even have to do the hacking in the first place—in one recent case, someone posing as a notorious cabal merely emailed blackmail messages and managed to pocket tens of thousands of dollars before they were exposed. In the current case, there are rumors that Dyn was a target of extortion attempts before the attack. And the hackers behind what may be the biggest DDoS attack in history could demand a pretty penny to leave other companies alone. A wave of impostors will likely give it a shot, too. There’s another, even darker money-driven application of DDoS attacks—industrial sabotage. Companies seeking to undermine their competition can hire hackers to take the other guys offline. DDoS services are often contracted through so-called “booter” portals where anyone can hire a hacker’s botnet in increments as small as 15 minutes. Researchers found last year that three of the most prominent booter services at the time had over 6,000 subscribers in total, and had launched over 600,000 attacks. (And despite the criminal reputation of Bitcoin, by far the largest method used to pay for DDoS-for-hire was Paypal.) But it’s unlikely that this was some sort of hit called in by a competitor of Dyn—that tactic seems to primarily appeal to already-shady dealers, including online gambling operations. Finally, DDoS attacks can serve as a kind of smokescreen for more directly lucrative crimes. While a security team is struggling to deal with an army of zombie DVRs pummeling their system, attackers can grab passwords, credit card numbers, or identity information. In weighing possible explanations for Friday’s attack, it’s important to note the massive scale of the thing. Even if their claims of responsibility aren’t credible, New World Hackers’ description of about 1.2 terabits of data per second thrown at Dyn’s servers is both vaguely plausible and utterly mind-boggling. That’s around a thousand times as powerful as the huge 620 gigabit per second attack that knocked out a single website, Krebs on Security, last month. Dyn has also described the attack as sophisticated, arriving in three separate waves that targeted different parts of their systems. That kind of operation could have been pulled off by a gang of kids doing it for kicks—and maybe that’s the scarier scenario. But such a massive undertaking suggests bigger, and possibly more lucrative, motivations. Source: http://fortune.com/2016/10/22/ddos-attack-hacker-profit/

See the original post:
How Hackers Make Money from DDoS Attacks

Twitter, Amazon, other top websites shut in cyber attack

Major internet services including Twitter, Spotify and Amazon suffered service interruptions and outages on Friday as a US internet provider came under a cyber attack. The internet service company Dyn, which routes and manages internet traffic, said that it had suffered a distributed denial of service (DDoS) attack on its domain name service shortly after 1100 GMT. The service was restored in about two hours, Dyn said. The attack meant that millions of internet users could not access the websites of major online companies such as Netflix and Reddit as well as the crafts marketplace Etsy and the software developer site Github, according to media reports. The website Gizmodo said it had received reports of difficulty at sites for media outlets including CNN, The Guardian, Wired, HBO and People as well as the money transfer service PayPal. Dyn, which is headquartered in New Hampshire, said the attack went after its domain name service, causing interruptions and slowdowns for internet users. “This morning, October 21, Dyn received a global DDoS attack on our Managed DNS infrastructure in the east coast of the United States,” Scott Hilton, executive vice president for products at Dyn, said in a statement. “We have been aggressively mitigating the DDoS attack against our infrastructure.” The company said it was continuing to investigate. A map published by the website downdetector.com showed service interruptions for Level3 Communications, a so-called “backbone” internet service provider, across much of the US east coast and in Texas. Amazon Web Services, which hosts some of the most popular sites on the internet, including Netflix and the homestay network Airbnb, said on its website that users experienced errors including “hostname unknown” when attempting to access hosted sites but that the problem had been resolved by 1310 GMT. Domain name servers are a crucial element of internet infrastructure, converting numbered Internet Protocol addresses into the domain names that allow users to connect to internet sites. Distributed denial of service or DDoS attacks involve flooding websites with traffic, making them difficult to access or taking them offline entirely. Attackers can use them for a range of purposes, including censorship, protest and extortion. The loose-knit hacktivist network Anonymous in 2010 targeted the DNS provider EveryDNS among others in 2010 as retribution for denying service to the anti-secrecy organization WikiLeaks. “The internet continues to rely on protocols and infrastructure designed before cyber security was an issue,” said Ben Johnson, a former engineer at the National Security Agency and founder of the cybersecurity company Carbon Black. He said that growing interconnection of ordinary devices to the internet, the so-called “internet of things,” increased the risks to networks. “DDoS, especially with the rise of insecure IOT devices, will continue to plague our organizations. Sadly, what we are seeing is only the beginning in terms of large scale botnets and disproportionate damage done.” Source: http://phys.org/news/2016-10-twitter-spotify-websites-ddos.html

Read the article:
Twitter, Amazon, other top websites shut in cyber attack

Expect ‘Flood’ of DDoS Attacks After Source Code Release

The source code behind the massive distributed denial of service attack against security researcher Brian Krebs’s website has been released online. In a blog post over the weekend, Krebs wrote that the so-called Mirai source code’s release pretty much guarantees that “the Internet will soon be flooded with attacks from many new botnets powered by insecure routers, IP cameras, digital video recorders, and other easily hackable devices.”  Krebs knows all too well what Mirai is capable of. Last month, the “Internet of Things” botnet launched a “historically large” 620Gbps DDoS attack against his well-known and respected site KrebsOnSecurity, inundating it with so much spam traffic that DDoS protection provider Akamai dropped the site to protect other subscribers. The Mirai source code leak came to light on Friday via the Hackforums community, Krebs said. A user with the alias “anna-senpai” posted the code there for anyone to use, likely to avoid getting caught. “It’s an open question why anna-senpai released the source code for Mirai, but it’s unlikely to have been an altruistic gesture: Miscreants who develop malicious software often dump their source code publicly when law enforcement investigators and security firms start sniffing around a little too close to home,” Krebs wrote. “Publishing the code online for all to see and download ensures that the code’s original authors aren’t the only ones found possessing it if and when the authorities come knocking with search warrants.” The malware spreads by “continuously scanning the Internet for [vulnerable] IoT systems” that are using default or hard-coded usernames and passwords. Vulnerable devices are then turned into bots, which together can be used to launch DDoS attacks designed to send so much traffic to a website that it’s knocked offline. “My guess is that (if it’s not already happening) there will soon be many Internet users complaining to their ISPs about slow Internet speeds as a result of hacked IoT devices on their network hogging all the bandwidth,” Krebs wrote. “On the bright side, if that happens it may help to lessen the number of vulnerable systems.” Source: http://www.pcmag.com/news/348404/expect-flood-of-ddos-attacks-after-source-code-release

See the article here:
Expect ‘Flood’ of DDoS Attacks After Source Code Release

Source code unleashed for junk-blasting Internet of Things botnet

Hackforums leak Malicious code used to press-gang IoT connected devices into a botnet was leaked online over the weekend.…

Taken from:
Source code unleashed for junk-blasting Internet of Things botnet