Tag Archives: latest

Israel-Hamas conflict sparks surge in DDoS attacks

As conflict between Israel and the Palestinian militant Islamist organisation Hamas escalates, new research has revealed the impact politics has had on cyberattack trends. Tension between countries and changing political landscapes can now often be linked to cybercrime campaigns worldwide. From constant spats between the US and China to increased targeting of Syrian and Thai targets during political unrest, digital weaponry is now a key tool for groups to broadcast their own political messages, spy on governmental agencies and steal valuable data. In a new report released by Arbor Networks, anonymized traffic and DDoS attack data from over 290 ISPs that have deployed Arbor’s Peakflow SP product — collated and analyzed as part of Arbor’s ATLAS initiative — it appears that DDoS attacks are rising in number and volume as a result of the Israel-Hamas conflict. The graph below depicts the number of reported DDoS attacks initiated against Israel daily over the 1 June to 3 August period this year: Distributed Denial of Service (DDoS) attacks are used to flood a website or service with traffic to the point systems cannot cope, denying other users access to the website. Arbor detected a rise in the number of DDoS attacks targeting Israel in the first week of July, going from an average of 30 attacks per day to an average of 150 attacks initiated per day in July — peaking at 429 attacks on July 21st. Linking these cyberattacks to political situations, 30 June is when Israel publicly attributed the deaths of three kidnapped Israeli teenagers to Hamas, and on 7 July, “Operation Protective Edge” was launched by the country. As the political conflict raged on, so did the frequency of DDoS attacks until a drop occurred on 28 July lasting through 2 August. Arbor says the drop in attacks roughly correlates with cease fire talks which began 27 July. From 28 July through 2 August, there were 192 attacks recorded in total. On 3 August, the number of DDoS attacks rose sharply, with 268 attacks in total. In addition to the number of DDoS attacks over these time periods, the security researchers also noticed an increase in the peak size of these attacks. In the graph below, we can see that in June, no attacks exceeded 12Gbps. In July, seven DDoS attacks exceeded this size, with the largest peaking at 22.56Gbps on 12 July. When cease-fire talks fell apart on 3 August, the largest DDoS attack was recorded at a size of 29Gbps. The duration of DDoS attacks has also increased. In June, the average duration was 20 minutes — with a peak duration of 24 hours — and in July, the average duration was 1 hour 39 minutes. “As the intensity of the Israeli-Hamas conflict has increased, so has the number, size and duration of the DDoS attacks targeting Israel,” the researchers say. “Additionally, it even appears as if the attackers have made an effort to adhere to the “real world” calls for a cease-fire, resuming their attacks when the cease fire fell through.” Source: http://www.zdnet.com/israel-hamas-conflict-sparks-surge-in-ddos-attacks-7000032375/#ftag=RSS14dc6a9

Original post:
Israel-Hamas conflict sparks surge in DDoS attacks

RIA Novosti Website Hit by DDoS Attack

RIA Novosti’s website has fallen foul of a distributed denial-of-service (DDoS) attack by hackers, the agency’s IT specialists reported on Sunday. The mobile version of the website is currently inaccessible. Problems with the website’s full version were also reported for a short period of time. The agency’s terminal for clients has not been hampered. Unidentified hackers first attacked the website of InoSMI. When the attack was neutralized, they attempted to disrupt the work of RIA Novosti’s website. IT specialists are now working to eliminate the disruption that has caused by the attack. This is not the first cyber attack on the news agency. In May 2012, the RIA Novosti website was hit by a DDoS attack from some 2,500 IP-addresses. Another DDoS attack on the agency’s website was carried out in July 2013. Source: http://en.ria.ru/russia/20140803/191676816/RIA-Novosti-Website-Hit-by-Cyber-Attack.html

View the original here:
RIA Novosti Website Hit by DDoS Attack

DDoS attacks grow as first DIY kits emerge

Alongside the report, Trustwave is reporting the discovery of DIY DDoS kits for sale from just US$ 200 (£118) and which give users – apart from a high bandwidth connection – all they need to stage a wide-scale attack. The analysis – from Prolexic Technologies, now part of Akamai – claims to show that distributed denial of service activity has surged by 22 percent over the last quarter, putting levels close to those seen in Q1 of this year, when existing DDoS volume and allied records were broken. Delving into the report reveals there was a 72 percent increase in the average bandwidth of attacks during the second quarter, along with a shift to reflection-based attacks that undermine common web protocols, as well as the arrival of server-side botnets that exploit web vulnerabilities in Windows and Linux-based systems. The analysis concludes that there have been shifts in the industry targets compared with last quarter’s DDOS activity. The difference in these numbers, says the report, may be due to the different types of malicious actors on the Internet that may be active at any particular time. “It is clear that the majority of malicious actors preferred to use of volumetric attacks in Q2 – this trend was seen across all verticals. A significant variant in attack vectors by industry was the use of a very sophisticated botnets against financial and media sites,” notes the report, adding that these attacks do not seem to fit the previous patterns and motives of the DDoS criminal ecosystem. According to Trustwave, meanwhile, its research has revealed that hackers are now selling the Neutrino Bot malware kit, which it can be used to infect a large number of computers, create a botnet, and launch DDoS attacks against websites and services at will. For US$ 500 (£294), meanwhile, hackers will sell all comers BetaBot 1.6, which Trustwave says is a remote access Trojan that can run DDoS attacks, and steal sensitive data, passwords and files from infected systems. Karl Sigler, Trustwave’s threat intelligence manager, said he was unsurprised by the findings. “Supply and demand affects malware markets like they do any market. Even though demand is high, there is an increasing amount of malware competing with each other and this helps drive down the cost. There is also a cost-benefit issue. Criminals look at how much they can make by selling stolen data acquired using the malware. Finally, age plays a role. The longer malware is on the market, the cheaper it tends to get,” he said. Rob Bamforth, a principal analyst with Quocirca, the business analysis and research house, said that the surge in volumes and incidences of DDoS attacks in the second quarter identified by Akamai suggests a larger number of servers being infected by cyber-criminals – coupled with the fact that that many systems `out there’ are Windows XP-based, which has become a legacy operating system since it reached end-of-life with Microsoft back in April. “It also suggests there is a degree of complacency in the business sector, with many managers saying they do not want to invest extra money in IT security, as they do not see a return. Many businesses are suffering an ongoing squeeze on costs, so a failure to invest in security is understandable, even if it is not the correct approach to take,” he told SCMagazineUK.com . Nick Mazitelli, a senior consultant with Context Information Security, meanwhile, said that Akamai’s analysis that the widespread dissemination of increasingly capable attacker toolsets is a trend we see right across the threat landscape, from cyber-crime through to state-sponsored attacks and everything in between. “On the one hand this trend is fuelled by the on-going professionalisation and commoditisation of criminal marketplaces, and on the other by increasing levels of interconnection between threat groups of all stripes. Not only does this mean that existing threat groups have access to improved capability, but it also lowers the barrier of entry for newcomers thereby increasing the number of malicious parties active in the landscape – both factors that unavoidably increase the tempo of what is effectively an arms race between attacker and defender,” he said. “With this increased tempo as background it is important to highlight the necessity of a flexible and adaptable approach to security based on a sound understanding of the threat landscape. In particular those aspects of security concerned with network security monitoring as well as incident response are areas that have often been overlooked in the past, but are critical components of effectively managing the risk and minimising the potential impact of these constantly evolving threats,” he added. Source: http://www.scmagazineuk.com/ddos-attacks-grow-as-first-diy-kits-emerge/article/362573/

Excerpt from:
DDoS attacks grow as first DIY kits emerge

BBC website and iPlayer suffer weekend outage: ‘severe load’ on servers suggests DDoS attack

The BBC hit technical problems over the weekend leaving its website and the iPlayer catch-up service unavailable to some users. Gremlins have managed to find their way into the BBC’s systems causing technical problems which are still ongoing days later. The broadcaster confirmed on Friday that it was working to fix problems causing some section of BBC online to be inaccessible. Much to their dismay, users were confronted with messages stating that content wasn’t available. “We’re fixing a problem that means some people can’t access parts of BBC Online. As soon as it’s fixed we’ll let you know.” said the BBC iPlayer Twitter account on 19 July. More than 48 hours later the BBC apologised to viewers for a lack of resolution, tweeting: “Apologies. We know some users are still unable to access BBC iPlayer. We’re working hard to resolve the issues. Thanks for your patience.” It’s unclear how many users were and still are affected by the outage but it appears to be widespread. The BBC was forced to use a simplified version of its website due to the problem. The BBC said, “engineers noticed that there was a ‘severe load’ on the servers underlying the video-on-demand system.” This suggests the problem could have been down to a DDoS (distributed denial-of-service) attack. The web iPlayer appears to be working properly now but the basic website is still in use stating: “Due to technical problems, we are displaying a simplified version of the BBC Homepage. We are working to restore normal service.” Source: http://www.pcadvisor.co.uk/news/internet/3531696/bbc-website-iplayer-suffer-weekend-outage/

View article:
BBC website and iPlayer suffer weekend outage: ‘severe load’ on servers suggests DDoS attack

#OpSaveGaza: Anonymous Takes Down 1,000 Israeli Government and Business Websites

Hacker collective Anonymous has announced that it has taken down over a thousand of crucial Israeli websites in a huge new coordinated cyber-attack called #OpSaveGaza on 11 July and 17 July, in support of the people of Palestine. Some of the websites, such as the Tel Aviv Police Department’s online presence, are still offline two days after the distributed denial of service (DDoS) attacks, and numerous Israeli government homepages have been replaced by graphics, slogans, and auto-playing audio files made by AnonGhost, the team of hackers who coordinated the attack. The official Israeli government jobs website has had its homepage replaced by a graphic titled “Akincilar”, which is Turkish for the Ottoman Empire’s troops. Akincilar: A graphic and message protesting against the treatment of Palestinians is still replacing the homepage of certain Israeli government websites A message written in English and Turkish – presumably by Turkish hackers – and accompanied by pictures of Palestinians suffering says: “The Jerusalem cause is Muslims’ fight of honour” and says that people who fight for Palestine are “on the side of Allah”. Another Israeli government website now bears an AnonGhost graphic and lists the usernames of 38 hackers. An audio file that auto-plays when the page loads plays music and a synthesized newsreader clip, together with a message beseeching human rights organisations, hackers and activists to attack Israeli websites to become the “cyber shield, the voice for the forgotten people”. AnonGhost’s #OpSaveGaza message has been displayed on many Israeli websites Many of the websites have since been restored. The hackers have also leaked lists of Israeli government email addresses obtained by hacking websites of the Ministry of Immigrant Absorption, the Ministry of Justice, the Ministry of Culture and Sport, the Ministry of Housing and Construction and much more. Israeli websites belonging to restaurants, local businesses, associations, societies, academic foundations and even a symphony orchestra were also attacked, as well as a subdomain belonging to MSN Israel. A message on the main Pastebin page and some of the hacked websites reads : “The act of launching rockets from Gaza sector to Israhell is an acceptable and normal reaction against those pigs, it’s called Resistance and not terrorism. “Israhell never existed its only Palestine, it’s our home. If you are a Hacker, Activist, a Human Right Organisation then hack israel websites and expose to the world their crimes, show to the world how much blood is on their hands, blood of innocent children and women.” Anonymous has previously run another campaign in April targeting Israeli websites, although on a smaller scale. About 500 websites went offline during the OpIsrael campaign and the hackers released the phone numbers and email addresses of some Israeli officials. Source: http://www.ibtimes.co.uk/opsavegaza-anonymous-takes-down-1000-israeli-government-business-websites-1457269

View article:
#OpSaveGaza: Anonymous Takes Down 1,000 Israeli Government and Business Websites

“Chinese YouTube” Used as DDoS attack Machine

Even the biggest websites in the world are vulnerable to DDoS. Want proof? Well, all throughout this past April, a hacker took advantage of a hole in Sohu.com’s security to launch Persistent Cross-Site Swapping (XSS) attacks against various targets across the globe. Sohu.com, in case you don’t know, is one of the largest websites in the world – in fact 24th largest, according to Alexa Top 100 Ranking. But, for all its size and multi-billion dollar net worth, Sohu could be exploited by hackers who managed to convert its popularity into a massive Persistent XSS enabled DDoS attack. Devastating New DDoS Attack Method At its basis, Persistent XSS is a crafty type of malicious code injection. This injection method involves convincing a server to save data from an outside source (the hacker) and then refresh the data every time a new browser accesses the page. In this attack, the hacker saved to Sohu’s server a JS script that runs a DDoS tool. To do this, he placed a malicious JS script within the avatar image of a fabricated user profile. As with most video sites, this infected user picture would then show up next to any comments wrote by this profile, on Sohu’s video pages. The hacker was smart enough to write a JS script that would hijack every new browser that accessed a video page with the infected comment, forcing it to run a sent DDoS to the target site. The hacker programmed the script to send GET requests to the target once a second. Imagine; thousands of users watching a video on Sohu sending malicious GET requests every second. These bad requests add up quickly, quickly growing to millions every minute. Interestingly enough, the hacker also had the brains to put his infected comment on the most popular and longest playing videos, so the viewers would rack up DDoS requests even faster. This large security event goes to show that even powerful websites can be manipulated by hackers. Where Will the Next Attack Come From? It’s difficult to say. This case study shows that hackers will use whatever means necessary to take down their targets. Without 3rd party protection services, most websites can only defend what they’ve seen already–they can only react after they have been hit. In this instance, the hacker was clever enough to fly under the radar and avoid detection by Sohu’s watchful IT team. If the hacker had chosen a target without a DDoS protection service, Sohu might still be a giant DDoS machine causing havoc on innocent websites. Source: http://www.economicvoice.com/chinese-youtube-used-as-ddos-machine/

Continue Reading:
“Chinese YouTube” Used as DDoS attack Machine

17-Year-Old Behind Norway DDoS Attacks This Week

On Thursday, the Norwegian police have arrested and charged a 17-year-old in connection to the recent massive distributed denial-of-service (DDoS) attacks directed at major financial institutions and other businesses in the country. The teen, from the city of Bergen, on Norway’s west coast, claimed to be part of the hacktivist group Anonymous Norway, who, in a Twitter message, dismissed any connection to him or the DDoS incidents. On the day of the attack, the teenager sent a letter to the media, claiming to be part of Anonymous and saying that “the motivation behind the current attacks and the next attacks in the future is to get the community to wake up. The number of major IT security attacks is increasing and there is nothing being done to prevent such events.” Evidence that Anonymous Norway was not involved in the incidents is the fact that the boy joined the group’s Facebook page on the same day of the attack. Furthermore, the hacker outfit provided a Pastebin link in a new tweet, pointing to the identity of the perpetrator; they did not create the post, just scooped it up. Initially, the youngster was charged with gross vandalism, which carries a maximum prison sentence of six years in Norway. However, since he has no record and is still a minor, this should be greatly reduced. According to News in English, Frode Karlsen of the Bergen police told Norwegian Broadcasting that the authorities are taking the matter seriously because this sort of attack can have significant impacts on society, like individuals not being able to reach emergency services in case they needed help. After his arrest, the teen cooperated in the investigation and clarified the nature of his actions. His defense lawyer stated that “he’s sorry for having caused all this and has laid his cards on the table.” The DDoS attack, which occurred on Tuesday, was considered among the largest ever seen in Norway and leveraged the vulnerable “pingback” WordPress feature. Its increased significance is due to the fact that it targeted layers three (network) and four (transport) of the OSI model, as well as layer seven (application), at the same time. Mitigating an application layer DDoS attack is not too easy, because the requests are directed at the application interface and mimic legitimate behavior, which makes filtering out the bad traffic more difficult. The attack aimed at disrupting the online services of major financial institutions in Norway (Norges Bank, Sparebank 1, Storebrand, Gjensidige, Nordea, Danske Bank), as well as other business, like Scandinavian Airlines (SAS) and Norwegian Air. The website of the largest telecommunications company in Norway, Telenor, was also affected. Source: http://news.softpedia.com/news/17-Year-Old-Behind-Norway-DDoS-Attacks-this-Week-450391.shtml

Read the article:
17-Year-Old Behind Norway DDoS Attacks This Week

Norway banks hit in largest-ever DDoS attack, Anonymous ‘takes credit’

Norway’s top financial institutions have been hit in what appears to be a coordinated cyber-attack, the biggest-ever the country has experienced. Anonymous Norway may be responsible for the operation. The Tuesday attack targeted at least eight top Norway companies, including central Norges Bank, Sparebank 1, Danske Bank and insurance companies Storebrand and Gjensidige. Three Norwegian airlines and a big telecommunication company may also have been affected by the same attack. The malicious bombardment with requests caused traffic problems for their website and disrupted access throughout the day. This affected the banks’ online payment services as well. “The scale is not the largest we have seen, but it is the first time it has hit so many central players in the finance sector in Norway,” said the head of Evry’s security team, Sverre Olesen in an interview with Dagens Næringsliv business newspaper. Evry provides services to many of the affected companies and was busy dealing with the emergency. The company said the attackers used a vulnerability in the blogging platform WordPress and other venues to hit the websites. They didn’t appear to try to hack into the targets’ networks and try to steal any personal information, it added. The source of the attack was abroad, Evry said. Norway’s National Security Authority (Nasjonal sikkerhetsmyndighet, NSM) said it was investigating the attack, but could not identify the perpetrators yet. The newspaper said it received an email signed by Anonymous Norway claiming responsibility for the DDoS attack on the banks. The email came before the news about it broke. But a tweet on the Anonymous Norway Twitter account denied the hacktivist group’s involvement, saying they were “laughing at those who think we are behind the attacks.” Source: http://rt.com/news/171724-norway-banks-anonymous-ddos/

Read the original post:
Norway banks hit in largest-ever DDoS attack, Anonymous ‘takes credit’

‘Political’ DDoS Attacks Skyrocket in Russia

Commercial hackers in Russia are giving way to politically motivated cyber criminals targeting ideological enemies, a new study said Wednesday. The most powerful DDoS attacks on Russian websites in the first six months of 2014 were triggered by the political crisis in Ukraine, digital security company Qrator Labs revealed. February’s Olympic Games in Sochi also prompted a spike in DDoS attacks, said the study, as reported by Bfm.ru news website. Hacker attacks in Russia have generally decreased in quantity, but have become more powerful compared with the first six months of 2013, the report said. About 2,700 distributed denial-of-service (DDoS) attacks occurred during the first six months of 2014, compared with 4,400 over the same period last year, Bfm.ru said. But the number of powerful attacks upward of 1 Gbps increased five times to more than 7 percent of the total, the report said, citing Qrator Labs digital security company. Some of the attacks peaked at 120 to 160 Gbps, the report said. Attack time also grew significantly, with DDoS strikes lasting up to 91 days, compared with 21 days in the first half of 2013. Average botnet size tripled from 136,000 to 420,000 machines per attack. This indicates ideological motivation on behalf of the attackers, who, unlike criminal hackers attacking websites for money, have more time at their disposal, Qrator Labs was quoted as saying. The media made the list of prime DDoS targets along with payment systems and real estate websites. Last season, Forex websites and online stock exchanges accounted for the “absolute majority” of the attacks, the study said, without providing exact figures. Source: http://www.themoscowtimes.com/news/article/political-ddos-attacks-skyrocket-in-russia/503226.html

June – The month of DDoS attacks

The list of DDoS attacks in the month of June has made for grim reading. High-profile sites have been targeted by extortion demands, online games got disrupted and at least one company was put out of business as a direct result. While it’s tempting to look for a single cause at the root of this apparent tsunami of distributed denial-of-service activity, the reality is considerably more complex. Online activism, the profit motive and even potential nation-state activity contributed to June’s high volume of DDoS attacks. The only commonality, in fact, may be the ease with which DDoS attacks can be launched. Experts like Molly Sauter, an academic and author of the forthcoming book The Coming Swarm, say that the process is childishly simple. “Literally, if you have a credit card and if you’re bored, it could be anyone,” Sauter told Network World. “It’s so easy to rent a botnet – most of them are out of Russia – and you can rent one for stupid cheap, and then deploy it for a couple of hours, and that’s really all you need to target a major site like Feedly or Evernote.” Sauter’s research focuses on the socio-political aspects of technology. She highlights the attacks, earlier in June, on websites connected to the World Cup’s sponsors and backers, which used the iconography of Anonymous. “I’m seeing a lot of Anonymous-oriented DDoS actions,” she said. Anonymous, according to Sauter, is a useful “brand” for politically motivated DDoS attacks, allowing groups to identify themselves with a particular flavor of political thought, despite no organizational connection to other activists. But the highest-profile attacks in the U.S. this June were not politically motivated – the DDoS attempts that took down RSS reader Feedly and note-taking and personal organization service Evernote drew big headlines, and Feedly, at least, was asked for ransom by its attackers. Feedly didn’t pay up, and, according to Forrester principal analyst Rick Holland, that’s probably for the best. “There’s no guarantee that they’re not going to continue to DDoS you,” he said. “It’s like regular extortion – you start paying people off and then, suddenly, they’re going to keep coming back to you every month.” Holland stopped short of urging a blanket refusal to pay off DDoS extortionists, however, saying that companies need to decide their own cases for themselves, in close consultation with their legal teams. He doesn’t know of any companies that have paid a DDoS ransom, but said that it wouldn’t surprise him to learn that it has happened. “I wouldn’t be surprised if people have gotten DDoS, it didn’t go public, they paid a ransom and that was that, but I have not specifically had those conversations,” he said. IDC research manager John Grady said that the increasing primacy of online services means that extortion-based DDoS attacks are becoming a more serious threat. “When there are direct ties from resource availability to revenue, targeting availability is a quick way to get someone’s attention,” he said. Grady echoed both Sauter’s point about the general cheapness of botnets and Holland’s argument that paying the ransom doesn’t make a company proof against further attacks. What’s more, he said, the growing power of some types of attack swings the balance of power further in favor of the attackers. “Increasingly, the ease of amplifying attacks through DNS or NTP, which can ramp traffic up in the hundreds of gigabit range that we’ve seen become common, gives attacks real economies of scale,” Grady said. Research from Forrester shows that, in addition to volumetric attacks like DNS and NTP (which essentially flood targets with unwanted data), targeted application-level attacks have been on the rise. Application-level incidents had been seen by 42% of DDoS victims surveyed in a 2013 report – just shy of the 44% that suffered volumetric attacks. Moreover, 37% used some combination of techniques. According to a report from Infonetics, that trend has prompted increasing attention for application-level mitigation technology. “An increasing number of application-layer attacks, which older DDoS detection and mitigation infrastructure can’t identify and block, are forcing companies to make new investments in DDoS solutions,” wrote principal security analyst Jeff Wilson in December. What this means is that a DDoS attack, whether it’s motivated by politics or money, is an increasingly unequal struggle. Attack techniques have become easier, cheaper and more powerful at the same time as their effects have become more damaging – and defensive measures have failed to keep pace. “The cost of entry is very low for the attackers and the cost to defend is very high for the targets,” said Holland. He said that the best defense may be to simply be as forewarned as possible, and to make plans in advance for potential DDoS incidents. Many businesses haven’t even considered the potential ramifications of a DDoS. Source: http://www.networkworld.com/article/2449855/security0/bloody-june-what-s-behind-last-month-s-ddos-attacks.html

Continue reading here:
June – The month of DDoS attacks