Tag Archives: kids

DDoS in 2017: Strap yourself in for a bumpy ride

2016 sucked. 2017 won’t be much better, sorry DDoS attacks have been around since at least 2000, and they’re not going away. In fact, as the number of devices online grows, the volume and velocity of these attacks is also increasing.…

Read more here:
DDoS in 2017: Strap yourself in for a bumpy ride

How our household devices get hacked and join zombie bot networks in DDoS attacks

The Internet of Things: blessing or curse? That depends on how much you value your privacy against the ability of your fridge to order fresh milk. Either way, we are now more vulnerable to hackers. Here’s how. I won’t even attempt to answer the question in my opening gambit. Who can say for sure this early whether the Internet of Things is a blessing or a curse (aside from the fact that clichés are always a curse). For one this is something we all have to decide for ourselves – hopefully, after diligent public debate. We all have to decide what privacy is in the digital era, and whether it’s important to us. We may support more stringent data protection laws, even a global bill of rights. Or we may find ourselves in the “post-privacy” camp and not really care. It also depends on how highly we value our digital security. Unbeknownst to us Take the DDoS (distributed denial-of-service) attack that brought down a litany of popular websites last Friday (21.10.2016). The affected websites included Esty, Github, HBO Now, PayPal, Pinterest, Playstation Network, Recode, Reddit, Spotify, Twitter, Netflix, Yammer, and Yelp. Your fridge, your mom’s webcam, computers at the local school, and a kid’s doll may have all taken part – without your even knowing it. Someone, somewhere launched a piece of malware called Mirai. We’ve known about Mirai – so something was in the wind. And DDoS attacks themselves have been around for ages. Mirai searched for poorly-protected, networked devices. That is, household devices that had little or no password protection. Reports suggest these included DVRs and webcams made by a Chinese company called Hangzhou XiongMai, which has since issued a recall on its webcams in the US. Mirai turned the connected devices into its slaves. They then launched the DDoS attack on servers run by Dyn, a so-called DNS host, and home to all those websites. Usually, when you call up a website, your “request” goes via one of these servers. But when the servers are overloaded with bad requests consisting of incomplete data, or they are bombarded with more requests than they can handle, they basically freak out. And no one is served. That’s what happened on Friday. Your fridge, webcam, toy truck and thousands more emitted a coordinated attack of useless information, bringing down some of the world’s most popular websites. The rest is history… Friday’s Mirai attack may well be history now, but it’s one which will surely repeat itself. Many, many times. The question is, where will it all end? If it’s only Netflix and Spotify you can’t access, you may really not care. Certainly if they are back up and running within a few hours. But what if it’s a vital government website, online access to your local hospital, the police, or the energy grid… and what if the attack lasts for days, weeks even? This is what we mean when we talk about cybersecurity. Private, commercial concerns, even dating apps, shouldn’t come into it. And yet what we do – and allow – at a private level can have a momumental impact on society. We may think it’s just the fridge ordering our milk or Barbie chatting to our kids. But we forget that every electronic device these days – especially those connected to the network – is vulnerable to hackers. And the Mirai attack has reminded us they can all be reprogrammed to do whatever the hackers want. Source: http://www.dw.com/en/how-our-household-devices-get-hacked-and-join-zombie-bot-networks-in-ddos-attacks/a-36181744  

More:
How our household devices get hacked and join zombie bot networks in DDoS attacks

New multi-purpose backdoor targets Linux servers

A new multi-purpose Linux Trojan that opens a backdoor on the target machine and can make it participate in DDoS attacks has been discovered and analyzed by Dr. Web researchers, who believe that the C…

View the original here:
New multi-purpose backdoor targets Linux servers

Mitigations for Spike DDoS toolkit-powered attacks

Akamai Technologies released, through the company's Prolexic Security Engineering & Response Team (PLXsert), a new cybersecurity threat advisory that alerts enterprises to a high-risk threat of powerf…

Originally posted here:
Mitigations for Spike DDoS toolkit-powered attacks

Use home networking kit? DDoS bot is BACK… and it has EVOLVED

OMG, it reconfigures your firewall… SAVE yourselves, Linux lords A router-to-router bot first detected two years ago has evolved – and now has the capability to reconfigure the firewalls of its victims.…

Excerpt from:
Use home networking kit? DDoS bot is BACK… and it has EVOLVED

Nude celeb pics wrongly blamed for DDOS at New Zealand’s largest ISP

Actual culprit appears to be silly router configurations and Euro-nasties New Zealand’s largest ISP, Spark, has spent the weekend fighting off a DDOS incorrectly assumed to have a connection with last week’s nude celebrity picture scandal.…

Read this article:
Nude celeb pics wrongly blamed for DDOS at New Zealand’s largest ISP

Gameover ZeuS botnet pulls dripping stake from heart, staggers back from the UNDEAD

Zombies twitch, lurch to feet after FBI takedown The Gameover ZeuS malware is back from the dead just six weeks after a takedown operations that aimed to put a stake through the heart of the botnet, which is linked to the even more infamous CryptoLocker ransomware.…

Continue Reading:
Gameover ZeuS botnet pulls dripping stake from heart, staggers back from the UNDEAD

Brute-force bot busts shonky PoS passwords

RAM scrapers foisted on 60 terminals A botnet has compromised 60 point of sale (PoS) terminals by brute-force password attacks against poorly-secured connections, FireEye researchers say.…

See more here:
Brute-force bot busts shonky PoS passwords

Facebook scuttles 250k-strong crypto-currency botnet

As noose tightens, VXer pleades: ‘Stop breaking my ballz’ Facebook has taken down a Greek botnet that at its peak compromised 50,000 accounts and infected 250,000 computers to mine crypto-currencies, steal email and banking details and pump out spam.…

See more here:
Facebook scuttles 250k-strong crypto-currency botnet